-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
18 changed files
with
379 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,48 +1,36 @@ | ||
--- | ||
language: python | ||
python: "2.7" | ||
|
||
# Use the new container infrastructure | ||
sudo: false | ||
|
||
# Install ansible | ||
addons: | ||
apt: | ||
packages: | ||
- python-pip | ||
services: docker | ||
|
||
env: | ||
global: | ||
- ROLE_NAME: ca-certificates | ||
matrix: | ||
- MOLECULE_DISTRO: centos7 | ||
- MOLECULE_DISTRO: centos6 | ||
- MOLECULE_DISTRO: ubuntu1804 | ||
- MOLECULE_DISTRO: debian9 | ||
- MOLECULE_DISTRO: debian10 | ||
- MOLECULE_DISTRO: fedora29 | ||
|
||
install: | ||
# Install ansible | ||
- pip install ansible | ||
|
||
# Install ansible-lint | ||
- pip install ansible-lint | ||
|
||
# Install yamllint | ||
- pip install yamllint | ||
- pip install molecule docker | ||
|
||
# Install tests rules | ||
- git submodule add https://github.com/arillso/tests tests | ||
- git clone https://github.com/arillso/tests molecule/default/lint | ||
|
||
before_script: | ||
# Check ansible version | ||
- ansible --version | ||
|
||
# Check ansible-lint version | ||
- ansible-lint --version | ||
|
||
# Check ansible-lint version | ||
- yamllint --version | ||
- cd ../ | ||
- mv ansible.$ROLE_NAME arillso.$ROLE_NAME | ||
- cd arillso.$ROLE_NAME | ||
|
||
script: | ||
# Ansible Lint check | ||
- ansible-lint -R -r tests/ansible-lint/ . | ||
|
||
# YAML Lint check | ||
- yamllint -c tests/yaml-lint/yamllint.yml . | ||
- molecule test | ||
|
||
notifications: | ||
webhooks: https://galaxy.ansible.com/api/v1/notifications/ | ||
webhooks: | ||
urls: | ||
- https://galaxy.ansible.com/api/v1/notifications/ | ||
on_success: always | ||
email: | ||
on_success: never | ||
on_failure: always |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Changelog | ||
|
||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) | ||
and [human-readable changelog](https://keepachangelog.com/en/1.0.0/). | ||
|
||
## 1.0.0 | ||
|
||
### Added | ||
|
||
- Initial release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
Copyright (c) 2019 Arillso | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,44 +1,79 @@ | ||
# Ansible Role: ca-certificates | ||
|
||
[![Build Status](https://img.shields.io/travis/arillso/ansible.ca-certificates.svg?branch=master&style=popout-square)](https://travis-ci.org/arillso/ansible.ca-certificates) [![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=popout-square)](https://sbaerlo.ch/licence) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ca-certificates-blue.svg?style=popout-square)](https://galaxy.ansible.com/arillso/ca-certificates) [![Ansible Role](https://img.shields.io/ansible/role/d/id.svg?style=popout-square)](https://galaxy.ansible.com/arillso/ca-certificates) | ||
[![Build Status](https://img.shields.io/travis/arillso/ansible.ca-certificates.svg?branch=master&style=popout-square)](https://travis-ci.org/arillso/ansible.ca-certificates) [![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=popout-square)](https://sbaerlo.ch/licence) [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-ca_certificates-blue.svg?style=popout-square)](https://galaxy.ansible.com/arillso/ca_certificates) [![Ansible Role](https://img.shields.io/ansible/role/d/id.svg?style=popout-square)](https://galaxy.ansible.com/arillso/ca_certificates) | ||
|
||
## Description | ||
|
||
Ansible role to manage CA certificates in the Linux and Windows system trust store. It's possible to add PEM formatted certificates from the local file system, a already trusted HTTP(s) URL, from raw content. | ||
|
||
## Installation | ||
|
||
```bash | ||
ansible-galaxy install arillso.ca-certificates | ||
ansible-galaxy install arillso.ca_certificates | ||
``` | ||
|
||
## Requirements | ||
|
||
none | ||
|
||
## Role Variables | ||
|
||
| Variable | Default | Comments (type) | | ||
| :--- | :--- | :--- | | ||
| | | | | ||
| | | | | ||
### ca_certificates_root_directory | ||
|
||
Location where the certificates are stored under windows before | ||
