remove role
This commit is contained in:
parent
1e4d8a0426
commit
89960146af
4 changed files with 0 additions and 349 deletions
|
@ -1,167 +0,0 @@
|
||||||
GNU LESSER GENERAL PUBLIC LICENSE
|
|
||||||
Version 3, 29 June 2007
|
|
||||||
|
|
||||||
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
|
||||||
Everyone is permitted to copy and distribute verbatim copies
|
|
||||||
of this license document, but changing it is not allowed.
|
|
||||||
|
|
||||||
|
|
||||||
This version of the GNU Lesser General Public License incorporates
|
|
||||||
the terms and conditions of version 3 of the GNU General Public
|
|
||||||
License, supplemented by the additional permissions listed below.
|
|
||||||
|
|
||||||
0. Additional Definitions.
|
|
||||||
|
|
||||||
As used herein, "this License" refers to version 3 of the GNU Lesser
|
|
||||||
General Public License, and the "GNU GPL" refers to version 3 of the GNU
|
|
||||||
General Public License.
|
|
||||||
|
|
||||||
"The Library" refers to a covered work governed by this License,
|
|
||||||
other than an Application or a Combined Work as defined below.
|
|
||||||
|
|
||||||
An "Application" is any work that makes use of an interface provided
|
|
||||||
by the Library, but which is not otherwise based on the Library.
|
|
||||||
Defining a subclass of a class defined by the Library is deemed a mode
|
|
||||||
of using an interface provided by the Library.
|
|
||||||
|
|
||||||
A "Combined Work" is a work produced by combining or linking an
|
|
||||||
Application with the Library. The particular version of the Library
|
|
||||||
with which the Combined Work was made is also called the "Linked
|
|
||||||
Version".
|
|
||||||
|
|
||||||
The "Minimal Corresponding Source" for a Combined Work means the
|
|
||||||
Corresponding Source for the Combined Work, excluding any source code
|
|
||||||
for portions of the Combined Work that, considered in isolation, are
|
|
||||||
based on the Application, and not on the Linked Version.
|
|
||||||
|
|
||||||
The "Corresponding Application Code" for a Combined Work means the
|
|
||||||
object code and/or source code for the Application, including any data
|
|
||||||
and utility programs needed for reproducing the Combined Work from the
|
|
||||||
Application, but excluding the System Libraries of the Combined Work.
|
|
||||||
|
|
||||||
1. Exception to Section 3 of the GNU GPL.
|
|
||||||
|
|
||||||
You may convey a covered work under sections 3 and 4 of this License
|
|
||||||
without being bound by section 3 of the GNU GPL.
|
|
||||||
|
|
||||||
2. Conveying Modified Versions.
|
|
||||||
|
|
||||||
If you modify a copy of the Library, and, in your modifications, a
|
|
||||||
facility refers to a function or data to be supplied by an Application
|
|
||||||
that uses the facility (other than as an argument passed when the
|
|
||||||
facility is invoked), then you may convey a copy of the modified
|
|
||||||
version:
|
|
||||||
|
|
||||||
a) under this License, provided that you make a good faith effort to
|
|
||||||
ensure that, in the event an Application does not supply the
|
|
||||||
function or data, the facility still operates, and performs
|
|
||||||
whatever part of its purpose remains meaningful, or
|
|
||||||
|
|
||||||
b) under the GNU GPL, with none of the additional permissions of
|
|
||||||
this License applicable to that copy.
|
|
||||||
|
|
||||||
3. Object Code Incorporating Material from Library Header Files.
|
|
||||||
|
|
||||||
The object code form of an Application may incorporate material from
|
|
||||||
a header file that is part of the Library. You may convey such object
|
|
||||||
code under terms of your choice, provided that, if the incorporated
|
|
||||||
material is not limited to numerical parameters, data structure
|
|
||||||
layouts and accessors, or small macros, inline functions and templates
|
|
||||||
(ten or fewer lines in length), you do both of the following:
|
|
||||||
|
|
||||||
a) Give prominent notice with each copy of the object code that the
|
|
||||||
Library is used in it and that the Library and its use are
|
|
||||||
covered by this License.
|
|
||||||
|
|
||||||
b) Accompany the object code with a copy of the GNU GPL and this license
|
|
||||||
document.
