This repository has been archived by the owner on Jan 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 81
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
As an installer user, I can configure Pulp
to run with TLS enabled to install/renew using letsencrypt certificates fixes: #6846 https://pulp.plan.io/issues/6846
- Loading branch information
1 parent
07c99d9
commit 1bb2d24
Showing
11 changed files
with
117 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Support Let's Encrypt and other ACME protocol CAs. Includes sharing out the `pulp_webserver_static_dir`/.well-known directory for HTTP-01 verification. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
pulp_webserver_httpd_servername: "{{ inventory_hostname }}" | ||
lets_encrypt_hostname: "{{ inventory_hostname }}" | ||
lets_encrypt_directories_certs: "/etc/letsencrypt" | ||
lets_encrypt_directories_data: "/var/lib/pulp/pulpcore_static" | ||
|
||
pulp_default_admin_password: password | ||
pulp_install_plugins: | ||
# galaxy-ng: {} | ||
# pulp-ansible: {} | ||
# pulp-certguard: {} | ||
# pulp-container: {} | ||
# pulp-cookbook: {} | ||
# pulp-deb: {} | ||
pulp-file: {} | ||
# pulp-gem: {} | ||
# pulp-maven: {} | ||
# pulp-npm: {} | ||
# pulp-python: {} | ||
# pulp-rpm: {} | ||
pulp_settings: | ||
secret_key: secret | ||
content_origin: "https://{{ inventory_hostname }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
- hosts: all | ||
pre_tasks: | ||
# The version string below is the highest of all those in roles' metadata: | ||
# "min_ansible_version". It needs to be kept manually up-to-date. | ||
- name: Verify Ansible meets min required version | ||
assert: | ||
that: "ansible_version.full is version_compare('2.8', '>=')" | ||
msg: > | ||
"You must update Ansible to at least 2.8 to use this version of Pulp 3 Installer." | ||
roles: | ||
# Includes running pulp_webserver. letsencrypt depends on a webserver | ||
# that can host the .well-known directory. | ||
- pulp_all_services | ||
- role: lexa-uw.letsencrypt | ||
become: true | ||
tasks: | ||
# Must be run via a task so that it can be run more than once. | ||
- name: Run pulp_webserver a 2nd time to import the key | ||
include_role: | ||
name: pulp_webserver | ||
vars: | ||
pulp_webserver_tls_key: "/etc/letsencrypt/private_key.pem" | ||
pulp_webserver_tls_cert: "/etc/letsencrypt/fullchain.pem" | ||
pulp_webserver_tls_files_remote: true | ||
environment: | ||
DJANGO_SETTINGS_MODULE: pulpcore.app.settings |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,20 @@ | ||
--- | ||
- name: Import specified TLS certificate | ||
copy: | ||
src: "{{ pulp_webserver_ssl_cert }}" | ||
src: "{{ pulp_webserver_tls_cert }}" | ||
dest: "{{ pulp_webserver_tls_folder }}/pulp_webserver.crt" | ||
owner: root | ||
group: "{{ pulp_group }}" | ||
mode: 0600 | ||
remote_src: "{{ pulp_webserver_tls_files_remote }}" | ||
notify: reload {{ pulp_webserver_server }} | ||
|
||
- name: Import specified TLS private key | ||
copy: | ||
src: "{{ pulp_webserver_ssl_key }}" | ||
src: "{{ pulp_webserver_tls_key }}" | ||
dest: "{{ pulp_webserver_tls_folder }}/pulp_webserver.key" | ||
owner: root | ||
group: "{{ pulp_group }}" | ||
mode: 0600 | ||
remote_src: "{{ pulp_webserver_tls_files_remote }}" | ||
notify: reload {{ pulp_webserver_server }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters