will/unifi_controller_rhel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding SSL cert support

Browse Source
This commit is contained in:
Will Bradley 2016-06-14 18:37:15 -07:00
parent ba3d6d27df
commit b72ddb2e2e
3 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -10,7 +10,7 @@ Forked from https://github.com/fukawi2/unifi-controller-rhel and modified to be
Requirements Requirements
------------ ------------
- Ubiquiti's license does not allow redistribution of the software ZIP, so you must manually download the ZIP of the UniFi Controller software from the [Ubiquiti website](https://www.ubnt.com/download/unifi/) and save it to `files/UniFi.unix.zip`. The most recent tested version is "UniFi v5.0.6 Zip for DIY Unix/Linux" from 2016-06-01. If you are including this role via Galaxy, you may download this file to your playbook's `files` directory instead of this role's `files` directory; both will work. - Ubiquiti's license does not allow redistribution of the software ZIP, so you must manually download the ZIP of the UniFi Controller software from the [Ubiquiti website](https://www.ubnt.com/download/unifi/) and save it to `files/UniFi.unix.zip`. The most recent tested version is "UniFi v5.0.6 Zip for DIY Unix/Linux" from 2016-06-01. If you are including this role via Galaxy, you may download this file to your playbook's `files` directory instead of this role's `files` directory; you may also download to an arbitrary folder in your playbook and specify the relative path in the variable.
- You may need the [EPEL Repository](https://fedoraproject.org/wiki/EPEL) from Fedora Project enabled for some packages, however Mongo is installed directly from mongo.org so try running without first. - You may need the [EPEL Repository](https://fedoraproject.org/wiki/EPEL) from Fedora Project enabled for some packages, however Mongo is installed directly from mongo.org so try running without first.
@ -18,7 +18,10 @@ Role Variables
-------------- --------------
- **unifi_controller_rhel_ntp_server** (optional) sets your preferred NTP server for the UniFi APs to use (default: `pool.ntp.org`) - **unifi_controller_rhel_ntp_server** (optional) sets your preferred NTP server for the UniFi APs to use (default: `pool.ntp.org`)
- **unifi_controller_rhel_unifi_zip_file** (optional) sets the filename of the UniFi controller software on the Ansible system (default: `UniFi.unix.zip`) - **unifi_controller_rhel_ssl_bundle** (optional) provides an alternate SSL CA certificate bundle/chain for the Controller to use. (default: none)
- **unifi_controller_rhel_ssl_cert** (optional) provides an alternate SSL certificate for the Controller to use. (default: none)
- **unifi_controller_rhel_ssl_key** (optional) provides an alternate SSL key for the Controller to use. (default: none)
- **unifi_controller_rhel_unifi_zip_file** (optional) sets the filename of the UniFi controller software on the Ansible system, can be a path relative to your playbook like `roles/my_other_role/downloads/Unifi.unix.zip` (default: `UniFi.unix.zip`)
Dependencies Dependencies
------------ ------------

20
tasks/main.yml
View File

@ -45,5 +45,25 @@
- name: install init script - name: install init script
template: src=unifi.init.j2 dest=/etc/init.d/UniFi owner=root group=root mode=755 template: src=unifi.init.j2 dest=/etc/init.d/UniFi owner=root group=root mode=755
- name: copy ssl cert
when: not (unifi_controller_rhel_ssl_cert is none)
copy: src={{ unifi_controller_rhel_ssl_cert }} dest=/root/cert.crt force=no
- name: copy ssl key
when: not (unifi_controller_rhel_ssl_key is none)
copy: src={{ unifi_controller_rhel_ssl_key }} dest=/root/key.crt force=no
- name: copy ssl bundle
when: not (unifi_controller_rhel_ssl_bundle is none)
copy: src={{ unifi_controller_rhel_ssl_bundle }} dest=/root/bundle.crt force=no
- name: convert ssl cert to pkcs12 format
when: not (unifi_controller_rhel_ssl_cert is none or unifi_controller_rhel_ssl_key is none or unifi_controller_rhel_ssl_bundle is none)
shell: openssl pkcs12 -export -in /root/cert.crt -inkey /root/key.crt -out /root/unifi.p12 -name unifi -CAfile /root/bundle.crt -caname root creates=/root/unifi.p12
- name: convert ssl cert to keystore
when: not (unifi_controller_rhel_ssl_cert is none or unifi_controller_rhel_ssl_key is none or unifi_controller_rhel_ssl_bundle is none)
shell: keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore {{ unifi_controller_rhel_unifi_prefix }}/UniFi/data/keystore -srckeystore /root/unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi creates={{ unifi_controller_rhel_unifi_prefix }}/UniFi/data/keystore
- name: start unifi service - name: start unifi service
service: name=UniFi enabled=yes state=started service: name=UniFi enabled=yes state=started

11
vars/main.yml
View File

@ -1,9 +1,12 @@
--- ---
# vars file for unifi_controller_rhel # vars file for unifi_controller_rhel
unifi_controller_rhel_java_home: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64
unifi_controller_rhel_ntp_server: pool.ntp.org unifi_controller_rhel_ntp_server: pool.ntp.org
unifi_controller_rhel_unifi_zip_file: UniFi.unix.zip unifi_controller_rhel_ssl_bundle: ~
unifi_controller_rhel_unifi_zip_dest: /usr/local/src/UniFi.zip unifi_controller_rhel_ssl_cert: ~
unifi_controller_rhel_ssl_key: ~
unifi_controller_rhel_unifi_gid: unifi
unifi_controller_rhel_unifi_prefix: /opt unifi_controller_rhel_unifi_prefix: /opt
unifi_controller_rhel_unifi_uid: unifi unifi_controller_rhel_unifi_uid: unifi
unifi_controller_rhel_unifi_gid: unifi unifi_controller_rhel_unifi_zip_dest: /usr/local/src/UniFi.zip
unifi_controller_rhel_java_home: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64 unifi_controller_rhel_unifi_zip_file: UniFi.unix.zip