From 6861d5286c4b6f8af8fba0cd98d34d89b1e808e3 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 19:58:50 +0300 Subject: [PATCH 01/21] added https block --- roles/rproxy/tasks/main.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 8e705dc..58e2672 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -72,11 +72,6 @@ src: files/nginx.conf dest: "{{ rproxy_dir }}/nginx.conf" - - name: Copy repo.conf - ansible.builtin.copy: - src: files/repo.conf - dest: "{{ rproxy_dir }}/sites/repo.conf" - - name: Copy RootCA certificate ansible.builtin.copy: src: files/RootCA.crt @@ -86,6 +81,13 @@ ansible.builtin.copy: src: files/RootCA.key dest: '{{ rproxy_dir }}/certs/RootCA.key' + + - name: HTTPS repository + block: + - name: Copy repo.conf + ansible.builtin.copy: + src: files/repo.conf + dest: "{{ rproxy_dir }}/sites/repo.conf" - name: Start rproxy community.docker.docker_compose: From aee5cae763a9a9507cf950c387fdf79ebb2a6b1a Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:09:38 +0300 Subject: [PATCH 02/21] debug --- Jenkinsfile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 78ca34f..0d234fa 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,16 +18,17 @@ pipeline { } stages { stage('Save certs') { - when { - expression { - return params.rproxy_install - } - } + // when { + // expression { + // return params.rproxy_install + // } + // } steps { script { def ask_for_certs = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' - sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' + sh 'echo "${ask_for_certs["rootca"]}"' + // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' + // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } } } From a3ec78446f8fcd557fb07fe66ba932ad763c2b8f Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:10:33 +0300 Subject: [PATCH 03/21] debug2 --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0d234fa..91f30c8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { def ask_for_certs = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${ask_for_certs["rootca"]}"' + sh 'echo "${rootca}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From c13b5f574b226695e8a318d33dc0296e8acf148e Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:16:20 +0300 Subject: [PATCH 04/21] added env --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 91f30c8..494a3cf 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,8 +25,8 @@ pipeline { // } steps { script { - def ask_for_certs = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${rootca}"' + env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + sh 'echo "${AskCerts}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From a7290cb0c3ddecb26214b00f14856d80b15fc991 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:18:09 +0300 Subject: [PATCH 05/21] debug2 --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 494a3cf..21b04a3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${AskCerts}"' + sh 'echo \'${AskCerts["rootca"]}\'' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From e8c0e3107e7ec3cec82662c98eee9b6b77aae184 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:21:20 +0300 Subject: [PATCH 06/21] quotes --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 21b04a3..002f82b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo \'${AskCerts["rootca"]}\'' + sh 'echo "${AskCerts[\'rootca\']}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From 449746e8a6547e76ddab84d46dc869e98dbcc576 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:22:11 +0300 Subject: [PATCH 07/21] delete quotes --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 002f82b..2ed3d9d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${AskCerts[\'rootca\']}"' + sh 'echo "${AskCerts[rootca]}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From fd01e214fc677ee7152798811f49095cd99f32f6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:23:16 +0300 Subject: [PATCH 08/21] params --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2ed3d9d..a6edf62 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${AskCerts[rootca]}"' + sh 'echo "${params.rootca}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From 66156b410bd063db2e327ef5a9f4466ebbc42745 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:23:49 +0300 Subject: [PATCH 09/21] test --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index a6edf62..964c18c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${params.rootca}"' + sh 'echo "${rootca}"' // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From e775a0b29df6de8bfd4ce8def8179e6942645d8f Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:33:16 +0300 Subject: [PATCH 10/21] test2 --- Jenkinsfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 964c18c..0ac2c8b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,13 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - sh 'echo "${rootca}"' + def rootca = AskCerts['rootca'] + sh 'echo ${rootca} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'cat roles/rproxy/files/RootCA.crt' + + // def rootca_key = AskCerts['rootca_key'] + + // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } From 4c76778371d558e3da810d020debf7b742d01ba6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:36:06 +0300 Subject: [PATCH 11/21] test3 --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0ac2c8b..cb533ad 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,8 +26,8 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - def rootca = AskCerts['rootca'] - sh 'echo ${rootca} | base64 -d > roles/rproxy/files/RootCA.crt' + env.RootCA = AskCerts['rootca'] + sh 'echo ${RootCA} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] From 78cd8e529497c3591770c3c9175aa44e390aaaa6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:36:54 +0300 Subject: [PATCH 12/21] changed --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index cb533ad..4156ee3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,7 +26,7 @@ pipeline { steps { script { env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - env.RootCA = AskCerts['rootca'] + env.RootCA = AskCerts[rootca] sh 'echo ${RootCA} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' From 3a542e756bbd8e5e0e37f12be39ef8671b68793b Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:38:48 +0300 Subject: [PATCH 13/21] test from gityhub --- Jenkinsfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4156ee3..9f87499 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,9 +25,9 @@ pipeline { // } steps { script { - env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - env.RootCA = AskCerts[rootca] - sh 'echo ${RootCA} | base64 -d > roles/rproxy/files/RootCA.crt' + def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + // RootCA = AskCerts[rootca] + sh 'echo ${AskCerts} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] From 584c7e28fd1e65204543f14cb2c257fa803e39f6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:39:30 +0300 Subject: [PATCH 14/21] index --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9f87499..f2e9637 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -27,7 +27,7 @@ pipeline { script { def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] // RootCA = AskCerts[rootca] - sh 'echo ${AskCerts} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'echo ${AskCerts[0]} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] From 90fc2fb13992bc584e8fc583a4fd0dd604de5a90 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:40:05 +0300 Subject: [PATCH 15/21] env --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index f2e9637..95780b4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,7 +25,7 @@ pipeline { // } steps { script { - def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] // RootCA = AskCerts[rootca] sh 'echo ${AskCerts[0]} | base64 -d > roles/rproxy/files/RootCA.crt' sh 'cat roles/rproxy/files/RootCA.crt' From a7ef0350b9035c9bfe86440b9c458bc5097971e3 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:45:22 +0300 Subject: [PATCH 16/21] test4 --- Jenkinsfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 95780b4..e667665 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,18 +24,18 @@ pipeline { // } // } steps { - script { - env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - // RootCA = AskCerts[rootca] - sh 'echo ${AskCerts[0]} | base64 -d > roles/rproxy/files/RootCA.crt' - sh 'cat roles/rproxy/files/RootCA.crt' + // script { + def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + // RootCA = AskCerts[rootca] + sh 'echo ${AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' - } + // } } } stage('Install Rproxy') { From cdcc7705929091177fe09b2327f79ab95ffb159f Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:47:00 +0300 Subject: [PATCH 17/21] moved to stage --- Jenkinsfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index e667665..c19525b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -23,12 +23,12 @@ pipeline { // return params.rproxy_install // } // } - steps { + // steps { // script { - def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - // RootCA = AskCerts[rootca] - sh 'echo ${AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' - sh 'cat roles/rproxy/files/RootCA.crt' + def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + // RootCA = AskCerts[rootca] + sh 'echo ${AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] @@ -36,7 +36,7 @@ pipeline { // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' // } - } + // } } stage('Install Rproxy') { when { From b9c496b0e110cfeb1421d06659c1f93f0681d93b Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 20:48:17 +0300 Subject: [PATCH 18/21] another test --- Jenkinsfile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c19525b..e6afa05 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -23,20 +23,20 @@ pipeline { // return params.rproxy_install // } // } - // steps { - // script { - def AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - // RootCA = AskCerts[rootca] - sh 'echo ${AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' - sh 'cat roles/rproxy/files/RootCA.crt' + steps { + script { + env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + // RootCA = AskCerts[rootca] + sh 'echo ${env.AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' + sh 'cat roles/rproxy/files/RootCA.crt' // def rootca_key = AskCerts['rootca_key'] // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' - // } - // } + } + } } stage('Install Rproxy') { when { From 421e21bde234f78bc75ba2ea463d48210530dcf3 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 21:28:17 +0300 Subject: [PATCH 19/21] test userinput --- Jenkinsfile | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index e6afa05..2243f7c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -25,16 +25,10 @@ pipeline { // } steps { script { - env.AskCerts = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] - // RootCA = AskCerts[rootca] - sh 'echo ${env.AskCerts["rootca"]} | base64 -d > roles/rproxy/files/RootCA.crt' + def userInput = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] + writeFile(file: 'roles/rproxy/files/RootCA.crt', text: new String(userInput['rootca'].decodeBase64())) + writeFile(file: 'roles/rproxy/files/RootCA.key', text: new String(userInput['rootca_key'].decodeBase64())) sh 'cat roles/rproxy/files/RootCA.crt' - - // def rootca_key = AskCerts['rootca_key'] - - - // sh 'echo "${ask_for_certs["rootca"]}" > roles/rproxy/files/RootCA.crt' - // sh 'echo "${ask_for_certs["rootca_key"]}" > roles/rproxy/files/RootCA.key' } } } From 2dda5259cc9b706acfcbd28b59383559d2e938b4 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 21:29:25 +0300 Subject: [PATCH 20/21] fixed rootca copy --- Jenkinsfile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2243f7c..cf14be9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,17 +18,16 @@ pipeline { } stages { stage('Save certs') { - // when { - // expression { - // return params.rproxy_install - // } - // } + when { + expression { + return params.rproxy_install + } + } steps { script { def userInput = input message: 'Upload RootCA certificate and key', parameters: [base64File(name: 'rootca'), base64File(name: 'rootca_key')] writeFile(file: 'roles/rproxy/files/RootCA.crt', text: new String(userInput['rootca'].decodeBase64())) writeFile(file: 'roles/rproxy/files/RootCA.key', text: new String(userInput['rootca_key'].decodeBase64())) - sh 'cat roles/rproxy/files/RootCA.crt' } } } From 6eac9e060b21164018626ddc2ea0e7e307377ff6 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 21:57:39 +0300 Subject: [PATCH 21/21] done creation --- roles/rproxy/files/repo.conf | 10 ++++- roles/rproxy/tasks/main.yml | 69 ++++++++++++++++++++++++------ roles/rproxy/templates/repo.cnf.j2 | 29 +++++++++++++ 3 files changed, 94 insertions(+), 14 deletions(-) create mode 100644 roles/rproxy/templates/repo.cnf.j2 diff --git a/roles/rproxy/files/repo.conf b/roles/rproxy/files/repo.conf index 9bca367..835d514 100644 --- a/roles/rproxy/files/repo.conf +++ b/roles/rproxy/files/repo.conf @@ -1,8 +1,16 @@ server { - listen 9000; + listen 9000 default ssl; server_name _; root /repo; + ssl_certificate /etc/nginx/certs/repo.crt; + ssl_certificate_key /etc/nginx/certs/repo.key; + ssl_protocols TLSv1.2; + ssl_ciphers EECDH:+AES256:-3DES:!RSA+AES:!RSA+3DES:!NULL:!RC4; + ssl_prefer_server_ciphers on; + + error_page 497 301 =307 https://$host:$server_port$request_uri; + location / { charset utf-8; autoindex on; diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 58e2672..729856d 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -51,12 +51,6 @@ path: "{{ rproxy_dir }}/sites" state: directory - - name: Create repo dir - ansible.builtin.file: - path: "{{ rproxy_dir }}/repo" - state: directory - mode: 0777 - - name: Create certs dir ansible.builtin.file: path: "{{ rproxy_dir }}/certs" @@ -81,19 +75,68 @@ ansible.builtin.copy: src: files/RootCA.key dest: '{{ rproxy_dir }}/certs/RootCA.key' - - - name: HTTPS repository - block: - - name: Copy repo.conf - ansible.builtin.copy: - src: files/repo.conf - dest: "{{ rproxy_dir }}/sites/repo.conf" - name: Start rproxy community.docker.docker_compose: project_src: "{{ rproxy_dir }}" tags: install +- name: Create https repository + block: + - name: Get IP address + ansible.builtin.shell: + cmd: hostname -I | awk '{print $1}' + register: IP + + - name: Create repo dir + ansible.builtin.file: + path: "{{ rproxy_dir }}/repo" + state: directory + mode: 0777 + + - name: Copy repo.conf + ansible.builtin.copy: + src: files/repo.conf + dest: "{{ rproxy_dir }}/sites/repo.conf" + + - name: Copy repo certificate cnf + ansible.builtin.template: + src: templates/repo.cnf.j2 + dest: '{{ rproxy_dir }}/certs/repo.cnf' + + - name: Generate repo certificate key + ansible.builtin.shell: + cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/repo.key 2048' + + - name: Generate server csr + ansible.builtin.shell: + cmd: 'openssl req -key {{ rproxy_dir }}/certs/repo.key -new -out {{ rproxy_dir }}/certs/repo.csr -config {{ rproxy_dir }}/certs/repo.cnf' + + - name: Sign server certificate + ansible.builtin.shell: + cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/repo.csr -out {{ rproxy_dir }}/certs/repo.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/repo.cnf -days 365 -extensions v3_x509' + + - name: Create fullchain certificate + ansible.builtin.shell: + cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/repo.crt' + + - name: Delete csr + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs/repo.csr" + state: absent + + - name: Delete cnf + ansible.builtin.file: + path: "{{ rproxy_dir }}/certs/repo.cnf" + state: absent + + - name: Restart rproxy + community.docker.docker_compose: + project_src: "{{ rproxy_dir }}" + build: false + restarted: true + tags: install + - name: Create configs block: - name: Copy server.conf diff --git a/roles/rproxy/templates/repo.cnf.j2 b/roles/rproxy/templates/repo.cnf.j2 new file mode 100644 index 0000000..515937e --- /dev/null +++ b/roles/rproxy/templates/repo.cnf.j2 @@ -0,0 +1,29 @@ +[ req ] +prompt = no +distinguished_name = repo.{{ domain.stdout }} +req_extensions = v3_req +x509_extensions = v3_x509 + + +[ repo.{{ domain.stdout }} ] +countryName = RU +stateOrProvinceName = RU +localityName = MSK +organizationName = {{ domain.stdout }} +organizationalUnitName = IT +commonName = repo.{{ domain.stdout }} +emailAddress = admin@{{ domain.stdout }} + +[ v3_req ] +basicConstraints = CA:false +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @sans + +[ v3_x509 ] +basicConstraints = CA:false +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @sans + +[ sans ] +DNS.1 = repo.{{ domain.stdout }} +IP.1 = {{ IP.stdout }} \ No newline at end of file