From 6861d5286c4b6f8af8fba0cd98d34d89b1e808e3 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 19:58:50 +0300 Subject: [PATCH 01/26] added https block --- roles/rproxy/tasks/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 8e705dc..58e2672 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -72,11 +72,6 @@ src: files/nginx.conf dest: "{{ rproxy_dir }}/nginx.conf" - - name: Copy repo.conf - ansible.builtin.copy: - src: files/repo.conf - dest: "{{ rproxy_dir }}/sites/repo.conf" - - name: Copy RootCA certificate ansible.builtin.copy: src: files/RootCA.crt @@ -86,6 +81,13 @@ ansible.builtin.copy: src: files/RootCA.key dest: '{{ rproxy_dir }}/certs/RootCA.key' + + - name: HTTPS repository + block: + - name: Copy repo.conf + ansible.builtin.copy: + src: files/repo.conf + dest: "{{ rproxy_dir }}/sites/repo.conf" - name: Start rproxy community.docker.docker_compose: From aee5cae763a9a9507cf950c387fdf79ebb2a6b1a Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:09:38 +0300 Subject: [PATCH 02/26] debug --- Jenkinsfile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 78ca34f..0d234fa 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,16 +18,17 @@ pipeline { } stages { stage('Save certs') { - when { - expression { - return params.rproxy_install - } - } + // when { + // expression { + // return params.rproxy_install + // } + // } steps { script { def ask_for_certs = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' - sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' + sh 'echo "${ask_for_certs["rootca"]}"' + // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' + // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } } } From a3ec78446f8fcd557fb07fe66ba932ad763c2b8f Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:10:33 +0300 Subject: [PATCH 03/26] debug2 --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0d234fa..91f30c8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { def ask_for_certs = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${ask_for_certs["rootca"]}"' + sh 'echo "${rootca}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From c13b5f574b226695e8a318d33dc0296e8acf148e Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:16:20 +0300 Subject: [PATCH 04/26] added env --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 91f30c8..494a3cf 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,8 +25,8 @@ pipeline { // } steps { script { - def ask_for_certs = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${rootca}"' + env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + sh 'echo "${AskCerts}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From a7290cb0c3ddecb26214b00f14856d80b15fc991 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:18:09 +0300 Subject: [PATCH 05/26] debug2 --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 494a3cf..21b04a3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${AskCerts}"' + sh 'echo \'${AskCerts["rootca"]}\'' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From e8c0e3107e7ec3cec82662c98eee9b6b77aae184 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:21:20 +0300 Subject: [PATCH 06/26] quotes --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 21b04a3..002f82b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo \'${AskCerts["rootca"]}\'' + sh 'echo "${AskCerts[\'rootca\']}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From 449746e8a6547e76ddab84d46dc869e98dbcc576 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:22:11 +0300 Subject: [PATCH 07/26] delete quotes --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 002f82b..2ed3d9d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${AskCerts[\'rootca\']}"' + sh 'echo "${AskCerts[rootca]}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From fd01e214fc677ee7152798811f49095cd99f32f6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:23:16 +0300 Subject: [PATCH 08/26] params --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2ed3d9d..a6edf62 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${AskCerts[rootca]}"' + sh 'echo "${params.rootca}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From 66156b410bd063db2e327ef5a9f4466ebbc42745 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:23:49 +0300 Subject: [PATCH 09/26] test --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index a6edf62..964c18c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${params.rootca}"' + sh 'echo "${rootca}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From e775a0b29df6de8bfd4ce8def8179e6942645d8f Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:33:16 +0300 Subject: [PATCH 10/26] test2 --- Jenkinsfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 964c18c..0ac2c8b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,13 