238 lines
7.5 KiB
YAML
238 lines
7.5 KiB
YAML
---
|
|
- name: Get domain
|
|
ansible.builtin.shell:
|
|
cmd: hostname -d
|
|
register: domain
|
|
tags:
|
|
- install
|
|
- add_config
|
|
|
|
- name: Get IP address
|
|
ansible.builtin.shell:
|
|
cmd: hostname -I | awk '{print $1}'
|
|
register: IP
|
|
tags:
|
|
- install
|
|
|
|
- name: Install docker
|
|
ansible.builtin.shell:
|
|
cmd: "curl -fsSL https://get.docker.com | sh"
|
|
|
|
- name: Enable docker (RHEL)
|
|
ansible.builtin.systemd:
|
|
name: docker
|
|
state: restarted
|
|
enabled: true
|
|
daemon_reload: true
|
|
when: ansible_facts['os_family'] == "RedHat"
|
|
tags: install
|
|
|
|
- name: Install rproxy
|
|
block:
|
|
- name: Remove rproxy dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}"
|
|
state: absent
|
|
|
|
- name: Create rproxy dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}"
|
|
state: directory
|
|
|
|
- name: Create sites dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/sites"
|
|
state: directory
|
|
|
|
- name: Create certs dir
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs"
|
|
state: directory
|
|
|
|
- name: Copy docker-compose
|
|
ansible.builtin.template:
|
|
src: templates/docker-compose.rproxy.yml.j2
|
|
dest: "{{ rproxy_dir }}/docker-compose.yml"
|
|
|
|
- name: Copy nginx.conf
|
|
ansible.builtin.copy:
|
|
src: files/nginx.conf
|
|
dest: "{{ rproxy_dir }}/nginx.conf"
|
|
|
|
- name: Copy RootCA certificate
|
|
ansible.builtin.copy:
|
|
src: files/RootCA.crt
|
|
dest: '{{ rproxy_dir }}/certs/RootCA.crt'
|
|
|
|
- name: Copy RootCA key
|
|
ansible.builtin.copy:
|
|
src: files/RootCA.key
|
|
dest: '{{ rproxy_dir }}/certs/RootCA.key'
|
|
|
|
- name: Start rproxy
|
|
community.docker.docker_compose:
|
|
project_src: "{{ rproxy_dir }}"
|
|
tags: install
|
|
|
|
- name: Create https repository
|
|
block:
|
|
- name: Create repo dir
|
|
ansible.builtin.file:
|
|
path: "{{ repo_data_dir }}"
|
|
state: directory
|
|
mode: 0777
|
|
|
|
- name: Copy repo.conf
|
|
ansible.builtin.copy:
|
|
src: files/repo.conf
|
|
dest: "{{ rproxy_dir }}/sites/repo.conf"
|
|
|
|
- name: Copy repo certificate cnf
|
|
ansible.builtin.template:
|
|
src: templates/repo.cnf.j2
|
|
dest: '{{ rproxy_dir }}/certs/repo.cnf'
|
|
|
|
- name: Generate repo certificate key
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/repo.key 2048'
|
|
|
|
- name: Generate server csr
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl req -key {{ rproxy_dir }}/certs/repo.key -new -out {{ rproxy_dir }}/certs/repo.csr -config {{ rproxy_dir }}/certs/repo.cnf'
|
|
|
|
- name: Sign server certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/repo.csr -out {{ rproxy_dir }}/certs/repo.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/repo.cnf -days 365 -extensions v3_x509'
|
|
|
|
- name: Create fullchain certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/repo.crt'
|
|
|
|
- name: Delete csr
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/repo.csr"
|
|
state: absent
|
|
|
|
- name: Delete cnf
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/repo.cnf"
|
|
state: absent
|
|
|
|
- name: Restart rproxy
|
|
community.docker.docker_compose:
|
|
project_src: "{{ rproxy_dir }}"
|
|
build: false
|
|
restarted: true
|
|
tags: install
|
|
|
|
- name: Create docker repository
|
|
block:
|
|
- name: Remove dockerrepo dir
|
|
ansible.builtin.file:
|
|
path: "{{ dockerrepo_dir }}"
|
|
state: absent
|
|
|
|
- name: Create dockerrepo dir
|
|
ansible.builtin.file:
|
|
path: "{{ dockerrepo_dir }}"
|
|
state: directory
|
|
|
|
- name: Create repo dir
|
|
ansible.builtin.file:
|
|
path: "{{ dockerrepo_data_dir }}"
|
|
state: directory
|
|
|
|
- name: Create certs dir
|
|
ansible.builtin.file:
|
|
path: "{{ dockerrepo_dir }}/certs"
|
|
state: directory
|
|
|
|
- name: Copy docker-compose
|
|
ansible.builtin.template:
|
|
src: templates/docker-compose.dockerrepo.yml.j2
|
|
dest: "{{ dockerrepo_dir }}/docker-compose.yml"
|
|
|
|
- name: Copy dockerrepo certificate cnf
|
|
ansible.builtin.template:
|
|
src: templates/dockerrepo.cnf.j2
|
|
dest: '{{ dockerrepo_dir }}/certs/dockerrepo.cnf'
|
|
|
|
- name: Generate dockerrepo certificate key
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl genrsa -out {{ dockerrepo_dir }}/certs/dockerrepo.key 2048'
|
|
|
|
- name: Generate dockerrepo csr
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl req -key {{ dockerrepo_dir }}/certs/dockerrepo.key -new -out {{ dockerrepo_dir }}/certs/dockerrepo.csr -config {{ dockerrepo_dir }}/certs/dockerrepo.cnf'
|
|
|
|
- name: Sign dockerrepo certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ dockerrepo_dir }}/certs/dockerrepo.csr -out {{ dockerrepo_dir }}/certs/dockerrepo.crt -CAcreateserial -extfile {{ dockerrepo_dir }}/certs/dockerrepo.cnf -days 365 -extensions v3_x509'
|
|
|
|
- name: Create fullchain certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ dockerrepo_dir }}/certs/dockerrepo.crt'
|
|
|
|
- name: Delete csr
|
|
ansible.builtin.file:
|
|
path: "{{ dockerrepo_dir }}/certs/dockerrepo.csr"
|
|
state: absent
|
|
|
|
- name: Delete cnf
|
|
ansible.builtin.file:
|
|
path: "{{ dockerrepo_dir }}/certs/dockerrepo.cnf"
|
|
state: absent
|
|
|
|
- name: Restart rproxy
|
|
community.docker.docker_compose:
|
|
project_src: "{{ dockerrepo_dir }}"
|
|
build: false
|
|
restarted: true
|
|
tags: install
|
|
|
|
- name: Create configs
|
|
block:
|
|
- name: Copy server.conf
|
|
ansible.builtin.template:
|
|
src: templates/server.conf.j2
|
|
dest: "{{ rproxy_dir }}/sites/{{ rproxy_service_name }}.conf"
|
|
|
|
- name: Copy server certificate cnf
|
|
ansible.builtin.template:
|
|
src: templates/server.cnf.j2
|
|
dest: '{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf'
|
|
|
|
- name: Generate server key
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl genrsa -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.key 2048'
|
|
|
|
- name: Generate server csr
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl req -key {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.key -new -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr -config {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf'
|
|
|
|
- name: Sign server certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr -out {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf -days 365 -extensions v3_x509'
|
|
|
|
- name: Create fullchain certificate
|
|
ansible.builtin.shell:
|
|
cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ rproxy_dir }}/certs/{{ rproxy_service_name }}.crt'
|
|
|
|
- name: Delete csr
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.csr"
|
|
state: absent
|
|
|
|
- name: Delete cnf
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.cnf"
|
|
state: absent
|
|
|
|
- name: Restart rproxy
|
|
community.docker.docker_compose:
|
|
project_src: "{{ rproxy_dir }}"
|
|
build: false
|
|
restarted: true
|
|
tags: add_config
|
|
|