Commit 0bade643 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

playbook: Allow correct certificate with domain

For most of cases the default approach, with generated certificate, is
enough, but sometimes the playbooks are used in environment, where
real certificates with domain names shall be used.

For such scenarios, prepare the system to use ansible-playbook
--extra-vars which can override the defaults.

Note that frontend requester is improved, to support case of passed or not
certificate files.
parent 3ec8e43b
......@@ -121,14 +121,19 @@ def status():
zope_ip, pw = get_connection_information(erp5_sr)
try:
ip = open('/tmp/playbook-public-ipv4').read().strip()
# by default try new apporach (domain based)...
hostname = open('/tmp/playbook-frontend-custom-domain').read().strip()
except Exception:
frontend = None
try:
# ...and fall back to old one (IP based)
hostname = open('/tmp/playbook-public-ipv4').read().strip()
except Exception:
frontend = None
else:
if len(ip) == 0:
if len(hostname) == 0:
frontend = zope_ip
else:
frontend = 'https://' + ip
frontend = 'https://' + hostname
frontend_ip, _ = get_connection_information(frn_sr)
connected = False
......
---
- include: debian9-gcc-4.9.yml
- name: Store public IPv4 for other scripts
copy: content="{{ ansible_default_ipv4.address }}" dest=/tmp/playbook-public-ipv4 mode=0644
- name: Store domain for other scripts
copy: content="{{ frontend_custom_domain }}" dest=/tmp/playbook-frontend-custom-domain mode=0644
- name: create instance request script
template: src={{ request_instance_template }} dest=/tmp/playbook-request-{{ playbook_name }} mode=0700
......
......@@ -12,15 +12,29 @@ except Exception:
pass
if backend_url is not None:
file_dict = dict(
ssl_crt='{{ frontend_ssl_crt_file }}',
ssl_key='{{ frontend_ssl_key_file }}',
ssl_ca_crt='{{ frontend_ssl_ca_crt_file }}'
)
partition_parameter_kw = {
'url': backend_url,
'type': 'zope',
'custom_domain': '{{ frontend_custom_domain }}',
'server-alias': '{{ frontend_server_alias }}',
'https-only': 'true',
}
for key in ['ssl_crt', 'ssl_key', 'ssl_ca_crt']:
try:
data = open(file_dict[key]).read().strip()
if data:
partition_parameter_kw[key] = data
except IOError:
pass
request(
software_release=frontend_software_release_url,
partition_reference='{{ frontend_slave_reference }}',
shared=True,
partition_parameter_kw={
'url': backend_url,
'type': 'zope',
'custom_domain': '{{ ansible_default_ipv4.address }}',
'server-alias': '*',
'https-only': 'true'
}
partition_parameter_kw=partition_parameter_kw
)
......@@ -6,4 +6,9 @@ frontend_master_reference: master-frn-{{ playbook_name }}
frontend_slave_reference: slave-srn-{{ playbook_name }}
backend_instance_reference: instance-of-{{ playbook_name }}
backend_url_path: /tmp/playbook-{{ playbook_name }}-backend-url
public_ipv4_path: /tmp/playbook-{{ playbook_name }}-public_ipv4
\ No newline at end of file
public_ipv4_path: /tmp/playbook-{{ playbook_name }}-public_ipv4
frontend_custom_domain: "{{ ansible_default_ipv4.address }}"
frontend_server_alias: "*"
frontend_ssl_crt_file: ""
frontend_ssl_key_file: ""
frontend_ssl_ca_crt_file: ""
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment