internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-08 14:22:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACME: new helper module for ACME challenges which need TLS certs (#43756)

Browse Source 
* Added helper module for generating ACME challenge certificates.

* Soft-fail on missing cryptography. Also check version.

* Adding integration test.

* Move acme_challenge_cert_helper from web_infrastructure to crypto/acme.

* Adjusting to draft-05.

* The cryptography branch has already been merged.
This commit is contained in:
Felix Fontein
2018-08-22 23:12:43 +02:00
committed by René Moser
parent 6ac4dae834
commit 960d99a785
6 changed files with 314 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
test/integration/targets/setup_acme/tasks/obtain-cert.yml
View File

@@ -85,7 +85,25 @@
body: "{{ item.value }}"
with_dict: "{{ challenge_data.challenge_data_dns }}"
when: "challenge_data is changed and challenge == 'dns-01'"
- name: ({{ certgen_title }}) Create TLS ALPN challenges
- name: ({{ certgen_title }}) Create TLS ALPN challenges (acm_challenge_cert_helper)
acme_challenge_cert_helper:
challenge: tls-alpn-01
challenge_data: "{{ item.value['tls-alpn-01'] }}"
private_key_src: "{{ output_dir }}/{{ certificate_name }}.key"
with_dict: "{{ challenge_data.challenge_data }}"
register: tls_alpn_challenges
when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper')"
- name: ({{ certgen_title }}) Set TLS ALPN challenges (acm_challenge_cert_helper)
uri:
url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.domain }}/certificate-and-key"
method: PUT
body_format: raw
body: "{{ item.challenge_certificate }}\n{{ lookup('file', output_dir ~ '/' ~ certificate_name ~ '.key') }}"
headers:
content-type: "application/pem-certificate-chain"
with_items: "{{ tls_alpn_challenges.results }}"
when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is defined and challenge_alpn_tls == 'acme_challenge_cert_helper')"
- name: ({{ certgen_title }}) Create TLS ALPN challenges (der-value-b64)
uri:
url: "http://{{ acme_host }}:5000/tls-alpn/{{ item.value['tls-alpn-01'].resource }}/der-value-b64"
method: PUT
@@ -94,7 +112,7 @@
headers:
content-type: "application/octet-stream"
with_dict: "{{ challenge_data.challenge_data }}"
when: "challenge_data is changed and challenge == 'tls-alpn-01'"
when: "challenge_data is changed and challenge == 'tls-alpn-01' and (challenge_alpn_tls is not defined or challenge_alpn_tls == 'der-value-b64')"
## ACME STEP 2 ################################################################################
- name: ({{ certgen_title }}) Obtain cert, step 2
acme_certificate: