0a3da471f5
* Begin rewrite of win_iis_webbinding Add integration testing, check mode and idempotency Add support for SNI Fix replacing SSL cert on existing bindings * finished up initial rewrite of win_iis_webbinding * updated test to remove tests as filters * updated win_iis_webbinding docs * fix more doc/formatting issues win_iis_webbinding * Removed string empty defaults for certs. Added a few new helpful comments. * Revert "Removed string empty defaults for certs. Added a few new helpful" This reverts commit 48f35faea8d5294b34e1aa842a95c9352b90257f.
88 lines
2.7 KiB
YAML
88 lines
2.7 KiB
YAML
- name: reboot before feature install to ensure server is in clean state
|
|
win_reboot:
|
|
|
|
- name: ensure IIS features are installed
|
|
win_feature:
|
|
name: Web-Server
|
|
state: present
|
|
includ_sub_features: True
|
|
include_management_tools: True
|
|
register: feature_install
|
|
|
|
- name: reboot after feature install
|
|
win_reboot:
|
|
when: feature_install.reboot_required
|
|
|
|
- name: get all websites from server
|
|
raw: powershell.exe "(get-website).name"
|
|
register: existing_sites
|
|
|
|
- name: ensure all sites are removed for clean testing
|
|
win_iis_website:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- "{{ existing_sites.stdout_lines }}"
|
|
|
|
- name: add testing site {{ test_iis_site_name }}
|
|
win_iis_website:
|
|
name: "{{ test_iis_site_name }}"
|
|
physical_path: c:\inetpub\wwwroot
|
|
|
|
- name: ensure all bindings are removed prior to starting testing
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: absent
|
|
protocol: "{{ item.protocol }}"
|
|
port: "{{ item.port }}"
|
|
host_header: '*'
|
|
with_items:
|
|
- {protocol: http, port: 80}
|
|
- {protocol: https, port: 443}
|
|
|
|
- name: copy certreq file
|
|
win_copy:
|
|
content: |-
|
|
[NewRequest]
|
|
Subject = "CN={{ item.name }}"
|
|
KeyLength = 2048
|
|
KeyAlgorithm = RSA
|
|
MachineKeySet = true
|
|
RequestType = Cert
|
|
dest: "{{ item.dest }}"
|
|
with_items:
|
|
- {name: test.com, dest: 'c:\windows\temp\certreq1.txt'}
|
|
- {name: test1.com, dest: 'c:\windows\temp\certreq2.txt'}
|
|
- {name: '*.test.com', dest: 'c:\windows\temp\certreqwc.txt'}
|
|
|
|
- name: make sure response files are absent
|
|
win_file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- 'c:\windows\temp\certreqresp1.txt'
|
|
- 'c:\windows\temp\certreqresp2.txt'
|
|
- 'c:\windows\temp\certreqrespwc.txt'
|
|
|
|
- name: create self signed cert from certreq
|
|
win_command: certreq -new -machine {{ item.req }} {{ item.resp }}
|
|
with_items:
|
|
- {req: 'c:\windows\temp\certreq1.txt', resp: 'c:\windows\temp\certreqresp1.txt'}
|
|
- {req: 'c:\windows\temp\certreq2.txt', resp: 'c:\windows\temp\certreqresp2.txt'}
|
|
- {req: 'c:\windows\temp\certreqwc.txt', resp: 'c:\windows\temp\certreqrespwc.txt'}
|
|
|
|
- name: register certificate thumbprint1
|
|
raw: '(gci Cert:\LocalMachine\my | ? {$_.subject -eq "CN=test.com"})[0].Thumbprint'
|
|
register: thumbprint1
|
|
|
|
- name: register certificate thumbprint2
|
|
raw: '(gci Cert:\LocalMachine\my | ? {$_.subject -eq "CN=test1.com"})[0].Thumbprint'
|
|
register: thumbprint2
|
|
|
|
- name: register certificate thumbprint_wc
|
|
raw: '(gci Cert:\LocalMachine\my | ? {$_.subject -eq "CN=*.test.com"})[0].Thumbprint'
|
|
register: thumbprint_wc
|
|
|
|
- debug: var=thumbprint1.stdout
|
|
- debug: var=thumbprint2.stdout
|
|
- debug: var=thumbprint_wc.stdout
|