extend tls setup

This commit is contained in:
Robert Kaussow 2018-08-14 21:02:18 +02:00
parent bfc490b82f
commit 3f89ba0254
3 changed files with 51 additions and 23 deletions

View File

@ -7,12 +7,12 @@ unifi_group: ubnt
unifi_user: ubnt unifi_user: ubnt
unifi_lvm_enabled: False unifi_lvm_enabled: False
# unifi_lvm_pvs: unifi_lvm_pvs:
# - /dev/sda - /dev/sdxx
# unifi_lvm_vg: vg_unifi unifi_lvm_vg: vg_unifi
# unifi_lvm_lv: lv_unifi unifi_lvm_lv: lv_unifi
# unifi_lvm_size: 10G unifi_lvm_size: 10G
# unifi_lvm_fstype: xfs unifi_lvm_fstype: xfs
unifi_base_dir: /opt/unifi unifi_base_dir: /opt/unifi
unifi_tmp_dir: "{{ unifi_base_dir }}/tmp" unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"
@ -42,10 +42,16 @@ unifi_open_ports:
-A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
state: present state: present
unifi_tls_deployment_enabled: False unifi_tls_enabled: False
unifi_tls_pkcs12_passphrase: temppass unifi_tls_pkcs12_passphrase: temppass
unifi_tls_cert_path: /etc/pki/tls/certs/mycert.pem unifi_tls_certs_dir: /etc/pki/tls/certs
unifi_tls_key_path: /etc/pki/tls/private/mykey.pem unifi_tls_key_dir: /etc/pki/tls/private
unifi_tls_cert_file: "{{ unifi_tls_certs_dir }}/mycert.pem"
unifi_tls_key_file: "{{ unifi_tls_key_dir }}/mykey.pem"
unifi_tls_source_use_content: False
unifi_tls_source_use_files: True
unifi_tls_cert_source: mycert.pem
unifi_tls_key_source: mykey.pem
unifi_nginx_vhost_enabled: False unifi_nginx_vhost_enabled: False
unifi_server_ip: 127.0.0.1 unifi_server_ip: 127.0.0.1

View File

@ -4,6 +4,6 @@
when: unifi_lvm_enabled when: unifi_lvm_enabled
- include_tasks: install.yml - include_tasks: install.yml
- include_tasks: tls.yml - include_tasks: tls.yml
when: unifi_tls_deployment_enabled when: unifi_tls_enabled
- include_tasks: nginx.yml - include_tasks: nginx.yml
when: unifi_nginx_vhost_enabled when: unifi_nginx_vhost_enabled

View File

@ -1,15 +1,37 @@
--- ---
- name: Copy tls cert and key - block:
copy: - name: Create tls folder structure
src: "{{ item.src }}" file:
dest: "{{ item.dest }}" path: "{{ item }}"
mode: "{{ item.mode }}" state: directory
with_items: mode: 750
- { src: "{{ unifi_tls_key_path }}", dest: '/etc/pki/tls/private/unifi.pem', mode: '0600' } with_items:
- { src: "{{ unifi_tls_cert_path }}", dest: '/etc/pki/tls/certs/unifi.pem', mode: '0750' } - "{{ unifi_tls_certs_dir }}"
loop_control: - "{{ unifi_tls_key_dir }}"
label: "{{ item.dest }}"
register: __unifi_certs - name: Copy certs and private key (file)
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' }
- { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
register: __unifi_certs
- name: Copy certs and private key (content)
copy:
content: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' }
- { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
register: __unifi_certs
become: True become: True
become_user: root become_user: root
@ -22,8 +44,8 @@
openssl_pkcs12: openssl_pkcs12:
path: "{{ __unifi_pkcs12_path }}" path: "{{ __unifi_pkcs12_path }}"
friendly_name: ubnt friendly_name: ubnt
privatekey_path: /etc/pki/tls/private/unifi.pem privatekey_path: "{{ unifi_tls_key_file }}"
cert_path: /etc/pki/tls/certs/unifi.pem cert_path: {{ unifi_tls_cert_file }}
passphrase: "{{ unifi_tls_pkcs12_passphrase }}" passphrase: "{{ unifi_tls_pkcs12_passphrase }}"
state: present state: present