vlad/ansible_cache
vlad/ansible_cache
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added playbook that loads the AD1 root CA into the hosts and forces them to update the CA store + cleaned up inventory of old hosts

Browse Source
This commit is contained in:
Vlad R 2024-05-09 14:25:27 +00:00
parent 2f092d625c
commit 06f932ca8b
3 changed files with 59 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
dnaclab_linux/ad1.dnaclab.net.crt Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDYzCCAkugAwIBAgIQOjH4SmsJLppClIB6CKuPKTANBgkqhkiG9w0BAQsFADBE
MRMwEQYKCZImiZPyLGQBGRYDbmV0MRcwFQYKCZImiZPyLGQBGRYHZG5hY2xhYjEU
MBIGA1UEAxMLZG5hY2xhYi5uZXQwHhcNMjIwNDI4MTYyODMxWhcNMzIwNDI4MTYz
ODMwWjBEMRMwEQYKCZImiZPyLGQBGRYDbmV0MRcwFQYKCZImiZPyLGQBGRYHZG5h
Y2xhYjEUMBIGA1UEAxMLZG5hY2xhYi5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJiTcCiTFlBkDIe19uDPm/JWfM53v2BHlyQZadk2aNVq18ZHTC
2724X9gKG2qUWhdxVYyBgnz/EYra+kgsJdXMsiDWN+MbfOdD3Xs7MBPC1goujFVW
6n6dvi5JZarFJjvDhKLfuRUB61we6vfccZwE4PwSChaIWDoCJlpcRaHnKEgLxawh
/UpArEm2KRWfRMDloxXmVJkjZ1JKQF54iZbMRvGhyGpIEcwLG9ddetEvjmDK+FIU
4AKG356ktjvFQFOCp4U9CTnm0h+AwOem+Le6Q5qV8GKPEc9wTJjbkarsoEYd9doS
d2qrmHiSe/mpO52Fn1HZELnjH3yis4wpaxP3AgMBAAGjUTBPMAsGA1UdDwQEAwIB
hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSm6oQF7HWtEn8/zS61YUU7WEJ6
5DAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAU3PZaenth8q3
9O4HmcNR6+uPx3Ic4G6AgY6/rI1WSNnax9n76wvYBGd+DytOGLVhmzdW6U7udcUB
rn4mwKhiUa4LtvbZfSz7gycJ2f/l0Vqq2ebSWTM3D2L6leQKfy71USQ9u7oRNWHN
kmq8bzXrJ5NGCdMG4u+0848jqquD3wHZixvjHsCwZeKYDldnbZIvuOBQSh4N+YCV
jEgE2XULMYrxLSCh/01p1cl4It3Rb0/xR105cPlYEU6HyYQVctjdhgZAnanYAu+1
HaQtKGeASlx+i7WftsMCOJuC3ddEF7yT9se3yeAGjioIjLUhlx+1yHcXzEVyFVQd
uzeSL2RGjA==
-----END CERTIFICATE-----

16
dnaclab_linux/inventory.yml
View File

@ -3,8 +3,7 @@ all:
children:
services_hosts:
hosts:
ubuntu.dnaclab.net:
staging.dnaclab.net:
services.dnaclab.net:
developer_hosts:
hosts:
developer.dnaclab.net:
@ -17,12 +16,7 @@ all:
backups.dnaclab.net:
kubernetes:
hosts:
10.221.0.130:
10.221.0.131:
10.221.0.132:
kubernetes_dev:
hosts:
172.16.1.130:
172.16.1.131:
172.16.1.132:
172.16.1.133:
k8s-master.dnaclab.net:
k8s-worker1.dnaclab.net:
k8s-worker2.dnaclab.net:

33
dnaclab_linux/prestage_root_ca.yaml Normal file
View File

@ -0,0 +1,33 @@
---
- name: Prestage server(s) with the NCA FSA AD1 root CA and load it into SSL service
hosts: all
become: yes
vars_files:
- global_vars/main.yml
tasks:
- name: Copy AD1 root certificate to the shared SSL store
ansible.builtin.copy:
src: "./ad1.dnaclab.net.crt"
dest: /usr/local/share/ca-certificates/
owner: root
group: root
mode: '0666'
- name: Update the CA certificate store
ansible.builtin.command: update-ca-certificates
register: update_results
- name: Print update results
ansible.builtin.debug:
var: update_results.stdout
- name: Verify that certificates signed by AD1 can be verified now
ansible.builtin.shell: openssl s_client -connect gitlab.dnaclab.net:443 -showcerts </dev/null
register: verify_results
- name: Report outcome of certificate install and validation
ansible.builtin.debug:
msg: Root CA installation and validation successfull!
when: '"Verification: OK" in verify_results.stdout'