From 4642a463a1fe9a961e30c761e61038fb5914e085 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 18 Aug 2018 16:37:48 +0200 Subject: [PATCH] initial commit --- defaults/main.yml | 8 +++++++ handlers/main.yml | 9 ++++++++ meta/main.yml | 16 +++++++++++++ tasks/main.yml | 3 +++ tasks/tls.yml | 50 ++++++++++++++++++++++++++++++++++++++++ templates/nginx/vhost.j2 | 0 vars/main.yml | 14 +++++++++++ 7 files changed, 100 insertions(+) create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 tasks/tls.yml create mode 100644 templates/nginx/vhost.j2 create mode 100644 vars/main.yml diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..31191f4 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,8 @@ +--- +pve_nodes: + - node1 +pve_tls_enabled: False +pve_tls_source_use_content: False +pve_tls_source_use_files: True +pve_tls_cert_source: mycert.pem +pve_tls_key_source: mykey.pem diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..6610906 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,9 @@ +--- +- name: Restart pveproxy + service: + state: restarted + name: pveproxy + listen: + - __pveproxy_restart + become: True + become_user: root diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..29de03d --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: xoxys + description: Role to configure pve + license: MIT + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - 7 + galaxy_tags: + - pve + - kvm + - proxmox + - virtual +dependencies: diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..52aab2a --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- include_tasks: tls.yml + when: pve_tls_enabled diff --git a/tasks/tls.yml b/tasks/tls.yml new file mode 100644 index 0000000..0eb456e --- /dev/null +++ b/tasks/tls.yml @@ -0,0 +1,50 @@ +--- +- block: + - name: Create pki folder structure + file: + path: "{{ item }}" + state: directory + recurse: True + with_items: + - /etc/pki/tls/certs + - /etc/pki/tls/private + + - name: Copy certs and private key (file) + copy: + src: "{{ item.0.source }}" + dest: "{{ item.0.path }}/{{ item.0.name }}" + mode: "{{ item.0.mode }}" + with_subelements: + - "{{ __pve_certificates }}" + - nodes + loop_control: + label: "{{ item.0.path }}/{{ item.0.name }}" + register: __pve_copy_cert + when: pve_tls_source_use_files + + - name: Copy certs and private key (content) + copy: + content: "{{ item.0.source }}" + dest: "{{ item.0.path }}/{{ item.0.name }}" + mode: "{{ item.0.mode }}" + with_subelements: + - "{{ __pve_certificates }}" + - nodes + loop_control: + label: "{{ item.0.path }}/{{ item.0.name }}" + register: __pve_copy_cert + when: pve_tls_source_use_content + + - debug: + msg: __pve_copy_cert + + # - name: Copy cert/key to pve filesystem + # command: "/bin/cp -rf {{ item.0.path }}/{{ item.0.name }} /etc/pve/nodes/{{ item.1 }}/{{ item.0.name }}" + # with_subelements: + # - "{{ __pve_certificates }}" + # - nodes + # when: __pve_copy_cert.changed + # changed_when: __pve_copy_cert.changed + # notify: __pveproxy_restart + become: True + become_user: root diff --git a/templates/nginx/vhost.j2 b/templates/nginx/vhost.j2 new file mode 100644 index 0000000..e69de29 diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..5b9bfaa --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,14 @@ +--- +__pve_certificates: + cert: + name: pveproxy-ssl.pem + path: /etc/pki/tls/certs + source: "{{ pve_tls_cert_source }}" + nodes: "{{ pve_nodes }}" + mode: 0750 + key: + name: pveproxy-ssl.key + path: /etc/pki/tls/private + source: "{{ pve_tls_key_source }}" + nodes: "{{ pve_nodes }}" + mode: 0600