|
|
||||||
|
|
||||||
4. Combined Works.
|
|
||||||
|
|
||||||
You may convey a Combined Work under terms of your choice that,
|
|
||||||
taken together, effectively do not restrict modification of the
|
|
||||||
portions of the Library contained in the Combined Work and reverse
|
|
||||||
engineering for debugging such modifications, if you also do each of
|
|
||||||
the following:
|
|
||||||
|
|
||||||
a) Give prominent notice with each copy of the Combined Work that
|
|
||||||
the Library is used in it and that the Library and its use are
|
|
||||||
covered by this License.
|
|
||||||
|
|
||||||
b) Accompany the Combined Work with a copy of the GNU GPL and this license
|
|
||||||
document.
|
|
||||||
|
|
||||||
c) For a Combined Work that displays copyright notices during
|
|
||||||
execution, include the copyright notice for the Library among
|
|
||||||
these notices, as well as a reference directing the user to the
|
|
||||||
copies of the GNU GPL and this license document.
|
|
||||||
|
|
||||||
d) Do one of the following:
|
|
||||||
|
|
||||||
0) Convey the Minimal Corresponding Source under the terms of this
|
|
||||||
License, and the Corresponding Application Code in a form
|
|
||||||
suitable for, and under terms that permit, the user to
|
|
||||||
recombine or relink the Application with a modified version of
|
|
||||||
the Linked Version to produce a modified Combined Work, in the
|
|
||||||
manner specified by section 6 of the GNU GPL for conveying
|
|
||||||
Corresponding Source.
|
|
||||||
|
|
||||||
1) Use a suitable shared library mechanism for linking with the
|
|
||||||
Library. A suitable mechanism is one that (a) uses at run time
|
|
||||||
a copy of the Library already present on the user's computer
|
|
||||||
system, and (b) will operate properly with a modified version
|
|
||||||
of the Library that is interface-compatible with the Linked
|
|
||||||
Version.
|
|
||||||
|
|
||||||
e) Provide Installation Information, but only if you would otherwise
|
|
||||||
be required to provide such information under section 6 of the
|
|
||||||
GNU GPL, and only to the extent that such information is
|
|
||||||
necessary to install and execute a modified version of the
|
|
||||||
Combined Work produced by recombining or relinking the
|
|
||||||
Application with a modified version of the Linked Version. (If
|
|
||||||
you use option 4d0, the Installation Information must accompany
|
|
||||||
the Minimal Corresponding Source and Corresponding Application
|
|
||||||
Code. If you use option 4d1, you must provide the Installation
|
|
||||||
Information in the manner specified by section 6 of the GNU GPL
|
|
||||||
for conveying Corresponding Source.)
|
|
||||||
|
|
||||||
5. Combined Libraries.
|
|
||||||
|
|
||||||
You may place library facilities that are a work based on the
|
|
||||||
Library side by side in a single library together with other library
|
|
||||||
facilities that are not Applications and are not covered by this
|
|
||||||
License, and convey such a combined library under terms of your
|
|
||||||
choice, if you do both of the following:
|
|
||||||
|
|
||||||
a) Accompany the combined library with a copy of the same work based
|
|
||||||
on the Library, uncombined with any other library facilities,
|
|
||||||
conveyed under the terms of this License.
|
|
||||||
|
|
||||||
b) Give prominent notice with the combined library that part of it
|
|
||||||
is a work based on the Library, and explaining where to find the
|
|
||||||
accompanying uncombined form of the same work.
|
|
||||||
|
|
||||||
6. Revised Versions of the GNU Lesser General Public License.
|
|
||||||
|
|
||||||
The Free Software Foundation may publish revised and/or new versions
|
|
||||||
of the GNU Lesser General Public License from time to time. Such new
|
|
||||||
versions will be similar in spirit to the present version, but may
|
|
||||||
differ in detail to address new problems or concerns.
|
|
||||||
|
|
||||||
Each version is given a distinguishing version number. If the
|
|
||||||
Library as you received it specifies that a certain numbered version
|
|
||||||
of the GNU Lesser General Public License "or any later version"
|
|
||||||
applies to it, you have the option of following the terms and
|
|
||||||
conditions either of that published version or of any later version
|
|
||||||
published by the Free Software Foundation. If the Library as you
|
|
||||||
received it does not specify a version number of the GNU Lesser
|
|
||||||
General Public License, you may choose any version of the GNU Lesser
|
|
||||||
General Public License ever published by the Free Software Foundation.