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${rootca}"' + def rootca = AskCerts['rootca'] + sh 'echo ${rootca} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'cat roles/rproxy/files/RootCA.crt' + + // def rootca_key = AskCerts['rootca_key'] + + // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From 4c76778371d558e3da810d020debf7b742d01ba6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:36:06 +0300 Subject: [PATCH 11/26] test3 --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0ac2c8b..cb533ad 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,8 +26,8 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - def rootca = AskCerts['rootca'] - sh 'echo ${rootca} | base64 -d > roles/rproxy/files/RootCA.crt' + env.RootCA = AskCerts['rootca'] + sh 'echo ${RootCA} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] From 78cd8e529497c3591770c3c9175aa44e390aaaa6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:36:54 +0300 Subject: [PATCH 12/26] changed --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index cb533ad..4156ee3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - env.RootCA = AskCerts['rootca'] + env.RootCA = AskCerts[rootca] sh 'echo ${RootCA} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' From 3a542e756bbd8e5e0e37f12be39ef8671b68793b Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:38:48 +0300 Subject: [PATCH 13/26] test from gityhub --- Jenkinsfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4156ee3..9f87499 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,9 +25,9 @@ pipeline { // } steps { script { - env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - env.RootCA = AskCerts[rootca] - sh 'echo ${RootCA} | base64 -d > roles/rproxy/files/RootCA.crt' + def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + // RootCA = AskCerts[rootca] + sh 'echo ${AskCerts} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] From 584c7e28fd1e65204543f14cb2c257fa803e39f6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:39:30 +0300 Subject: [PATCH 14/26] index --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9f87499..f2e9637 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -27,7 +27,7 @@ pipeline { script { def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] // RootCA = AskCerts[rootca] - sh 'echo ${AskCerts} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'echo ${AskCerts[0]} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] From 90fc2fb13992bc584e8fc583a4fd0dd604de5a90 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:40:05 +0300 Subject: [PATCH 15/26] env --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index f2e9637..95780b4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,7 +25,7 @@ pipeline { // } steps { script { - def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] // RootCA = AskCerts[rootca] sh 'echo ${AskCerts[0]} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' From a7ef0350b9035c9bfe86440b9c458bc5097971e3 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:45:22 +0300 Subject: [PATCH 16/26] test4 --- Jenkinsfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 95780b4..e667665 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,18 +24,18 @@ pipeline { // } // } steps { - script { - env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - // RootCA = AskCerts[rootca] - sh 'echo ${AskCerts[0]} | base64 -d > roles/rproxy/files/RootCA.crt' - sh 'cat roles/rproxy/files/RootCA.crt' + // script { + def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + // RootCA = AskCerts[rootca] + sh 'echo ${AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' - } + // } } } stage('Install Rproxy') { From cdcc7705929091177fe09b2327f79ab95ffb159f Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:47:00 +0300 Subject: [PATCH 17/26] moved to stage --- Jenkinsfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index e667665..c19525b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -23,12 +23,12 @@ pipeline { // return params.rproxy_install // } // } - steps { + // steps { // script { - def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - // RootCA = AskCerts[rootca] - sh 'echo ${AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' - sh 'cat roles/rproxy/files/RootCA.crt' + def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + // RootCA = AskCerts[rootca] + sh 'echo ${AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] @@ -36,7 +36,7 @@ pipeline { // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' // } - } + // } } stage('Install Rproxy') { when { From b9c496b0e110cfeb1421d06659c1f93f0681d93b Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:48:17 +0300 Subject: [PATCH 18/26] another test --- Jenkinsfile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c19525b..e6afa05 