ansible/test/utils/docker/httptester/httptester.yml
Matt Martz 9048cf2758 Changes to the httptester docker image to support new client cert functionality in tests (#19912)
* Fix Dockerfile
* Add changes to docker image to support new client cert functionality
* Update repo:tag for docker
2017-01-04 21:07:13 -08:00

146 lines
4.7 KiB
YAML

---
- name: Configure httptester
hosts: all
vars:
os_packages:
apk:
- openssl
- py-pip
apt:
- openssl
- python-pip
yum:
- openssl
- python-pip
dnf:
- openssl
- python-pip
tasks:
- name: Check for nginx
stat:
path: /usr/sbin/nginx
register: nginx
- name: Install nginx
package:
name: nginx
update_cache: "{{ (ansible_pkg_mgr == 'dnf')|ternary(omit, 'yes') }}"
when: not nginx.stat.exists
- name: Install OS Packages
package:
name: "{{ item }}"
update_cache: "{{ (ansible_pkg_mgr == 'dnf')|ternary(omit, 'yes') }}"
with_items: "{{ os_packages[ansible_pkg_mgr] }}"
- name: Create cert directories
file:
path: "{{ item }}"
state: directory
with_items:
- /root/ca/certs
- /root/ca/private
- /root/ca/newcerts
- name: Set ca serial
copy:
dest: /root/ca/serial
content: 1000
- name: Create ca index
copy:
dest: /root/ca/index.txt
content: ""
- name: Check for /etc/pki/tls/openssl.cnf
stat:
path: /etc/pki/tls/openssl.cnf
register: etc_pki_tls_openssl
- name: Copy openssl.cnf to /etc/ssl
copy:
src: /etc/pki/tls/openssl.cnf
dest: /etc/ssl/openssl.cnf
remote_src: true
when: etc_pki_tls_openssl.stat.exists
- name: Update openssl ca path
replace:
dest: /etc/ssl/openssl.cnf
regexp: '(\./demoCA|/etc/pki/CA)'
replace: '/root/ca'
- name: Generate ca key
command: >
openssl req -new -x509 -days 3650 -nodes -extensions v3_ca -keyout /root/ca/private/cakey.pem -out /root/ca/cacert.pem
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=ansible.http.tests"
- name: Generate ansible.http.tests key
command: >
openssl req -new -nodes -out /root/ca/ansible.http.tests-req.pem -keyout /root/ca/private/ansible.http.tests-key.pem
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=ansible.http.tests"
- name: Generate ansible.http.tests cert
shell: >
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/ansible.http.tests-cert.pem -infiles /root/ca/ansible.http.tests-req.pem
- name: Generate sni1.ansible.http.tests key
command: >
openssl req -new -nodes -out /root/ca/sni1.ansible.http.tests-req.pem -keyout /root/ca/private/sni1.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=sni1.ansible.http.tests"
- name: Generate sni1.ansible.http.tests cert
shell: >
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/sni1.ansible.http.tests-cert.pem -infiles /root/ca/sni1.ansible.http.tests-req.pem
- name: Generate sni2.ansible.http.tests key
command: >
openssl req -new -nodes -out /root/ca/sni2.ansible.http.tests-req.pem -keyout /root/ca/private/sni2.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=sni2.ansible.http.tests"
- name: Generate sni2.ansible.http.tests cert
shell: >
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/sni2.ansible.http.tests-cert.pem -infiles /root/ca/sni2.ansible.http.tests-req.pem
- name: Generate client key
command: >
openssl req -new -nodes -out /root/ca/client.ansible.http.tests-req.pem -keyout /root/ca/private/client.ansible.http.tests-key.pem -config /etc/ssl/openssl.cnf
-subj "/C=US/ST=North Carolina/L=Durham/O=Ansible/CN=client.ansible.http.tests"
- name: Generate client.ansible.http.tests cert
shell: >
yes | openssl ca -config /etc/ssl/openssl.cnf -out /root/ca/client.ansible.http.tests-cert.pem -infiles /root/ca/client.ansible.http.tests-req.pem
- name: Copy cacert.pem into nginx doc root for easy retrieval
copy:
src: "/root/ca/cacert.pem"
dest: "/usr/share/nginx/html/cacert.pem"
remote_src: true
- copy:
src: /root/ca/client.ansible.http.tests-cert.pem
dest: /usr/share/nginx/html/client.pem
remote_src: true
- copy:
src: /root/ca/private/client.ansible.http.tests-key.pem
dest: /usr/share/nginx/html/client.key
remote_src: true
- name: Install gunicorn and httpbin
pip:
name: "{{ item }}"
with_items:
- gunicorn
- httpbin
- name: Copy services.sh script
copy:
src: services.sh
dest: /services.sh
mode: 0755
- name: Copy nginx sites configuration
copy:
src: nginx.sites.conf
dest: /etc/nginx/conf.d/default.conf