From cc15d8692b6c155781f9e89a7a29f11a0185edf4 Mon Sep 17 00:00:00 2001 From: Adar Nimrod <nimrod@shore.co.il> Date: Thu, 15 Dec 2016 18:10:32 +0200 Subject: [PATCH] - Correct handling of TLS key and certs, for that adding the ca-store as a dependency and the modules submodule. - Removed adarnimrod prefix from the name of dependencies for easier development. --- .gitmodules | 3 +++ defaults/main.yml | 2 ++ library/shore | 1 + meta/main.yml | 4 +++- templates/forwarding.conf.j2 | 6 +++--- tests/playbook.yml | 4 ++-- tests/requirements.yml | 2 ++ 7 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 .gitmodules create mode 160000 library/shore diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..c8bc96e --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "library/shore"] + path = library/shore + url = https://www.shore.co.il/git/ansible-modules diff --git a/defaults/main.yml b/defaults/main.yml index 55eb102..4c2d9ac 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,3 +2,5 @@ # defaults file for syslog-forward syslog_server: +syslog_key_file: /etc/ssl/private/ssl-cert-snakeoil.key +syslog_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem diff --git a/library/shore b/library/shore new file mode 160000 index 0000000..2efdc7b --- /dev/null +++ b/library/shore @@ -0,0 +1 @@ +Subproject commit 2efdc7b0a7d963ca5f2d7887530776906b319486 diff --git a/meta/main.yml b/meta/main.yml index e66997b..3ba621b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -13,4 +13,6 @@ galaxy_info: versions: - jessie galaxy_tags: [ syslog ] -dependencies: [] +dependencies: +- src: adarnimrod.ca-store + name: ca-store diff --git a/templates/forwarding.conf.j2 b/templates/forwarding.conf.j2 index 9a4062e..018b459 100644 --- a/templates/forwarding.conf.j2 +++ b/templates/forwarding.conf.j2 @@ -1,8 +1,8 @@ {# $DefaultNetstreamDriver gtls -$DefaultNetstreamDriverCAFile {{ tls_ca_cert_path }} -$DefaultNetstreamDriverCertFile {{ tls_cert_path }} -$DefaultNetstreamDriverKeyFile {{ tls_key_path }} +$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt +$DefaultNetstreamDriverCertFile {{ syslog_cert_file }} +$DefaultNetstreamDriverKeyFile {{ syslog_key_file }} $ActionSendStreamDriverAuthMode x509/name #} diff --git a/tests/playbook.yml b/tests/playbook.yml index a740c9b..ddad686 100644 --- a/tests/playbook.yml +++ b/tests/playbook.yml @@ -1,11 +1,11 @@ --- - hosts: syslog-forward-openbsd gather_facts: false - roles: [adarnimrod.openbsd-bootstrap] + roles: [openbsd-bootstrap] - hosts: syslog-forward-xenial gather_facts: false - roles: [adarnimrod.debian-bootstrap] + roles: [debian-bootstrap] - hosts: all strategy: free diff --git a/tests/requirements.yml b/tests/requirements.yml index cdc294c..70716f6 100644 --- a/tests/requirements.yml +++ b/tests/requirements.yml @@ -1,3 +1,5 @@ --- - src: adarnimrod.openbsd-bootstrap + name: openbsd-bootstrap - src: adarnimrod.debian-bootstrap + name: debian-bootstrap -- GitLab