Untuk tutorial Ansible kali ini kita akan membuat sebuah OpenSSL Certificate pribadi yang kita gunakan. Sebelum mengikuti tutorial kali ini, silakan install ansible dulu ya.
[sourcecode]
#fedora
sudo dnf install ansible
#centOS
$ sudo yum -y install epel-release
$ sudo yum install ansible
#ubuntu
$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt install ansible
#debian
$ echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
$ sudo apt update
$ sudo apt install ansible
#arch linux
$ pacman -S ansible
[/sourcecode]
cek dulu versi ansbile ini dengan perintah
ansible --version
ansible --version
ansible 2.9.11
config file = None
configured module search path = ['/Users/jkmutai/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.9.11/libexec/lib/python3.8/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.8.5 (default, Jul 21 2020, 10:48:26) [Clang 11.0.3 (clang-1103.0.32.62)]
Install Dependensi SSL
Silakan install dengan perintah:
[sourcecode]sudo pip install pyOpenSSL[/sourcecode]
jika menggunakan Python 3:
[sourcecode]sudo pip3 install pyOpenSSL[/sourcecode]
Contoh Skrip Ansible SSL
Silakan buat sebuah folder dengan nama certificates, files dan template
mkdir -p ~/server/ansible/{certificates,files,templates}
kemudian masuk ke sana.
buat schema ansible disana:
nano ~/server/ansible/openssl_certificates.yml
tuliskan:
[sourcecode]
---
- hosts: localhost
vars:
- server_hostname: emka.web.id
- key_size: 4096
- passphrase: # tulis phaseprase
- key_type: DSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
tasks:
- name: Generate an OpenSSL private key
openssl_privatekey:
path: "./certificates/{{ server_hostname }}_privkey.pem"
size: "{{ key_size }}"
type: "{{ key_type }}"
backup: yes
[/sourcecode]
kemudian jalankan schema tersebut:
[sourcecode]ansible-playbook openssl_certificates.yml[/sourcecode]
contoh hasilnya:
PLAY [localhost] *************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************
ok: [localhost]
TASK [Generate an OpenSSL private key] ***************************************************************************************************************************
changed: [localhost]
PLAY RECAP *******************************************************************************************************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
cek file PEM sudah dibuat atau belum.