Untuk tutorial Ansible kali ini kita akan membuat sebuah OpenSSL Certificate pribadi yang kita gunakan. Sebelum mengikuti tutorial kali ini, silakan install ansible dulu ya.
[sourcecode]
#fedora
sudo dnf install ansible
#centOS
$ sudo yum -y install epel-release
$ sudo yum install ansible
#ubuntu
$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository –yes –update ppa:ansible/ansible
$ sudo apt install ansible
#debian
$ echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys 93C4A3FD7BB9C367
$ sudo apt update
$ sudo apt install ansible
#arch linux
$ pacman -S ansible
[/sourcecode]
cek dulu versi ansbile ini dengan perintah ansible –version
ansible --version ansible 2.9.11 config file = None configured module search path = ['/Users/jkmutai/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/Cellar/ansible/2.9.11/libexec/lib/python3.8/site-packages/ansible executable location = /usr/local/bin/ansible python version = 3.8.5 (default, Jul 21 2020, 10:48:26) [Clang 11.0.3 (clang-1103.0.32.62)]
Install Dependensi SSL
Silakan install dengan perintah:
[sourcecode]sudo pip install pyOpenSSL[/sourcecode]
jika menggunakan Python 3:
[sourcecode]sudo pip3 install pyOpenSSL[/sourcecode]
Contoh Skrip Ansible SSL
Silakan buat sebuah folder dengan nama certificates, files dan template
mkdir -p ~/server/ansible/{certificates,files,templates}
kemudian masuk ke sana.
buat schema ansible disana:
nano ~/server/ansible/openssl_certificates.yml
tuliskan:
[sourcecode]
—
– hosts: localhost
vars:
– server_hostname: emka.web.id
– key_size: 4096
– passphrase: # tulis phaseprase
– key_type: DSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
tasks:
– name: Generate an OpenSSL private key
openssl_privatekey:
path: "./certificates/{{ server_hostname }}_privkey.pem"
size: "{{ key_size }}"
type: "{{ key_type }}"
backup: yes
[/sourcecode]
kemudian jalankan schema tersebut:
[sourcecode]ansible-playbook openssl_certificates.yml[/sourcecode]
contoh hasilnya:
PLAY [localhost] ************************************************************************************************************************************************* TASK [Gathering Facts] ******************************************************************************************************************************************* ok: [localhost] TASK [Generate an OpenSSL private key] *************************************************************************************************************************** changed: [localhost] PLAY RECAP ******************************************************************************************************************************************************* localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
cek file PEM sudah dibuat atau belum.