|
|
||||||
|
|
||||||
If the Library as you received it specifies that a proxy can decide
|
|
||||||
whether future versions of the GNU Lesser General Public License shall
|
|
||||||
apply, that proxy's public statement of acceptance of any version is
|
|
||||||
permanent authorization for you to choose that version for the
|
|
||||||
Library.
|
|
||||||
|
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
# generate-cert
|
|
||||||
|
|
||||||
This role is part of the project [Ansible Hacky PKI](https://gitea.auro.re/histausse/ansible_hacky_pki) licenced under the LGPL 3.
|
|
||||||
|
|
||||||
You can use it to generate certificate and manage de small pki, but keep it mind that this program is distributed **WITHOUT ANY WARRANTY**.
|
|
||||||
In particular, the **security** of the pki generated and the process of generated the pki **is not guaranteed**. If you find any vulnerability,
|
|
||||||
please contact me to see if we can find a patch.
|
|
||||||
|
|
||||||
Copyright 2021 Jean-Marie Mineau <histausse@protonmail.com>
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
key_usage:
|
|
||||||
- digitalSignature
|
|
||||||
- keyEncipherment
|
|
||||||
validity_duration: "+365d"
|
|
||||||
time_before_expiration_for_renewal: "+30d" # need a better name
|
|
||||||
force_renewal: no
|
|
||||||
store_directory: /etc/hackypky
|
|
|
@ -1,165 +0,0 @@
|
||||||
---
|
|
||||||
- name: Ensure the directories used to store certs exist
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
group: root
|
|
||||||
owner: root
|
|
||||||
mode: u=rwx,g=rx,o=rx
|
|
||||||
loop:
|
|
||||||
- "{{ store_directory }}"
|
|
||||||
- "{{ store_directory }}/crts"
|
|
||||||
- "{{ store_directory }}/keys"
|
|
||||||
|
|
||||||
- name: Ensure the directory containing the cert exist
|
|
||||||
file:
|
|
||||||
path: "{{ directory }}"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: Test if the key already exist
|
|
||||||
stat:
|
|
||||||
path: "{{ store_directory}}/keys/{{ cname }}.key"
|
|
||||||
register: key_file
|
|
||||||
|
|
||||||
- name: Test if the cert already exist
|
|
||||||
stat:
|
|
||||||
path: "{{ store_directory}}/crts/{{ cname }}.crt"
|
|
||||||
register: cert_file
|
|
||||||
|
|
||||||
- name: Test if we need to renew the certificate
|
|
||||||
openssl_certificate_info:
|
|
||||||
path: "{{ store_directory }}/crts/{{ cname }}.crt"
|
|
||||||
valid_at:
|
|
||||||
renewal: "{{ time_before_expiration_for_renewal }}"
|
|
||||||
register: validity
|
|
||||||
when: cert_file.stat.exists
|
|
||||||
|
|
||||||
- name: Generate the certificate
|
|
||||||
block:
|
|
||||||
- name: Generate private key
|
|
||||||
become: false
|
|
||||||
openssl_privatekey:
|
|
||||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
|
||||||
mode: u=rw,g=,o=
|
|
||||||
size: "{{ key_size | default(omit) }}"
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
- name: Generate a Certificate Signing Request
|
|
||||||
become: false
|
|
||||||
openssl_csr:
|
|
||||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
|
|
||||||
privatekey_path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
|
||||||
common_name: "{{ cname }}"
|
|
||||||
country_name: "{{ country_name | default(omit) }}"
|
|
||||||
locality_name: "{{ locality_name | default(omit) }}"
|
|
||||||
state_or_province_name: "{{ state_or_province_name | default(omit) }}"
|
|
||||||
organization_name: "{{ organization_name | default(omit) }}"
|
|
||||||
organizational_unit_name: "{{ organizational_unit_name | default(omit) }}"
|
|
||||||
email_address: "{{ email_address | default(omit) }}"
|
|
||||||
basic_constraints:
|
|
||||||
- CA:FALSE # syntax?
|
|
||||||
basic_constraints_critical: yes
|
|
||||||
key_usage: "{{ key_usage }}"
|
|
||||||
key_usage_critical: yes
|
|
||||||
subject_alt_name: "{{ subject_alt_name | default(omit) }}"
|
|
||||||
crl_distribution_points: "{{ crl_distribution_points | default(omit) }}"
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
- name: Put the CA in a file
|
|
||||||
become: false
|
|
||||||
copy:
|
|
||||||
content: "{{ ca_cert }}"
|
|
||||||
dest: "/tmp/ansible_hacky_pki_ca.crt"
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
- name: Put the CA key in a file
|
|
||||||
become: false
|
|
||||||
copy:
|
|
||||||
content: "{{ ca_key }}"
|
|
||||||
dest: "/tmp/ansible_hacky_pki_ca.key"
|
|
||||||
mode: u=rw,g=,o=
|
|
||||||
delegate_to: localhost
|
|
||||||
no_log: yes
|
|
||||||
|
|
||||||
- name: Sign the certificate
|
|
||||||
become: false
|
|
||||||
openssl_certificate:
|
|
||||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
|
|
||||||
csr_path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
|
|
||||||
ownca_not_after: "{{ validity_duration }}"
|
|
||||||
ownca_path: /tmp/ansible_hacky_pki_ca.crt
|
|
||||||
ownca_privatekey_passphrase: "{{ ca_passphrase }}"
|
|
||||||
ownca_privatekey_path: /tmp/ansible_hacky_pki_ca.key
|
|
||||||
provider: ownca
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
- name: Send private key to the server
|
|
||||||
copy:
|
|
||||||
src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
|
||||||
dest: "{{ store_directory }}/keys/{{ cname }}.key"
|
|
||||||
owner: "{{ owner | default('root') }}"
|
|
||||||
group: "{{ group | default('root') }}"
|
|
||||||
mode: "{{ key_mode | default('u=rw,g=,o=') }}"
|
|
||||||
no_log: yes
|
|
||||||
|
|
||||||
- name: Send certificate to the server
|
|
||||||
copy:
|
|
||||||
src: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
|
|
||||||
dest: "{{ store_directory }}/crts/{{ cname }}.crt"
|
|
||||||
owner: "{{ owner | default('root') }}"
|
|
||||||
group: "{{ group | default('root') }}"
|
|
||||||
mode: "{{ key_mode | default('u=rw,g=r,o=r') }}"
|
|
||||||
|
|
||||||
# Clean up
|
|
||||||
- name: Remove the local cert key
|
|
||||||
become: false
|
|
||||||
file:
|
|
||||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
|
|
||||||
state: absent
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
- name: Remove the CSR
|
|
||||||
become: false
|
|
||||||
file:
|
|
||||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.csr"
|
|
||||||
state: absent
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
- name: Remove the local certificate
|
|
||||||
become: false
|
|
||||||
file:
|
|
||||||
path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
|
|
||||||
state: absent
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
- name: Remove the CA certificate
|
|
||||||
become: false
|
|
||||||
file:
|
|
||||||
path: /tmp/ansible_hacky_pki_ca.crt
|
|
||||||
state: absent
|
|
||||||
delegate_to: localhost
|
|
||||||
|
|
||||||
- name: Remove the CA key
|
|
||||||
become: false
|
|
||||||
file:
|
|
||||||
path: /tmp/ansible_hacky_pki_ca.key
|
|
||||||
state: absent
|
|
||||||
delegate_to: localhost
|
|
||||||
when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
|
|
||||||
|
|
||||||
- name: Create the link to cert
|
|
||||||
file:
|
|
||||||
src: "{{ store_directory }}/crts/{{ cname }}.crt"
|
|
||||||
dest: "{{ directory }}/{{ cname }}.crt"
|
|
||||||
owner: "{{ owner | default('root') }}"
|
|
||||||
group: "{{ group | default('root') }}"
|
|
||||||
state: link
|
|
||||||
|
|
||||||
- name: Create the link to key
|
|
||||||
file:
|
|
||||||
src: "{{ store_directory }}/keys/{{ cname }}.key"
|
|
||||||
dest: "{{ directory }}/{{ cname }}.key"
|
|
||||||
owner: "{{ owner | default('root') }}"
|
|
||||||
group: "{{ group | default('root') }}"
|
|
||||||
state: link
|
|
||||||
|
|
Loading…
Reference in a new issue