summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--chaos-at-home/ch-http-proxy.yml1
-rw-r--r--chaos-at-home/group_vars/appspublishzone-chaos-at-home.yml175
-rw-r--r--inventory/group_vars/appspublishzone-chaos-at-home/vars.yml42
-rw-r--r--inventory/hosts.ini6
-rw-r--r--roles/apps/publish/base/defaults/main.yml5
-rw-r--r--roles/apps/publish/base/filter_plugins/publish.py28
-rw-r--r--roles/apps/publish/base/tasks/main.yml21
7 files changed, 278 insertions, 0 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
index cee4474e..c96708eb 100644
--- a/chaos-at-home/ch-http-proxy.yml
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -17,6 +17,7 @@
- role: nginx/base
- role: nginx/auth/whawty-sso/base
- role: nginx/auth/whawty-sso/login
+ - role: apps/publish/base
post_tasks:
#### web.chaos-at-home.org (default-server)
- name: create directory for default server
diff --git a/chaos-at-home/group_vars/appspublishzone-chaos-at-home.yml b/chaos-at-home/group_vars/appspublishzone-chaos-at-home.yml
new file mode 100644
index 00000000..0e178742
--- /dev/null
+++ b/chaos-at-home/group_vars/appspublishzone-chaos-at-home.yml
@@ -0,0 +1,175 @@
+$ANSIBLE_VAULT;1.2;AES256;chaos-at-home
+37323765313235356431313235376331313663373962656165656463653436306237383866643765
+3339346538393431313531303764656333656333623839630a313936333135336533393666613537
+39396534336161636135336630373063646365663737396132316636616633643239363865343934
+3931396462656661630a383866313863666263356564316661623736366466326238383166396161
+64343533383130396336386339643165336136663234643235363263323565633762323664633431
+64313138396638666564633463393830313435336263613737383461383630353662373232663161
+36623163613465386132623034393730353738323435313661653364303138336661663139656465
+33316530373562353437383566306632643064666238656535373839613737636231623563306661
+62343166363330376234393333343130653338636663666336346361323332363233643536626233
+62396164393633353161636638333730613136343465656164623035366462656565336263363039
+34303637373733363036346335653539313831656266643938616636646465356666646463363133
+34346339636632393831366136323165626633616636653034313934616638613732303138343838
+37356266306633393232306632623934663532623130326238663836633339376332353537306530
+30353435326566633561616130323539313862643637333730636630363537346232363536356565
+63313939613035386430396438356331643961373262363333366364323934363463666235316138
+33363739623463383136656230356139623733656435343030363535393732316132323635383037
+33646535323730653966383164313762666365613533356432663830356563653966366130633539
+61333936653564663261353666396561386233616533373666316261343833653438326661613666
+62336664373136663339363266616362623534333631653431653961646462303133316166653634
+64653537313135333039613066626362353962393039366432393930383764396630613061663031
+61383037616165646633393930633730306130346137333033363965396635333530313738336663
+35336664336236343439373638373062353438363130396634306230613932323636353465376331
+64313835346230613131663363386335636439363733376664376339343063336263623239663636
+36643361333366656437383462303930653539666432643564396433366464663764396139633033
+61613065363034393732663366663162393766653263623233316138333730653464313066316264
+38323030303664303837316661336266383266636162356161376461633166653964623464663166
+30666236663635386534363135346362613161656466323537353661626337643665623366366331
+34323534313036616238303731656465353061343362393137373634626232623634316331366164
+32336464306234353132306639313035323761353965333130386335303333313130386465626136
+64313334383164363539306537356265366438383834336633373535613534396430303561623866
+64333336316137633733356132643764306338306431626432613965313732666166616164656534
+66383537653134303962653630343636613935303261373066323665373431326462393531613362
+36303939663565326530373635303963653730303530333132666262396234333836653033343763
+35353861353161633432623338353039633835366537656639623834666534303937656536393733
+35306637396638623339363030633130303065643634653664336631306636343337373562333039
+30363764343064393936666366353164386233623030333131613030383134613063663534653930
+35393561353839646631653362306630646364343533623030343766626261343138383833326539
+65373434316464393534623330346637313765316135326237643664313864323635636266383138
+66313362333339316639366134636132656430393563613237373836623536383566323439396535
+36616566646436663231353933306633633836376664353230373563333861383130636532616162
+38653430386162313136616666343831353730626439353433333564303838663835393335326437
+35353739343661626334306266386334313964383562643961323863343762343665326463666565
+37333933633936373635333864356133623765306366363938366563336130343835303431366136
+34356635306463343539313331643532316364366334353261666330393931656530316665613334
+31333632643533336234623334633164333639393939353832636461373930323734346364656537
+38643239623732626239636437346365383231393631663665626131383533343966376435366636
+66656133636265346236643031646533303739633964383161613566346339666661346162643838
+66376131353438646463356561313236353435343932313134653638623736303833356539306565
+35333832636437373330323232396361313432386238613364323961373133656161643064313065
+64383464613434643238643039316131313831353737633837353530646433333133653535393337
+36353739346132363066343230326133346137646431323166376631323061393731656566326662
+61353632343866336664363238346437643039383934313862366439313531376166386237346462
+62313338666563313039656263646366653766306532393839383763303736393634386565396562
+30303336343232616638613862313739613661653337663764376561343131393930333861303434
+35356662623162366236373733336164313432613833306138633031303061343239663839613362
+31363532663331366536313636653438653862616335643062373066313435333231613264356637
+32336635303636666530393838366463616134656236653439303934343730333736616537363331
+35393436383639363433363334366663393164323730313538393663333863636333623138663566
+30316230396435623636636265616435363435313638323732313336623663623032646134393332
+35613331386132353331663466393234663737636535316463613734313561643965643530313939
+63643135646664643863363161383432313934343735383833316538386131333230396130613936
+30356133396232613637316635636337626465376365623436323232303739303666326233363664
+32333233333763613637303739656633353465326662393963393533313437383562663033616136
+30636138366432663030623733623837313930343337386432363036326535633138346337333037
+31326437386238366132643638373731393338373438653434636262373438653931633562656638
+34333438393666616264336563346164663937613936363435346131613635313839626132396438
+66663239633734343461653134383762373566663536323265333934366164623132313266386266
+61656333343362663461633966643363313838666531633730316531616536623566623031383932
+66356338356262646366396135623931316333623761393933346466376366393563656264306632
+65326363613665616532313332643635356235336336326633666236653932363334623937393731
+37653736313637383036363139653431353636373231393032613335396635666637636263343038
+63323662663866306535656361316462653964363134663039323737393765643134623162663462
+36653261666430353730613434666665623335336437396365386633346634343631613131323535
+64326238393638366132363262326561643764333162386161353936343134616563316262303561
+66313636306465653437356339623266646365306636386435653233323064333133336462323962
+34336639653934646563346364333631626365613261626635393832613233336336383365336639
+61363761343634306232323530333163633161353434353662353666343764613066613830366661
+30316662326634653535336666663334643161303064383730623561663138336134326363346631
+37646261353838333364383061633836636336663032636138623263616430313339623036633838
+61373834356561393365636334313534656134613265333935393632623033383064626135333230
+63366137326563386531626132663630343730643134636637323930646162643663373732343133
+65663736616536373962633837663939613936323131656165373934306364373861656135373838
+38313236643734316565333463323465386365366338363361663737346530666166616134303438
+64636564313835666630306661656265666362396430306538613965616563313933393436613861
+66653336343761623033363964363962363433326262626337386535316136653366383736326366
