From 68349c527466f7bb19de6cebbb8161185f032b38 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Wed, 26 Jan 2022 09:29:39 +0100 Subject: [PATCH 1/2] add ownca role --- roles/ownca/defaults/main.yml | 4 ++++ roles/ownca/molecule/default/converge.yml | 8 ++++++++ roles/ownca/molecule/default/molecule.yml | 16 ++++++++++++++++ roles/ownca/molecule/default/verify.yml | 21 +++++++++++++++++++++ roles/ownca/tasks/deploy.yml | 11 +++++++++++ roles/ownca/tasks/main.yml | 22 ++++++++++++++++++++++ 6 files changed, 82 insertions(+) create mode 100644 roles/ownca/defaults/main.yml create mode 100644 roles/ownca/molecule/default/converge.yml create mode 100644 roles/ownca/molecule/default/molecule.yml create mode 100644 roles/ownca/molecule/default/verify.yml create mode 100644 roles/ownca/tasks/deploy.yml create mode 100644 roles/ownca/tasks/main.yml diff --git a/roles/ownca/defaults/main.yml b/roles/ownca/defaults/main.yml new file mode 100644 index 000000000..019988ecc --- /dev/null +++ b/roles/ownca/defaults/main.yml @@ -0,0 +1,4 @@ +--- +ownca_deploy: true +ownca_bin_path: /usr/local/bin/ownca +ownca_ca_path: /opt/ownca/ diff --git a/roles/ownca/molecule/default/converge.yml b/roles/ownca/molecule/default/converge.yml new file mode 100644 index 000000000..122fce32f --- /dev/null +++ b/roles/ownca/molecule/default/converge.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + gather_facts: true + vars: + ownca_cert_name: host.example.com + roles: + - ownca diff --git a/roles/ownca/molecule/default/molecule.yml b/roles/ownca/molecule/default/molecule.yml new file mode 100644 index 000000000..5c11d0365 --- /dev/null +++ b/roles/ownca/molecule/default/molecule.yml @@ -0,0 +1,16 @@ +--- +dependency: + name: galaxy +driver: + name: ${DRIVER_NAME:-podman} +platforms: + - name: centos8 + image: centos:stream8 +provisioner: + name: ansible +verifier: + name: ansible +lint: | + set -e + yamllint -c ../../.yamllint . + ansible-lint . diff --git a/roles/ownca/molecule/default/verify.yml b/roles/ownca/molecule/default/verify.yml new file mode 100644 index 000000000..ee55b9af4 --- /dev/null +++ b/roles/ownca/molecule/default/verify.yml @@ -0,0 +1,21 @@ +--- +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: find ca cert + stat: + path: "/opt/ownca/private/cakey.crt" + register: cacert + - name: ensure ca cert exists + assert: + that: + - cacert.stat.exists + - name: find cert + stat: + path: "/opt/ownca/host.example.com/host.example.com.crt" + register: cert + - name: ensure cert exists + assert: + that: + - cert.stat.exists diff --git a/roles/ownca/tasks/deploy.yml b/roles/ownca/tasks/deploy.yml new file mode 100644 index 000000000..e7b4a94e8 --- /dev/null +++ b/roles/ownca/tasks/deploy.yml @@ -0,0 +1,11 @@ +--- +- name: Install OpenSSL + package: + name: openssl + state: present + +- name: Deploy OwnCA + get_url: + url: https://raw.githubusercontent.com/ekohl/ownca/master/ownca + dest: "{{ ownca_bin_path }}" + mode: '0755' diff --git a/roles/ownca/tasks/main.yml b/roles/ownca/tasks/main.yml new file mode 100644 index 000000000..9b04989ea --- /dev/null +++ b/roles/ownca/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Deploy OwnCA + include_tasks: deploy.yml + when: ownca_deploy + +- name: Create CA directory + file: + path: "{{ ownca_ca_path }}" + state: directory + +- name: Generate CA + command: + cmd: "{{ ownca_bin_path }} ca" + creates: "{{ ownca_ca_path }}/private/cakey.crt" + chdir: "{{ ownca_ca_path }}" + +- name: Generate certificate + command: + cmd: "{{ ownca_bin_path }} cert {{ ownca_cert_name }}" + creates: "{{ ownca_ca_path }}/{{ ownca_cert_name }}/{{ ownca_cert_name }}.crt" + chdir: "{{ ownca_ca_path }}" + when: ownca_cert_name is defined From 1f3cacc0aa9ccb7cefe8e69b105f4ed56e2e6d05 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Wed, 26 Jan 2022 09:52:22 +0100 Subject: [PATCH 2/2] add custom certs role --- roles/foreman_custom_certs/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 roles/foreman_custom_certs/tasks/main.yml diff --git a/roles/foreman_custom_certs/tasks/main.yml b/roles/foreman_custom_certs/tasks/main.yml new file mode 100644 index 000000000..a30f5ee00 --- /dev/null +++ b/roles/foreman_custom_certs/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: Create custom certs + include_role: + name: ownca + vars: + ownca_cert_name: "{{ ansible_fqdn }}" + +- name: Update Installer parameters + set_fact: + foreman_installer_options: "{{ (foreman_installer_options|default([])) + ['--certs-server-cert /opt/ownca/{{ ansible_fqdn }}/{{ ansible_fqdn }}.crt', '--certs-server-key /opt/ownca/{{ ansible_fqdn }}/{{ ansible_fqdn }}.key', '--certs-server-ca-cert /opt/ownca/cacert.crt'] }}"