they are imported into the certificate store of Windows. | ||
|
||
```yml | ||
ca_certificates_root_directory: '{{ ansible_env.TMP }}' | ||
``` | ||
|
||
### ca_certificates_packages | ||
|
||
Packages to be installed. | ||
|
||
```yml | ||
ca_certificates_packages: | ||
- ca-certificates | ||
``` | ||
|
||
### ca_certificates_files | ||
|
||
List of CA certificates that are to be added to the certificate store of the system. Each list element is a configuration directory that defines the source (URL, Files or Inline as variable) of the certificate. It must contain a key'name' and one of the following keys in order to use the certificate: | ||
|
||
| Option | Comments | | ||
| :------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| file | Path to a file on the host running the Ansible playbook. Relative file paths are related to the role's `files/` directory. | | ||
| url | URL to a PEM-formatted certificate file | | ||
| content | Certificate inline as PEM-formatted | | ||
| store_name | Optional in Windows. The store name to use when importing. See: [Ansible doc](https://docs.ansible.com/ansible/latest/modules/win_certificate_store_module.html#win-certificate-store-module) | | ||
| store_location | Optional in Windows. See: [Ansible doc](https://docs.ansible.com/ansible/latest/modules/win_certificate_store_module.html#win-certificate-store-module) | | ||
|
||
```yml | ||
ca_certificates_files: [] | ||
``` | ||
|
||
## Dependencies | ||
|
||
None | ||
|
||
## Example Playbook | ||
|
||
```yml | ||
- hosts: all | ||
roles: | ||
- arillso.ca-certificates | ||
- arillso.ca_certificates | ||
``` | ||
|
||
## Changelog | ||
|
||
## Author | ||
|
||
* [Simon Bärlocher](https://sbaerlocher.ch) | ||
- [Simon Bärlocher](https://sbaerlocher.ch) | ||
|
||
## License | ||
|
||
This project is under the MIT License. See the [LICENSE](https://sbaerlo.ch/licence) file for the full license text. | ||
|
||
## Copyright | ||
|
||
(c) 2019, Simon Bärlocher | ||
(c) 2019, Arillso |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,41 @@ | ||
--- | ||
# defaults file for arillso.ca-certificates | ||
|
||
# Location where the certificates are stored under windows before | ||
# they are imported into the certificate memory of Windows. | ||
ca_certificates_path: '{{ ansible_env.TMP }}' | ||
|
||
# Packages to be installed. | ||
ca_certificates_packages: | ||
- ca-certificates | ||
|
||
# List of CA certificates that are to be added to the certificate | ||
# memory of the system. Each list element is a configuration | ||
# directory that defines the source (URL, Files or Inline as variable) | ||
# of the certificate. It must contain a key'name' and one of the | ||
# following keys in order to use the certificate: | ||
# | ||
# file Path to a file on the host running the Ansible playbook. | ||
# Relative file paths are related to the | ||
# role's `files/` directory. | ||
# url URL to a PEM-formatted certificate file | ||
# content Certificate inline as PEM-formatted | ||
# store_name Optional in Windows. The store name to use when importing | ||
# a certificate or searching for a certificate. | ||
# AddressBook: The X.509 certificate store for other users | ||
# AuthRoot: The X.509 certificate store for third-party | ||
# certificate authorities (CAs) | ||
# CertificateAuthority: The X.509 certificate store for | ||
# intermediate certificate authorities (CAs) | ||
# Disallowed: The X.509 certificate store | ||
# for revoked certificates | ||
# My: The X.509 certificate store for personal certificates | ||
# Root: The X.509 certificate store for trusted root | ||
# certificate authorities (CAs) | ||
# TrustedPeople: The X.509 certificate store for directly | ||
# trusted people and resources | ||
# TrustedPublisher: The X.509 certificate store for directly | ||
# trusted publishers | ||
# store_location Optional in Windows. The store location to use when | ||
# importing a certificate or searching for a certificate. | ||
ca_certificates_files: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,5 @@ | ||
--- | ||
# handlers file for arillso.ca-certificates | ||
|
||
- name: Update CA trust | ||
command: '{{ ca_certificates_handler }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,35 +1,34 @@ | ||
--- | ||
|
||
galaxy_info: | ||
role_name: ca-certificates | ||
author: | ||
description: | ||
company: | ||
author: arillso | ||
description: Install certificates from a file or url under Windows and Linux. | ||
license: MIT | ||
min_ansible_version: 2 | ||
min_ansible_version: 2.8 | ||
platforms: | ||
- name: Archlinux | ||
versions: | ||
- all | ||
- name: EL | ||
versions: | ||
- 5 | ||
- 6 | ||
- 7 | ||
- name: Fedora | ||
versions: | ||
- 16 | ||
- 17 | ||
- 18 | ||
- 29 | ||
- name: Ubuntu | ||
versions: | ||
- precise | ||
- quantal | ||
- raring | ||
- saucy | ||
- bionic | ||
- cosmic | ||
- disco | ||
- name: Debian | ||
versions: | ||
- wheezy | ||
- jessie | ||
- stretch | ||
- buster | ||
- name: Windows | ||
versions: | ||
- all | ||
|
||
galaxy_tags: [] | ||
galaxy_tags: | ||
- ca | ||
- certificates | ||
|
||
dependencies: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
--- | ||
dependency: | ||
name: galaxy | ||
driver: | ||
name: docker | ||
lint: | ||
name: yamllint | ||
platforms: | ||
- name: instance | ||
image: 'geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest' | ||
command: ${MOLECULE_DOCKER_COMMAND:-""} | ||
volumes: | ||
- /sys/fs/cgroup:/sys/fs/cgroup:ro | ||
privileged: true | ||
pre_build_image: true | ||
provisioner: | ||
name: ansible | ||
lint: | ||
name: ansible-lint | ||
playbooks: | ||
converge: ${MOLECULE_PLAYBOOK:-playbook.yml} | ||
scenario: | ||
name: default | ||
verifier: | ||
name: testinfra | ||
lint: | ||
name: flake8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
--- | ||
- name: Converge | ||
hosts: all | ||
vars: | ||
ca_certificates_files: | ||
- name: CA-Test | ||
content: | | ||
-----BEGIN CERTIFICATE----- | ||
MIID2jCCA0MCAg39MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG | ||
A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE | ||
MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl | ||
YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw | ||
ODIyMDUyODAwWhcNMTcwODIxMDUyODAwWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE | ||
CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs | ||
ZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwvWITOLeyTbS1 | ||
Q/UacqeILIK16UHLvSymIlbbiT7mpD4SMwB343xpIlXN64fC0Y1ylT6LLeX4St7A | ||
cJrGIV3AMmJcsDsNzgo577LqtNvnOkLH0GojisFEKQiREX6gOgq9tWSqwaENccTE | ||
sAXuV6AQ1ST+G16s00iN92hjX9V/V66snRwTsJ/p4WRpLSdAj4272hiM19qIg9zr | ||
h92e2rQy7E/UShW4gpOrhg2f6fcCBm+aXIga+qxaSLchcDUvPXrpIxTd/OWQ23Qh | ||
vIEzkGbPlBA8J7Nw9KCyaxbYMBFb1i0lBjwKLjmcoihiI7PVthAOu/B71D2hKcFj | ||
Kpfv4D1Uam/0VumKwhwuhZVNjLq1BR1FKRJ1CioLG4wCTr0LVgtvvUyhFrS+3PdU | ||
R0T5HlAQWPMyQDHgCpbOHW0wc0hbuNeO/lS82LjieGNFxKmMBFF9lsN2zsA6Qw32 | ||
Xkb2/EFltXCtpuOwVztdk4MDrnaDXy9zMZuqFHpv5lWTbDVwDdyEQNclYlbAEbDe | ||
vEQo/rAOZFl94Mu63rAgLiPeZN4IdS/48or5KaQaCOe0DuAb4GWNIQ42cYQ5TsEH | ||
Wt+FIOAMSpf9hNPjDeu1uff40DOtsiyGeX9NViqKtttaHpvd7rb2zsasbcAGUl+f | ||
NQJj4qImPSB9ThqZqPTukEcM/NtbeQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAIAi | ||
gU3My8kYYniDuKEXSJmbVB+K1upHxWDA8R6KMZGXfbe5BRd8s40cY6JBYL52Tgqd | ||
l8z5Ek8dC4NNpfpcZc/teT1WqiO2wnpGHjgMDuDL1mxCZNL422jHpiPWkWp3AuDI | ||
c7tL1QjbfAUHAQYwmHkWgPP+T2wAv0pOt36GgMCM | ||
-----END CERTIFICATE----- | ||
roles: | ||
- role: arillso.ca-certificates |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,18 @@ | ||
--- | ||
# tasks file for arillso.ca-certificates | ||
|
||
- name: 'linux : Install CA certificates packages' | ||
package: | ||
name: '{{ item }}' | ||
state: present | ||
with_items: '{{ ca_certificates_packages }}' | ||
|
||
- name: 'linux : include tasks to install custom CA certificates' | ||
include_tasks: Linux/certificate.yml | ||
with_items: | ||
- '{{ ca_certificates_files }}' | ||
loop_control: | ||
loop_var: ca_certificates_loop_install_item | ||
|
||
- name: Trigger handler | ||
meta: flush_handlers |
Oops, something went wrong.