maj lb-front-ssl pour une version fonctionnelle

roles/lb-front-ssl/tasks/main.yml

@@ -3,12 +3,38 @@
     name: haproxy
     state: present
 
+- name: Creer le repertoire du certificat
+  file:
+    path: /etc/haproxy/crt
+    state: directory
+    mode: '0755'
+
+- name: Creer le repertoire de la cle privee
+  file:
+    path: /etc/haproxy/crt/private
+    state: directory
+    mode: '0755'
+
+- name: Generer une clee privee avec les valeurs par defaut (4096 bits, RSA)
+  openssl_privatekey:
+    path: /etc/haproxy/crt/private/haproxy.pem.key
+    size: 4096
+    type: RSA
+    state: present
+
 - name: creer un certificat auto-signé
   openssl_certificate:
-    path: /etc/haproxy/crt/haproxy.crt
-    privatekey_path: /etc/haproxy/crt/private/haproxy.pem
-    csr_path: /etc/haproxy/crt/csr/haproxy.csr
+    path: /etc/haproxy/crt/private/haproxy.pem
+    privatekey_path: /etc/haproxy/crt/private/haproxy.pem.key
     provider: selfsigned
+    state: present
+
+- name: s'assurer que le certificat a les bonnes permissions
+  file:
+    path: /etc/haproxy/crt/private/haproxy.pem
+    owner: root
+    group: haproxy
+    mode: '0640'
 
 - name: parametre global
   blockinfile:
@@ -31,7 +57,7 @@
     block: |
       frontend proxypublic
         bind 192.168.100.10:80
-        bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/pritvate/haproxy.pem
+        bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/private/haproxy.pem
         http-request redirect scheme https unless { ssl_fc }
         default_backend fermeweb
       

s-lb.yml

@@ -5,8 +5,8 @@
    roles:
      - base
      - goss
-     - lb-front
-       #- lb-front-ssl
+       #- lb-front
+     - lb-front-ssl
        #- zabbix-cli
      - ssh-cli
      - post