adding sll tasks for pah

aliasghar004 · Jan 28, 2022 · 7be9ca9 · 7be9ca9
1 parent c5cccbc
commit 7be9ca9
Show file tree

Hide file tree

Showing 2 changed files with 106 additions and 0 deletions.
diff --git a/roles/private_automation_hub/tasks/50_ssl.yml b/roles/private_automation_hub/tasks/50_ssl.yml
@@ -0,0 +1,102 @@
+---
+- name: SSL cert block
+  block:
+
+    - name: Add EPEL repo for RHEL 8
+      yum_repository:
+        name: epel
+        description: EPEL for Enterprise Linux 8
+        baseurl: https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/
+        enabled: true
+        gpgcheck: false
+      when: ansible_distribution_major_version|int == 8
+
+    - name: install snapd
+      dnf:
+        name: snapd
+        state: present
+        disable_gpg_check: true
+
+    - name: start snapd
+      service:
+        name: snapd
+        state: started
+
+    - name: create link for snap dir
+      file:
+        src: /var/lib/snapd/snap
+        dest: /snap
+        state: link
+
+    - name: install certbot
+      command: snap install --classic certbot
+
+    - name: add certbot in $PATH
+      file:
+        src: /snap/bin/certbot
+        dest: /usr/bin/certbot
+        state: link
+
+    - name: install python requests
+      pip:
+        name: requests>=2.14.2
+
+    - name: stop private automation hub
+      service:
+        name: pulpcore-api.service
+        state: stopped
+      register: stop_hub
+      until: stop_hub is not failed
+      retries: 5
+
+    - name: stop nginx
+      service:
+        name: nginx
+        state: stopped
+      register: stop_nginx
+      until: stop_nginx is not failed
+      retries: 5
+
+    - name: issue ssl cert
+      shell: certbot certonly --no-bootstrap --standalone -d hub.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}} --email [email protected] --noninteractive --agree-tos
+      register: ssl_cert
+      until: ssl_cert is not failed
+      retries: 5
+
+    - name: Move SSL Key
+      copy:
+        remote_src: true
+        src: "/etc/letsencrypt/live/hub.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}/privkey.pem"
+        dest: /etc/pulp/certs/pulp_webserver.key
+
+    - name: move ssl cert
+      copy:
+        remote_src: true
+        src: "/etc/letsencrypt/live/hub.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/cert.pem"
+        dest: /etc/pulp/certs/pulp_webserver.crt
+
+    # - name: Retrieve Specific SSL Cert
+    #   slurp:
+    #     src: "/etc/letsencrypt/live/hub.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}/cert.pem"
+    #   register: intermediate_cert
+
+    # - name: Combine Specific and intermediate Cert
+    #   template:
+    #     src: combined_cert.j2
+    #     dest: /etc/pulp/certs/pulp_webserver.crt
+
+  rescue:
+    - name: no SSL cert for private automation hub
+      debug:
+        msg: "SSL cert problem - no cert applied"
+
+  always:
+    - name: nginx restart
+      service:
+        name: nginx
+        state: restarted
+
+    - name: private automation hub restart
+      service:
+        name: pulpcore-api.service
+        state: restarted
diff --git a/roles/private_automation_hub/tasks/main.yml b/roles/private_automation_hub/tasks/main.yml
@@ -14,3 +14,7 @@
   with_first_found:
     - "{{ role_path }}/tasks/40_dns/{{ dns_type }}.yml"
     - "{{ role_path }}/tasks/40_dns/none.yml"
+
+- name: setup ssl cert
+  include_tasks: "50_ssl.yml"
+  when: not teardown