cfssl-server-role/tasks/main.yml

- name: include pre_requisite.yml
  import_tasks: pre_requisite.yml

- name: Create cfssl user
  ansible.builtin.user:
    name: cfssl
    shell: /usr/sbin/nologin
    create_home: no
    home: '{{pki_dir}}'

- name: create pki dir
  file:
    path: '{{pki_dir}}'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: create pki csr dir
  file:
    path: '{{pki_dir}}/csr'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: create pki etc dir
  file:
    path: '{{pki_dir}}/etc'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: create pki data dir
  file:
    path: '{{pki_dir}}/data'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: create pki CA dir
  file:
    path: '{{pki_dir}}/CA'
    state: directory
    owner: cfssl
    group: cfssl
    mode: 0700

- name: creating CA CSR json
  template:
    src: csr_ROOT_CA.json.j2
    dest: '{{pki_dir}}/csr/csr_ROOT_CA.json'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: creating Intermediate CA CSR json
  template:
    src: csr_intermediate_CA.json.j2
    dest: '{{pki_dir}}/csr/csr_intermediate_CA.json'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: creating config file
  template:
    src: cfssl.json.j2
    dest: '{{pki_dir}}/etc/cfssl.json'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: creating db config file
  template:
    src: db.json.j2
    dest: '{{pki_dir}}/etc/db.json'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: creating init sql file
  template:
    src: init.sql.j2
    dest: '{{pki_dir}}/data/init.sql'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: create certificate authority key pair and CSR, autosign it
  shell: '{{cfssl_bin_directory}}/cfssl gencert -initca {{pki_dir}}/csr/csr_ROOT_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca'
  args:
    chdir: '{{pki_dir}}/CA/'
    creates: '{{pki_dir}}/CA/ca-key.pem'

- name: create intermediate certificate authority key pair and CSR, autosign it
  shell: '{{cfssl_bin_directory}}/cfssl gencert -ca {{pki_dir}}/CA/ca.pem -ca-key {{pki_dir}}/CA/ca-key.pem -config={{pki_dir}}/etc/cfssl.json -profile="intermediate_ca" {{pki_dir}}/csr/csr_intermediate_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca-server'
  args:
    chdir: '{{pki_dir}}/CA/'
    creates: '{{pki_dir}}/CA/ca-server-key.pem'

- name: create sqlite3 database
  shell: 'cat {{pki_dir}}/data/init.sql | sqlite3 {{pki_dir}}/data/certdb.db'
  args:
    chdir: '{{pki_dir}}/CA/'
    creates: '{{pki_dir}}/data/certdb.db'


- name: Change owner of ca-server.pem by cfssl
  ansible.builtin.file:
    path: '{{pki_dir}}/CA/ca-server.pem'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: Change owner of ca-server.pem by cfssl
  ansible.builtin.file:
    path: '{{pki_dir}}/CA/ca-server-key.pem'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: Change owner of certdb.db by cfssl
  ansible.builtin.file:
    path: '{{pki_dir}}/data/certdb.db'
    owner: cfssl
    group: cfssl
    mode: 0600

- name: Création du fichier de service /lib/systemd/system/cfssl.service
  ansible.builtin.template:
    src: cfssl.service.j2
    dest: /lib/systemd/system/cfssl.service
    owner: root
    group: root
    mode: 0644

- name : Create firewall rules
  ansible.builtin.shell: 'firewall-cmd --zone=public --permanent --add-port=8888/tcp && firewall-cmd --reload'

- name: Démarrage et activation du service cfssl
  ansible.builtin.service:
    name: cfssl
    state: started
    enabled: true
Add role 2022-12-16 16:51:39 +00:00			`- name: include pre_requisite.yml`
			`import_tasks: pre_requisite.yml`

			`- name: Create cfssl user`
			`ansible.builtin.user:`
			`name: cfssl`
			`shell: /usr/sbin/nologin`
			`create_home: no`
			`home: '{{pki_dir}}'`

			`- name: create pki dir`
			`file:`
			`path: '{{pki_dir}}'`
			`state: directory`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0700`

			`- name: create pki csr dir`
			`file:`
			`path: '{{pki_dir}}/csr'`
			`state: directory`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0700`

			`- name: create pki etc dir`
			`file:`
			`path: '{{pki_dir}}/etc'`
			`state: directory`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0700`

			`- name: create pki data dir`
			`file:`
			`path: '{{pki_dir}}/data'`
			`state: directory`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0700`

			`- name: create pki CA dir`
			`file:`
			`path: '{{pki_dir}}/CA'`
			`state: directory`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0700`

			`- name: creating CA CSR json`
			`template:`
			`src: csr_ROOT_CA.json.j2`
			`dest: '{{pki_dir}}/csr/csr_ROOT_CA.json'`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0600`

			`- name: creating Intermediate CA CSR json`
			`template:`
			`src: csr_intermediate_CA.json.j2`
			`dest: '{{pki_dir}}/csr/csr_intermediate_CA.json'`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0600`

			`- name: creating config file`
			`template:`
			`src: cfssl.json.j2`
			`dest: '{{pki_dir}}/etc/cfssl.json'`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0600`

			`- name: creating db config file`
			`template:`
			`src: db.json.j2`
			`dest: '{{pki_dir}}/etc/db.json'`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0600`

			`- name: creating init sql file`
			`template:`
			`src: init.sql.j2`
			`dest: '{{pki_dir}}/data/init.sql'`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0600`

			`- name: create certificate authority key pair and CSR, autosign it`
			`shell: '{{cfssl_bin_directory}}/cfssl gencert -initca {{pki_dir}}/csr/csr_ROOT_CA.json \| {{cfssl_bin_directory}}/cfssljson -bare ca'`
			`args:`
			`chdir: '{{pki_dir}}/CA/'`
fix role 2022-12-21 19:51:34 +00:00			`creates: '{{pki_dir}}/CA/ca-key.pem'`
Add role 2022-12-16 16:51:39 +00:00
			`- name: create intermediate certificate authority key pair and CSR, autosign it`
			`shell: '{{cfssl_bin_directory}}/cfssl gencert -ca {{pki_dir}}/CA/ca.pem -ca-key {{pki_dir}}/CA/ca-key.pem -config={{pki_dir}}/etc/cfssl.json -profile="intermediate_ca" {{pki_dir}}/csr/csr_intermediate_CA.json \| {{cfssl_bin_directory}}/cfssljson -bare ca-server'`
			`args:`
			`chdir: '{{pki_dir}}/CA/'`
fix role 2022-12-21 19:51:34 +00:00			`creates: '{{pki_dir}}/CA/ca-server-key.pem'`
Add role 2022-12-16 16:51:39 +00:00
			`- name: create sqlite3 database`
			`shell: 'cat {{pki_dir}}/data/init.sql \| sqlite3 {{pki_dir}}/data/certdb.db'`
			`args:`
			`chdir: '{{pki_dir}}/CA/'`
fix role 2022-12-21 19:51:34 +00:00			`creates: '{{pki_dir}}/data/certdb.db'`
Add role 2022-12-16 16:51:39 +00:00

			`- name: Change owner of ca-server.pem by cfssl`
			`ansible.builtin.file:`
			`path: '{{pki_dir}}/CA/ca-server.pem'`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0600`

			`- name: Change owner of ca-server.pem by cfssl`
			`ansible.builtin.file:`
			`path: '{{pki_dir}}/CA/ca-server-key.pem'`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0600`

			`- name: Change owner of certdb.db by cfssl`
			`ansible.builtin.file:`
			`path: '{{pki_dir}}/data/certdb.db'`
			`owner: cfssl`
			`group: cfssl`
			`mode: 0600`

			`- name: Création du fichier de service /lib/systemd/system/cfssl.service`
			`ansible.builtin.template:`
			`src: cfssl.service.j2`
			`dest: /lib/systemd/system/cfssl.service`
			`owner: root`
			`group: root`
			`mode: 0644`

			`- name : Create firewall rules`
			`ansible.builtin.shell: 'firewall-cmd --zone=public --permanent --add-port=8888/tcp && firewall-cmd --reload'`

			`- name: Démarrage et activation du service cfssl`
			`ansible.builtin.service:`
			`name: cfssl`
			`state: started`
			`enabled: true`