From e2a85dac446c7765c591ad394d423e08bdf91f13 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 8 Jan 2024 14:41:22 +0100 Subject: cleanup testvm config --- inventory/host_vars/ch-testvm-phoebe.yml | 38 -------------- inventory/host_vars/ch-testvm-prometheus.yml | 75 ---------------------------- 2 files changed, 113 deletions(-) (limited to 'inventory/host_vars') diff --git a/inventory/host_vars/ch-testvm-phoebe.yml b/inventory/host_vars/ch-testvm-phoebe.yml index 7eae49e7..d15e4142 100644 --- a/inventory/host_vars/ch-testvm-phoebe.yml +++ b/inventory/host_vars/ch-testvm-phoebe.yml @@ -39,41 +39,3 @@ network: address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}" ntp_variant: systemd-timesyncd - - -### -mosquitto_client_tls: - foo-consumer: - certificate_provider: managed-ca - certificate_config: - ca: - host: ch-testvm-prometheus - name: foo - cert: - common_name: consumer - organization_name: "spreadspace" - organizational_unit_name: "ansible" - san_extra: - - "IP:192.168.32.43" - extended_key_usage: - - clientAuth - extended_key_usage_critical: yes - create_subject_key_identifier: yes - not_after: +100w - foo-producer: - certificate_provider: managed-ca - certificate_config: - ca: - host: ch-testvm-prometheus - name: foo - cert: - common_name: producer - organization_name: "spreadspace" - organizational_unit_name: "ansible" - san_extra: - - "IP:192.168.32.43" - extended_key_usage: - - clientAuth - extended_key_usage_critical: yes - create_subject_key_identifier: yes - not_after: +100w diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index ff36f733..415e6774 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -35,78 +35,3 @@ network: - *_network_primary_ ntp_variant: systemd-timesyncd - - -### -managed_ca_authorities: - foo: - key: - type: RSA - size: 4096 - cert: - common_name: foo CA - country_name: "AT" - locality_name: "Graz" - organization_name: "spreadspace" - organizational_unit_name: "ansible" - state_or_province_name: "Styria" - digest: sha256 - not_before: +0h - not_after: +520w - - -mosquitto_broker_global_config_options: - per_listener_settings: "true" - -mosquitto_broker_listeners: - example: - bind: 1883 - options: - allow_anonymous: "false" - acl_file: /etc/mosquitto/example.acl - password_file: /etc/mosquitto/example.passwd - foo: - bind: 1884 192.168.32.42 - hostnames: - - mqtt.example.com - tls: - certificate_provider: managed-ca - certificate_config: - ca: - host: ch-testvm-prometheus - name: foo - cert: - organization_name: "spreadspace" - organizational_unit_name: "ansible" - san_extra: - - "IP:192.168.32.42" - extended_key_usage: - - serverAuth - extended_key_usage_critical: yes - create_subject_key_identifier: yes - not_after: +100w - options: - allow_anonymous: "false" - require_certificate: "true" - cafile: /etc/mosquitto/ca_certificates/foo-ca-crt.pem - use_identity_as_username: "true" - acl_file: /etc/mosquitto/foo.acl - -mosquitto_broker_prometheus_listener: true - -mosquitto_broker_acl_files: - example: | - user admin - topic read test/+ - user equinox - topic write test/+ - foo: | - user consumer - topic read foo/+ - user producer - topic write foo/+ - -mosquitto_broker_password_files: - example: | - admin:{{ 'admin' | mosquitto_passwd_hash('admin@mqtt.example.com') }} - equinox:{{ 'secret' | mosquitto_passwd_hash('equinox@mqtt.example.com') }} -- cgit v1.2.3