Produced by Araxis Merge on 4/18/2019 5:55:26 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | MCCF_EDI_TAS_TASCore v2.0_Build_10.zip\MCCF_EDI_TAS_DevOps\mccf_devops\playbooks | configure_httpd_ssl_conf_tas.yml | Wed Apr 3 02:27:32 2019 UTC |
2 | MCCF_EDI_TAS_TASCore v2.0_Build_10.zip\MCCF_EDI_TAS_DevOps\mccf_devops\playbooks | configure_httpd_ssl_conf_tas.yml | Mon Apr 15 17:29:55 2019 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 450 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | # Ansible Playbook | |
2 | # Dan McAl lister - PII | |
3 | # Version 1.0 | |
4 | # | |
5 | # Configur e Apache ( http) SSL config fil e to use T AS certifi cates | |
6 | # | |
7 | ||
8 | --- | |
9 | - name: Co nfigure Ap ache (http ) to use S SL with TA S certific ates | |
10 | hosts: a ll | |
11 | gather_f acts: no | |
12 | become: yes | |
13 | tasks: | |
14 | ||
15 | # Determ ine curren t status o f http ser vice | |
16 | - name: Determine current st ate of htt pd service | |
17 | shell: systemctl status ht tpd warn=f alse | |
18 | regist er: httpd_ status | |
19 | change d_when: ht tpd_status .rc == 99 | |
20 | failed _when: htt pd_status. rc == 99 | |
21 | ignore _errors: t rue | |
22 | ||
23 | # Verify the httpd package i s installe d | |
24 | - name: Check exis tence of h ttpd | |
25 | yum: | |
26 | name : httpd | |
27 | stat e: latest | |
28 | ||
29 | # Verify the mod_s sl package is instal led | |
30 | - name: Check exis tence of m od_ssl | |
31 | yum: | |
32 | name : mod_ssl | |
33 | stat e: latest | |
34 | ||
35 | # Verify the exist ence of ss l.conf in /etc/httpd /conf.d/ss l.conf | |
36 | - name: Verify ssl .conf file exists in /etc/http d/conf.d | |
37 | file: | |
38 | path : /etc/htt pd/conf.d/ ssl.conf | |
39 | mode : 0644 | |
40 | owne r: root | |
41 | grou p: root | |
42 | stat e: file | |
43 | ||
44 | # Is SSL Cipher Su ite settin g already in the fil e? | |
45 | - name: Is SSL Cip her Suite setting al ready in t he file? | |
46 | comman d: grep "^ SSLCipherS uite" /etc /httpd/con f.d/ssl.co nf | |
47 | regist er: file_p resent | |
48 | change d_when: fi le_present .rc == 999 | |
49 | failed _when: fi le_present .rc == 999 | |
50 | ||
51 | # Change SSL Ciphe r Suite to HIGH only | |
52 | - name: Change SSL Cipher Su ite to HIG H only | |
53 | linein file: | |
54 | path : /etc/htt pd/conf.d/ ssl.conf | |
55 | rege xp: "^SSLC ipherSuite " | |
56 | line : "SSLCi pherSuite HIGH:!MEDI UM:!aNULL: !MD5:!SEED :!IDEA" | |
57 | stat e: present | |
58 | when: file_prese nt.rc == 0 | |
59 | ||
60 | # Set SS L Cipher S uite to HI GH only | |
61 | - name: Set SSL Ci pher Suite to HIGH o nly | |
62 | linein file: | |
63 | path : /etc/htt pd/conf.d/ ssl.conf | |
64 | inse rtbefore: "</Virtual Host>" | |
65 | line : "SSLCi pherSuite HIGH:!MEDI UM:!aNULL: !MD5:!SEED :!IDEA" | |
66 | stat e: present | |
67 | when: file_prese nt.rc != 0 | |
68 | ||
69 | # Verify TAS crt f ile is pre sent | |
70 | - name: Verify SSL Certifica te File (T AS.crt) is present | |
71 | file: | |
72 | path : /etc/pki /tls/certs /TAS.crt | |
73 | stat e: file | |
74 | ||
75 | # Is SSL Certifica te already defined? | |
76 | - name: Is SSL Cer tificate a lready def ined? | |
77 | comman d: grep "^ SSLCertifi cate" /etc /httpd/con f.d/ssl.co nf | |
78 | regist er: file_p resent | |
79 | change d_when: fi le_present .rc == 999 | |
80 | failed _when: fi le_present .rc == 999 | |
81 | ||
82 | # Change SSL Certi ficate to TAS.crt | |
83 | - name: Set SSL Ce rtificate to TAS.crt | |
84 | linein file: | |
85 | path : /etc/htt pd/conf.d/ ssl.conf | |
86 | rege xp: "^SSLC ertificate File" | |
87 | line : "SSLCe rtificateF ile {{ SSL Certificat eFile }}" | |
88 | stat e: present | |
89 | when: file_prese nt.rc == 0 | |
90 | ||
91 | # Set SS L Certific ate to TAS .crt | |
92 | - name: Set SSL Ce rtificate to TAS.crt | |
93 | linein file: | |
94 | path : /etc/htt pd/conf.d/ ssl.conf | |
95 | inse rtbefore: "</Virtual Host>" | |
96 | line : "SSLCe rtificateF ile {{ SSL Certificat eFile }}" | |
97 | stat e: present | |
98 | when: file_prese nt.rc != 0 | |
99 | ||
100 | # Verify TAS key f ile is pre sent | |
101 | - name: Verify SSL Certifica te key (TA S.key) is present | |
102 | file: | |
103 | path : "{{ SSLC ertificate KeyFile }} " | |
104 | stat e: file | |
105 | ||
106 | # Is SSL Certifica te Key Fil e already defined? | |
107 | - name: Is SSL Cer tificate K ey File al ready defi ned? | |
108 | comman d: grep "^ SSLCertifi cateKeyFil e" /etc/ht tpd/conf.d /ssl.conf | |
109 | regist er: file_p resent | |
110 | change d_when: fi le_present .rc == 999 | |
111 | failed _when: fi le_present .rc == 999 | |
112 | ||
113 | # Change SSL Certi ficate key File to T AS.key | |
114 | - name: Change SSL Certifica te Key Fil e to TAS.k ey | |
115 | linein file: | |
116 | path : /etc/htt pd/conf.d/ ssl.conf | |
117 | rege xp: "^SSLC ertificate KeyFile" | |
118 | line : "SSLCe rtificateK eyFile {{ SSLCertifi cateKeyFil e }}" | |
119 | stat e: present | |
120 | when: file_prese nt.rc == 0 | |
121 | ||
122 | # Set SS L Certific ate key Fi le to TAS. key | |
123 | - name: Set SSL Ce rtificate Key File t o TAS.key | |
124 | linein file: | |
125 | path : /etc/htt pd/conf.d/ ssl.conf | |
126 | inse rtbefore: "</Virtual Host>" | |
127 | line : "SSLCe rtificateK eyFile {{ SSLCertifi cateKeyFil e }}" | |
128 | stat e: present | |
129 | when: file_prese nt.rc != 0 | |
130 | ||
131 | # Verify VA Chain file is pr esent | |
132 | - name: Verify Cer tificate C hain file is present | |
133 | file: | |
134 | path : "{{ SSLC ertificate ChainFile }}" | |
135 | stat e: file | |
136 | ||
137 | # Is VA Chain file already d efined? | |
138 | - name: Is VA Chai n file alr eady defin ed? | |
139 | comman d: grep "^ SSLCertifi cateChainF ile" /etc/ httpd/conf .d/ssl.con f | |
140 | regist er: file_p resent | |
141 | change d_when: fi le_present .rc == 999 | |
142 | failed _when: fi le_present .rc == 999 | |
143 | ||
144 | # Change VA Chain file as de fault | |
145 | - name: Change VA Chain file as defaul t | |
