diff --git a/meta/main.yml b/meta/main.yml index 29de03d..a8377b1 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,3 +1,4 @@ +# Standards: 0.1 --- galaxy_info: author: xoxys @@ -5,9 +6,9 @@ galaxy_info: license: MIT min_ansible_version: 2.4 platforms: - - name: EL - versions: - - 7 + - name: EL + versions: + - 7 galaxy_tags: - pve - kvm diff --git a/tasks/nginx.yml b/tasks/nginx.yml index 4d2016d..359c3b9 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -1,30 +1,30 @@ --- - block: - - name: Copy certs and private key to nginx proxy (content) - copy: - content: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ pve_tls_key_source }}", dest: '/etc/pki/tls/private/{{ pve_nginx_tls_key_file }}', mode: '0600' } - - { src: "{{ pve_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - notify: __nginx_reload - when: pve_tls_source_use_content + - name: Copy certs and private key to nginx proxy (content) + copy: + content: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: "{{ pve_tls_key_source }}", dest: '/etc/pki/tls/private/{{ pve_nginx_tls_key_file }}', mode: '0600' } + - { src: "{{ pve_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }}', mode: '0750' } + loop_control: + label: "{{ item.dest }}" + notify: __nginx_reload + when: pve_tls_source_use_content - - name: Copy certs and private key to nginx proxy (files) - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ pve_tls_key_source }}", dest: '/etc/pki/tls/private/{{ pve_nginx_tls_key_file }}', mode: '0600' } - - { src: "{{ pve_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }}', mode: '0750' } - loop_control: - label: "{{ item.dest }}" - notify: __nginx_reload - when: pve_tls_source_use_files + - name: Copy certs and private key to nginx proxy (files) + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: "{{ pve_tls_key_source }}", dest: '/etc/pki/tls/private/{{ pve_nginx_tls_key_file }}', mode: '0600' } + - { src: "{{ pve_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ pve_nginx_tls_cert_file }}', mode: '0750' } + loop_control: + label: "{{ item.dest }}" + notify: __nginx_reload + when: pve_tls_source_use_files delegate_to: "{{ pve_nginx_server }}" when: pve_nginx_tls_enabled become: True @@ -32,31 +32,31 @@ tags: tls_renewal - block: - - name: Add vhost configuration file - template: - src: nginx/vhost.j2 - dest: "{{ pve_nginx_vhost_dir }}/pve" - owner: root - group: root - mode: 0640 - notify: __nginx_reload + - name: Add vhost configuration file + template: + src: nginx/vhost.j2 + dest: "{{ pve_nginx_vhost_dir }}/pve" + owner: root + group: root + mode: 0640 + notify: __nginx_reload - - name: Enable pve vhost - file: - src: "{{ pve_nginx_vhost_dir }}/pve" - dest: "{{ pve_nginx_vhost_symlink }}/pve" - owner: root - group: root - state: link - notify: __nginx_reload - when: pve_nginx_vhost_symlink is defined + - name: Enable pve vhost + file: + src: "{{ pve_nginx_vhost_dir }}/pve" + dest: "{{ pve_nginx_vhost_symlink }}/pve" + owner: root + group: root + state: link + notify: __nginx_reload + when: pve_nginx_vhost_symlink is defined - - name: Open ports in iptables - iptables_raw: - name: allow_pve_nginx_proxy - state: present - rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ pve_server_ip }} --dport {{ pve_server_port }} -j ACCEPT' - when: pve_nginx_iptables_enabled + - name: Open ports in iptables + iptables_raw: + name: allow_pve_nginx_proxy + state: present + rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ pve_server_ip }} --dport {{ pve_server_port }} -j ACCEPT' + when: pve_nginx_iptables_enabled delegate_to: "{{ pve_nginx_server }}" become: True become_user: root diff --git a/tasks/tls.yml b/tasks/tls.yml index cf3440c..86985af 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -1,57 +1,59 @@ --- - block: - - name: Create pki folder structure - file: - path: "{{ item }}" - state: directory - recurse: True - with_items: - - /etc/pki/tls/certs - - /etc/pki/tls/private + - name: Create pki folder structure + file: + path: "{{ item }}" + state: directory + recurse: True + with_items: + - /etc/pki/tls/certs + - /etc/pki/tls/private - - name: Copy certs and private key (file) - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs/pveproxy-ssl.pem", mode: "0750" } - - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private/pveproxy-ssl.key", mode: "0600" } - loop_control: - label: "{{ item.dest }}" - register: __pve_copy_cert_file - when: pve_tls_source_use_files + - name: Copy certs and private key (file) + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs/pveproxy-ssl.pem", mode: "0750" } + - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private/pveproxy-ssl.key", mode: "0600" } + loop_control: + label: "{{ item.dest }}" + register: __pve_copy_cert_file + when: pve_tls_source_use_files - - set_fact: - __pve_copy_cert: "{{ __pve_copy_cert_file }}" - when: pve_tls_source_use_files + - name: Set tls control variable + set_fact: + __pve_copy_cert: "{{ __pve_copy_cert_file }}" + when: pve_tls_source_use_files - - name: Copy certs and private key (content) - copy: - content: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs", mode: "0750" } - - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private", mode: "0600" } - loop_control: - label: "{{ item.dest }}" - register: __pve_copy_cert_content - when: pve_tls_source_use_content + - name: Copy certs and private key (content) + copy: + content: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs", mode: "0750" } + - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private", mode: "0600" } + loop_control: + label: "{{ item.dest }}" + register: __pve_copy_cert_content + when: pve_tls_source_use_content - - set_fact: - __pve_copy_cert: "{{ __pve_copy_cert_content }}" - when: pve_tls_source_use_content + - name: Set tls control variable + set_fact: + __pve_copy_cert: "{{ __pve_copy_cert_content }}" + when: pve_tls_source_use_content - - name: Copy cert/key to pve filesystem - command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" - when: item[0].changed - changed_when: item[0].changed - with_nested: - - "{{ __pve_copy_cert.results }}" - - "{{ pve_nodes }}" - loop_control: - label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" - notify: __pveproxy_restart + - name: Copy cert/key to pve filesystem + command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" + when: item[0].changed + changed_when: item[0].changed + with_nested: + - "{{ __pve_copy_cert.results }}" + - "{{ pve_nodes }}" + loop_control: + label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" + notify: __pveproxy_restart become: True become_user: root