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -23,20 +23,20 @@ pipeline { // return params.rproxy_install // } // } - // steps { - // script { - def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - // RootCA = AskCerts[rootca] - sh 'echo ${AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' - sh 'cat roles/rproxy/files/RootCA.crt' + steps { + script { + env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + // RootCA = AskCerts[rootca] + sh 'echo ${env.AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' - // } - // } + } + } } stage('Install Rproxy') { when { From 421e21bde234f78bc75ba2ea463d48210530dcf3 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 21:28:17 +0300 Subject: [PATCH 19/26] test userinput --- Jenkinsfile | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index e6afa05..2243f7c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,16 +25,10 @@ pipeline { // } steps { script { - env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - // RootCA = AskCerts[rootca] - sh 'echo ${env.AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' + def userInput = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + writeFile(file: 'roles/rproxy/files/RootCA.crt', text: new String(userInput['rootca'].decodeBase64())) + writeFile(file: 'roles/rproxy/files/RootCA.key', text: new String(userInput['rootca_key'].decodeBase64())) sh 'cat roles/rproxy/files/RootCA.crt' - - // def rootca_key = AskCerts['rootca_key'] - - - // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' - // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } } } From 2dda5259cc9b706acfcbd28b59383559d2e938b4 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 21:29:25 +0300 Subject: [PATCH 20/26] fixed rootca copy --- Jenkinsfile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2243f7c..cf14be9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,17 +18,16 @@ pipeline { } stages { stage('Save certs') { - // when { - // expression { - // return params.rproxy_install - // } - // } + when { + expression { + return params.rproxy_install + } + } steps { script { def userInput = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] writeFile(file: 'roles/rproxy/files/RootCA.crt', text: new String(userInput['rootca'].decodeBase64())) writeFile(file: 'roles/rproxy/files/RootCA.key', text: new String(userInput['rootca_key'].decodeBase64())) - sh 'cat roles/rproxy/files/RootCA.crt' } } } From 6eac9e060b21164018626ddc2ea0e7e307377ff6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 21:57:39 +0300 Subject: [PATCH 21/26] done creation --- roles/rproxy/files/repo.conf | 10 ++++- roles/rproxy/tasks/main.yml | 69 ++++++++++++++++++++++++------ roles/rproxy/templates/repo.cnf.j2 | 29 +++++++++++++ 3 files changed, 94 insertions(+), 14 deletions(-) create mode 100644 roles/rproxy/templates/repo.cnf.j2 diff --git a/roles/rproxy/files/repo.conf b/roles/rproxy/files/repo.conf index 9bca367..835d514 100644 --- a/roles/rproxy/files/repo.conf +++ b/roles/rproxy/files/repo.conf @@ -1,8 +1,16 @@ server { - listen 9000; + listen 9000 default ssl; server_name _; root /repo; + ssl_certificate /etc/nginx/certs/repo.crt; + ssl_certificate_key /etc/nginx/certs/repo.key; + ssl_protocols TLSv1.2; + ssl_ciphers EECDH:+AES256:-3DES:!RSA+AES:!RSA+3DES:!NULL:!RC4; + ssl_prefer_server_ciphers on; + + error_page 497 301 =307 https://$host:$server_port$request_uri; + location / { charset utf-8; autoindex on; diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 58e2672..729856d 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -51,12 +51,6 @@ path: "{{ rproxy_dir }}/sites" state: directory - - name: Create repo dir - ansible.builtin.file: - path: "{{ rproxy_dir }}/repo" - state: directory - mode: 0777 - - name: Create certs dir ansible.builtin.file: path: "{{ rproxy_dir }}/certs" @@ -81,19 +75,68 @@ ansible.builtin.copy: src: files/RootCA.key dest: '{{ rproxy_dir }}/certs/RootCA.key' - - - name: HTTPS repository - block: - - name: Copy repo.conf - ansible.builtin.copy: - src: files/repo.conf - dest: "{{ rproxy_dir }}/sites/repo.conf" - name: Start rproxy community.docker.docker_compose: project_src: "{{ rproxy_dir }}" tags: install +- name: Create https repository + block: + - name: Get IP address + ansible.builtin.shell: + cmd: hostname -I | awk '{print $1}' + register: IP + + - name: Create repo dir + ansible.builtin.file: + path: "{{ rproxy_dir }}/repo" + state: directory + mode: 0777 + + - name: Copy repo.conf + ansible.builtin.copy: + src: files/repo.conf + dest: "{{ rproxy_dir }}/sites/repo.conf" + + - name: Copy repo certificate cnf + ansible.builtin.template: + src: templates/repo.cnf.j2 + dest: '{{ rproxy_dir }}/certs/repo.cnf' + + - name: Generate repo certificate key + ansible.builtin.shell: + cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/repo.key 2048' + + - name: Generate server csr + ansible.builtin.shell: + cmd: 'openssl req -key {{ rproxy_dir }}/certs/repo.key -new -out {{ rproxy_dir }}/certs/repo.csr -config {{ rproxy_dir }}/certs/repo.cnf' + + - name: Sign server certificate + ansible.builtin.shell: + cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/repo.csr -out {{ rproxy_dir }}/certs/repo.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/repo.cnf -days 365 -extensions v3_x509' + + - name: Create fullchain certificate + ansible.builtin.shell: + cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/repo.crt' + + - name: Delete csr + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs/repo.csr" + state: absent + + - name: Delete cnf + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs/repo.cnf" + state: absent + + - name: Restart rproxy + community.docker.docker_compose: + project_src: "{{ rproxy_dir }}" + build: false + restarted: true + tags: install + - name: Create configs block: - name: Copy server.conf diff --git a/roles/rproxy/templates/repo.cnf.j2 b/roles/rproxy/templates/repo.cnf.j2 new file mode 100644 index 0000000..515937e --- /dev/null +++ b/roles/rproxy/templates/repo.cnf.j2 @@ -0,0 +1,29 @@ +[ req ] +prompt = no +distinguished_name = repo.{{ domain.stdout }} +req_extensions = v3_req +x509_extensions = v3_x509 + + +[ repo.{{ domain.stdout }} ] +countryName = RU +stateOrProvinceName = RU +localityName = MSK +organizationName = {{ domain.stdout }} +organizationalUnitName = IT +commonName = repo.{{ domain.stdout }} +emailAddress = admin@{{ domain.stdout }} + +[ v3_req ] +basicConstraints = CA:false +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @sans + +[ v3_x509 ] +basicConstraints = CA:false +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @sans + +[ sans ] +DNS.1 = repo.{{ domain.stdout }} +IP.1 = {{ IP.stdout }} \ No newline at end of file From 356d7cb64cd2cd09f35b0e7865dbb6fb3a197165 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 22:47:28 +0300 Subject: [PATCH 22/26] created dockerrepo preparings --- roles/rproxy/tasks/main.yml | 62 +++++++++++++++++-- .../docker-compose.dockerrepo.yml.j2 | 15 +++++ ...se.yml.j2 => docker-compose.rproxy.yml.j2} | 0 roles/rproxy/templates/dockerrepo.cnf.j2 | 29 +++++++++ rproxy.yml | 1 + 5 files changed, 101 insertions(+), 6 deletions(-) create mode 100644 roles/rproxy/templates/docker-compose.dockerrepo.yml.j2 rename roles/rproxy/templates/{docker-compose.yml.j2 => docker-compose.rproxy.yml.j2} (100%) create mode 100644 roles/rproxy/templates/dockerrepo.cnf.j2 diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 729856d..9d21948 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -7,6 +7,11 @@ - install - add_config + - name: Get IP address + ansible.builtin.shell: + cmd: hostname -I | awk '{print $1}' + register: IP + - name: Install docker (Debian) ansible.builtin.apt: name: @@ -58,7 +63,7 @@ - name: Copy docker-compose ansible.builtin.template: - src: templates/docker-compose.yml.j2 + src: templates/docker-compose.rproxy.yml.j2 dest: "{{ rproxy_dir }}/docker-compose.yml" - name: Copy nginx.conf @@ -83,11 +88,6 @@ - name: Create https repository block: - - name: Get IP address - ansible.builtin.shell: - cmd: hostname -I | awk '{print $1}' - register: IP - - name: Create repo dir ansible.builtin.file: path: "{{ rproxy_dir }}/repo" @@ -137,6 +137,56 @@ restarted: true tags: install +- name: Create docker repository + block: + - name: Create repo dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/repo" + state: directory + + - name: Create certs dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs" + state: directory + + - name: Copy dockerrepo certificate cnf + ansible.builtin.template: + src: templates/dockerrepo.cnf.j2 + dest: '{{ dockerrepo_dir }}/certs/dockerrepo.cnf' + + - name: Generate dockerrepo certificate key + ansible.builtin.shell: + cmd: 'openssl genrsa -out {{ dockerrepo_dir }}/certs/dockerrepo.key 2048' + + - name: Generate dockerrepo csr + ansible.builtin.shell: + cmd: 'openssl req -key {{ dockerrepo_dir }}/certs/dockerrepo.key -new -out {{ dockerrepo_dir }}/certs/dockerrepo.csr -config {{ dockerrepo_dir }}/certs/dockerrepo.cnf' + + - name: Sign dockerrepo certificate + ansible.builtin.shell: + cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ dockerrepo_dir }}/certs/dockerrepo.csr -out {{ dockerrepo_dir }}/certs/dockerrepo.crt -CAcreateserial -extfile {{ dockerrepo_dir }}/certs/dockerrepo.cnf -days 365 -extensions v3_x509' + + - name: Create fullchain certificate + ansible.builtin.shell: + cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ dockerrepo_dir }}/certs/dockerrepo.crt' + + - name: Delete csr + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs/dockerrepo.csr" + state: absent + + - name: Delete cnf + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs/dockerrepo.cnf" + state: absent + + - name: Restart rproxy + community.docker.docker_compose: + project_src: "{{ dockerrepo_dir }}" + build: false + restarted: true + tags: install + - name: Create configs block: - name: Copy server.conf diff --git a/roles/rproxy/templates/docker-compose.dockerrepo.yml.j2 b/roles/rproxy/templates/docker-compose.dockerrepo.yml.j2 new file mode 100644 index 0000000..971f030 --- /dev/null +++ b/roles/rproxy/templates/docker-compose.dockerrepo.yml.j2 @@ -0,0 +1,15 @@ +version: '3.3' + +services: + nginx: + image: registry:latest + container_name: dockerrepo + restart: always + environment: + - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dockerrepo.crt + - REGISTRY_HTTP_TLS_KEY=/certs/dockerrepo.key + volumes: + - {{ dockerrepo_dir }}/repo:/var/lib/registry + - {{ dockerrepo_dir }}/certs:/certs + ports: + - 5000:5000 \ No newline at end of file diff --git a/roles/rproxy/templates/docker-compose.yml.j2 b/roles/rproxy/templates/docker-compose.rproxy.yml.j2 similarity index 100% rename from roles/rproxy/templates/docker-compose.yml.j2 rename to roles/rproxy/templates/docker-compose.rproxy.yml.j2 diff --git a/roles/rproxy/templates/dockerrepo.cnf.j2 b/roles/rproxy/templates/dockerrepo.cnf.j2 new file mode 100644 index 0000000..0167769 --- /dev/null +++ b/roles/rproxy/templates/dockerrepo.cnf.j2 @@ -0,0 +1,29 @@ +[ req ] +prompt = no +distinguished_name = dockerrepo.{{ domain.stdout }} +req_extensions = v3_req +x509_extensions = v3_x509 + + +[ dockerrepo.{{ domain.stdout }} ] +countryName = RU +stateOrProvinceName = RU +localityName = MSK +organizationName = {{ domain.stdout }} +organizationalUnitName = IT +commonName = dockerrepo.{{ domain.stdout }} +emailAddress = admin@{{ domain.stdout }} + +[ v3_req ] +basicConstraints = CA:false +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @sans + +[ v3_x509 ] +basicConstraints = CA:false +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @sans + +[ sans ] +DNS.1 = dockerrepo.{{ domain.stdout }} +IP.1 = {{ IP.stdout }} \ No newline at end of file diff --git a/rproxy.yml b/rproxy.yml index 9ee0785..8b2b0cb 100644 --- a/rproxy.yml +++ b/rproxy.yml @@ -5,6 +5,7 @@ vars: ansible_python_interpreter: /usr/bin/python3 rproxy_dir: /opt/rproxy + dockerrepo_dir: /opt/dockerrepo vars_prompt: - name: rproxy_service_name From d5eea97332eedb417f9f8f16afc5eddcd7daf614 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 22:49:46 +0300 Subject: [PATCH 23/26] creation of dockerrepo dir --- roles/rproxy/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 9d21948..5860f74 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -139,6 +139,16 @@ - name: Create docker repository block: + - name: Remove dockerrepo dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}" + state: absent + + - name: Create dockerrepo dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}" + state: directory + - name: Create repo dir ansible.builtin.file: path: "{{ dockerrepo_dir }}/repo" From c9ed16169cae8b12c296497526dbfd2a73858cf0 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 22:55:26 +0300 Subject: [PATCH 24/26] fix EOF --- roles/rproxy/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 5860f74..ffc65e3 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -7,10 +7,10 @@ - install - add_config - - name: Get IP address - ansible.builtin.shell: - cmd: hostname -I | awk '{print $1}' - register: IP +- name: Get IP address + ansible.builtin.shell: + cmd: hostname -I | awk '{print $1}' + register: IP - name: Install docker (Debian) ansible.builtin.apt: From 702e07ee41421e4f8432f40a82af50221e6174c7 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 22:57:05 +0300 Subject: [PATCH 25/26] added tag to get IP --- roles/rproxy/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index ffc65e3..e82f0c6 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -11,6 +11,8 @@ ansible.builtin.shell: cmd: hostname -I | awk '{print $1}' register: IP + tags: + - install - name: Install docker (Debian) ansible.builtin.apt: From f092b05f3697fdb87fa643ae3baba887946f8271 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 23:06:03 +0300 Subject: [PATCH 26/26] copy docker-compose --- roles/rproxy/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index e82f0c6..74a8f2b 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -161,6 +161,11 @@ path: "{{ dockerrepo_dir }}/certs" state: directory + - name: Copy docker-compose + ansible.builtin.template: + src: templates/docker-compose.dockerrepo.yml.j2 + dest: "{{ dockerrepo_dir }}/docker-compose.yml" + - name: Copy dockerrepo certificate cnf ansible.builtin.template: src: templates/dockerrepo.cnf.j2