ssl self check 自动化部署脚本

2019-12-31 11:54:10 +08:00
parent 96bc1f54b1
commit 93f2ad9e9a
174 changed files with 22000 additions and 0 deletions
--- a/ssl_self_check/config/ansible.yml
+++ b/ssl_self_check/config/ansible.yml
@@ -0,0 +1,86 @@
+--- 
+- hosts: test
+  remote_user: root
+  vars:
+    - envpath: /root/ansible/env_install/
+    - sslpath: /root/ansible/ssl_self_check/
+  tasks:
+    - name: 'copy file to device'
+      copy: 
+        src: "{{item.src}}"
+        dest: "{{item.dest}}"
+        mode: "{{item.mode}}"
+      with_items:
+        - { src: "{{ envpath }}", dest: "{{ envpath }}", mode: '0755' }
+        - { src: "{{ sslpath }}", dest: "{{ sslpath }}", mode: '0755' }
+        - { src: "{{ sslpath }}/certs/", dest: '/root/.badssl_self_test_cert_dict', mode: '0755'}  
+  
+    - name: 'yum install docker'
+      yum:
+        name:
+          - '{{envpath}}/rpm/docker/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm'
+          - '{{envpath}}/rpm/docker/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm'
+        state: present
+        
+    - name: 'yum install python-devel'
+      yum:
+        name:
+          - '{{envpath}}/rpm/python_devel/python2-rpm-macros-3-32.el7.noarch.rpm'
+          - '{{envpath}}/rpm/python_devel/python-rpm-macros-3-32.el7.noarch.rpm'
+          - '{{envpath}}/rpm/python_devel/python-srpm-macros-3-32.el7.noarch.rpm'
+          - '{{envpath}}/rpm/python_devel/python-devel-2.7.5-86.el7.x86_64.rpm '
+        state: present
+        
+    - name: 'yum install python-pip'
+      yum:
+        name:
+          - '{{envpath}}/rpm/pip/python-backports-1.0-8.el7.x86_64.rpm'
+          - '{{envpath}}/rpm/pip/python-ipaddress-1.0.16-2.el7.noarch.rpm'
+          - '{{envpath}}/rpm/pip/python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch.rpm'
+          - '{{envpath}}/rpm/pip/python-setuptools-0.9.8-7.el7.noarch.rpm'
+          - '{{envpath}}/rpm/pip/python2-pip-8.1.2-10.el7.noarch.rpm'
+        state: present     
+ 
+    - name: 'restart docker and enable docker start on boot'
+      systemd:
+        name: docker
+        state: restarted
+        enabled: yes
+
+    - name: 'pip install docker-compose'
+      pip: 
+        state: present
+        requirements: '{{envpath}}/pip/docker_compose_req.txt'
+        extra_args: "--no-index --find-links={{envpath}}/pip/docker_compose/" 
+
+    - name: 'local docker image'
+      docker_image:
+        name: "{{item.name}}"
+        load_path: "{{item.load_path}}"
+        source: "{{item.source}}"
+      with_items:
+        - { name: 'badssl', load_path: '{{sslpath}}/images_dict/badssl.tar', source: load }
+        - { name: 'golang', load_path: '{{sslpath}}/images_dict/wpr.tar', source: load }
+        - { name: 'python', load_path: '{{sslpath}}/images_dict/unittest.tar', source: load }
+        
+    - name: 'Run makefile to create cert'
+      make:
+        chdir: /root/.badssl_self_test_cert_dict
+        target: certs-test
+
+    - name: 'create badssl unittest cert dict'
+      file:
+        path: /root/.unittest_self_test_cafile_dict
+        state: directory
+        mode: '0731'
+        
+    - name: 'copy  ca cert to the location'
+      copy: 
+        src: "/root/.badssl_self_test_cert_dict/certs/sets/test/gen/crt/ca-root.crt"
+        dest: "/root/.unittest_self_test_cafile_dict/ca-root.crt"
+        remote_src: yes
+        
+    - name: 'docker-compose up'
+      docker_compose:
+        project_src: '{{sslpath}}/docker-compose/'
+        state: present