Add role
This commit is contained in:
Arnaud GRESSE
parent
b9cce1be67
commit
e48f14003f
12 changed files with 350 additions and 6 deletions
143
roles/cfssl-server/tasks/main.yml
Normal file
143
roles/cfssl-server/tasks/main.yml
Normal file
|
|
@ -0,0 +1,143 @@
|
|||
- name: include pre_requisite.yml
|
||||
import_tasks: pre_requisite.yml
|
||||
|
||||
- name: Create cfssl user
|
||||
ansible.builtin.user:
|
||||
name: cfssl
|
||||
shell: /usr/sbin/nologin
|
||||
create_home: no
|
||||
home: '{{pki_dir}}'
|
||||
|
||||
- name: create pki dir
|
||||
file:
|
||||
path: '{{pki_dir}}'
|
||||
state: directory
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0700
|
||||
|
||||
- name: create pki csr dir
|
||||
file:
|
||||
path: '{{pki_dir}}/csr'
|
||||
state: directory
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0700
|
||||
|
||||
- name: create pki etc dir
|
||||
file:
|
||||
path: '{{pki_dir}}/etc'
|
||||
state: directory
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0700
|
||||
|
||||
- name: create pki data dir
|
||||
file:
|
||||
path: '{{pki_dir}}/data'
|
||||
state: directory
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0700
|
||||
|
||||
- name: create pki CA dir
|
||||
file:
|
||||
path: '{{pki_dir}}/CA'
|
||||
state: directory
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0700
|
||||
|
||||
- name: creating CA CSR json
|
||||
template:
|
||||
src: csr_ROOT_CA.json.j2
|
||||
dest: '{{pki_dir}}/csr/csr_ROOT_CA.json'
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0600
|
||||
|
||||
- name: creating Intermediate CA CSR json
|
||||
template:
|
||||
src: csr_intermediate_CA.json.j2
|
||||
dest: '{{pki_dir}}/csr/csr_intermediate_CA.json'
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0600
|
||||
|
||||
- name: creating config file
|
||||
template:
|
||||
src: cfssl.json.j2
|
||||
dest: '{{pki_dir}}/etc/cfssl.json'
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0600
|
||||
|
||||
- name: creating db config file
|
||||
template:
|
||||
src: db.json.j2
|
||||
dest: '{{pki_dir}}/etc/db.json'
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0600
|
||||
|
||||
- name: creating init sql file
|
||||
template:
|
||||
src: init.sql.j2
|
||||
dest: '{{pki_dir}}/data/init.sql'
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0600
|
||||
|
||||
- name: create certificate authority key pair and CSR, autosign it
|
||||
shell: '{{cfssl_bin_directory}}/cfssl gencert -initca {{pki_dir}}/csr/csr_ROOT_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca'
|
||||
args:
|
||||
chdir: '{{pki_dir}}/CA/'
|
||||
|
||||
- name: create intermediate certificate authority key pair and CSR, autosign it
|
||||
shell: '{{cfssl_bin_directory}}/cfssl gencert -ca {{pki_dir}}/CA/ca.pem -ca-key {{pki_dir}}/CA/ca-key.pem -config={{pki_dir}}/etc/cfssl.json -profile="intermediate_ca" {{pki_dir}}/csr/csr_intermediate_CA.json | {{cfssl_bin_directory}}/cfssljson -bare ca-server'
|
||||
args:
|
||||
chdir: '{{pki_dir}}/CA/'
|
||||
|
||||
- name: create sqlite3 database
|
||||
shell: 'cat {{pki_dir}}/data/init.sql | sqlite3 {{pki_dir}}/data/certdb.db'
|
||||
args:
|
||||
chdir: '{{pki_dir}}/CA/'
|
||||
|
||||
|
||||
- name: Change owner of ca-server.pem by cfssl
|
||||
ansible.builtin.file:
|
||||
path: '{{pki_dir}}/CA/ca-server.pem'
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0600
|
||||
|
||||
- name: Change owner of ca-server.pem by cfssl
|
||||
ansible.builtin.file:
|
||||
path: '{{pki_dir}}/CA/ca-server-key.pem'
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0600
|
||||
|
||||
- name: Change owner of certdb.db by cfssl
|
||||
ansible.builtin.file:
|
||||
path: '{{pki_dir}}/data/certdb.db'
|
||||
owner: cfssl
|
||||
group: cfssl
|
||||
mode: 0600
|
||||
|
||||
- name: Création du fichier de service /lib/systemd/system/cfssl.service
|
||||
ansible.builtin.template:
|
||||
src: cfssl.service.j2
|
||||
dest: /lib/systemd/system/cfssl.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name : Create firewall rules
|
||||
ansible.builtin.shell: 'firewall-cmd --zone=public --permanent --add-port=8888/tcp && firewall-cmd --reload'
|
||||
|
||||
- name: Démarrage et activation du service cfssl
|
||||
ansible.builtin.service:
|
||||
name: cfssl
|
||||
state: started
|
||||
enabled: true
|
||||
28
roles/cfssl-server/tasks/pre_requisite.yml
Normal file
28
roles/cfssl-server/tasks/pre_requisite.yml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
- name: Check if cfssl is already available
|
||||
stat:
|
||||
path: '{{cfssl_bin_directory}}/cfssl'
|
||||
register: cfssl_exist
|
||||
- name: Download statically linked cfssl binary
|
||||
get_url:
|
||||
url: https://github.com/cloudflare/cfssl/releases/download/v{{cfssl_version}}/cfssl_{{cfssl_version}}_linux_amd64
|
||||
dest: '{{cfssl_bin_directory}}/cfssl'
|
||||
mode: 0755
|
||||
when: cfssl_exist.stat.exists == false
|
||||
|
||||
- name: Check if cfssljson is already available
|
||||
stat:
|
||||
path: '{{cfssl_bin_directory}}/cfssljson'
|
||||
register: cfssljson_exist
|
||||
- name: Download statically linked cfssljson binary
|
||||
get_url:
|
||||
url: https://github.com/cloudflare/cfssl/releases/download/v{{cfssl_version}}/cfssljson_{{cfssl_version}}_linux_amd64
|
||||
dest: '{{cfssl_bin_directory}}/cfssljson'
|
||||
mode: 0755
|
||||
when: cfssljson_exist.stat.exists == false
|
||||
|
||||
- name: Install sqlite3
|
||||
ansible.builtin.package:
|
||||
name: sqlite3
|
||||
state: present
|
||||
update_cache : true
|
||||
Loading…
Add table
Add a link
Reference in a new issue