diff --git a/SETUP.md b/SETUP.md index c174f6a..93a7874 100644 --- a/SETUP.md +++ b/SETUP.md @@ -3,4 +3,4 @@ SETUP 1. Copy `group_vars/all.yaml.example` to `group_vars/all.yaml` 2. Fill `group_vars/all.yaml` with the gateway hostname, the content of the `user_ca_key`, the public ip you are using and the domain you use -3. Add to the *inventory* the `gateway`, `reverse_proxy`, `ca` and `ca_request` entry. Follow the `inventory.example` format. These are the minimum entry that you neeed to make everything work in this playbook. +3. Add to the *inventory* the `gateway`, `reverse_proxy`, `authorities` and `authorities_request` entry. Follow the `inventory.example` format. These are the minimum entry that you neeed to make everything work in this playbook. diff --git a/doc/source/ssh_server.rst b/doc/source/ssh_server.rst index b80fafc..2809a8b 100644 --- a/doc/source/ssh_server.rst +++ b/doc/source/ssh_server.rst @@ -25,7 +25,7 @@ This is accomplished using ssh as a mean of transport, the specific task for a s - name: start sign request raw: "{{ cert_request | to_json }}" - delegate_to: ca_request + delegate_to: authorities_request register: request_result failed_when: "( request_result.stdout | from_json ).failed" diff --git a/files/test_ssh_ca.pub b/files/test_ssh_ca.pub deleted file mode 100644 index 283ddb7..0000000 --- a/files/test_ssh_ca.pub +++ /dev/null @@ -1 +0,0 @@ -AAAAB3NzaC1yc2EAAAADAQABAAABAQDaL3nANYZgrEaMf5mfeuX+iblmjScUNQb7DRf+4PRlNZ5wjgW4omuErDy0khtD8d9ct/Ttj+jD16V3cK182q+Y8SENOonoOFDyv5YKjeC5Ot6x6yduBTWcvr9EI61AvjhBpOHrP0pKo1btRstGv3RDDQyGyaxgR90DsS1H896xjzttJecs/+JUiE7hKx5tOSqDGp/XU5bhZY2Ico3Y0faaD/HbJPq7OsuY9NkVYMaSUCWENCgZgLEZ5oPNmhdUaDnSZGmnFl/++jIfTXwO187PFw2//eqebpSwaGSbskVuADybGapb5DCLfwy/kXTowUaD/NXthxmNdY5Nwzj/Jb1n root@ca diff --git a/files/test_ssl_ca.crt b/files/test_ssl_ca.crt deleted file mode 100644 index 54b7aa8..0000000 --- a/files/test_ssl_ca.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFXTCCA0WgAwIBAgIJAPHh5hgjr+ZeMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTcwNDE3MTgxNTAyWhcNMTgwNDE3MTgxNTAyWjBF -MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 -ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAmRE/Rj7On3bKoLHwq07Xnb+Q6DHOiD0ij77IfVno/B/479ynaywLgsN/ -geZIUXXn0PHLgKhZ73kDX+nPbfjqB+HjCDIXPsLxfsSs27bOz1zfGB29DY9upt2d -vLbUKxskTW+3olepEIuVP7E6fN/MJex4e9q1wLpojO8EWzlPENxuhjDWD17vOSzR -oKQW/9tIlFo4eLieTGi3/0QSHDI0bzAF/H9KrC7AWN/GNsYZQZVbofUGVgfCxIJQ -eZLDb/ogzYAzwygMGik1P92USB/21LzJyoEm1dTJfMkETTgKLJ9VxJx0UAfRzumr -FPSrcUwliap/nXfo7jaCMgW88nDEkEJvOpMTRcDI7/hm6TZmzfmndz4oYgvlIu6l -ik54/beGHLPrQGVns1QFYFaMMy4oKYJ1kITfuyOXiOUTkY+nHHEVnZLT2gdx+n1D -7LMS33Ux+MoXU3JCDxRyQ9WcTzi5kT4hZ8B1yJs325kE92684pO6LyXX7gns1LPn -tYTAcVSBpHC4wy3OyYh0bC5yxHRPRPC+31YMvpNlV/Xdre5kIJtpgfJzsOgmgVDV -plB9KdIGYIIxLKo5WeLm4mu/Z2PP0WkUVDNs0dDiujZ+mST3YcGHOmgFRzYXXbQ8 -ZeZlHaUQpIce0QAXhMjj+EjfYUvn4Fi9PJTyOIdJ69tJqjBkRpcCAwEAAaNQME4w -HQYDVR0OBBYEFGrqoPhOsppZAWiHzKmB+cRwsgshMB8GA1UdIwQYMBaAFGrqoPhO -sppZAWiHzKmB+cRwsgshMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB -AHoV7vpQejN3mpeXh5ffm/P/kcF2Fx4x+mLYzQonarixCMJVZZZG/+AZ0ABeBU6I -cQkm6GmvpcE0xFTeAteSQ5dj3QcDYKzn5hAoIE2Mo/vvNJ0hj11/gzY172FbWPrN -UFn8JCXdQ/dW9AbsoJBT4Ns/Ezw0+KgZdJzeoPvlmlxcg2nKtLzWhA1hHzVcLKAF -xFqTPCiytdJpHJIjXXodwFVhWCKs0RR95dh15LxMbCf8iiHmByaXoovHJfzKf1YL -A9pYuzDiLs1JYsKV6ewVhb1tE5Kh6k6USkqo+FTN79LajDA5yE+aH4Zbl5ynD0Ug -Toi3sThG3Voh8YCvBGkNw6a6SMUNGwRXfR6KuIXANxLyhaevrX5o+AYOUgupznjp -TDqX/ymxry7uzhIVvL1lCNk0N/GMp+aUmlMJr0fCIq+HQyBfETUq3kC5dzgCJydQ -554VxlD1i9pQvXPx4APWkh+bBe3Yuai9si5UTQxn0h9MRHQpYvMdnhkCGWoivSjn -CFt8wUj+iEzoU2EaLnRje/pC17ENTbzGnmFif1MUAXX4qEKc39ip9GpYNQ7lkEgE -xZPxrjf77xBESTIq07Mih6ygIQTDpM8qyZcJtzP7KwOZIp948C1RsMEeMPcRWUpn -JyvUzpM83JoFox7L2/NSCthcYv61wjM1645STfh3ukTL ------END