Test de génération de certificat pour rsyslog.

Test de `openssl-cert-builder` depuis le rôle `rsyslog-common`
(pourra servir par exemple pour le transport RELP ou TCP via TLS).
This commit is contained in:
jeltz 2020-09-20 04:13:35 +02:00
parent 7fd8bd5b9b
commit 03f93d0f41
2 changed files with 15 additions and 0 deletions

View file

@ -1,4 +1,5 @@
--- ---
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
default_locale: en_US.UTF-8 default_locale: en_US.UTF-8
openssl_ca_host: pki.aurore.local
... ...

View file

@ -17,6 +17,20 @@
- proto: redis - proto: redis
pkg: rsyslog-hiredis pkg: rsyslog-hiredis
# FIXME: c'est un ajout de test
- name: Install a X.509 certificate for RELP over TLS
include_role:
name: openssl-cert-builder
vars:
certificate:
# FIXME: il faudra que le hostname dans l'inventaire Ansible
# corresponde toujours au FQDN de la machine si on reste
# comme ça.
slug: "{{ inventory_hostname }}"
common_name: "{{ inventory_hostname }}"
not_before: +0s
not_after: +365d
- name: Deploy main rsyslog configuration - name: Deploy main rsyslog configuration
become: yes become: yes
template: template: