Skip to content
This repository has been archived by the owner on Apr 20, 2022. It is now read-only.

Generate a self-signed cert when none is provided #35

Merged
merged 2 commits into from
Nov 22, 2014
Merged

Generate a self-signed cert when none is provided #35

merged 2 commits into from
Nov 22, 2014

Conversation

bgw
Copy link
Collaborator

@bgw bgw commented Nov 15, 2014

The documentation suggested doing this manually, but this is better because it does it for you!

taoeffect
taoeffect reviewed Nov 15, 2014
View reviewed changes
roles/common/tasks/ssl.yml
umask 022;
cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >
/etc/ssl/certs/wildcard_combined.pem
creates=/etc/ssl/certs/wildcard_combined.pem
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't it interpret this as part of the script since this is the same level of indentation?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope! http://docs.ansible.com/shell_module.html

You can provide key=value pairs at the end of a shell command.

taoeffect
taoeffect reviewed Nov 15, 2014
View reviewed changes
roles/common/tasks/ssl.yml
shell: >
umask 022;
ln /etc/ssl/certs/wildcard_public_cert.crt
/etc/ssl/certs/wildcard_combined.pem
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@PiPeep Shouldn't this be a symlink, not a hard link?

@taoeffect
Copy link
Owner

@PiPeep 👍 Finished my review. Some replies and maybe one more commit will be enough to merge it! Great job on this, and sorry for taking a little longer to review it!

taoeffect
taoeffect reviewed Nov 22, 2014
View reviewed changes
roles/common/tasks/ssl.yml
-signkey /etc/ssl/private/wildcard_private.key
-out /etc/ssl/certs/wildcard_public_cert.crt
args:
creates: /etc/ssl/certs/wildcard_public_cert.crt
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's going all over the place! ick

It would be better to have all the cert stuff placed in one folder, so that users only have one place to go to delete the stuff, and then they can re-run the script to generate a new keypair.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be a separate PR.

@bgw
Generate a self-signed cert when none is provided
09177c2 
The documentation suggested doing this manually, but this is better
because it does it for you!
taoeffect
taoeffect reviewed Nov 22, 2014
View reviewed changes
roles/common/tasks/ssl.yml
# https://github.com/ansible/ansible/issues/3107
- name: Find existing SSL keys
sudo: no
local_action: command test -e roles/common/files/wildcard_private.key
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This key should be in a folder that in the top level directory, not buried deeply within the roles.

@taoeffect taoeffect mentioned this pull request Nov 22, 2014
Open
@taoeffect
Copy link
Owner

OK, created issue #37 to address the issues I saw here, but this is good to merge (I think). Just waiting for @PiPeep's vagrant test results.

@taoeffect taoeffect mentioned this pull request Nov 22, 2014
Closed
taoeffect added a commit that referenced this pull request Nov 22, 2014
@taoeffect
Merge pull request #35 from taoeffect/self-signed-ssl
6d71bbc 
Generate a self-signed cert when none is provided
@taoeffect taoeffect merged commit 6d71bbc into master Nov 22, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bgw @taoeffect