Compare commits
2 Commits
9b72646537
...
398de4dcc8
| Author | SHA1 | Date | |
|---|---|---|---|
| 398de4dcc8 | |||
| 1dabbe0f6f |
@ -25,7 +25,7 @@ siteB:
|
||||
site_ip: "192.168.0.62"
|
||||
|
||||
proxy:
|
||||
proxy_domain: "proxy.example.com"
|
||||
proxy_domain: "siteproxy.vlad"
|
||||
proxy_ip: "192.168.0.63"
|
||||
|
||||
siteA_h2: "Новое сообщение для SiteA"
|
||||
|
||||
2
ansible/roles/firewall_cmd/handlers/main.yml
Normal file
2
ansible/roles/firewall_cmd/handlers/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
- name: Restart firewalld
|
||||
command: systemctl restart firewalld
|
||||
28
ansible/roles/firewall_cmd/tasks/main.yml
Normal file
28
ansible/roles/firewall_cmd/tasks/main.yml
Normal file
@ -0,0 +1,28 @@
|
||||
- name: Install firewalld
|
||||
zypper:
|
||||
name: firewalld
|
||||
state: present
|
||||
notify:
|
||||
- Restart firewalld
|
||||
|
||||
- name: Enable and start firewalld
|
||||
command: systemctl enable --now firewalld
|
||||
register: firewalld_enable
|
||||
changed_when: "'Created symlink' in firewalld_enable.stdout or 'enabled' in firewalld_enable.stdout"
|
||||
notify:
|
||||
- Restart firewalld
|
||||
|
||||
- name: Open specified firewall ports permanently
|
||||
loop: "{{ firewall_ports }}"
|
||||
command: firewall-cmd --permanent --add-port={{ item.port }}/{{ item.protocol }}
|
||||
register: firewalld_add_port
|
||||
changed_when: "'success' in firewalld_add_port.stdout"
|
||||
notify:
|
||||
- Restart firewalld
|
||||
|
||||
- name: Reload firewalld rules
|
||||
command: firewall-cmd --reload
|
||||
register: firewalld_reload
|
||||
changed_when: "'success' in firewalld_reload.stdout"
|
||||
notify:
|
||||
- Restart firewalld
|
||||
4
ansible/roles/firewall_cmd/vars/main.yml
Normal file
4
ansible/roles/firewall_cmd/vars/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
firewall_ports:
|
||||
- { port: 22, protocol: tcp }
|
||||
- { port: 80, protocol: tcp }
|
||||
- { port: 443, protocol: tcp }
|
||||
@ -1,22 +1,38 @@
|
||||
- name: Install OpenSSL
|
||||
zypper:
|
||||
name: openssl
|
||||
state: present
|
||||
|
||||
- name: Create SSL directory
|
||||
file:
|
||||
path: "{{ ssl_cert_path }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Generate Self-Signed SSL Certificate
|
||||
command: >
|
||||
openssl req -x509 -nodes -days 365
|
||||
-newkey rsa:2048
|
||||
-keyout {{ ssl_cert_path }}/{{ ssl_key_file }}
|
||||
-out {{ ssl_cert_path }}/{{ ssl_cert_file }}
|
||||
-subj "{{ ssl_subject }}"
|
||||
args:
|
||||
creates: "{{ ssl_cert_path }}/{{ ssl_cert_file }}"
|
||||
- name: Install OpenSSL
|
||||
ansible.builtin.zypper:
|
||||
name: openssl
|
||||
state: present
|
||||
|
||||
- name: Create SSL directory
|
||||
ansible.builtin.file:
|
||||
path: "{{ ssl_cert_path }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Generate private key
|
||||
community.crypto.openssl_privatekey:
|
||||
path: "{{ ssl_cert_path }}/{{ ssl_key_file }}"
|
||||
size: 2048
|
||||
type: RSA
|
||||
mode: '0600'
|
||||
|
||||
- name: Generate CSR (Certificate Signing Request)
|
||||
community.crypto.openssl_csr:
|
||||
path: "{{ ssl_cert_path }}/{{ ssl_csr_file }}"
|
||||
privatekey_path: "{{ ssl_cert_path }}/{{ ssl_key_file }}"
|
||||
common_name: "{{ ssl_common_name }}"
|
||||
country_name: "{{ ssl_country }}"
|
||||
state_or_province_name: "{{ ssl_state }}"
|
||||
locality_name: "{{ ssl_locality }}"
|
||||
organization_name: "{{ ssl_organization }}"
|
||||
organizational_unit_name: "{{ ssl_organizational_unit }}"
|
||||
|
||||
- name: Generate Self-Signed SSL Certificate
|
||||
community.crypto.x509_certificate:
|
||||
path: "{{ ssl_cert_path }}/{{ ssl_cert_file }}"
|
||||
privatekey_path: "{{ ssl_cert_path }}/{{ ssl_key_file }}"
|
||||
csr_path: "{{ ssl_cert_path }}/{{ ssl_csr_file }}"
|
||||
provider: selfsigned
|
||||
force: yes
|
||||
@ -1,4 +1,11 @@
|
||||
ssl_cert_path: "/etc/nginx/ssl"
|
||||
ssl_cert_file: "proxy.crt"
|
||||
ssl_key_file: "proxy.key"
|
||||
ssl_subject: "/C=RU/ST=Some-State/L=Some-City/O=Your Company/CN={{ proxy.proxy_domain }}"
|
||||
ssl_cert_path: "/etc/nginx/ssl"
|
||||
ssl_cert_file: "proxy.crt"
|
||||
ssl_key_file: "proxy.key"
|
||||
ssl_csr_file: "proxy.csr"
|
||||
|
||||
ssl_common_name: "{{ proxy.proxy_domain }}"
|
||||
ssl_country: "RU"
|
||||
ssl_state: "Some-State"
|
||||
ssl_locality: "Some-City"
|
||||
ssl_organization: "Your Company"
|
||||
ssl_organizational_unit: "IT"
|
||||
20
ansible/roles/ssl_certificate_cmd/tasks/main.yml
Normal file
20
ansible/roles/ssl_certificate_cmd/tasks/main.yml
Normal file
@ -0,0 +1,20 @@
|
||||
- name: Install OpenSSL
|
||||
zypper:
|
||||
name: openssl
|
||||
state: present
|
||||
|
||||
- name: Create SSL directory
|
||||
file:
|
||||
path: "{{ ssl_cert_path }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Generate Self-Signed SSL Certificate
|
||||
command: >
|
||||
openssl req -x509 -nodes -days 365
|
||||
-newkey rsa:2048
|
||||
-keyout {{ ssl_cert_path }}/{{ ssl_key_file }}
|
||||
-out {{ ssl_cert_path }}/{{ ssl_cert_file }}
|
||||
-subj "{{ ssl_subject }}"
|
||||
4
ansible/roles/ssl_certificate_cmd/vars/main.yml
Normal file
4
ansible/roles/ssl_certificate_cmd/vars/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
ssl_cert_path: "/etc/nginx/ssl"
|
||||
ssl_cert_file: "proxy.crt"
|
||||
ssl_key_file: "proxy.key"
|
||||
ssl_subject: "/C=RU/ST=Some-State/L=Some-City/O=Your Company/CN={{ proxy.proxy_domain }}"
|
||||
Loading…
Reference in New Issue
Block a user