From 03f93d0f415766d8060a1181c84cd91df5b9d2b3 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sun, 20 Sep 2020 04:13:35 +0200 Subject: [PATCH] =?UTF-8?q?Test=20de=20g=C3=A9n=C3=A9ration=20de=20certifi?= =?UTF-8?q?cat=20pour=20rsyslog.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Test de `openssl-cert-builder` depuis le rôle `rsyslog-common` (pourra servir par exemple pour le transport RELP ou TCP via TLS). --- group_vars/all.yml | 1 + roles/rsyslog-common/tasks/main.yml | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/group_vars/all.yml b/group_vars/all.yml index ad28c57..e79d9e6 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,4 +1,5 @@ --- ansible_python_interpreter: /usr/bin/python3 default_locale: en_US.UTF-8 +openssl_ca_host: pki.aurore.local ... diff --git a/roles/rsyslog-common/tasks/main.yml b/roles/rsyslog-common/tasks/main.yml index 2e1da1f..5b007fd 100644 --- a/roles/rsyslog-common/tasks/main.yml +++ b/roles/rsyslog-common/tasks/main.yml @@ -17,6 +17,20 @@ - proto: redis pkg: rsyslog-hiredis +# FIXME: c'est un ajout de test +- name: Install a X.509 certificate for RELP over TLS + include_role: + name: openssl-cert-builder + vars: + certificate: + # FIXME: il faudra que le hostname dans l'inventaire Ansible + # corresponde toujours au FQDN de la machine si on reste + # comme ça. + slug: "{{ inventory_hostname }}" + common_name: "{{ inventory_hostname }}" + not_before: +0s + not_after: +365d + - name: Deploy main rsyslog configuration become: yes template: