--- - name: Configure httptester hosts: all vars: os_packages: apk: - openssl - py-pip - ca-certificates - openssl-dev - python2-dev - libffi-dev - gcc - libstdc\+\+ - make - musl-dev apt: - openssl - python-pip - python-dev - libffi-dev yum: - openssl - python-pip - python-devel - gcc - libffi-devel dnf: - openssl - python-pip - python-devel - gcc - libffi-devel tasks: - name: Check for nginx stat: path: /usr/sbin/nginx register: nginx - name: Install nginx package: name: nginx update_cache: "{{ (ansible_pkg_mgr == 'dnf')|ternary(omit, 'yes') }}" when: not nginx.stat.exists - name: Install OS Packages package: name: "{{ os_packages[ansible_pkg_mgr] }}" update_cache: "{{ (ansible_pkg_mgr == 'dnf')|ternary(omit, 'yes') }}" - name: Symlink libstdc++ file: state: link src: /usr/lib/libstdc++.so.6 dest: /usr/lib/libstdc++.so when: ansible_pkg_mgr == 'apk' - name: Create cert directories file: path: "{{ item }}" state: directory with_items: - /root/ca/certs - /root/ca/private - /root/ca/newcerts - name: Set ca serial copy: dest: /root/ca/serial content: 1000 - name: Create ca index copy: dest: /root/ca/index.txt content: "" - name: Check for /etc/pki/tls/openssl.cnf stat: path: /etc/pki/tls/openssl.cnf register: etc_pki_tls_openssl - name: Copy openssl.cnf to /etc/ssl copy: src: /etc/pki/tls/openssl.cnf dest: /etc/ssl/openssl.cnf remote_src: true when: etc_pki_tls_openssl.stat.exists - name: Update openssl ca path replace: dest: /etc/ssl/openssl.cnf regexp: '(\./demoCA|/etc/pki/CA)' replace: '/root/ca' - name: Generate ca key command: > openssl req -new -x509 -days 3650 -nodes -extensions v3_ca -keyout /root/ca/private/cakey.pem -out /root/ca/cacert.pem -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=ansible.http.tests" - name: Generate ansible.http.tests key command: > openssl req -new -nodes -out /root/ca/ansible.http.tests-req.pem -keyout /root/ca/private/ansible.http.tests-key.pem -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=ansible.http.tests" - name: Generate ansible.http.tests cert shell: > yes | openssl ca -config /etc/ssl/openssl.cnf -days 3650 -out /root/ca/ansible.http.tests-cert.pem -infiles /root/ca/ansible.http.tests-req.pem - name: Generate sni1.ansible.http.tests key command: > openssl req -new -nodes -out /root/ca/sni1.ansible.http.tests-req.pem -keyout /root/ca/private/sni1.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=sni1.ansible.http.tests" - name: Generate sni1.ansible.http.tests cert shell: > yes | openssl ca -config /etc/ssl/openssl.cnf -days 3650 -out /root/ca/sni1.ansible.http.tests-cert.pem -infiles /root/ca/sni1.ansible.http.tests-req.pem - name: Generate sni2.ansible.http.tests key command: > openssl req -new -nodes -out /root/ca/sni2.ansible.http.tests-req.pem -keyout /root/ca/private/sni2.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=sni2.ansible.http.tests" - name: Generate sni2.ansible.http.tests cert shell: > yes | openssl ca -config /etc/ssl/openssl.cnf -days 3650 -out /root/ca/sni2.ansible.http.tests-cert.pem -infiles /root/ca/sni2.ansible.http.tests-req.pem - name: Generate client key command: > openssl req -new -nodes -out /root/ca/client.ansible.http.tests-req.pem -keyout /root/ca/private/client.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf -subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=client.ansible.http.tests" - name: Generate client.ansible.http.tests cert shell: > yes | openssl ca -config /etc/ssl/openssl.cnf -days 3650 -out /root/ca/client.ansible.http.tests-cert.pem -infiles /root/ca/client.ansible.http.tests-req.pem - name: Copy cacert.pem into nginx doc root for easy retrieval copy: src: "/root/ca/cacert.pem" dest: "/usr/share/nginx/html/cacert.pem" remote_src: true - copy: src: /root/ca/client.ansible.http.tests-cert.pem dest: /usr/share/nginx/html/client.pem remote_src: true - copy: src: /root/ca/private/client.ansible.http.tests-key.pem dest: /usr/share/nginx/html/client.key remote_src: true - name: Install gunicorn and httpbin pip: name: "{{ item.name }}" version: "{{ item.version|default(omit) }}" with_items: - name: gunicorn - name: httpbin version: '0.6.2' - name: Copy services.sh script copy: src: "{{ playbook_dir }}/services.sh" dest: /services.sh mode: 0755 - name: Copy nginx sites configuration copy: src: nginx.sites.conf dest: /etc/nginx/conf.d/default.conf