diff options
-rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 1 | ||||
-rw-r--r-- | chaos-at-home/group_vars/appspublishzone-chaos-at-home.yml | 175 | ||||
-rw-r--r-- | inventory/group_vars/appspublishzone-chaos-at-home/vars.yml | 42 | ||||
-rw-r--r-- | inventory/hosts.ini | 6 | ||||
-rw-r--r-- | roles/apps/publish/base/defaults/main.yml | 5 | ||||
-rw-r--r-- | roles/apps/publish/base/filter_plugins/publish.py | 28 | ||||
-rw-r--r-- | roles/apps/publish/base/tasks/main.yml | 21 |
7 files changed, 278 insertions, 0 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index cee4474e..c96708eb 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -17,6 +17,7 @@ - role: nginx/base - role: nginx/auth/whawty-sso/base - role: nginx/auth/whawty-sso/login + - role: apps/publish/base post_tasks: #### web.chaos-at-home.org (default-server) - name: create directory for default server diff --git a/chaos-at-home/group_vars/appspublishzone-chaos-at-home.yml b/chaos-at-home/group_vars/appspublishzone-chaos-at-home.yml new file mode 100644 index 00000000..0e178742 --- /dev/null +++ b/chaos-at-home/group_vars/appspublishzone-chaos-at-home.yml @@ -0,0 +1,175 @@ +$ANSIBLE_VAULT;1.2;AES256;chaos-at-home +37323765313235356431313235376331313663373962656165656463653436306237383866643765 +3339346538393431313531303764656333656333623839630a313936333135336533393666613537 +39396534336161636135336630373063646365663737396132316636616633643239363865343934 +3931396462656661630a383866313863666263356564316661623736366466326238383166396161 +64343533383130396336386339643165336136663234643235363263323565633762323664633431 +64313138396638666564633463393830313435336263613737383461383630353662373232663161 +36623163613465386132623034393730353738323435313661653364303138336661663139656465 +33316530373562353437383566306632643064666238656535373839613737636231623563306661 +62343166363330376234393333343130653338636663666336346361323332363233643536626233 +62396164393633353161636638333730613136343465656164623035366462656565336263363039 +34303637373733363036346335653539313831656266643938616636646465356666646463363133 +34346339636632393831366136323165626633616636653034313934616638613732303138343838 +37356266306633393232306632623934663532623130326238663836633339376332353537306530 +30353435326566633561616130323539313862643637333730636630363537346232363536356565 +63313939613035386430396438356331643961373262363333366364323934363463666235316138 +33363739623463383136656230356139623733656435343030363535393732316132323635383037 +33646535323730653966383164313762666365613533356432663830356563653966366130633539 +61333936653564663261353666396561386233616533373666316261343833653438326661613666 +62336664373136663339363266616362623534333631653431653961646462303133316166653634 +64653537313135333039613066626362353962393039366432393930383764396630613061663031 +61383037616165646633393930633730306130346137333033363965396635333530313738336663 +35336664336236343439373638373062353438363130396634306230613932323636353465376331 +64313835346230613131663363386335636439363733376664376339343063336263623239663636 +36643361333366656437383462303930653539666432643564396433366464663764396139633033 +61613065363034393732663366663162393766653263623233316138333730653464313066316264 +38323030303664303837316661336266383266636162356161376461633166653964623464663166 +30666236663635386534363135346362613161656466323537353661626337643665623366366331 +34323534313036616238303731656465353061343362393137373634626232623634316331366164 +32336464306234353132306639313035323761353965333130386335303333313130386465626136 +64313334383164363539306537356265366438383834336633373535613534396430303561623866 +64333336316137633733356132643764306338306431626432613965313732666166616164656534 +66383537653134303962653630343636613935303261373066323665373431326462393531613362 +36303939663565326530373635303963653730303530333132666262396234333836653033343763 +35353861353161633432623338353039633835366537656639623834666534303937656536393733 +35306637396638623339363030633130303065643634653664336631306636343337373562333039 +30363764343064393936666366353164386233623030333131613030383134613063663534653930 +35393561353839646631653362306630646364343533623030343766626261343138383833326539 +65373434316464393534623330346637313765316135326237643664313864323635636266383138 +66313362333339316639366134636132656430393563613237373836623536383566323439396535 +36616566646436663231353933306633633836376664353230373563333861383130636532616162 +38653430386162313136616666343831353730626439353433333564303838663835393335326437 +35353739343661626334306266386334313964383562643961323863343762343665326463666565 +37333933633936373635333864356133623765306366363938366563336130343835303431366136 +34356635306463343539313331643532316364366334353261666330393931656530316665613334 +31333632643533336234623334633164333639393939353832636461373930323734346364656537 +38643239623732626239636437346365383231393631663665626131383533343966376435366636 +66656133636265346236643031646533303739633964383161613566346339666661346162643838 +66376131353438646463356561313236353435343932313134653638623736303833356539306565 +35333832636437373330323232396361313432386238613364323961373133656161643064313065 +64383464613434643238643039316131313831353737633837353530646433333133653535393337 +36353739346132363066343230326133346137646431323166376631323061393731656566326662 +61353632343866336664363238346437643039383934313862366439313531376166386237346462 +62313338666563313039656263646366653766306532393839383763303736393634386565396562 +30303336343232616638613862313739613661653337663764376561343131393930333861303434 +35356662623162366236373733336164313432613833306138633031303061343239663839613362 +31363532663331366536313636653438653862616335643062373066313435333231613264356637 +32336635303636666530393838366463616134656236653439303934343730333736616537363331 +35393436383639363433363334366663393164323730313538393663333863636333623138663566 +30316230396435623636636265616435363435313638323732313336623663623032646134393332 +35613331386132353331663466393234663737636535316463613734313561643965643530313939 +63643135646664643863363161383432313934343735383833316538386131333230396130613936 +30356133396232613637316635636337626465376365623436323232303739303666326233363664 +32333233333763613637303739656633353465326662393963393533313437383562663033616136 +30636138366432663030623733623837313930343337386432363036326535633138346337333037 +31326437386238366132643638373731393338373438653434636262373438653931633562656638 +34333438393666616264336563346164663937613936363435346131613635313839626132396438 +66663239633734343461653134383762373566663536323265333934366164623132313266386266 +61656333343362663461633966643363313838666531633730316531616536623566623031383932 +66356338356262646366396135623931316333623761393933346466376366393563656264306632 +65326363613665616532313332643635356235336336326633666236653932363334623937393731 +37653736313637383036363139653431353636373231393032613335396635666637636263343038 +63323662663866306535656361316462653964363134663039323737393765643134623162663462 +36653261666430353730613434666665623335336437396365386633346634343631613131323535 +64326238393638366132363262326561643764333162386161353936343134616563316262303561 +66313636306465653437356339623266646365306636386435653233323064333133336462323962 +34336639653934646563346364333631626365613261626635393832613233336336383365336639 +61363761343634306232323530333163633161353434353662353666343764613066613830366661 +30316662326634653535336666663334643161303064383730623561663138336134326363346631 +37646261353838333364383061633836636336663032636138623263616430313339623036633838 +61373834356561393365636334313534656134613265333935393632623033383064626135333230 +63366137326563386531626132663630343730643134636637323930646162643663373732343133 +65663736616536373962633837663939613936323131656165373934306364373861656135373838 +38313236643734316565333463323465386365366338363361663737346530666166616134303438 +64636564313835666630306661656265666362396430306538613965616563313933393436613861 +66653336343761623033363964363962363433326262626337386535316136653366383736326366 +36356433376164303933393664623461333834376463393436623733396661366132663165336431 +31363636393461326634346431353164396636666366666637643662373865623163393636313834 +35323739326238306533376564353230633764353664376665656364653936343934663337353064 +64363361656365333335623137363838386433386437623232366635313765323737616233313166 +37643632366632323039373530663133343863663936363862653032343261623862333131303661 +38633236363636353364623566393965616234386336383636653730653661306465613632643861 +32343438353365643735353037383464346634626562343834353936313037396362386532343739 +65303362643363316363366339306237633333316639643961393238346631313734366431343762 +65353436303336613664383535313130343138633663393136353035383534343135663034663237 +65333066346532643133656261343335313034363164313863346231623733663138303539363362 +66646436633138666537343335653137366339346561626538636665353166316334663632663131 +36303964633561623030353965373032313937373963336231613038633834646237326263393332 +31303334613234396463643965633535633238346636333334323635326330623461383164316264 +31303135623363376434326337343839613531313930363464396662653838323331633565306336 +61326138613530366131633033633833383535346139373732626362343330346562313438653733 +39653261326532313532336339323364633235393736303133663031663166613763333231656331 +63353964653836386435663738623164393732393634343336626562393536386163313336366333 +65316131363037376165326266333239633136623735616432393864346263336535326535366535 +65613438646432373066343464333964373139316235363239316164643835333035346232613166 +39383538333532346235373732376162326630643331373631353963663130353533303139396461 +62303434396434376139353533613733396430393434383461366164366663373530333938656139 +66383335356534366532613263323031623235313365333662333266313536316165303738663734 +32656131383831663236386438376363626263383333656632323932393561303263643234663365 +31656231653065643962633232396635623662336238363239303761356334376261333961346162 +65326533613830383361643234313237346637636237623039336164666561336535333533656434 +30356330303266656231333031613232343861323861323864366139636166616262303439303933 +34396664386430353131376165386662636465326662333334663264386466356262663233666531 +39626333323865656362386438363766393739396430303961346163323930626337633330383163 +64366437323439343931366139326163373064613738623932306565316536353533633962363532 +62653462633134663035373134333661383063313334396339376232336635326535666531363364 +63353962376431363737323637636438356364663037346237313230333463323130363430353065 +66393964633463663739316564353061646366366231393264346639356532366561633430353564 +32366364656533343139326636373233663064613061636464623762343434646530303432633162 +38663737303935366166373262383438373839316431633830653064383562306561303634333936 +33386161343139316539626534316132363666636332323234623035373837343466366430613633 +38653265666564613536653139313331643135643039326339666465376132633536353935346465 +65396465326133666339623731326333333435303461633937333663333137323264363766616364 +65626138373263383465333135363161663335656333636664396166363764653232616336343732 +62616365373530316366323666663262373862396661636237626634383561346438373262376230 +33656363353134333061333938343035656564313766653736636538363266373837633032346132 +38613966393465393165666639393137636331653330623639343465333566326533643136373630 +66633262353738313236653539373037613762373239353762653936623136323734363932666265 +38316664343238633261353262323438373264646636396234373934333334363362363832616366 +39383164326632633538653866643866613639306636326234386435366438363664306332343133 +62646161616638663737356334353638346365343035333935643534306666623937323365623736 +61326563383265663636383361333432366362353563393831343538303363666433613734653032 +64343439613064373762643531393136386161353064653337313036356662633938356532383934 +66303738363936643335646538613536333965626433386461373365373832616163333663386261 +37386661383230633437306466326362636438336637363239306165313738646535376463386264 +37633264356439343066333736343861653966626336323438663138643236623662626331323135 +63373037613632313238303162616662363134393963353330333463636536663332346137313930 +37353439633030633163336261616261656336656562636635646134633937383235326131383062 +63653038376531623461393230373438356531626339313465363432356362343830656433306166 +35333133613039613033353038396238306235356338396261373335613635343933343235333662 +66646439316635646566623836613261613962316164393237383932343461363632353335613932 +37333339396239383239613332353863396330663831383431346438666662313565356563643661 +34326137393964353865613466323730656430376139626266316637666432623135386235356661 +64313633653439656266366165393334303761646466616463306435303862303330613534333334 +37613866306136666565373836383361663830363030646130666534646566633239323731656139 +36663237363736653164343261626138656437383536626662616464333233636133623830393931 +34303061356564333734666439376431383233393561653131313565366463383866366561643839 +63313363383630366566303233626238666266633339666661326265363437323639323364373665 +62613262393239346562383336623332623031326538313032383131376265613831326634663261 +30656466613563616434366133313033633036356433633162643966316437393633633339373361 +39656333656139326534633433653835326531613935336463663934336331663063393864343732 +30666563306435316265363030646366326333343030303038623361393331333761623962326531 +31316661623764333035373865306330396666313636633263303437376365363831636466343037 +31306233303236636135303939616238383531333062376131353330323931326136313635616666 +66323264313638613638396363313961323737626139613537616638336631376436633462613436 +66383233376233616433336665396665363362316535343366323230383430643835653436646334 +61383630313033336138393039323661373665313739616463643939353132373531613266643237 +61303262653638303366616130323131346334363662366533316430633533313465303430666661 +62376139343466383663666338623532646332386630363639313465383061393135633063343865 +64653033656662386435613063393164393534643635623738396234356464323931643637306161 +31363066653263646630653632613339653230653234313630363062636162616335336462333631 +39326164333462306537326165326639346431363265616338616333323232393431323930636634 +66303730316332376666386430383661316234656632643163303434393637396538646330343039 +39313133316634656336633662393530353038323237666435333534623130346633383663383666 +61353063373364623132663433386264616262643461356365306530346333623934353630373531 +36303136363266653338626364643734326261313633313937663339306437313764353231316431 +36653665633137643261643365623832666264616231323335363739623932646430396131353734 +35623632616261656337346362346439313461373165636664666531626363356161666634303830 +38306634323634616266633863626338623364363161303839363462333638303530643637646662 +34623861353661353830353030656430313033626161633364636663366637356131343763666362 +33383235656166316530346234323735663463346338646630376439663937303662333034373466 +32616438363364646430653935353636643531366635396533396630303630626262343634326236 +64316531633431343932316238326438613438653564343965623533656435323739376337373264 +33393466663036323536396433663332663931626566316365336561666536366465356531333538 +3732633234373166633463653163343832323135393631386462 diff --git a/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml b/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml new file mode 100644 index 00000000..761b3937 --- /dev/null +++ b/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml @@ -0,0 +1,42 @@ +--- +chaos_at_home_apps_publish_ca_key: "{{ vault_chaos_at_home_apps_publish_ca_key }}" +chaos_at_home_apps_publish_ca_cert: | + -----BEGIN CERTIFICATE----- + MIIFiDCCA3CgAwIBAgIUBjjliZeBzS3elJZKGunaALNjGbIwDQYJKoZIhvcNAQEL + BQAwcTEqMCgGA1UEAwwhQXBwcyBQdWJsaXNoIENBIGZvciBjaGFvcy1hdC1ob21l + MRYwFAYDVQQKDA1jaGFvcy1hdC1ob21lMQswCQYDVQQGEwJBVDEPMA0GA1UECAwG + U3R5cmlhMQ0wCwYDVQQHDARHcmF6MCAXDTIzMTIyNTIzNDcxMloYDzIwNjMxMTA2 + MjM0NzEyWjBxMSowKAYDVQQDDCFBcHBzIFB1Ymxpc2ggQ0EgZm9yIGNoYW9zLWF0 + LWhvbWUxFjAUBgNVBAoMDWNoYW9zLWF0LWhvbWUxCzAJBgNVBAYTAkFUMQ8wDQYD + VQQIDAZTdHlyaWExDTALBgNVBAcMBEdyYXowggIiMA0GCSqGSIb3DQEBAQUAA4IC + DwAwggIKAoICAQDYY2pxBhjs6lcA5BspCCSBs7LTG43It6MNTWWpUEpEVK+NXigx + 8AObhgVHOaGl+vBYq72ueSmrVkU+Q66AdI1OzVsq2Itu9Tq155CLUzbSSXRvJLX2 + XGP1g7eVMAeV+CYL2s9hiQtXYnqMKhYwCNEr1N0lgHUdUXW0eRR6HA0Ez3Xo3paM + 5jDBfauc6TrUDn29Su7TQUDHErKCQDv3UnOI4ecUgbNLaYTch9HeLxbbNTzXGcqa + 0tBG93/O4EqGTwnaNsnB6SqvbYOfHkng41xTIW++5K1VWntFg92MiMWlPU5+uyPh + VBhvb6RvsTYlbFz1vMCPczkT9XBFrwmwvNQr2kiSA1IEPs2CUpPC7gn+1ErHNxaS + On4i6gIo3Opx2o63E32kqYErZWkUMLLvk7pPjpukSX2kxwVStZuKUqXoTkZO30b0 + cgvnBtrLzuHm5spDo3JcV8/xs8nvgBIy2O5UiIxksiaDRfxnSZfFIKgNVBFkI8XH + 1GoU8afBEWc/pu9tIRm0gRdWSMc1uvvwOH24at3hXDT9vD4hDpH0IW2b/2RLJwPD + 383E8yCWi0fS6EwQSwnaTyfBfwj375VfzkD4AtHHaI/YJ6CjvIdYmCwZGY7hkVHY + KY1sVJeO+grGePn0RDhDVG3pWa7fIr6E/AVuYu1Eu/YUdiYDE2BXq1QfuQIDAQAB + oxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFCyMl + 1ZR9DxYYg0ZtWY089ae/Dp5WwiN4VJbifpZ7rC139ub5uHgRFSa871dH1T9f0oCl + zrkV3lwnRYPpDhBKIM1nyn0tba7LBAHlcfCFgr2uqSvjTO//0j+aZZRUsOMLfQRD + /BlPe8ZRvTrLIR1FQFBYQRsD7jo/zRGFuewEHnbo7yCeDVCQVZ5mUvRjgJpe5n7X + 35uotSwaSMvAQ/VntyRSCQq57whkQvNG0S/lXsyo+H8OEd0NUPUp1ZXnxYr4z97t + YRYkPXu8yHNOGxD3DQSBF3LV2+Iens4P3Ov2en30uY93yTDdik0yrDcxBYGGQOYR + KUb5AjLioU5GqzkQRew1gEJFQ6B5EVqZJVKacxa4whtMIIH9oZz2lRhBYzbNTkIi + FYRkBJJkUmglin97CGYqA+G5F70CqI6YiYjtO7n3pYGdFcEkReNFDDdcZyDcKmd8 + lmWIcgWZhbN+xsd4/YlHdAYwXC/p0WmQiW39n8pLeomWRaQmVhgfG89yrosrqrdF + il55NYFTcORFr4/WN9ubh1dBAHo7qemyFOy+KdVZU+hcGPDJFYOa318B2dIyS6p8 + TXhXKAwssCIetdiyP5c6dNPTKJb/7OJKx0qIXn+MkhSPFjC/WNYrHNvtx2Qf6DN+ + 9ndR1v9+v0KRsHGkoENlEZYuOat6O9rHuLvWHQ== + -----END CERTIFICATE----- + +apps_publish_zone__chaos_at_home: + name: chaos-at-home + certificate_provider: static-ca + certificate_ca_config: + cert_content: "{{ chaos_at_home_apps_publish_ca_cert }}" + key_content: "{{ chaos_at_home_apps_publish_ca_key }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index be63066b..98029ac6 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -518,6 +518,12 @@ elevate-mediachannel # ovpnzone-test-clients +## application publishment +[appspublishzone-chaos-at-home] +ch-http-proxy +ch-apps + + ## hoster [hroot] sk-2019 diff --git a/roles/apps/publish/base/defaults/main.yml b/roles/apps/publish/base/defaults/main.yml new file mode 100644 index 00000000..5a01bc97 --- /dev/null +++ b/roles/apps/publish/base/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# apps_publish_zone__example: +# name: example +# certificate_provider: ... +# certificate_ca_config: .... diff --git a/roles/apps/publish/base/filter_plugins/publish.py b/roles/apps/publish/base/filter_plugins/publish.py new file mode 100644 index 00000000..e0e1463d --- /dev/null +++ b/roles/apps/publish/base/filter_plugins/publish.py @@ -0,0 +1,28 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from functools import partial + +from ansible import errors + + +def apps_publish_zones(vars): + try: + result = [] + for var in vars.keys(): + if var.startswith('apps_publish_zone__'): + result.append(vars[var]) + return result + except Exception as e: + raise errors.AnsibleFilterError("apps_publish_zones(): %s" % str(e)) + + +class FilterModule(object): + + ''' apps-publish filters ''' + filter_map = { + 'apps_publish_zones': apps_publish_zones, + } + + def filters(self): + return self.filter_map diff --git a/roles/apps/publish/base/tasks/main.yml b/roles/apps/publish/base/tasks/main.yml new file mode 100644 index 00000000..9384b53f --- /dev/null +++ b/roles/apps/publish/base/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: generate/install TLS client certificate + loop: "{{ hostvars[inventory_hostname] | apps_publish_zones }}" + loop_control: + label: "{{ item.name }}" + vars: + x509_certificate_name: "apps-publish-{{ item.name }}" + x509_certificate_hostnames: [] + x509_certificate_config: + ca: "{{ item.certificate_ca_config }}" + cert: + common_name: "{{ inventory_hostname }}" + extended_key_usage: + - clientAuth + extended_key_usage_critical: yes + create_subject_key_identifier: yes + not_after: +100w + x509_certificate_reload_services: + - nginx + include_role: + name: "x509/{{ item.certificate_provider }}/cert" |