webserver secure
49 views
Skip to first unread message
coach rhca
Aug 16, 2018, 1:14:55 PM8/16/18
to Ansible Project
Hi,
Trying to create an ec2 instance using ansible. which will host a normal webserver but not sure on how to add the self signed certificate to the http - webserver using ansible.
Also how to redirect all the http request to https one using ansible. Could you please suggest. thank you.
Jonathan Lozada De La Matta
Aug 16, 2018, 1:19:48 PM8/16/18
to ansible...@googlegroups.com
Coach,
how do you currently do your certs? you can either use the letsencrypt modules, use copy to put it on webserver you build or use get_url. You can also do the same for the webserver config you are using. You can also template the config file.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/afe8c42d-c0ec-46af-b8be-ed09b473e6b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jonathan lozada de la matta
AUTOMATION CONSULTANT - AUTOMATION PRACTICE
Felix Fontein
Aug 16, 2018, 1:28:59 PM8/16/18
to ansible...@googlegroups.com
Hi,
> how do you currently do your certs? you can either use the letsencrypt
> modules,
the letsencrypt module was renamed to acme_certificate (to not violate
Let's Encrypt's trademark) for Ansible 2.6.
(The renamed module's documentation: https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html)
Note that it's also possible to use acme-tiny
(https://github.com/diafygi/acme-tiny/) with Ansible using the
openssl_certificate module
(https://docs.ansible.com/ansible/latest/modules/openssl_certificate_module.html).
Depending on your use-case, this can be much simpler than using the
acme_certificate module. There are also roles encapsulating the
acme_certificate module and make it easier to use (for example, one by
myself: https://github.com/felixfontein/acme-certificate/).
Cheers,
Felix
> how do you currently do your certs? you can either use the letsencrypt
> modules,
Let's Encrypt's trademark) for Ansible 2.6.
(The renamed module's documentation: https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html)
Note that it's also possible to use acme-tiny
(https://github.com/diafygi/acme-tiny/) with Ansible using the
openssl_certificate module
(https://docs.ansible.com/ansible/latest/modules/openssl_certificate_module.html).
Depending on your use-case, this can be much simpler than using the
acme_certificate module. There are also roles encapsulating the
acme_certificate module and make it easier to use (for example, one by
myself: https://github.com/felixfontein/acme-certificate/).
Cheers,
Felix
coach rhca
Aug 17, 2018, 12:11:13 AM8/17/18
to ansible...@googlegroups.com
thanks Jonathan for reciprocating, i use the openssl on the OS to generate the pem file and then the crt file but i am checking on how to achieve this on ansible.
just like a private self signed certificate for internal use for the webserver that will be provisioned.
On Thu, Aug 16, 2018 at 10:49 PM, Jonathan Lozada De La Matta <jloz...@redhat.com> wrote:
Coach,how do you currently do your certs? you can either use the letsencrypt modules, use copy to put it on webserver you build or use get_url. You can also do the same for the webserver config you are using. You can also template the config file.
On Thu, Aug 16, 2018 at 1:15 PM coach rhca <coach...@gmail.com> wrote:
Hi,Trying to create an ec2 instance using ansible. which will host a normal webserver but not sure on how to add the self signed certificate to the http - webserver using ansible.Also how to redirect all the http request to https one using ansible. Could you please suggest. thank you.--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/afe8c42d-c0ec-46af-b8be-ed09b473e6b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Jonathan lozada de la matta
AUTOMATION CONSULTANT - AUTOMATION PRACTICE
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/tBBrc4ycXmI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFYJA%2BJDFNLFkqV2JD4620xgr7e833ophjVsvwgA524xaBkQjw%40mail.gmail.com.
coach rhca
Aug 18, 2018, 12:34:46 AM8/18/18
to ansible...@googlegroups.com
Could you please suggest with your expert advise.
Kai Stian Olstad
Aug 18, 2018, 7:45:10 AM8/18/18
to ansible...@googlegroups.com
On Friday, 17 August 2018 06.11.03 CEST coach rhca wrote:
> thanks Jonathan for reciprocating, i use the openssl on the OS to generate
> the pem file and then the crt file but i am checking on how to achieve this
> on ansible.
> just like a private self signed certificate for internal use for the
> webserver that will be provisioned.
You can do it with the same command that you usually use, Ansible can run OS commands with the command and the shell modules.
> thanks Jonathan for reciprocating, i use the openssl on the OS to generate
> the pem file and then the crt file but i am checking on how to achieve this
> on ansible.
> just like a private self signed certificate for internal use for the
> webserver that will be provisioned.
--
Kai Stian Olstad
Felix Fontein
Aug 18, 2018, 8:20:00 AM8/18/18
to ansible...@googlegroups.com
Hi Coach,
you can also use the following modules:
* openssl_privatekey to generate the private key
(https://docs.ansible.com/ansible/latest/modules/openssl_privatekey_module.html)
* openssl_csr to generate the CSR
(https://docs.ansible.com/ansible/latest/modules/openssl_csr_module.html)
* openssl_certificate to generate the self-signed certificate
(https://docs.ansible.com/ansible/latest/modules/openssl_certificate_module.html)
Please check out the documentation, it also contains example on how to
use the modules.
