From 45e4401dcc2ccf75f0ff2faac5a21573f977c45e Mon Sep 17 00:00:00 2001 From: bbbb Date: Tue, 4 Jun 2024 15:49:33 +0200 Subject: [PATCH] maj lb-front-ssl pour une version fonctionnelle --- roles/lb-front-ssl/tasks/main.yml | 34 +++++++++++++++++++++++++++---- s-lb.yml | 4 ++-- 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/roles/lb-front-ssl/tasks/main.yml b/roles/lb-front-ssl/tasks/main.yml index 046f94c..9701dc1 100644 --- a/roles/lb-front-ssl/tasks/main.yml +++ b/roles/lb-front-ssl/tasks/main.yml @@ -3,12 +3,38 @@ name: haproxy state: present +- name: Creer le repertoire du certificat + file: + path: /etc/haproxy/crt + state: directory + mode: '0755' + +- name: Creer le repertoire de la cle privee + file: + path: /etc/haproxy/crt/private + state: directory + mode: '0755' + +- name: Generer une clee privee avec les valeurs par defaut (4096 bits, RSA) + openssl_privatekey: + path: /etc/haproxy/crt/private/haproxy.pem.key + size: 4096 + type: RSA + state: present + - name: creer un certificat auto-signé openssl_certificate: - path: /etc/haproxy/crt/haproxy.crt - privatekey_path: /etc/haproxy/crt/private/haproxy.pem - csr_path: /etc/haproxy/crt/csr/haproxy.csr + path: /etc/haproxy/crt/private/haproxy.pem + privatekey_path: /etc/haproxy/crt/private/haproxy.pem.key provider: selfsigned + state: present + +- name: s'assurer que le certificat a les bonnes permissions + file: + path: /etc/haproxy/crt/private/haproxy.pem + owner: root + group: haproxy + mode: '0640' - name: parametre global blockinfile: @@ -31,7 +57,7 @@ block: | frontend proxypublic bind 192.168.100.10:80 - bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/pritvate/haproxy.pem + bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/private/haproxy.pem http-request redirect scheme https unless { ssl_fc } default_backend fermeweb diff --git a/s-lb.yml b/s-lb.yml index 68f3112..d269b88 100644 --- a/s-lb.yml +++ b/s-lb.yml @@ -5,8 +5,8 @@ roles: - base - goss - - lb-front - #- lb-front-ssl + #- lb-front + - lb-front-ssl #- zabbix-cli - ssh-cli - post