Compare commits
2 Commits
9b72646537
...
398de4dcc8
Author | SHA1 | Date | |
---|---|---|---|
398de4dcc8 | |||
1dabbe0f6f |
@ -25,7 +25,7 @@ siteB:
|
|||||||
site_ip: "192.168.0.62"
|
site_ip: "192.168.0.62"
|
||||||
|
|
||||||
proxy:
|
proxy:
|
||||||
proxy_domain: "proxy.example.com"
|
proxy_domain: "siteproxy.vlad"
|
||||||
proxy_ip: "192.168.0.63"
|
proxy_ip: "192.168.0.63"
|
||||||
|
|
||||||
siteA_h2: "Новое сообщение для SiteA"
|
siteA_h2: "Новое сообщение для SiteA"
|
||||||
|
2
ansible/roles/firewall_cmd/handlers/main.yml
Normal file
2
ansible/roles/firewall_cmd/handlers/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
- name: Restart firewalld
|
||||||
|
command: systemctl restart firewalld
|
28
ansible/roles/firewall_cmd/tasks/main.yml
Normal file
28
ansible/roles/firewall_cmd/tasks/main.yml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
- name: Install firewalld
|
||||||
|
zypper:
|
||||||
|
name: firewalld
|
||||||
|
state: present
|
||||||
|
notify:
|
||||||
|
- Restart firewalld
|
||||||
|
|
||||||
|
- name: Enable and start firewalld
|
||||||
|
command: systemctl enable --now firewalld
|
||||||
|
register: firewalld_enable
|
||||||
|
changed_when: "'Created symlink' in firewalld_enable.stdout or 'enabled' in firewalld_enable.stdout"
|
||||||
|
notify:
|
||||||
|
- Restart firewalld
|
||||||
|
|
||||||
|
- name: Open specified firewall ports permanently
|
||||||
|
loop: "{{ firewall_ports }}"
|
||||||
|
command: firewall-cmd --permanent --add-port={{ item.port }}/{{ item.protocol }}
|
||||||
|
register: firewalld_add_port
|
||||||
|
changed_when: "'success' in firewalld_add_port.stdout"
|
||||||
|
notify:
|
||||||
|
- Restart firewalld
|
||||||
|
|
||||||
|
- name: Reload firewalld rules
|
||||||
|
command: firewall-cmd --reload
|
||||||
|
register: firewalld_reload
|
||||||
|
changed_when: "'success' in firewalld_reload.stdout"
|
||||||
|
notify:
|
||||||
|
- Restart firewalld
|
4
ansible/roles/firewall_cmd/vars/main.yml
Normal file
4
ansible/roles/firewall_cmd/vars/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
firewall_ports:
|
||||||
|
- { port: 22, protocol: tcp }
|
||||||
|
- { port: 80, protocol: tcp }
|
||||||
|
- { port: 443, protocol: tcp }
|
@ -1,22 +1,38 @@
|
|||||||
- name: Install OpenSSL
|
- name: Install OpenSSL
|
||||||
zypper:
|
ansible.builtin.zypper:
|
||||||
name: openssl
|
name: openssl
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Create SSL directory
|
- name: Create SSL directory
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ ssl_cert_path }}"
|
path: "{{ ssl_cert_path }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Generate private key
|
||||||
|
community.crypto.openssl_privatekey:
|
||||||
|
path: "{{ ssl_cert_path }}/{{ ssl_key_file }}"
|
||||||
|
size: 2048
|
||||||
|
type: RSA
|
||||||
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Generate CSR (Certificate Signing Request)
|
||||||
|
community.crypto.openssl_csr:
|
||||||
|
path: "{{ ssl_cert_path }}/{{ ssl_csr_file }}"
|
||||||
|
privatekey_path: "{{ ssl_cert_path }}/{{ ssl_key_file }}"
|
||||||
|
common_name: "{{ ssl_common_name }}"
|
||||||
|
country_name: "{{ ssl_country }}"
|
||||||
|
state_or_province_name: "{{ ssl_state }}"
|
||||||
|
locality_name: "{{ ssl_locality }}"
|
||||||
|
organization_name: "{{ ssl_organization }}"
|
||||||
|
organizational_unit_name: "{{ ssl_organizational_unit }}"
|
||||||
|
|
||||||
- name: Generate Self-Signed SSL Certificate
|
- name: Generate Self-Signed SSL Certificate
|
||||||
command: >
|
community.crypto.x509_certificate:
|
||||||
openssl req -x509 -nodes -days 365
|
path: "{{ ssl_cert_path }}/{{ ssl_cert_file }}"
|
||||||
-newkey rsa:2048
|
privatekey_path: "{{ ssl_cert_path }}/{{ ssl_key_file }}"
|
||||||
-keyout {{ ssl_cert_path }}/{{ ssl_key_file }}
|
csr_path: "{{ ssl_cert_path }}/{{ ssl_csr_file }}"
|
||||||
-out {{ ssl_cert_path }}/{{ ssl_cert_file }}
|
provider: selfsigned
|
||||||
-subj "{{ ssl_subject }}"
|
force: yes
|
||||||
args:
|
|
||||||
creates: "{{ ssl_cert_path }}/{{ ssl_cert_file }}"
|
|
@ -1,4 +1,11 @@
|
|||||||
ssl_cert_path: "/etc/nginx/ssl"
|
ssl_cert_path: "/etc/nginx/ssl"
|
||||||
ssl_cert_file: "proxy.crt"
|
ssl_cert_file: "proxy.crt"
|
||||||
ssl_key_file: "proxy.key"
|
ssl_key_file: "proxy.key"
|
||||||
ssl_subject: "/C=RU/ST=Some-State/L=Some-City/O=Your Company/CN={{ proxy.proxy_domain }}"
|
ssl_csr_file: "proxy.csr"
|
||||||
|
|
||||||
|
ssl_common_name: "{{ proxy.proxy_domain }}"
|
||||||
|
ssl_country: "RU"
|
||||||
|
ssl_state: "Some-State"
|
||||||
|
ssl_locality: "Some-City"
|
||||||
|
ssl_organization: "Your Company"
|
||||||
|
ssl_organizational_unit: "IT"
|
20
ansible/roles/ssl_certificate_cmd/tasks/main.yml
Normal file
20
ansible/roles/ssl_certificate_cmd/tasks/main.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
- name: Install OpenSSL
|
||||||
|
zypper:
|
||||||
|
name: openssl
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create SSL directory
|
||||||
|
file:
|
||||||
|
path: "{{ ssl_cert_path }}"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Generate Self-Signed SSL Certificate
|
||||||
|
command: >
|
||||||
|
openssl req -x509 -nodes -days 365
|
||||||
|
-newkey rsa:2048
|
||||||
|
-keyout {{ ssl_cert_path }}/{{ ssl_key_file }}
|
||||||
|
-out {{ ssl_cert_path }}/{{ ssl_cert_file }}
|
||||||
|
-subj "{{ ssl_subject }}"
|
4
ansible/roles/ssl_certificate_cmd/vars/main.yml
Normal file
4
ansible/roles/ssl_certificate_cmd/vars/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
ssl_cert_path: "/etc/nginx/ssl"
|
||||||
|
ssl_cert_file: "proxy.crt"
|
||||||
|
ssl_key_file: "proxy.key"
|
||||||
|
ssl_subject: "/C=RU/ST=Some-State/L=Some-City/O=Your Company/CN={{ proxy.proxy_domain }}"
|
Loading…
Reference in New Issue
Block a user