extend tls setup

2018-08-14 21:02:18 +02:00 · 2018-08-14 21:02:18 +02:00 · 3f89ba0254
commit 3f89ba0254
parent bfc490b82f
3 changed files with 51 additions and 23 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -7,12 +7,12 @@ unifi_group: ubnt
 unifi_user: ubnt

 unifi_lvm_enabled: False
-# unifi_lvm_pvs:
-#   - /dev/sda
-# unifi_lvm_vg: vg_unifi
-# unifi_lvm_lv: lv_unifi
-# unifi_lvm_size: 10G
-# unifi_lvm_fstype: xfs
+unifi_lvm_pvs:
+  - /dev/sdxx
+unifi_lvm_vg: vg_unifi
+unifi_lvm_lv: lv_unifi
+unifi_lvm_size: 10G
+unifi_lvm_fstype: xfs
 unifi_base_dir: /opt/unifi
 unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"

@ -42,10 +42,16 @@ unifi_open_ports:
      -A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
    state: present

-unifi_tls_deployment_enabled: False
+unifi_tls_enabled: False
 unifi_tls_pkcs12_passphrase: temppass
-unifi_tls_cert_path: /etc/pki/tls/certs/mycert.pem
-unifi_tls_key_path: /etc/pki/tls/private/mykey.pem
+unifi_tls_certs_dir: /etc/pki/tls/certs
+unifi_tls_key_dir: /etc/pki/tls/private
+unifi_tls_cert_file: "{{ unifi_tls_certs_dir }}/mycert.pem"
+unifi_tls_key_file: "{{ unifi_tls_key_dir }}/mykey.pem"
+unifi_tls_source_use_content: False
+unifi_tls_source_use_files: True
+unifi_tls_cert_source: mycert.pem
+unifi_tls_key_source: mykey.pem

 unifi_nginx_vhost_enabled: False
 unifi_server_ip: 127.0.0.1
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -4,6 +4,6 @@
  when: unifi_lvm_enabled
 - include_tasks: install.yml
 - include_tasks: tls.yml
-  when: unifi_tls_deployment_enabled
+  when: unifi_tls_enabled
 - include_tasks: nginx.yml
  when: unifi_nginx_vhost_enabled
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@ -1,15 +1,37 @@
 ---
- name: Copy tls cert and key
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: "{{ unifi_tls_key_path }}", dest: '/etc/pki/tls/private/unifi.pem', mode: '0600' }
-    - { src: "{{ unifi_tls_cert_path }}", dest: '/etc/pki/tls/certs/unifi.pem', mode: '0750' }
-  loop_control:
-    label: "{{ item.dest }}"
-  register: __unifi_certs
+- block:
+  - name: Create tls folder structure
+    file:
+      path: "{{ item }}"
+      state: directory
+      mode: 750
+    with_items:
+      - "{{ unifi_tls_certs_dir }}"
+      - "{{ unifi_tls_key_dir }}"
+
+  - name: Copy certs and private key (file)
+    copy:
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' }
+      - { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    register: __unifi_certs
+
+  - name: Copy certs and private key (content)
+    copy:
+      content: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    with_items:
+      - { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' }
+      - { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
+    loop_control:
+      label: "{{ item.dest }}"
+    register: __unifi_certs
  become: True
  become_user: root

@ -22,8 +44,8 @@
    openssl_pkcs12:
      path: "{{ __unifi_pkcs12_path }}"
      friendly_name: ubnt
-      privatekey_path: /etc/pki/tls/private/unifi.pem
-      cert_path: /etc/pki/tls/certs/unifi.pem
+      privatekey_path: "{{ unifi_tls_key_file }}"
+      cert_path: {{ unifi_tls_cert_file }}
      passphrase: "{{ unifi_tls_pkcs12_passphrase }}"
      state: present