From 740968eac912a4cfe7059880eabb6a34e65ee2ea Mon Sep 17 00:00:00 2001 From: Pavlov Makar Date: Sun, 8 Jun 2025 02:55:09 +0300 Subject: [PATCH] Refactor anislbe role * Divide tasks to different files --- roles/rproxy/tasks/addconfig.yml | 44 ++++ roles/rproxy/tasks/docker.yml | 33 +++ roles/rproxy/tasks/dockerrepo.yml | 64 ++++++ roles/rproxy/tasks/main.yml | 263 +++-------------------- roles/rproxy/tasks/repo.yml | 50 +++++ roles/rproxy/tasks/rproxy.yml | 46 ++++ roles/rproxy/templates/dockerrepo.cnf.j2 | 14 +- roles/rproxy/templates/repo.cnf.j2 | 14 +- roles/rproxy/templates/server.cnf.j2 | 12 +- roles/rproxy/templates/server.conf.j2 | 8 +- roles/rproxy/vars/main.yml | 5 + rproxy.yml | 4 - 12 files changed, 299 insertions(+), 258 deletions(-) create mode 100644 roles/rproxy/tasks/addconfig.yml create mode 100644 roles/rproxy/tasks/docker.yml create mode 100644 roles/rproxy/tasks/dockerrepo.yml create mode 100644 roles/rproxy/tasks/repo.yml create mode 100644 roles/rproxy/tasks/rproxy.yml create mode 100644 roles/rproxy/vars/main.yml diff --git a/roles/rproxy/tasks/addconfig.yml b/roles/rproxy/tasks/addconfig.yml new file mode 100644 index 0000000..4735146 --- /dev/null +++ b/roles/rproxy/tasks/addconfig.yml @@ -0,0 +1,44 @@ +--- +- name: Create configs + block: + - name: Copy server.conf + ansible.builtin.template: + src: templates/server.conf.j2 + dest: "{{ rproxy_dir }}/sites/{{ rproxy_service_name }}.conf" + + - name: Copy server certificate cnf + ansible.builtin.template: + src: templates/server.cnf.j2 + dest: '{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf' + + - name: Generate server key + ansible.builtin.shell: + cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.key 2048' + + - name: Generate server csr + ansible.builtin.shell: + cmd: 'openssl req -key {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.key -new -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr -config {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf' + + - name: Sign server certificate + ansible.builtin.shell: + cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf -days 365 -extensions v3_x509' + + - name: Create fullchain certificate + ansible.builtin.shell: + cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.crt' + + - name: Delete csr + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr" + state: absent + + - name: Delete cnf + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf" + state: absent + + - name: Restart rproxy + community.docker.docker_compose: + project_src: "{{ rproxy_dir }}" + build: false + restarted: true diff --git a/roles/rproxy/tasks/docker.yml b/roles/rproxy/tasks/docker.yml new file mode 100644 index 0000000..576c7ac --- /dev/null +++ b/roles/rproxy/tasks/docker.yml @@ -0,0 +1,33 @@ +--- +- name: Install python3.11 + ansible.builtin.yum: + name: + - python3.11 + - python3.11-setuptools + - python3.11-pip + update_cache: yes + +- name: Change default python3 to v3.11 + ansible.builtin.alternatives: + name: python3 + path: /usr/bin/python3.11 + +- name: Upgrade pip + ansible.builtin.pip: + name: pip + state: latest + executable: pip3 + +- name: Install docker + ansible.builtin.pip: + name: + - docker + - docker-compose + +- name: Enable docker (RHEL) + ansible.builtin.systemd: + name: docker + state: restarted + enabled: true + daemon_reload: true + when: ansible_facts['os_family'] == "RedHat" \ No newline at end of file diff --git a/roles/rproxy/tasks/dockerrepo.yml b/roles/rproxy/tasks/dockerrepo.yml new file mode 100644 index 0000000..2bd792c --- /dev/null +++ b/roles/rproxy/tasks/dockerrepo.yml @@ -0,0 +1,64 @@ +--- +- name: Create docker repository + block: + - name: Remove dockerrepo dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}" + state: absent + + - name: Create dockerrepo dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}" + state: directory + + - name: Create repo dir + ansible.builtin.file: + path: "{{ dockerrepo_data_dir }}" + state: directory + + - name: Create certs dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs" + state: directory + + - name: Copy docker-compose + ansible.builtin.template: + src: templates/docker-compose.dockerrepo.yml.j2 + dest: "{{ dockerrepo_dir }}/docker-compose.yml" + + - name: Copy dockerrepo certificate cnf + ansible.builtin.template: + src: templates/dockerrepo.cnf.j2 + dest: '{{ dockerrepo_dir }}/certs/dockerrepo.cnf' + + - name: Generate dockerrepo certificate key + ansible.builtin.shell: + cmd: 'openssl genrsa -out {{ dockerrepo_dir }}/certs/dockerrepo.key 2048' + + - name: Generate dockerrepo csr + ansible.builtin.shell: + cmd: 'openssl req -key {{ dockerrepo_dir }}/certs/dockerrepo.key -new -out {{ dockerrepo_dir }}/certs/dockerrepo.csr -config {{ dockerrepo_dir }}/certs/dockerrepo.cnf' + + - name: Sign dockerrepo certificate + ansible.builtin.shell: + cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ dockerrepo_dir }}/certs/dockerrepo.csr -out {{ dockerrepo_dir }}/certs/dockerrepo.crt -CAcreateserial -extfile {{ dockerrepo_dir }}/certs/dockerrepo.cnf -days 365 -extensions v3_x509' + + - name: Create fullchain certificate + ansible.builtin.shell: + cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ dockerrepo_dir }}/certs/dockerrepo.crt' + + - name: Delete csr + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs/dockerrepo.csr" + state: absent + + - name: Delete cnf + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs/dockerrepo.cnf" + state: absent + + - name: Restart rproxy + community.docker.docker_compose: + project_src: "{{ dockerrepo_dir }}" + build: false + restarted: true \ No newline at end of file diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 69560c9..ff16ac7 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -1,237 +1,40 @@ --- -- name: Get domain - ansible.builtin.shell: - cmd: hostname -d - register: domain +- name: Docker install + ansible.builtin.include_tasks: + file: docker.yml + apply: + tags: install tags: - - install - - add_config + - install -- name: Get IP address - ansible.builtin.shell: - cmd: hostname -I | awk '{print $1}' - register: IP +- name: Rproxy install + ansible.builtin.include_tasks: + file: rproxy.yml + apply: + tags: install tags: - - install + - install -- name: Install docker - ansible.builtin.shell: - cmd: "curl -fsSL https://get.docker.com | sh" +- name: Repo install + ansible.builtin.include_tasks: + file: repo.yml + apply: + tags: install + tags: + - install -- name: Enable docker (RHEL) - ansible.builtin.systemd: - name: docker - state: restarted - enabled: true - daemon_reload: true - when: ansible_facts['os_family'] == "RedHat" - tags: install - -- name: Install rproxy - block: - - name: Remove rproxy dir - ansible.builtin.file: - path: "{{ rproxy_dir }}" - state: absent - - - name: Create rproxy dir - ansible.builtin.file: - path: "{{ rproxy_dir }}" - state: directory - - - name: Create sites dir - ansible.builtin.file: - path: "{{ rproxy_dir }}/sites" - state: directory - - - name: Create certs dir - ansible.builtin.file: - path: "{{ rproxy_dir }}/certs" - state: directory - - - name: Copy docker-compose - ansible.builtin.template: - src: templates/docker-compose.rproxy.yml.j2 - dest: "{{ rproxy_dir }}/docker-compose.yml" - - - name: Copy nginx.conf - ansible.builtin.copy: - src: files/nginx.conf - dest: "{{ rproxy_dir }}/nginx.conf" - - - name: Copy RootCA certificate - ansible.builtin.copy: - src: files/RootCA.crt - dest: '{{ rproxy_dir }}/certs/RootCA.crt' - - - name: Copy RootCA key - ansible.builtin.copy: - src: files/RootCA.key - dest: '{{ rproxy_dir }}/certs/RootCA.key' - - - name: Start rproxy - community.docker.docker_compose: - project_src: "{{ rproxy_dir }}" - tags: install - -- name: Create https repository - block: - - name: Create repo dir - ansible.builtin.file: - path: "{{ repo_data_dir }}" - state: directory - mode: 0777 - - - name: Copy repo.conf - ansible.builtin.copy: - src: files/repo.conf - dest: "{{ rproxy_dir }}/sites/repo.conf" - - - name: Copy repo certificate cnf - ansible.builtin.template: - src: templates/repo.cnf.j2 - dest: '{{ rproxy_dir }}/certs/repo.cnf' - - - name: Generate repo certificate key - ansible.builtin.shell: - cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/repo.key 2048' - - - name: Generate server csr - ansible.builtin.shell: - cmd: 'openssl req -key {{ rproxy_dir }}/certs/repo.key -new -out {{ rproxy_dir }}/certs/repo.csr -config {{ rproxy_dir }}/certs/repo.cnf' - - - name: Sign server certificate - ansible.builtin.shell: - cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/repo.csr -out {{ rproxy_dir }}/certs/repo.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/repo.cnf -days 365 -extensions v3_x509' - - - name: Create fullchain certificate - ansible.builtin.shell: - cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/repo.crt' - - - name: Delete csr - ansible.builtin.file: - path: "{{ rproxy_dir }}/certs/repo.csr" - state: absent - - - name: Delete cnf - ansible.builtin.file: - path: "{{ rproxy_dir }}/certs/repo.cnf" - state: absent - - - name: Restart rproxy - community.docker.docker_compose: - project_src: "{{ rproxy_dir }}" - build: false - restarted: true - tags: install - -- name: Create docker repository - block: - - name: Remove dockerrepo dir - ansible.builtin.file: - path: "{{ dockerrepo_dir }}" - state: absent - - - name: Create dockerrepo dir - ansible.builtin.file: - path: "{{ dockerrepo_dir }}" - state: directory - - - name: Create repo dir - ansible.builtin.file: - path: "{{ dockerrepo_data_dir }}" - state: directory - - - name: Create certs dir - ansible.builtin.file: - path: "{{ dockerrepo_dir }}/certs" - state: directory - - - name: Copy docker-compose - ansible.builtin.template: - src: templates/docker-compose.dockerrepo.yml.j2 - dest: "{{ dockerrepo_dir }}/docker-compose.yml" - - - name: Copy dockerrepo certificate cnf - ansible.builtin.template: - src: templates/dockerrepo.cnf.j2 - dest: '{{ dockerrepo_dir }}/certs/dockerrepo.cnf' - - - name: Generate dockerrepo certificate key - ansible.builtin.shell: - cmd: 'openssl genrsa -out {{ dockerrepo_dir }}/certs/dockerrepo.key 2048' - - - name: Generate dockerrepo csr - ansible.builtin.shell: - cmd: 'openssl req -key {{ dockerrepo_dir }}/certs/dockerrepo.key -new -out {{ dockerrepo_dir }}/certs/dockerrepo.csr -config {{ dockerrepo_dir }}/certs/dockerrepo.cnf' - - - name: Sign dockerrepo certificate - ansible.builtin.shell: - cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ dockerrepo_dir }}/certs/dockerrepo.csr -out {{ dockerrepo_dir }}/certs/dockerrepo.crt -CAcreateserial -extfile {{ dockerrepo_dir }}/certs/dockerrepo.cnf -days 365 -extensions v3_x509' - - - name: Create fullchain certificate - ansible.builtin.shell: - cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ dockerrepo_dir }}/certs/dockerrepo.crt' - - - name: Delete csr - ansible.builtin.file: - path: "{{ dockerrepo_dir }}/certs/dockerrepo.csr" - state: absent - - - name: Delete cnf - ansible.builtin.file: - path: "{{ dockerrepo_dir }}/certs/dockerrepo.cnf" - state: absent - - - name: Restart rproxy - community.docker.docker_compose: - project_src: "{{ dockerrepo_dir }}" - build: false - restarted: true - tags: install - -- name: Create configs - block: - - name: Copy server.conf - ansible.builtin.template: - src: templates/server.conf.j2 - dest: "{{ rproxy_dir }}/sites/{{ rproxy_service_name }}.conf" - - - name: Copy server certificate cnf - ansible.builtin.template: - src: templates/server.cnf.j2 - dest: '{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf' - - - name: Generate server key - ansible.builtin.shell: - cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.key 2048' - - - name: Generate server csr - ansible.builtin.shell: - cmd: 'openssl req -key {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.key -new -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr -config {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf' - - - name: Sign server certificate - ansible.builtin.shell: - cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf -days 365 -extensions v3_x509' - - - name: Create fullchain certificate - ansible.builtin.shell: - cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.crt' - - - name: Delete csr - ansible.builtin.file: - path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr" - state: absent - - - name: Delete cnf - ansible.builtin.file: - path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf" - state: absent - - - name: Restart rproxy - community.docker.docker_compose: - project_src: "{{ rproxy_dir }}" - build: false - restarted: true - tags: add_config +- name: Docker repo install + ansible.builtin.include_tasks: + file: dockerrepo.yml + apply: + tags: install + tags: + - install +- name: Add config + ansible.builtin.include_tasks: + file: addconfig.yml + apply: + tags: add_config + tags: + - add_config \ No newline at end of file diff --git a/roles/rproxy/tasks/repo.yml b/roles/rproxy/tasks/repo.yml new file mode 100644 index 0000000..8b0be4c --- /dev/null +++ b/roles/rproxy/tasks/repo.yml @@ -0,0 +1,50 @@ +--- +- name: Create https repository + block: + - name: Create repo dir + ansible.builtin.file: + path: "{{ repo_data_dir }}" + state: directory + mode: 0777 + + - name: Copy repo.conf + ansible.builtin.copy: + src: files/repo.conf + dest: "{{ rproxy_dir }}/sites/repo.conf" + + - name: Copy repo certificate cnf + ansible.builtin.template: + src: templates/repo.cnf.j2 + dest: '{{ rproxy_dir }}/certs/repo.cnf' + + - name: Generate repo certificate key + ansible.builtin.shell: + cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/repo.key 2048' + + - name: Generate server csr + ansible.builtin.shell: + cmd: 'openssl req -key {{ rproxy_dir }}/certs/repo.key -new -out {{ rproxy_dir }}/certs/repo.csr -config {{ rproxy_dir }}/certs/repo.cnf' + + - name: Sign server certificate + ansible.builtin.shell: + cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/repo.csr -out {{ rproxy_dir }}/certs/repo.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/repo.cnf -days 365 -extensions v3_x509' + + - name: Create fullchain certificate + ansible.builtin.shell: + cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/repo.crt' + + - name: Delete csr + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs/repo.csr" + state: absent + + - name: Delete cnf + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs/repo.cnf" + state: absent + + - name: Restart rproxy + community.docker.docker_compose: + project_src: "{{ rproxy_dir }}" + build: false + restarted: true \ No newline at end of file diff --git a/roles/rproxy/tasks/rproxy.yml b/roles/rproxy/tasks/rproxy.yml new file mode 100644 index 0000000..ad40481 --- /dev/null +++ b/roles/rproxy/tasks/rproxy.yml @@ -0,0 +1,46 @@ +--- +- name: Install rproxy + block: + - name: Remove rproxy dir + ansible.builtin.file: + path: "{{ rproxy_dir }}" + state: absent + + - name: Create rproxy dir + ansible.builtin.file: + path: "{{ rproxy_dir }}" + state: directory + + - name: Create sites dir + ansible.builtin.file: + path: "{{ rproxy_dir }}/sites" + state: directory + + - name: Create certs dir + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs" + state: directory + + - name: Copy docker-compose + ansible.builtin.template: + src: templates/docker-compose.rproxy.yml.j2 + dest: "{{ rproxy_dir }}/docker-compose.yml" + + - name: Copy nginx.conf + ansible.builtin.copy: + src: files/nginx.conf + dest: "{{ rproxy_dir }}/nginx.conf" + + - name: Copy RootCA certificate + ansible.builtin.copy: + src: files/RootCA.crt + dest: '{{ rproxy_dir }}/certs/RootCA.crt' + + - name: Copy RootCA key + ansible.builtin.copy: + src: files/RootCA.key + dest: '{{ rproxy_dir }}/certs/RootCA.key' + + - name: Start rproxy + community.docker.docker_compose: + project_src: "{{ rproxy_dir }}" \ No newline at end of file diff --git a/roles/rproxy/templates/dockerrepo.cnf.j2 b/roles/rproxy/templates/dockerrepo.cnf.j2 index 0167769..09cf6e5 100644 --- a/roles/rproxy/templates/dockerrepo.cnf.j2 +++ b/roles/rproxy/templates/dockerrepo.cnf.j2 @@ -1,18 +1,18 @@ [ req ] prompt = no -distinguished_name = dockerrepo.{{ domain.stdout }} +distinguished_name = dockerrepo.{{ ansible_domain }} req_extensions = v3_req x509_extensions = v3_x509 -[ dockerrepo.{{ domain.stdout }} ] +[ dockerrepo.{{ ansible_domain }} ] countryName = RU stateOrProvinceName = RU localityName = MSK -organizationName = {{ domain.stdout }} +organizationName = {{ ansible_domain }} organizationalUnitName = IT -commonName = dockerrepo.{{ domain.stdout }} -emailAddress = admin@{{ domain.stdout }} +commonName = dockerrepo.{{ ansible_domain }} +emailAddress = admin@{{ ansible_domain }} [ v3_req ] basicConstraints = CA:false @@ -25,5 +25,5 @@ keyUsage = digitalSignature, keyEncipherment subjectAltName = @sans [ sans ] -DNS.1 = dockerrepo.{{ domain.stdout }} -IP.1 = {{ IP.stdout }} \ No newline at end of file +DNS.1 = dockerrepo.{{ ansible_domain }} +IP.1 = {{ {{ ansible_facts['default_ipv4']['address'] }} }} \ No newline at end of file diff --git a/roles/rproxy/templates/repo.cnf.j2 b/roles/rproxy/templates/repo.cnf.j2 index 515937e..0a44d46 100644 --- a/roles/rproxy/templates/repo.cnf.j2 +++ b/roles/rproxy/templates/repo.cnf.j2 @@ -1,18 +1,18 @@ [ req ] prompt = no -distinguished_name = repo.{{ domain.stdout }} +distinguished_name = repo.{{ ansible_domain }} req_extensions = v3_req x509_extensions = v3_x509 -[ repo.{{ domain.stdout }} ] +[ repo.{{ ansible_domain }} ] countryName = RU stateOrProvinceName = RU localityName = MSK -organizationName = {{ domain.stdout }} +organizationName = {{ ansible_domain }} organizationalUnitName = IT -commonName = repo.{{ domain.stdout }} -emailAddress = admin@{{ domain.stdout }} +commonName = repo.{{ ansible_domain }} +emailAddress = admin@{{ ansible_domain }} [ v3_req ] basicConstraints = CA:false @@ -25,5 +25,5 @@ keyUsage = digitalSignature, keyEncipherment subjectAltName = @sans [ sans ] -DNS.1 = repo.{{ domain.stdout }} -IP.1 = {{ IP.stdout }} \ No newline at end of file +DNS.1 = repo.{{ ansible_domain }} +IP.1 = {{ {{ ansible_facts['default_ipv4']['address'] }} }} \ No newline at end of file diff --git a/roles/rproxy/templates/server.cnf.j2 b/roles/rproxy/templates/server.cnf.j2 index 323b0c9..d415f6c 100644 --- a/roles/rproxy/templates/server.cnf.j2 +++ b/roles/rproxy/templates/server.cnf.j2 @@ -1,18 +1,18 @@ [ req ] prompt = no -distinguished_name = {{ rproxy_service_name }}.{{ domain.stdout }} +distinguished_name = {{ rproxy_service_name }}.{{ ansible_domain }} req_extensions = v3_req x509_extensions = v3_x509 -[ {{ rproxy_service_name }}.{{ domain.stdout }} ] +[ {{ rproxy_service_name }}.{{ ansible_domain }} ] countryName = RU stateOrProvinceName = RU localityName = MSK -organizationName = {{ domain.stdout }} +organizationName = {{ ansible_domain }} organizationalUnitName = IT -commonName = {{ rproxy_service_name }}.{{ domain.stdout }} -emailAddress = admin@{{ domain.stdout }} +commonName = {{ rproxy_service_name }}.{{ ansible_domain }} +emailAddress = admin@{{ ansible_domain }} [ v3_req ] basicConstraints = CA:false @@ -25,5 +25,5 @@ keyUsage = digitalSignature, keyEncipherment subjectAltName = @sans [ sans ] -DNS.1 = {{ rproxy_service_name }}.{{ domain.stdout }} +DNS.1 = {{ rproxy_service_name }}.{{ ansible_domain }} IP.1 = {{ rproxy_service_address }} \ No newline at end of file diff --git a/roles/rproxy/templates/server.conf.j2 b/roles/rproxy/templates/server.conf.j2 index c833687..bc3603b 100644 --- a/roles/rproxy/templates/server.conf.j2 +++ b/roles/rproxy/templates/server.conf.j2 @@ -1,10 +1,10 @@ -upstream {{ rproxy_service_name }}.{{ domain.stdout }} { +upstream {{ rproxy_service_name }}.{{ ansible_domain }} { server {{ rproxy_service_address }}:{{ rproxy_service_port }}; } server { listen 80; - server_name {{ rproxy_service_name }}.{{ domain.stdout }}; + server_name {{ rproxy_service_name }}.{{ ansible_domain }}; access_log /var/log/nginx/{{ rproxy_service_name }}.access.log; error_log /var/log/nginx/{{ rproxy_service_name }}.error.log; return 301 https://$server_name$request_uri; @@ -12,7 +12,7 @@ server { server { listen 443 ssl; - server_name {{ rproxy_service_name }}.{{ domain.stdout }}; + server_name {{ rproxy_service_name }}.{{ ansible_domain }}; access_log /var/log/nginx/{{ rproxy_service_name }}.access.log; error_log /var/log/nginx/{{ rproxy_service_name }}.error.log; ssl_certificate /etc/nginx/certs/{{ rproxy_service_name }}.crt; @@ -30,6 +30,6 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://{{ rproxy_service_name }}.{{ domain.stdout }}/; + proxy_pass http://{{ rproxy_service_name }}.{{ ansible_domain }}/; } } diff --git a/roles/rproxy/vars/main.yml b/roles/rproxy/vars/main.yml new file mode 100644 index 0000000..ed91197 --- /dev/null +++ b/roles/rproxy/vars/main.yml @@ -0,0 +1,5 @@ +ansible_python_interpreter: /usr/bin/python3 +rproxy_dir: /opt/rproxy +repo_data_dir: /opt/data/repo +dockerrepo_dir: /opt/dockerrepo +dockerrepo_data_dir: /opt/data/dockerrepo \ No newline at end of file diff --git a/rproxy.yml b/rproxy.yml index 2477006..1f910d8 100644 --- a/rproxy.yml +++ b/rproxy.yml @@ -4,10 +4,6 @@ vars: ansible_python_interpreter: /usr/bin/python3 - rproxy_dir: /opt/rproxy - repo_data_dir: /opt/data/repo - dockerrepo_dir: /opt/dockerrepo - dockerrepo_data_dir: /opt/data/dockerrepo vars_prompt: - name: rproxy_service_name