initial commit

2018-08-18 16:37:48 +02:00 · 2018-08-18 16:37:48 +02:00 · 4642a463a1
parent fa2ac0d2fe
commit 4642a463a1
7 changed files with 100 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,8 @@
+---
+pve_nodes:
+  - node1
+pve_tls_enabled: False
+pve_tls_source_use_content: False
+pve_tls_source_use_files: True
+pve_tls_cert_source: mycert.pem
+pve_tls_key_source: mykey.pem
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,9 @@
+---
+- name: Restart pveproxy
+  service:
+    state: restarted
+    name: pveproxy
+  listen:
+    - __pveproxy_restart
+  become: True
+  become_user: root
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,16 @@
+---
+galaxy_info:
+  author: xoxys
+  description: Role to configure pve
+  license: MIT
+  min_ansible_version: 2.4
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  galaxy_tags:
+    - pve
+    - kvm
+    - proxmox
+    - virtual
+dependencies:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,3 @@
+---
+- include_tasks: tls.yml
+  when: pve_tls_enabled
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@ -0,0 +1,50 @@
+---
+- block:
+  - name: Create pki folder structure
+    file:
+      path: "{{ item }}"
+      state: directory
+      recurse: True
+    with_items:
+      - /etc/pki/tls/certs
+      - /etc/pki/tls/private
+
+  - name: Copy certs and private key (file)
+    copy:
+      src: "{{ item.0.source }}"
+      dest: "{{ item.0.path }}/{{ item.0.name }}"
+      mode: "{{ item.0.mode }}"
+    with_subelements:
+      - "{{ __pve_certificates }}"
+      - nodes
+    loop_control:
+      label: "{{ item.0.path }}/{{ item.0.name }}"
+    register: __pve_copy_cert
+    when: pve_tls_source_use_files
+
+  - name: Copy certs and private key (content)
+    copy:
+      content: "{{ item.0.source }}"
+      dest: "{{ item.0.path }}/{{ item.0.name }}"
+      mode: "{{ item.0.mode }}"
+    with_subelements:
+      - "{{ __pve_certificates }}"
+      - nodes
+    loop_control:
+      label: "{{ item.0.path }}/{{ item.0.name }}"
+    register: __pve_copy_cert
+    when: pve_tls_source_use_content
+
+  - debug:
+    msg: __pve_copy_cert
+
+  # - name: Copy cert/key to pve filesystem
+  #   command: "/bin/cp -rf {{ item.0.path }}/{{ item.0.name }} /etc/pve/nodes/{{ item.1 }}/{{ item.0.name }}"
+  #   with_subelements:
+  #     - "{{ __pve_certificates }}"
+  #     - nodes
+  #   when: __pve_copy_cert.changed
+  #   changed_when: __pve_copy_cert.changed
+  #   notify: __pveproxy_restart
+  become: True
+  become_user: root
--- a/templates/nginx/vhost.j2
+++ b/templates/nginx/vhost.j2
--- a/vars/main.yml
+++ b/vars/main.yml
@ -0,0 +1,14 @@
+---
+__pve_certificates:
+  cert:
+    name: pveproxy-ssl.pem
+    path: /etc/pki/tls/certs
+    source: "{{ pve_tls_cert_source }}"
+    nodes: "{{ pve_nodes }}"
+    mode: 0750
+  key:
+    name: pveproxy-ssl.key
+    path: /etc/pki/tls/private
+    source: "{{ pve_tls_key_source }}"
+    nodes: "{{ pve_nodes }}"
+    mode: 0600