146 | linein file: | |
147 | path : /etc/htt pd/conf.d/ ssl.conf | |
148 | rege xp: "^SSLC ertificate ChainFile" | |
149 | line : "SSLCe rtificateC hainFile { { SSLCerti ficateChai nFile }}" | |
150 | stat e: present | |
151 | when: file_prese nt.rc == 0 | |
152 | ||
153 | # Set VA Chain fil e as defau lt | |
154 | - name: Set VA Cha in file as default | |
155 | linein file: | |
156 | path : /etc/htt pd/conf.d/ ssl.conf | |
157 | inse rtbefore: "</Virtual Host>" | |
158 | line : "SSLCe rtificateC hainFile { { SSLCerti ficateChai nFile }}" | |
159 | stat e: present | |
160 | when: file_prese nt.rc != 0 | |
161 | ||
162 | # Verify VA CA fil e is prese nt | |
163 | - name: Verify VA CA file is present | |
164 | file: | |
165 | path : "{{ SSLC ACertifica teFile }}" | |
166 | stat e: file | |
167 | ||
168 | # Is the VA CA fil e set alre ady define d? | |
169 | - name: Is the VA CA file s et already defined? | |
170 | comman d: grep "^ SSLCACerti ficateFile " /etc/htt pd/conf.d/ ssl.conf | |
171 | regist er: file_p resent | |
172 | change d_when: fi le_present .rc == 999 | |
173 | failed _when: fi le_present .rc == 999 | |
174 | ||
175 | # Change VA CA fil e | |
176 | - name: Change VA CA file | |
177 | linein file: | |
178 | path : /etc/htt pd/conf.d/ ssl.conf | |
179 | rege xp: "^SSLC ACertifica teFile" | |
180 | line : "SSLCA Certificat eFile {{ S SLCACertif icateFile }}" | |
181 | stat e: present | |
182 | when: file_prese nt.rc == 0 | |
183 | ||
184 | # Set VA CA file | |
185 | - name: Set VA CA file | |
186 | linein file: | |
187 | path : /etc/htt pd/conf.d/ ssl.conf | |
188 | inse rtbefore: "</Virtual Host>" | |
189 | line : "SSLCA Certificat eFile {{ S SLCACertif icateFile }}" | |
190 | stat e: present | |
191 | when: file_prese nt.rc != 0 | |
192 | ||
193 | # Is the firewall using fire walld? | |
194 | - name: Is the fir ewall usin g firewall d? | |
195 | system d: | |
196 | name : firewall d | |
197 | stat e: started | |
198 | enab led: true | |
199 | regist er: firewa lld_state | |
200 | ||
201 | # If usi ng firewal ld, enable https | |
202 | - name: If using f irewalld, enable htt ps | |
203 | firewa lld: | |
204 | serv ice: https | |
205 | zone : public | |
206 | perm anent: tru e | |
207 | stat e: enabled | |
208 | imme diate: tru e | |
209 | when: firewalld_ state.stat us.Result == "succes s" | |
210 | ||
211 | # If usi ng firewal ld, enable port 443/ tcp | |
212 | - name: If using f irewalld, enable por t 443/tcp | |
213 | firewa lld: | |
214 | port : 443/tcp | |
215 | zone : public | |
216 | perm anent: tru e | |
217 | stat e: enabled | |
218 | imme diate: tru e | |
219 | when: firewalld_ state.stat us.Result == "succes s" | |
220 | ||
221 | # If htt pd was sta rted earli er, restar t it now | |
222 | - name: Restart if httpd was found to be running earlier | |
223 | shell: systemctl restart h ttpd warn= false | |
224 | when: httpd_stat us.rc == 0 | |
225 | ignore _errors: t rue | |
226 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.