Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

try and deal with name scoping some more

Browse source
This commit is contained in:
Kevin Fenzi 2018-04-05 20:48:29 +00:00
parent 066c97690e
commit c7f95e7c9e
6 changed files with 32 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

4
playbooks/groups/batcave.yml
View file

@ -26,7 +26,9 @@
- rsyncd
- apache
- httpd/mod_ssl
- { role: httpd/certificate, name: "{{wildcard_cert_name}}", SSLCertificateChainFile: "{{wildcard_int_file}}" }
- role: httpd/certificate
certname: "{{wildcard_cert_name}}"
SSLCertificateChainFile: "{{wildcard_int_file}}"
- openvpn/client
- batcave

2
playbooks/groups/people.yml
View file

@ -75,7 +75,7 @@
- role: apache
- role: httpd/certificate
name: wildcard-2017.fedorapeople.org
certname: wildcard-2017.fedorapeople.org
SSLCertificateChainFile: wildcard-2017.fedorapeople.org.intermediate.cert
- people

11
playbooks/groups/secondary.yml
View file

@ -37,15 +37,16 @@
- role: httpd/mod_ssl
- role: httpd/certificate
name: "{{wildcard_cert_name}}"
certname: "{{wildcard_cert_name}}"
SSLCertificateChainFile: "{{wildcard_int_file}}"
- role: httpd/website
name: secondary.fedoraproject.org
cert_name: "{{wildcard_cert_name}}"
- { role: httpd/website
vars:
- name: secondary.fedoraproject.org
- cert_name: "{{wildcard_cert_name}}"
server_aliases:
- archive.fedoraproject.org
- archives.fedoraproject.org
- archives.fedoraproject.org }
tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
- import_tasks: "{{ tasks_path }}/2fa_client.yml"

9
playbooks/groups/torrent.yml
View file

@ -26,13 +26,10 @@
- role: httpd/mod_ssl
- role: httpd/certificate
name: "{{wildcard_cert_name}}"
SSLCertificateChainFile: "{{wildcard_int_file}}"
certname: "{{wildcard_cert_name}}"
SSLCertificateChainFile: "{{wildcard_int_file}}"}}
- role: httpd/website
name: torrent.fedoraproject.org
cert_name: "{{wildcard_cert_name}}"
sslonly: true
- {role: httpd/website, vars: {name: torrent.fedoraproject.org, cert_name: "{{wildcard_cert_name}}", sslonly: true}}
tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"

30
playbooks/include/proxies-certificates.yml
View file

@ -16,72 +16,72 @@
- role: httpd/mod_ssl
- role: httpd/certificate
name: wildcard-2017.fedoraproject.org
certname: wildcard-2017.fedoraproject.org
SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
- role: httpd/certificate
name: wildcard-2017.fedorahosted.org
certname: wildcard-2017.fedorahosted.org
SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
- role: httpd/certificate
name: wildcard-2017.id.fedoraproject.org
certname: wildcard-2017.id.fedoraproject.org
SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert
- role: httpd/certificate
name: wildcard-2017.stg.fedoraproject.org
certname: wildcard-2017.stg.fedoraproject.org
SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
when: env == "staging"
- role: httpd/certificate
name: wildcard-2017.app.os.stg.fedoraproject.org
certname: wildcard-2017.app.os.stg.fedoraproject.org
SSLCertificateChainFile: wildcard-2017.app.os.stg.fedoraproject.org.intermediate.cert
when: env == "staging"
tags:
- app.os.fedoraproject.org
- role: httpd/certificate
name: wildcard-2017.app.os.fedoraproject.org
certname: wildcard-2017.app.os.fedoraproject.org
SSLCertificateChainFile: wildcard-2017.app.os.fedoraproject.org.intermediate.cert
tags:
- app.os.fedoraproject.org
- role: httpd/certificate
name: fedoramagazine.org
certname: fedoramagazine.org
SSLCertificateChainFile: fedoramagazine.org.intermediate.cert
- role: httpd/certificate
name: fpaste.org
certname: fpaste.org
SSLCertificateChainFile: fpaste.org.intermediate.cert
- role: httpd/certificate
name: getfedora.org
certname: getfedora.org
SSLCertificateChainFile: getfedora.org.intermediate.cert
- role: httpd/certificate
name: flocktofedora.org
certname: flocktofedora.org
SSLCertificateChainFile: flocktofedora.org.intermediate.cert
- role: httpd/certificate
name: qa.stg.fedoraproject.org
certname: qa.stg.fedoraproject.org
SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
when: env == "staging"
- role: httpd/certificate
name: qa.fedoraproject.org
certname: qa.fedoraproject.org
SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
- role: httpd/certificate
name: secondary.koji.fedoraproject.org.letsencrypt
certname: secondary.koji.fedoraproject.org.letsencrypt
SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt
- role: httpd/certificate
name: whatcanidoforfedora.org
certname: whatcanidoforfedora.org
SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt
tags:
- whatcanidoforfedora.org
- role: httpd/certificate
name: fedoracommunity.org
certname: fedoracommunity.org
SSLCertificateChainFile: fedoracommunity.org.intermediate.cert
tags:
- fedoracommunity.org

8
roles/httpd/certificate/tasks/main.yml
View file

@ -18,7 +18,7 @@
- httpd
- httpd/certificate
- name: Copy {{name}}.cert
- name: Copy {{certname}}.cert
copy: >
src={{item}}
dest=/etc/pki/tls/certs/{{item | basename}}
@ -27,14 +27,14 @@
mode=0644
with_first_found:
- "{{private}}/files/httpd/{{cert}}.cert"
- "{{private}}/files/httpd/{{name}}.cert"
- "{{private}}/files/httpd/{{certname}}.cert"
notify:
- reload proxyhttpd
tags:
- httpd
- httpd/certificate
- name: Copy {{name}}.key
- name: Copy {{certname}}.key
copy: >
src={{item}}
dest=/etc/pki/tls/private/{{item | basename}}
@ -43,7 +43,7 @@
mode=0600
with_first_found:
- "{{private}}/files/httpd/{{key}}.key"
- "{{private}}/files/httpd/{{name}}.key"
- "{{private}}/files/httpd/{{certname}}.key"
notify:
- reload proxyhttpd
tags: