mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
142 lines
5.0 KiB
YAML
142 lines
5.0 KiB
YAML
6 years ago
|
---
|
||
|
- block:
|
||
|
- name: Generate privatekey
|
||
|
openssl_privatekey:
|
||
|
path: "{{ output_dir }}/ansible_{{ key }}.key"
|
||
|
size: 2048
|
||
|
mode: "0666"
|
||
|
loop:
|
||
|
- key1
|
||
|
- key2
|
||
|
loop_control:
|
||
|
loop_var: key
|
||
|
|
||
|
- name: Generate CSR
|
||
|
openssl_csr:
|
||
|
path: "{{ output_dir }}/ansible_{{ key }}.csr"
|
||
|
privatekey_path: "{{ output_dir }}/ansible_{{ key }}.key"
|
||
|
basic_constraints:
|
||
|
- "CA:TRUE"
|
||
|
key_usage:
|
||
|
- keyCertSign
|
||
|
loop:
|
||
|
- key1
|
||
|
- key2
|
||
|
loop_control:
|
||
|
loop_var: key
|
||
|
|
||
|
- name: Generate self-signed certificate
|
||
|
openssl_certificate:
|
||
|
path: "{{ output_dir }}/ansible_{{ key }}.pem"
|
||
|
privatekey_path: "{{ output_dir }}/ansible_{{ key }}.key"
|
||
|
csr_path: "{{ output_dir }}/ansible_{{ key }}.csr"
|
||
|
provider: selfsigned
|
||
|
loop:
|
||
|
- key1
|
||
|
- key2
|
||
|
loop_control:
|
||
|
loop_var: key
|
||
|
|
||
|
###################################################################
|
||
|
## signing_ca_cert and signing_ca_key #############################
|
||
|
###################################################################
|
||
|
- name: signing_ca_cert and signing_ca_key (check mode)
|
||
|
docker_swarm:
|
||
|
advertise_addr: "{{ansible_default_ipv4.address | default('127.0.0.1')}}"
|
||
|
state: present
|
||
|
signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
|
||
|
signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
|
||
|
timeout: 120
|
||
|
check_mode: yes
|
||
|
diff: yes
|
||
|
register: output_1
|
||
|
|
||
|
- name: signing_ca_cert and signing_ca_key
|
||
|
docker_swarm:
|
||
|
advertise_addr: "{{ansible_default_ipv4.address | default('127.0.0.1')}}"
|
||
|
state: present
|
||
|
signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
|
||
|
signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
|
||
|
timeout: 120
|
||
|
diff: yes
|
||
|
register: output_2
|
||
|
|
||
|
- name: Private key
|
||
|
debug: msg="{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
|
||
|
- name: Cert
|
||
|
debug: msg="{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
|
||
|
- docker_swarm_facts:
|
||
|
register: output
|
||
|
- debug: var=output
|
||
|
|
||
|
# Idempotence for CA cert and key don't work yet! FIXME
|
||
|
|
||
|
#- name: signing_ca_cert and signing_ca_key (idempotent)
|
||
|
# docker_swarm:
|
||
|
# state: present
|
||
|
# signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
|
||
|
# signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
|
||
|
# timeout: 120
|
||
|
# diff: yes
|
||
|
# register: output_3
|
||
|
|
||
|
#- name: signing_ca_cert and signing_ca_key (idempotent, check mode)
|
||
|
# docker_swarm:
|
||
|
# state: present
|
||
|
# signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.pem') }}"
|
||
|
# signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key1.key') }}"
|
||
|
# timeout: 120
|
||
|
# check_mode: yes
|
||
|
# diff: yes
|
||
|
# register: output_4
|
||
|
|
||
|
- name: signing_ca_cert and signing_ca_key (change, check mode)
|
||
|
docker_swarm:
|
||
|
state: present
|
||
|
signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key2.pem') }}"
|
||
|
signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key2.key') }}"
|
||
|
timeout: 120
|
||
|
check_mode: yes
|
||
|
diff: yes
|
||
|
register: output_5
|
||
|
|
||
|
- name: signing_ca_cert and signing_ca_key (change)
|
||
|
docker_swarm:
|
||
|
state: present
|
||
|
signing_ca_cert: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key2.pem') }}"
|
||
|
signing_ca_key: "{{ lookup('file', role_path ~ '/' ~ output_dir ~ '/ansible_key2.key') }}"
|
||
|
timeout: 120
|
||
|
diff: yes
|
||
|
register: output_6
|
||
|
|
||
|
- name: assert signing_ca_cert and signing_ca_key
|
||
|
assert:
|
||
|
that:
|
||
|
- 'output_1 is changed'
|
||
|
- 'output_1.actions[0] | regex_search("New Swarm cluster created: ")'
|
||
|
- 'output_1.diff.before is defined'
|
||
|
- 'output_1.diff.after is defined'
|
||
|
- 'output_2 is changed'
|
||
|
- 'output_2.actions[0] | regex_search("New Swarm cluster created: ")'
|
||
|
- 'output_2.diff.before is defined'
|
||
|
- 'output_2.diff.after is defined'
|
||
|
#- 'output_3 is not changed'
|
||
|
#- 'output_3.actions[0] == "No modification"'
|
||
|
#- 'output_3.diff.before is defined'
|
||
|
#- 'output_3.diff.after is defined'
|
||
|
#- 'output_4 is not changed'
|
||
|
#- 'output_4.actions[0] == "No modification"'
|
||
|
#- 'output_4.diff.before is defined'
|
||
|
#- 'output_4.diff.after is defined'
|
||
|
- 'output_5 is changed'
|
||
|
- 'output_5.actions[0] == "Swarm cluster updated"'
|
||
|
- 'output_5.diff.before is defined'
|
||
|
- 'output_5.diff.after is defined'
|
||
|
- 'output_6 is changed'
|
||
|
- 'output_6.actions[0] == "Swarm cluster updated"'
|
||
|
- 'output_6.diff.before is defined'
|
||
|
- 'output_6.diff.after is defined'
|
||
|
|
||
|
# https://github.com/ansible/ansible/issues/34054: openssl_certificate unusable on RHEL 7
|
||
|
when: pyopenssl_version.stdout is version('0.15', '>=')
|