+36356433376164303933393664623461333834376463393436623733396661366132663165336431
+31363636393461326634346431353164396636666366666637643662373865623163393636313834
+35323739326238306533376564353230633764353664376665656364653936343934663337353064
+64363361656365333335623137363838386433386437623232366635313765323737616233313166
+37643632366632323039373530663133343863663936363862653032343261623862333131303661
+38633236363636353364623566393965616234386336383636653730653661306465613632643861
+32343438353365643735353037383464346634626562343834353936313037396362386532343739
+65303362643363316363366339306237633333316639643961393238346631313734366431343762
+65353436303336613664383535313130343138633663393136353035383534343135663034663237
+65333066346532643133656261343335313034363164313863346231623733663138303539363362
+66646436633138666537343335653137366339346561626538636665353166316334663632663131
+36303964633561623030353965373032313937373963336231613038633834646237326263393332
+31303334613234396463643965633535633238346636333334323635326330623461383164316264
+31303135623363376434326337343839613531313930363464396662653838323331633565306336
+61326138613530366131633033633833383535346139373732626362343330346562313438653733
+39653261326532313532336339323364633235393736303133663031663166613763333231656331
+63353964653836386435663738623164393732393634343336626562393536386163313336366333
+65316131363037376165326266333239633136623735616432393864346263336535326535366535
+65613438646432373066343464333964373139316235363239316164643835333035346232613166
+39383538333532346235373732376162326630643331373631353963663130353533303139396461
+62303434396434376139353533613733396430393434383461366164366663373530333938656139
+66383335356534366532613263323031623235313365333662333266313536316165303738663734
+32656131383831663236386438376363626263383333656632323932393561303263643234663365
+31656231653065643962633232396635623662336238363239303761356334376261333961346162
+65326533613830383361643234313237346637636237623039336164666561336535333533656434
+30356330303266656231333031613232343861323861323864366139636166616262303439303933
+34396664386430353131376165386662636465326662333334663264386466356262663233666531
+39626333323865656362386438363766393739396430303961346163323930626337633330383163
+64366437323439343931366139326163373064613738623932306565316536353533633962363532
+62653462633134663035373134333661383063313334396339376232336635326535666531363364
+63353962376431363737323637636438356364663037346237313230333463323130363430353065
+66393964633463663739316564353061646366366231393264346639356532366561633430353564
+32366364656533343139326636373233663064613061636464623762343434646530303432633162
+38663737303935366166373262383438373839316431633830653064383562306561303634333936
+33386161343139316539626534316132363666636332323234623035373837343466366430613633
+38653265666564613536653139313331643135643039326339666465376132633536353935346465
+65396465326133666339623731326333333435303461633937333663333137323264363766616364
+65626138373263383465333135363161663335656333636664396166363764653232616336343732
+62616365373530316366323666663262373862396661636237626634383561346438373262376230
+33656363353134333061333938343035656564313766653736636538363266373837633032346132
+38613966393465393165666639393137636331653330623639343465333566326533643136373630
+66633262353738313236653539373037613762373239353762653936623136323734363932666265
+38316664343238633261353262323438373264646636396234373934333334363362363832616366
+39383164326632633538653866643866613639306636326234386435366438363664306332343133
+62646161616638663737356334353638346365343035333935643534306666623937323365623736
+61326563383265663636383361333432366362353563393831343538303363666433613734653032
+64343439613064373762643531393136386161353064653337313036356662633938356532383934
+66303738363936643335646538613536333965626433386461373365373832616163333663386261
+37386661383230633437306466326362636438336637363239306165313738646535376463386264
+37633264356439343066333736343861653966626336323438663138643236623662626331323135
+63373037613632313238303162616662363134393963353330333463636536663332346137313930
+37353439633030633163336261616261656336656562636635646134633937383235326131383062
+63653038376531623461393230373438356531626339313465363432356362343830656433306166
+35333133613039613033353038396238306235356338396261373335613635343933343235333662
+66646439316635646566623836613261613962316164393237383932343461363632353335613932
+37333339396239383239613332353863396330663831383431346438666662313565356563643661
+34326137393964353865613466323730656430376139626266316637666432623135386235356661
+64313633653439656266366165393334303761646466616463306435303862303330613534333334
+37613866306136666565373836383361663830363030646130666534646566633239323731656139
+36663237363736653164343261626138656437383536626662616464333233636133623830393931
+34303061356564333734666439376431383233393561653131313565366463383866366561643839
+63313363383630366566303233626238666266633339666661326265363437323639323364373665
+62613262393239346562383336623332623031326538313032383131376265613831326634663261
+30656466613563616434366133313033633036356433633162643966316437393633633339373361
+39656333656139326534633433653835326531613935336463663934336331663063393864343732
+30666563306435316265363030646366326333343030303038623361393331333761623962326531
+31316661623764333035373865306330396666313636633263303437376365363831636466343037
+31306233303236636135303939616238383531333062376131353330323931326136313635616666
+66323264313638613638396363313961323737626139613537616638336631376436633462613436
+66383233376233616433336665396665363362316535343366323230383430643835653436646334
+61383630313033336138393039323661373665313739616463643939353132373531613266643237
+61303262653638303366616130323131346334363662366533316430633533313465303430666661
+62376139343466383663666338623532646332386630363639313465383061393135633063343865
+64653033656662386435613063393164393534643635623738396234356464323931643637306161
+31363066653263646630653632613339653230653234313630363062636162616335336462333631
+39326164333462306537326165326639346431363265616338616333323232393431323930636634
+66303730316332376666386430383661316234656632643163303434393637396538646330343039
+39313133316634656336633662393530353038323237666435333534623130346633383663383666
+61353063373364623132663433386264616262643461356365306530346333623934353630373531
+36303136363266653338626364643734326261313633313937663339306437313764353231316431
+36653665633137643261643365623832666264616231323335363739623932646430396131353734
+35623632616261656337346362346439313461373165636664666531626363356161666634303830
+38306634323634616266633863626338623364363161303839363462333638303530643637646662
+34623861353661353830353030656430313033626161633364636663366637356131343763666362
+33383235656166316530346234323735663463346338646630376439663937303662333034373466
+32616438363364646430653935353636643531366635396533396630303630626262343634326236
+64316531633431343932316238326438613438653564343965623533656435323739376337373264
+33393466663036323536396433663332663931626566316365336561666536366465356531333538
+3732633234373166633463653163343832323135393631386462
diff --git a/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml b/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml
new file mode 100644
index 00000000..761b3937
--- /dev/null
+++ b/inventory/group_vars/appspublishzone-chaos-at-home/vars.yml
@@ -0,0 +1,42 @@
+---
+chaos_at_home_apps_publish_ca_key: "{{ vault_chaos_at_home_apps_publish_ca_key }}"
+chaos_at_home_apps_publish_ca_cert: |
+ -----BEGIN CERTIFICATE-----
+ MIIFiDCCA3CgAwIBAgIUBjjliZeBzS3elJZKGunaALNjGbIwDQYJKoZIhvcNAQEL
+ BQAwcTEqMCgGA1UEAwwhQXBwcyBQdWJsaXNoIENBIGZvciBjaGFvcy1hdC1ob21l
+ MRYwFAYDVQQKDA1jaGFvcy1hdC1ob21lMQswCQYDVQQGEwJBVDEPMA0GA1UECAwG
+ U3R5cmlhMQ0wCwYDVQQHDARHcmF6MCAXDTIzMTIyNTIzNDcxMloYDzIwNjMxMTA2
+ MjM0NzEyWjBxMSowKAYDVQQDDCFBcHBzIFB1Ymxpc2ggQ0EgZm9yIGNoYW9zLWF0
+ LWhvbWUxFjAUBgNVBAoMDWNoYW9zLWF0LWhvbWUxCzAJBgNVBAYTAkFUMQ8wDQYD
+ VQQIDAZTdHlyaWExDTALBgNVBAcMBEdyYXowggIiMA0GCSqGSIb3DQEBAQUAA4IC
+ DwAwggIKAoICAQDYY2pxBhjs6lcA5BspCCSBs7LTG43It6MNTWWpUEpEVK+NXigx
+ 8AObhgVHOaGl+vBYq72ueSmrVkU+Q66AdI1OzVsq2Itu9Tq155CLUzbSSXRvJLX2
+ XGP1g7eVMAeV+CYL2s9hiQtXYnqMKhYwCNEr1N0lgHUdUXW0eRR6HA0Ez3Xo3paM
+ 5jDBfauc6TrUDn29Su7TQUDHErKCQDv3UnOI4ecUgbNLaYTch9HeLxbbNTzXGcqa
+ 0tBG93/O4EqGTwnaNsnB6SqvbYOfHkng41xTIW++5K1VWntFg92MiMWlPU5+uyPh
+ VBhvb6RvsTYlbFz1vMCPczkT9XBFrwmwvNQr2kiSA1IEPs2CUpPC7gn+1ErHNxaS
+ On4i6gIo3Opx2o63E32kqYErZWkUMLLvk7pPjpukSX2kxwVStZuKUqXoTkZO30b0
+ cgvnBtrLzuHm5spDo3JcV8/xs8nvgBIy2O5UiIxksiaDRfxnSZfFIKgNVBFkI8XH
+ 1GoU8afBEWc/pu9tIRm0gRdWSMc1uvvwOH24at3hXDT9vD4hDpH0IW2b/2RLJwPD
+ 383E8yCWi0fS6EwQSwnaTyfBfwj375VfzkD4AtHHaI/YJ6CjvIdYmCwZGY7hkVHY
+ KY1sVJeO+grGePn0RDhDVG3pWa7fIr6E/AVuYu1Eu/YUdiYDE2BXq1QfuQIDAQAB
+ oxYwFDASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFCyMl
+ 1ZR9DxYYg0ZtWY089ae/Dp5WwiN4VJbifpZ7rC139ub5uHgRFSa871dH1T9f0oCl
+ zrkV3lwnRYPpDhBKIM1nyn0tba7LBAHlcfCFgr2uqSvjTO//0j+aZZRUsOMLfQRD
+ /BlPe8ZRvTrLIR1FQFBYQRsD7jo/zRGFuewEHnbo7yCeDVCQVZ5mUvRjgJpe5n7X
+ 35uotSwaSMvAQ/VntyRSCQq57whkQvNG0S/lXsyo+H8OEd0NUPUp1ZXnxYr4z97t
+ YRYkPXu8yHNOGxD3DQSBF3LV2+Iens4P3Ov2en30uY93yTDdik0yrDcxBYGGQOYR
+ KUb5AjLioU5GqzkQRew1gEJFQ6B5EVqZJVKacxa4whtMIIH9oZz2lRhBYzbNTkIi
+ FYRkBJJkUmglin97CGYqA+G5F70CqI6YiYjtO7n3pYGdFcEkReNFDDdcZyDcKmd8
+ lmWIcgWZhbN+xsd4/YlHdAYwXC/p0WmQiW39n8pLeomWRaQmVhgfG89yrosrqrdF
+ il55NYFTcORFr4/WN9ubh1dBAHo7qemyFOy+KdVZU+hcGPDJFYOa318B2dIyS6p8
+ TXhXKAwssCIetdiyP5c6dNPTKJb/7OJKx0qIXn+MkhSPFjC/WNYrHNvtx2Qf6DN+
+ 9ndR1v9+v0KRsHGkoENlEZYuOat6O9rHuLvWHQ==
+ -----END CERTIFICATE-----
+
+apps_publish_zone__chaos_at_home:
+ name: chaos-at-home
+ certificate_provider: static-ca
+ certificate_ca_config:
+ cert_content: "{{ chaos_at_home_apps_publish_ca_cert }}"
+ key_content: "{{ chaos_at_home_apps_publish_ca_key }}"
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index be63066b..98029ac6 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -518,6 +518,12 @@ elevate-mediachannel
# ovpnzone-test-clients
+## application publishment
+[appspublishzone-chaos-at-home]
+ch-http-proxy
+ch-apps
+
+
## hoster
[hroot]
sk-2019
diff --git a/roles/apps/publish/base/defaults/main.yml b/roles/apps/publish/base/defaults/main.yml
new file mode 100644
index 00000000..5a01bc97
--- /dev/null
+++ b/roles/apps/publish/base/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# apps_publish_zone__example:
+# name: example
+# certificate_provider: ...
+# certificate_ca_config: ....
diff --git a/roles/apps/publish/base/filter_plugins/publish.py b/roles/apps/publish/base/filter_plugins/publish.py
new file mode 100644
index 00000000..e0e1463d
--- /dev/null
+++ b/roles/apps/publish/base/filter_plugins/publish.py
@@ -0,0 +1,28 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from functools import partial
+
+from ansible import errors
+
+
+def apps_publish_zones(vars):
+ try:
+ result = []
+ for var in vars.keys():
+ if var.startswith('apps_publish_zone__'):
+ result.append(vars[var])
+ return result
+ except Exception as e:
+ raise errors.AnsibleFilterError("apps_publish_zones(): %s" % str(e))
+
+
+class FilterModule(object):
+
+ ''' apps-publish filters '''
+ filter_map = {
+ 'apps_publish_zones': apps_publish_zones,
+ }
+
+ def filters(self):
+ return self.filter_map
diff --git a/roles/apps/publish/base/tasks/main.yml b/roles/apps/publish/base/tasks/main.yml
new file mode 100644
index 00000000..9384b53f
--- /dev/null
+++ b/roles/apps/publish/base/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: generate/install TLS client certificate
+ loop: "{{ hostvars[inventory_hostname] | apps_publish_zones }}"
+ loop_control:
+ label: "{{ item.name }}"
+ vars:
+ x509_certificate_name: "apps-publish-{{ item.name }}"
+ x509_certificate_hostnames: []
+ x509_certificate_config:
+ ca: "{{ item.certificate_ca_config }}"
+ cert:
+ common_name: "{{ inventory_hostname }}"
+ extended_key_usage:
+ - clientAuth
+ extended_key_usage_critical: yes
+ create_subject_key_identifier: yes
+ not_after: +100w
+ x509_certificate_reload_services:
+ - nginx
+ include_role:
+ name: "x509/{{ item.certificate_provider }}/cert"