Issue #12: Fix standalone cert generation, add full build-test-teardown playbook.
parent
7651f0ac0b
commit
5f7c9e046c
@ -1,2 +1,3 @@ |
||||
--- |
||||
- src: geerlingguy.git |
||||
- src: geerlingguy.nginx |
||||
|
@ -1,28 +0,0 @@ |
||||
--- |
||||
- hosts: all |
||||
|
||||
vars: |
||||
certbot_admin_email: https@servercheck.in |
||||
certbot_create_if_missing: yes |
||||
certbot_create_stop_services: |
||||
- nginx |
||||
certbot_certs: |
||||
- domains: |
||||
- certbot-test.servercheck.in |
||||
|
||||
pre_tasks: |
||||
- name: Update apt cache. |
||||
apt: update_cache=yes cache_valid_time=600 |
||||
when: ansible_os_family == 'Debian' |
||||
changed_when: false |
||||
|
||||
- name: Install cron (RedHat). |
||||
yum: name=cronie state=present |
||||
when: ansible_os_family == 'RedHat' |
||||
|
||||
- name: Install cron (Debian). |
||||
apt: name=cron state=present |
||||
when: ansible_os_family == 'Debian' |
||||
|
||||
roles: |
||||
- role_under_test |
@ -0,0 +1,178 @@ |
||||
--- |
||||
# To run: |
||||
# 1. Ensure Ansible and Boto are installed (pip install ansible boto). |
||||
# 2. Ensure you have AWS credentials stored where Boto can find them, and they |
||||
# are under the profile 'mm'. |
||||
# 3. Ensure you have a pubkey available at ~/.ssh/id_rsa.pub. |
||||
# 3. Run the playbook: ansible-playbook test-standalone-nginx-aws.yml |
||||
|
||||
# Play 1: Provision EC2 instance and A record. |
||||
- hosts: localhost |
||||
connection: local |
||||
gather_facts: no |
||||
|
||||
tasks: |
||||
- name: Configure EC2 Security Group. |
||||
ec2_group: |
||||
profile: mm |
||||
name: certbot_test_http |
||||
description: HTTP security group for Certbot testing. |
||||
region: "us-east-1" |
||||
state: present |
||||
rules: |
||||
- proto: tcp |
||||
from_port: 80 |
||||
to_port: 80 |
||||
cidr_ip: 0.0.0.0/0 |
||||
- proto: tcp |
||||
from_port: 443 |
||||
to_port: 443 |
||||
cidr_ip: 0.0.0.0/0 |
||||
- proto: tcp |
||||
from_port: 22 |
||||
to_port: 22 |
||||
cidr_ip: 0.0.0.0/0 |
||||
rules_egress: [] |
||||
|
||||
- name: Add EC2 Key Pair. |
||||
ec2_key: |
||||
profile: mm |
||||
region: "us-east-1" |
||||
name: certbot_test |
||||
key_material: "{{ item }}" |
||||
with_file: ~/.ssh/id_rsa.pub |
||||
|
||||
- name: Provision EC2 instance. |
||||
ec2: |
||||
profile: mm |
||||
key_name: certbot_test |
||||
instance_tags: |
||||
Name: "certbot-standalone-nginx-test" |
||||
group: ['default', 'certbot_test_http'] |
||||
instance_type: t2.micro |
||||
image: ami-02e98f78 # CentOS Linux 7 x86_64 HVM EBS |
||||
region: "us-east-1" |
||||
wait: yes |
||||
wait_timeout: 500 |
||||
exact_count: 1 |
||||
count_tag: |
||||
Name: "certbot-standalone-nginx-test" |
||||
register: created_instance |
||||
|
||||
- name: Add A record for the new EC2 instance IP in Route53. |
||||
route53: |
||||
profile: mm |
||||
command: create |
||||
zone: servercheck.in |
||||
record: certbot-test.servercheck.in |
||||
type: A |
||||
ttl: 300 |
||||
value: "{{ created_instance.tagged_instances.0.public_ip }}" |
||||
wait: yes |
||||
overwrite: yes |
||||
|
||||
- name: Add EC2 instance to inventory groups. |
||||
add_host: |
||||
name: "certbot-test.servercheck.in" |
||||
groups: "aws,aws_nginx" |
||||
ansible_ssh_user: centos |
||||
host_key_checking: False |
||||
when: created_instance.tagged_instances.0.id is defined |
||||
|
||||
# Play 2: Configure EC2 instance with Certbot and Nginx. |
||||
- hosts: aws_nginx |
||||
gather_facts: yes |
||||
become: yes |
||||
|
||||
vars: |
||||
certbot_admin_email: https@servercheck.in |
||||
certbot_create_if_missing: yes |
||||
certbot_create_stop_services: |
||||
- nginx |
||||
certbot_certs: |
||||
- domains: |
||||
- certbot-test.servercheck.in |
||||
certbot_create_stop_services: [] |
||||
nginx_vhosts: |
||||
- listen: "443 ssl http2" |
||||
server_name: "certbot-test.servercheck.in" |
||||
root: "/usr/share/nginx/html" |
||||
index: "index.html index.htm" |
||||
state: "present" |
||||
template: "{{ nginx_vhost_template }}" |
||||
filename: "certbot_test.conf" |
||||
extra_parameters: | |
||||
ssl_certificate /etc/letsencrypt/live/certbot-test.servercheck.in/fullchain.pem; |
||||
ssl_certificate_key /etc/letsencrypt/live/certbot-test.servercheck.in/privkey.pem; |
||||
ssl_protocols TLSv1.1 TLSv1.2; |
||||
ssl_ciphers HIGH:!aNULL:!MD5; |
||||
|
||||
pre_tasks: |
||||
- name: Update apt cache. |
||||
apt: update_cache=yes cache_valid_time=600 |
||||
when: ansible_os_family == 'Debian' |
||||
changed_when: false |
||||
|
||||
- name: Install dependencies (RedHat). |
||||
yum: name={{ item }} state=present |
||||
when: ansible_os_family == 'RedHat' |
||||
with_items: |
||||
- cronie |
||||
- epel-release |
||||
|
||||
- name: Install cron (Debian). |
||||
apt: name=cron state=present |
||||
when: ansible_os_family == 'Debian' |
||||
|
||||
roles: |
||||
- geerlingguy.certbot |
||||
- geerlingguy.nginx |
||||
|
||||
tasks: |
||||
- name: Flush handlers in case any configs have changed. |
||||
meta: flush_handlers |
||||
|
||||
- name: Test secure connection to SSL domain. |
||||
uri: |
||||
url: https://certbot-test.servercheck.in/ |
||||
status_code: 200 |
||||
delegate_to: localhost |
||||
become: no |
||||
|
||||
# Play 3: Tear down EC2 instance and A record. |
||||
- hosts: localhost |
||||
connection: local |
||||
gather_facts: no |
||||
|
||||
tasks: |
||||
- name: Destroy EC2 instance. |
||||
ec2: |
||||
profile: mm |
||||
instance_ids: ["{{ created_instance.tagged_instances.0.id }}"] |
||||
region: "us-east-1" |
||||
state: absent |
||||
wait: yes |
||||
wait_timeout: 500 |
||||
|
||||
- name: Delete Security Group. |
||||
ec2_group: |
||||
profile: mm |
||||
name: certbot_test_http |
||||
region: "us-east-1" |
||||
state: absent |
||||
|
||||
- name: Delete Key Pair. |
||||
ec2_key: |
||||
profile: mm |
||||
name: certbot_test |
||||
region: "us-east-1" |
||||
state: absent |
||||
|
||||
- name: Delete Route53 record. |
||||
route53: |
||||
profile: mm |
||||
state: delete |
||||
zone: servercheck.in |
||||
record: certbot-test.servercheck.in |
||||
type: A |
||||
ttl: 300 |
Loading…
Reference in new issue