jfrog / JFrog-Cloud-Installers

Template to deploy Artifactory Enterprise cluster.
Apache License 2.0
78 stars 140 forks source link

[ansible/artifactory_nginx_ssl] Wrong variables checks for ssl_certificate and certificate #421

Open EmptyByte opened 4 weeks ago

EmptyByte commented 4 weeks ago

In defaults:

ssl_certificate_install: true
ssl_certificate_path: /etc/pki/tls/certs
ssl_certificate_key_path: /etc/pki/tls/private
ssl_certificate: cert.pem
ssl_certificate_key: cert.key

In tasks/main.yml

The first tasks checks if two undefined variables exists:

- name: Check required variables
  ansible.builtin.fail: msg="Variable '{{ item }}' is not defined"
  when: item not in vars
  loop:
    - certificate
    - certificate_key
    - server_name

Then later you use the right variables names (ie ssl_certificate and ssl_certificate_key) :

- name: Ensure ssl_certificate_path exists
  become: true
  ansible.builtin.file:
    path: "{{ ssl_certificate_path }}"
    state: directory
    mode: 0755
  when: ssl_certificate_install

- name: Ensure ssl_certificate_key_path exists
  become: true
  ansible.builtin.file:
    path: "{{ ssl_certificate_key_path }}"
    state: directory
    mode: 0700
  when: ssl_certificate_install

- name: Configure certificate
  become: true
  ansible.builtin.template:
    src: certificate.pem.j2
    dest: "{{ ssl_certificate_path }}/{{ ssl_certificate }}"
    mode: 0644
  notify: Restart nginx
  no_log: true
  when: ssl_certificate_install

- name: Configure key
  become: true
  ansible.builtin.template:
    src: certificate.key.j2
    dest: "{{ ssl_certificate_key_path }}/{{ ssl_certificate_key }}"
    mode: 0600
  notify: Restart nginx
  no_log: true
  when: ssl_certificate_install
EmptyByte commented 4 weeks ago

Nevermind those are variables used in templates (not mentionned in README or defaults). So you have to pass the cert/key with the above vars split with pipe:

certificate_key
cat cert.key | tr '\n' '|'

certificate
cat cert.pem | tr '\n' '|'
chukka commented 1 week ago

@EmptyByte Noted, will see if we can improve our docs around this

EmptyByte commented 1 week ago

Duplicate of #370