CERTIFICATE----- diff --git a/hosts b/hosts index 881cb50..a450648 100644 --- a/hosts +++ b/hosts @@ -6,6 +6,7 @@ emmett ansible_host=10.150.40.5 ansible_user=root bakulilik ansible_host=10.150.40.6 ansible_user=root mcfly ansible_host=10.150.40.7 ansible_user=root authorities ansible_host=10.150.40.8 ansible_user=root +authorities_request ansible_host=10.150.40.8 ansible_user=request ca ansible_host=10.150.42.11 ansible_user=root ca_request ansible_host=10.150.42.11 ansible_user=request diff --git a/roles/dovecot/tasks/main.yaml b/roles/dovecot/tasks/main.yaml index fb5fc29..038e649 100644 --- a/roles/dovecot/tasks/main.yaml +++ b/roles/dovecot/tasks/main.yaml @@ -119,7 +119,7 @@ - name: lookup ssl ca key set_fact: - ssl_ca_key: "{{ lookup('file', 'test_ssl_ca.crt') }}" + ssl_ca_key: "{{ lookup('file', 'lilik_ca_w1.pub') }}" - name: Update ssl CA key copy: @@ -152,7 +152,7 @@ keyData: "{{ pub_key.content| b64decode}}" - debug: - var: ca_request + var: authorities_request verbosity: 2 - name: start sign request @@ -175,7 +175,7 @@ requestID: '{{ request_output.requestID }}' - debug: - var: ca_request + var: authorities_request verbosity: 2 - debug: diff --git a/roles/exim4/tasks/main.yaml b/roles/exim4/tasks/main.yaml index d101f19..bd75158 100644 --- a/roles/exim4/tasks/main.yaml +++ b/roles/exim4/tasks/main.yaml @@ -92,7 +92,7 @@ - name: lookup ssl ca key set_fact: - ssl_ca_key: "{{ lookup('file', 'test_ssl_ca.crt') }}" + ssl_ca_key: "{{ lookup('file', 'lilik_ca_w1.pub') }}" - name: Update ssl CA key copy: @@ -125,7 +125,7 @@ keyData: "{{ pub_key.content| b64decode}}" - debug: - var: ca_request + var: authorities_request verbosity: 2 - name: start sign request @@ -148,7 +148,7 @@ requestID: '{{ request_output.requestID }}' - debug: - var: ca_request + var: authorities_request verbosity: 2 - debug: diff --git a/roles/roundcube/tasks/main.yaml b/roles/roundcube/tasks/main.yaml index 98b7357..0536cfe 100644 --- a/roles/roundcube/tasks/main.yaml +++ b/roles/roundcube/tasks/main.yaml @@ -27,10 +27,10 @@ owner: root group: www-data -- name: copy test_ssl_ca.crt +- name: copy lilik_ca_w1.pub copy: - src: "test_ssl_ca.crt" - dest: "/usr/local/share/ca-certificates/test_ssl_ca.crt" + src: "lilik_ca_w1.pub" + dest: "/usr/local/share/ca-certificates/lilik_ca_w1.pub" mode: 0444 notify: update-ca-certificates diff --git a/roles/ssh_server/tasks/main.yaml b/roles/ssh_server/tasks/main.yaml index ff57f2d..d7e9efe 100644 --- a/roles/ssh_server/tasks/main.yaml +++ b/roles/ssh_server/tasks/main.yaml @@ -8,11 +8,11 @@ - name: lookup user ca key set_fact: - user_ca_key: "{{ lookup('file', 'test_ssh_ca.pub') }}" + user_ca_key: "{{ lookup('file', 'lilik_ca_s1.pub') }}" - name: Update container user CA key copy: - content: "ssh-rsa {{ user_ca_key }}" + content: "{{ user_ca_key }}" dest: "/etc/ssh/user_ca.pub" notify: restart ssh @@ -44,11 +44,11 @@ type: 'sign_request' request: keyType: 'ssh_host' - hostName: '{{ ansible_docker_extra_args | default(inventory_hostname) }}.lilik.it' + hostName: '{{ ansible_docker_extra_args or inventory_hostname }}.lilik.it' keyData: "{{ vm_public_key['content'] | b64decode | replace('\n', '')}}" - debug: - var: ca_request | to_json + var: authorities_request | to_json verbosity: 2 - name: start sign request @@ -74,7 +74,7 @@ requestID: '{{ request_output.requestID }}' - debug: - var: ca_request + var: authorities_request verbosity: 2 - debug: diff --git a/tasks/ca-dialog.yaml b/tasks/ca-dialog.yaml index 4b2c5dc..8d1ad02 100644 --- a/tasks/ca-dialog.yaml +++ b/tasks/ca-dialog.yaml @@ -1,5 +1,5 @@ - raw: "{{ ca_request | to_json }}" - delegate_to: ca_request + delegate_to: authorities_request delegate_facts: True register: request_result failed_when: "( request_result.stdout | from_json ).failed"