Cheers,
Felix
you can also use the following modules:
* openssl_privatekey to generate the private key
(https://docs.ansible.com/ansible/latest/modules/openssl_privatekey_module.html)
* openssl_csr to generate the CSR
(https://docs.ansible.com/ansible/latest/modules/openssl_csr_module.html)
* openssl_certificate to generate the self-signed certificate
(https://docs.ansible.com/ansible/latest/modules/openssl_certificate_module.html)
Please check out the documentation, it also contains example on how to
use the modules.
Cheers,
Felix
coach rhca
Aug 19, 2018, 3:11:11 AM8/19/18
to ansible...@googlegroups.com
thanks kai..
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/tBBrc4ycXmI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/2154711.fANc0lNl0d%40x1.
coach rhca
Aug 19, 2018, 3:12:06 AM8/19/18
to ansible...@googlegroups.com
thanks felix for the module
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/tBBrc4ycXmI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20180818141942.4c86c310%40rovaniemi.
coach rhca
Aug 20, 2018, 1:17:29 AM8/20/18
to ansible...@googlegroups.com
Could you please help .. am unable to retrieve the public ip address of the ec2 instance to add it to the host inventory..
- name: Create an ec2 instance
ec2:
key_name: "{{ keypair }}"
group: sg_webserver_group
instance_type: "{{ instance_type}}"
image: "{{ ami }}"
wait: true
region: "{{ region }}"
assign_public_ip: yes
register: ec2
ec2:
key_name: "{{ keypair }}"
group: sg_webserver_group
instance_type: "{{ instance_type}}"
image: "{{ ami }}"
wait: true
region: "{{ region }}"
assign_public_ip: yes
register: ec2
- debug: var=ec2.instances.public_ip (or var=ec2.public_ip doesnt give the public ip rather gives undefined variable but whereas var=ec2 gives all the details)
- name: Add the newly created host
add_host:
name: "{{ item.public_ip }}"
groups: webserver
with_items: "{{ ec2.instances }}"
add_host:
name: "{{ item.public_ip }}"
groups: webserver
with_items: "{{ ec2.instances }}"
Thank you
On Sun, Aug 19, 2018 at 12:41 PM, coach rhca <coach...@gmail.com> wrote:
thanks kai..
coach rhca
Aug 20, 2018, 11:54:27 AM8/20/18
to ansible...@googlegroups.com
any valuable inputs from you experts ..not sure if calling it the right way after register the variable..
Felix Fontein
Aug 20, 2018, 12:29:37 PM8/20/18
to ansible...@googlegroups.com
Hi Coach,
you might want to start a new thread for a new question about something
completely different. Re-using the old thread might cause people who
could otherwise help you ignore your question because they think it is
about the old topic. Also, the people who answered to the old thread
earlier might now know enough to answer your new question. That's the
case for me and your new question, as I've never used the ec2 module.
Cheers,
Felix
On Mon, 20 Aug 2018 21:24:16 +0530
coach rhca <coach...@gmail.com> wrote:
> any valuable inputs from you experts ..not sure if calling it the
> right way after register the variable..
>
> On Mon, Aug 20, 2018 at 10:47 AM, coach rhca <coach...@gmail.com>
> wrote:
>
> > Could you please help .. am unable to retrieve the public ip
> > address of the ec2 instance to add it to the host inventory..
> >
> > - name: Create an ec2 instance
> > ec2:
> > key_name: "{{ keypair }}"
> > group: sg_webserver_group
> > instance_type: "{{ instance_type}}"
> > image: "{{ ami }}"
> > wait: true
> > region: "{{ region }}"
> > assign_public_ip: yes
> > register: ec2
> > - debug: * var=ec2.instances.public_ip* (*or var=ec2.public_ip
you might want to start a new thread for a new question about something
completely different. Re-using the old thread might cause people who
could otherwise help you ignore your question because they think it is
about the old topic. Also, the people who answered to the old thread
earlier might now know enough to answer your new question. That's the
case for me and your new question, as I've never used the ec2 module.
Cheers,
Felix
On Mon, 20 Aug 2018 21:24:16 +0530
coach rhca <coach...@gmail.com> wrote:
> any valuable inputs from you experts ..not sure if calling it the
> right way after register the variable..
>
> On Mon, Aug 20, 2018 at 10:47 AM, coach rhca <coach...@gmail.com>
> wrote:
>
> > Could you please help .. am unable to retrieve the public ip
> > address of the ec2 instance to add it to the host inventory..
> >
> > - name: Create an ec2 instance
> > ec2:
> > key_name: "{{ keypair }}"
> > group: sg_webserver_group
> > instance_type: "{{ instance_type}}"
> > image: "{{ ami }}"
> > wait: true
> > region: "{{ region }}"
> > assign_public_ip: yes
> > register: ec2
> > doesnt give the public ip rather gives undefined variable but
> > whereas var=ec2 *gives all the details)
coach rhca
Aug 20, 2018, 1:25:08 PM8/20/18
to ansible...@googlegroups.com
sure
--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/tBBrc4ycXmI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20180820182920.4e69dad4%40rovaniemi.
Reply all
Reply to author
Forward
0 new messages