Add certsync role
This commit is contained in:
parent
4958014991
commit
ba5a82e1ac
5
roles/certsync/defaults/main.yml
Normal file
5
roles/certsync/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
certsync_dir: /etc/ssl/certsync
|
||||||
|
certsync_host: srv02.hamburg.freifunk.net
|
||||||
|
certsync_key: /root/.ssh/certsync
|
||||||
|
certsync_script: /usr/local/sbin/certsync
|
24
roles/certsync/tasks/main.yml
Normal file
24
roles/certsync/tasks/main.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: create SSH key
|
||||||
|
command: ssh-keygen -b 4096 -C {{ ansible_nodename }} -f {{ certsync_key }}
|
||||||
|
args:
|
||||||
|
creates: "{{ certsync_key }}"
|
||||||
|
tags: certsync
|
||||||
|
|
||||||
|
- name: template certsync script
|
||||||
|
template:
|
||||||
|
src: templates/certsync.j2
|
||||||
|
dest: "{{ certsync_script }}"
|
||||||
|
owner: root
|
||||||
|
group: staff
|
||||||
|
mode: 0550
|
||||||
|
tags: certsync
|
||||||
|
|
||||||
|
- name: create cronjob
|
||||||
|
cron:
|
||||||
|
name: TLS Zertifikate synchronisieren
|
||||||
|
job: "{{ certsync_script }}"
|
||||||
|
minute: "0"
|
||||||
|
hour: "6"
|
||||||
|
day: "2"
|
||||||
|
tags: certsync
|
20
roles/certsync/templates/certsync.j2
Executable file
20
roles/certsync/templates/certsync.j2
Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH="/bin:/usr/bin:/sbin:/usr/sbin"
|
||||||
|
CERT_DIR="{{ certsync_dir }}"
|
||||||
|
|
||||||
|
if [ ! -d $CERT_DIR ]; then
|
||||||
|
mkdir -p $CERT_DIR
|
||||||
|
chown root.root $CERT_DIR
|
||||||
|
chmod 750 $CERT_DIR
|
||||||
|
fi
|
||||||
|
|
||||||
|
sftp -q -i {{ certsync_key }} certsync@{{ certsync_host }}:* "$CERT_DIR/" > /dev/null 2>&1
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Error getting certificates"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
chown root.root $CERT_DIR/*
|
||||||
|
chmod 440 $CERT_DIR/*
|
||||||
|
|
||||||
|
service nginx reload > /dev/null
|
|
@ -5,4 +5,5 @@
|
||||||
|
|
||||||
- hosts: updates
|
- hosts: updates
|
||||||
roles:
|
roles:
|
||||||
|
- certsync
|
||||||
- website/updates
|
- website/updates
|
||||||
|
|
Loading…
Reference in a new issue