Add new filter plugins related to SSL
Emilien Mantel
parent
20d4b6829a
commit
a8b062284e
|
|
@ -10,11 +10,29 @@ def nginx_site_name(site):
|
||||||
else:
|
else:
|
||||||
return site['name']
|
return site['name']
|
||||||
|
|
||||||
|
def nginx_ssl_dir(pair, ssl_dir):
|
||||||
|
return ssl_dir + '/' + nginx_site_filename(pair)
|
||||||
|
|
||||||
|
def nginx_key_path(pair, ssl_dir):
|
||||||
|
if pair.has_key('dest_key'):
|
||||||
|
return pair['dest_key']
|
||||||
|
else:
|
||||||
|
return nginx_ssl_dir(pair, ssl_dir) + '/' + nginx_site_filename(pair) + '.key'
|
||||||
|
|
||||||
|
def nginx_cert_path(pair, ssl_dir):
|
||||||
|
if pair.has_key('dest_cert'):
|
||||||
|
return pair['dest_cert']
|
||||||
|
else:
|
||||||
|
return nginx_ssl_dir(pair, ssl_dir) + '/' + nginx_site_filename(pair) + '.crt'
|
||||||
|
|
||||||
class FilterModule(object):
|
class FilterModule(object):
|
||||||
''' Nginx module '''
|
''' Nginx module '''
|
||||||
|
|
||||||
def filters(self):
|
def filters(self):
|
||||||
return {
|
return {
|
||||||
'nginx_site_filename': nginx_site_filename,
|
'nginx_site_filename': nginx_site_filename,
|
||||||
'nginx_site_name': nginx_site_name
|
'nginx_site_name': nginx_site_name,
|
||||||
|
'nginx_ssl_dir': nginx_ssl_dir,
|
||||||
|
'nginx_key_path': nginx_key_path,
|
||||||
|
'nginx_cert_path': nginx_cert_path
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@
|
||||||
|
|
||||||
- name: FILE | Create SSL directories
|
- name: FILE | Create SSL directories
|
||||||
file:
|
file:
|
||||||
path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
|
path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
|
||||||
state: directory
|
state: directory
|
||||||
loop: "{{ nginx_ssl_pairs }}"
|
loop: "{{ nginx_ssl_pairs }}"
|
||||||
when: item.dest_key is not defined or item.dest_cert is not defined
|
when: item.dest_key is not defined or item.dest_cert is not defined
|
||||||
|
|
@ -39,7 +39,7 @@
|
||||||
- name: COPY | Deploy SSL keys
|
- name: COPY | Deploy SSL keys
|
||||||
copy:
|
copy:
|
||||||
content: "{{ item.key }}"
|
content: "{{ item.key }}"
|
||||||
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}"
|
dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
loop: "{{ nginx_ssl_pairs }}"
|
loop: "{{ nginx_ssl_pairs }}"
|
||||||
when: item.key is defined
|
when: item.key is defined
|
||||||
|
|
@ -49,7 +49,7 @@
|
||||||
- name: COPY | Deploy SSL certs
|
- name: COPY | Deploy SSL certs
|
||||||
copy:
|
copy:
|
||||||
content: "{{ item.cert }}"
|
content: "{{ item.cert }}"
|
||||||
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
|
dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop: "{{ nginx_ssl_pairs }}"
|
loop: "{{ nginx_ssl_pairs }}"
|
||||||
when: item.cert is defined
|
when: item.cert is defined
|
||||||
|
|
@ -61,11 +61,11 @@
|
||||||
openssl req
|
openssl req
|
||||||
-new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509
|
-new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509
|
||||||
-subj '/CN={{ item | nginx_site_name }}'
|
-subj '/CN={{ item | nginx_site_name }}'
|
||||||
-keyout {{ item | nginx_site_name + '.key' }}
|
-keyout {{ item | nginx_key_path(nginx_ssl_dir) }}
|
||||||
-out {{ item | nginx_site_name + '.crt' }}
|
-out {{ item | nginx_cert_path(nginx_ssl_dir) }}
|
||||||
args:
|
args:
|
||||||
chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
|
chdir: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
|
||||||
creates: "{{ '/tmp/dummy' if item.force is defined and item.force else nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}"
|
creates: "{{ '/tmp/dummy' if item.force is defined and item.force else item | nginx_cert_path(nginx_ssl_dir) }}"
|
||||||
loop: "{{ nginx_ssl_pairs }}"
|
loop: "{{ nginx_ssl_pairs }}"
|
||||||
when: item.self_signed is defined
|
when: item.self_signed is defined
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
|
|
|
||||||
|
|
@ -41,8 +41,8 @@
|
||||||
{%- endmacro %}
|
{%- endmacro %}
|
||||||
{% macro ssl(ssl_name) %}
|
{% macro ssl(ssl_name) %}
|
||||||
{% for sn in nginx_ssl_pairs if ((sn.name is string and sn.name == ssl_name) or (sn.name.0 == ssl_name)) %}
|
{% for sn in nginx_ssl_pairs if ((sn.name is string and sn.name == ssl_name) or (sn.name.0 == ssl_name)) %}
|
||||||
ssl_certificate {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.crt' if sn.dest_cert is not defined else sn.dest_cert }};
|
ssl_certificate {{ sn | nginx_cert_path(nginx_ssl_dir) }};
|
||||||
ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }};
|
ssl_certificate_key {{ sn | nginx_key_path(nginx_ssl_dir) }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{%- endmacro %}
|
{%- endmacro %}
|
||||||
{% macro httpsredirect(name) %}
|
{% macro httpsredirect(name) %}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue