Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: TLS encryption for Director / WebUI connection #7

Merged
merged 20 commits into from
Jul 9, 2024
Merged

feat: TLS encryption for Director / WebUI connection #7

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
9080b37
feat(tls): add tls encryption variables
Mar 20, 2024
b50da94
feat: removed static file names
JoelJoos Apr 30, 2024
f62d429
feat: add TLS certificate copy task
JoelJoos Apr 30, 2024
99c581e
feat: added biased certificate paths
Jun 19, 2024
15a87df
chore: updated variables
Jun 19, 2024
b5f63b8
chore: updated variable names
Jun 19, 2024
c6c05f5
feat: added place tls cert task
Jun 19, 2024
0da6875
chore: removed typo
Jun 19, 2024
e44e07c
feat: updated to new looping / variable structure
Jun 19, 2024
20e14a1
feat: removed boolean string comparison
Jun 19, 2024
47a902d
chore: updated variable names
Jun 19, 2024
22eba19
chore: unify indendation
Jun 19, 2024
b40ea56
Update tasks/main.yml
JoelJoos Jul 2, 2024
0157a99
Update defaults/main.yml
JoelJoos Jul 2, 2024
8bac87c
feat: added new src / dest variables
Jul 2, 2024
de31a74
chore: cleanup
Jul 2, 2024
6db1c9c
feat: added new vars
Jul 2, 2024
357970d
feat: changed to new var names
Jul 2, 2024
fe6c788
chore: added newline
Jul 2, 2024
f97bf6d
feat: added new conditionals for TLS cert placing
Jul 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,21 @@ bareos_dir_tls_enable: yes
# Verify the peer.
bareos_dir_tls_verify_peer: no

# The path of the CA certificate file.
bareos_dir_ca_cert:
src: ""
dest: "/etc/bareos/bareosCA.pem"

# The path of the client certificate of the director
bareos_dir_tls_cert:
src: ""
dest: "/etc/bareos/director.pem"

# The path of the client certificate key of the director
bareos_dir_tls_cert_key:
src: ""
dest: "/etc/bareos/director.key"

JoelJoos marked this conversation as resolved.
Show resolved Hide resolved
# A list of catalogs to configure.
bareos_dir_catalogs: []

Expand Down
9 changes: 9 additions & 0 deletions meta/argument_specs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,15 @@ argument_specs:
type: "bool"
default: no
description: "Verify the peer."
bareos_dir_tls_ca_cert:
type: "str"
description: "The CA Certificate for the Director"
bareos_dir_tls_cert:
type: "str"
description: "The TLS certificate of the director"
bareos_dir_tls_cert_key:
type: "str"
description: "The TLS certificate key of the director"
bareos_dir_catalogs:
type: "list"
default: []
Expand Down
18 changes: 18 additions & 0 deletions tasks/assert.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,24 @@
- bareos_dir_tls_verify_peer is boolean
quiet: true

- name: assert | Test bareos_dir_tls_ca_cert
ansible.builtin.assert:
that:
- bareos_dir_tls_ca_cert is defined
- bareos_dir_tls_ca_cert is string

- name: assert | Test bareos_dir_tls_cert
ansible.builtin.assert:
that:
- bareos_dir_tls_cert is defined
- bareos_dir_tls_cert is string

- name: assert | Test bareos_dir_tls_cert_key
ansible.builtin.assert:
that:
- bareos_dir_tls_cert_key is defined
- bareos_dir_tls_cert_key is string

JoelJoos marked this conversation as resolved.
Show resolved Hide resolved
- name: assert | Test bareos_dir_catalogs
ansible.builtin.assert:
that:
Expand Down
15 changes: 15 additions & 0 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,21 @@
- name: Run handlers
ansible.builtin.meta: flush_handlers

- name: Place TLS certificates
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: bareos
group: bareos
mode: "0640"
backup: "{{ bareos_dir_backup_configurations }}"
loop:
- bareos_dir_tls_ca_cert
- bareos_dir_tls_cert
- bareos_dir_tls_cert_key
when:
- bareos_dir_tls_enable
adf-patrickha marked this conversation as resolved.
Show resolved Hide resolved
JoelJoos marked this conversation as resolved.
Show resolved Hide resolved

- name: Place bareos-dir.conf
ansible.builtin.template:
src: bareos-dir.conf.j2
Expand Down
9 changes: 9 additions & 0 deletions templates/bareos-dir.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,13 @@ Director {
Plugin Names = "{{ bareos_dir_plugin_name }}"
Plugin Directory = "{{ bareos_dir_plugin_dir }}"
{% endif %}
{% if bareos_dir_tls_ca_cert is defined and bareos_dir_tls_ca_cert != "" %}
TLS CA Certificate File = "{{ bareos_dir_tls_ca_cert }}"
{% endif %}
{% if bareos_dir_tls_cert is defined and bareos_dir_tls_cert != "" %}
TLS Certificate = "{{ bareos_dir_tls_cert }}"
{% endif %}
{% if bareos_dir_tls_cert_key is defined and bareos_dir_tls_cert_key != "" %}
TLS Key = "{{ bareos_dir_tls_cert_key }}"
{% endif %}
JoelJoos marked this conversation as resolved.
Show resolved Hide resolved
}
Loading