SlideShare une entreprise Scribd logo

HTTPS and Ansible

Jeff Geerling
Jeff Geerling

Quick overview of automating HTTPS with Ansible - using self-signed certs, 'BYOC', or Let's Encrypt. Given at the Ansible St. Louis meetup on Feb 12, 2018.

Logiciels
1  sur  11
Télécharger pour lire hors ligne
Ansible St. Louis Meetup http://www.meetup.com/Ansible-St-Louis/ @ansiblestl
Thanks to tonight's meetup location sponsor:
HTTPS and Ansible Jeff Geerling
 Ansible St. Louis
 2018-02-12
What's required for HTTPS? • OpenSSL (usually) • Webserver support (Apache, Nginx, Node, Lightthpd, Caddy, etc.) • A certificate and key!
What can Ansible automate? • OpenSSL (usually) • Webserver support (Apache, Nginx, Node, Lightthpd, Caddy, etc.) • A certificate and key!
Server setup for HTTPS • Check Ansible Galaxy for tuned/easy-to-use roles • I'm a little biased, but at least check out geerlingguy.nginx, geerlingguy.apache... • Use SSL Labs' server test to validate
BYOC • "Bring your own cert" • Downside: Manual or out-of-band updates • E.g. - copy:
 content: "{{ my_cert }}"
 dest: /path/to/cert.crt - copy:
 content: /local/path/to/cert.crt
 dest: /path/to/cert.crt
ACM (or equivalent) • Generate certs via APIs • Downside: tied to specific services • AWS CloudFormation template to generate AWS::CertificateManager::Certificate • Use Ansible's cloudformation module
Let's Encrypt • Free certs for all! • Downside: requires public-facing server • E.g. geerlingguy.certbot Ansible letsencrypt module
Local / Self-Signed • Free certs for all! • Downside: browser support == headaches • E.g. See my blog post Ansible openssl_* modules
Q&A

Recommandé

Make your Ansible playbooks maintainable, flexible, and scalable
Make your Ansible playbooks maintainable, flexible, and scalableMake your Ansible playbooks maintainable, flexible, and scalable
Make your Ansible playbooks maintainable, flexible, and scalable
Jeff Geerling
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
Peter Sankauskas
 
Using ansible vault to protect your secrets
Using ansible vault to protect your secretsUsing ansible vault to protect your secrets
Using ansible vault to protect your secrets
Excella
 
Managing sensitive data with Ansible vault
Managing sensitive data with Ansible vaultManaging sensitive data with Ansible vault
Managing sensitive data with Ansible vault
Pascal Stauffer
 
Ansible Best Practices - July 30
Ansible Best Practices - July 30Ansible Best Practices - July 30
Ansible Best Practices - July 30
tylerturk
 
Introduction to Ansible - Jan 28 - Austin MeetUp
Introduction to Ansible - Jan 28 - Austin MeetUpIntroduction to Ansible - Jan 28 - Austin MeetUp
Introduction to Ansible - Jan 28 - Austin MeetUp
tylerturk
 
Testing servers like software
Testing servers like softwareTesting servers like software
Testing servers like software
Peter Souter
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
Greg DeKoenigsberg
 

Recommandé

Make your Ansible playbooks maintainable, flexible, and scalable
Make your Ansible playbooks maintainable, flexible, and scalableMake your Ansible playbooks maintainable, flexible, and scalable
Make your Ansible playbooks maintainable, flexible, and scalable
Jeff Geerling
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
Peter Sankauskas
 
Using ansible vault to protect your secrets
Using ansible vault to protect your secretsUsing ansible vault to protect your secrets
Using ansible vault to protect your secrets
Excella
 
Managing sensitive data with Ansible vault
Managing sensitive data with Ansible vaultManaging sensitive data with Ansible vault
Managing sensitive data with Ansible vault
Pascal Stauffer
 
Ansible Best Practices - July 30
Ansible Best Practices - July 30Ansible Best Practices - July 30
Ansible Best Practices - July 30
tylerturk
 
Introduction to Ansible - Jan 28 - Austin MeetUp
Introduction to Ansible - Jan 28 - Austin MeetUpIntroduction to Ansible - Jan 28 - Austin MeetUp
Introduction to Ansible - Jan 28 - Austin MeetUp
tylerturk
 
Testing servers like software
Testing servers like softwareTesting servers like software
Testing servers like software
Peter Souter
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
Greg DeKoenigsberg
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
Matt Ray
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
rmcleay
 
Ansible Crash Course
Ansible Crash CourseAnsible Crash Course
Ansible Crash Course
Peter Sankauskas
 
Monitor-Driven Development Using Ansible
Monitor-Driven Development Using AnsibleMonitor-Driven Development Using Ansible
Monitor-Driven Development Using Ansible
Itamar Hassin
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
Robert Reiz
 
Serverspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collideServerspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collide
m_richardson
 
Kernelci.org needs you!
Kernelci.org needs you!Kernelci.org needs you!
Kernelci.org needs you!
Mark Brown
 
CI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureCI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for Infrastructure
Faisal Shaikh
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
Bram Vogelaar
 
Hacking on WildFly 9
Hacking on WildFly 9Hacking on WildFly 9
Hacking on WildFly 9
Virtual JBoss User Group
 
Inside the Chef Push Jobs Service - ChefConf 2015
Inside the Chef Push Jobs Service - ChefConf 2015 Inside the Chef Push Jobs Service - ChefConf 2015
Inside the Chef Push Jobs Service - ChefConf 2015
Chef
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
Richard Donkin
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
Juan Diego Pereiro Arean
 
Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL Meetup
Jeff Geerling
 
OSDC2014: Testing Server Infrastructure with #serverspec
OSDC2014: Testing Server Infrastructure with #serverspecOSDC2014: Testing Server Infrastructure with #serverspec
OSDC2014: Testing Server Infrastructure with #serverspec
Andreas Schmidt
 
Ansible for large scale deployment
Ansible for large scale deploymentAnsible for large scale deployment
Ansible for large scale deployment
Karthik .P.R
 
Investigation of testing with ansible
Investigation of testing with ansibleInvestigation of testing with ansible
Investigation of testing with ansible
Dennis Rowe
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
Monitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaMonitoring Open Source Databases with Icinga
Monitoring Open Source Databases with Icinga
Icinga
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
Dennis Rowe
 
Unsafe SSL webinar
Unsafe SSL webinarUnsafe SSL webinar
Unsafe SSL webinar
Wolfgang Kandek
 
Rack
RackRack
Rack
shaokun
 

Contenu connexe

Tendances

High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
Bram Vogelaar
 
Investigation of testing with ansible
Investigation of testing with ansibleInvestigation of testing with ansible
Investigation of testing with ansible
Dennis Rowe
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 

Tendances (20)

Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
 
Ansible Crash Course
Ansible Crash CourseAnsible Crash Course
Ansible Crash Course
 
Monitor-Driven Development Using Ansible
Monitor-Driven Development Using AnsibleMonitor-Driven Development Using Ansible
Monitor-Driven Development Using Ansible
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
 
Serverspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collideServerspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collide
 
Kernelci.org needs you!
Kernelci.org needs you!Kernelci.org needs you!
Kernelci.org needs you!
 
CI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureCI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for Infrastructure
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
 
Hacking on WildFly 9
Hacking on WildFly 9Hacking on WildFly 9
Hacking on WildFly 9
 
Inside the Chef Push Jobs Service - ChefConf 2015
Inside the Chef Push Jobs Service - ChefConf 2015 Inside the Chef Push Jobs Service - ChefConf 2015
Inside the Chef Push Jobs Service - ChefConf 2015
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
 
Ansible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers GaliciaAnsible introduction - XX Betabeers Galicia
Ansible introduction - XX Betabeers Galicia
 
Ansible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL MeetupAnsible 101 - Presentation at Ansible STL Meetup
Ansible 101 - Presentation at Ansible STL Meetup
 
OSDC2014: Testing Server Infrastructure with #serverspec
OSDC2014: Testing Server Infrastructure with #serverspecOSDC2014: Testing Server Infrastructure with #serverspec
OSDC2014: Testing Server Infrastructure with #serverspec
 
Ansible for large scale deployment
Ansible for large scale deploymentAnsible for large scale deployment
Ansible for large scale deployment
 
Investigation of testing with ansible
Investigation of testing with ansibleInvestigation of testing with ansible
Investigation of testing with ansible
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
 
Monitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaMonitoring Open Source Databases with Icinga
Monitoring Open Source Databases with Icinga
 
Testing Ansible with Jenkins and Docker
Testing Ansible with Jenkins and DockerTesting Ansible with Jenkins and Docker
Testing Ansible with Jenkins and Docker
 

Similaire à HTTPS and Ansible

Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 

Similaire à HTTPS and Ansible (20)

Unsafe SSL webinar
Unsafe SSL webinarUnsafe SSL webinar
Unsafe SSL webinar
 
Rack
RackRack
Rack
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Woo: Writing a fast web server @ ELS2015
Woo: Writing a fast web server @ ELS2015Woo: Writing a fast web server @ ELS2015
Woo: Writing a fast web server @ ELS2015
 
About Clack
About ClackAbout Clack
About Clack
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Introduction to NodeJS with LOLCats
Introduction to NodeJS with LOLCatsIntroduction to NodeJS with LOLCats
Introduction to NodeJS with LOLCats
 
Host Health Monitoring with Docker Run
Host Health Monitoring with Docker RunHost Health Monitoring with Docker Run
Host Health Monitoring with Docker Run
 
Get your teeth into Plack
Get your teeth into PlackGet your teeth into Plack
Get your teeth into Plack
 
Scaling with swagger
Scaling with swaggerScaling with swagger
Scaling with swagger
 
Logstash
LogstashLogstash
Logstash
 
CouchDB for Web Applications - Erlang Factory London 2009
CouchDB for Web Applications - Erlang Factory London 2009CouchDB for Web Applications - Erlang Factory London 2009
CouchDB for Web Applications - Erlang Factory London 2009
 
My Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is MagicMy Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is Magic
 
Webinar - DreamObjects/Ceph Case Study
Webinar - DreamObjects/Ceph Case StudyWebinar - DreamObjects/Ceph Case Study
Webinar - DreamObjects/Ceph Case Study
 
Introduction to Chef
Introduction to ChefIntroduction to Chef
Introduction to Chef
 
CloudStack and the HeartBleed vulnerability
CloudStack and the HeartBleed vulnerabilityCloudStack and the HeartBleed vulnerability
CloudStack and the HeartBleed vulnerability
 
Mitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorpMitchell Hashimoto, HashiCorp
Mitchell Hashimoto, HashiCorp
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
NullMQ @ PDX
NullMQ @ PDXNullMQ @ PDX
NullMQ @ PDX
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
 

Plus de Jeff Geerling

High Performance Drupal
High Performance DrupalHigh Performance Drupal
High Performance Drupal
Jeff Geerling
 
Ansible for Drupal infrastructure and deployments
Ansible for Drupal infrastructure and deploymentsAnsible for Drupal infrastructure and deployments
Ansible for Drupal infrastructure and deployments
Jeff Geerling
 
Ansible + Drupal: A Fortuitous DevOps Match
Ansible + Drupal: A Fortuitous DevOps MatchAnsible + Drupal: A Fortuitous DevOps Match
Ansible + Drupal: A Fortuitous DevOps Match
Jeff Geerling
 
DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!
Jeff Geerling
 

Plus de Jeff Geerling (20)

Continuous Testing with Molecule, Ansible, and GitHub Actions
Continuous Testing with Molecule, Ansible, and GitHub ActionsContinuous Testing with Molecule, Ansible, and GitHub Actions
Continuous Testing with Molecule, Ansible, and GitHub Actions
 
2020 Drupal Local Development Tools Survey - CMS Philly
2020 Drupal Local Development Tools Survey - CMS Philly2020 Drupal Local Development Tools Survey - CMS Philly
2020 Drupal Local Development Tools Survey - CMS Philly
 
There's a role for that! (AnsibleFest 2019)
There's a role for that! (AnsibleFest 2019)There's a role for that! (AnsibleFest 2019)
There's a role for that! (AnsibleFest 2019)
 
Everything I know about Kubernetes I learned from a Raspberry Pi cluster
Everything I know about Kubernetes I learned from a Raspberry Pi clusterEverything I know about Kubernetes I learned from a Raspberry Pi cluster
Everything I know about Kubernetes I learned from a Raspberry Pi cluster
 
Real World DevOps - Jeff Geerling's NEDCamp 2018 Keynote
Real World DevOps - Jeff Geerling's NEDCamp 2018 KeynoteReal World DevOps - Jeff Geerling's NEDCamp 2018 Keynote
Real World DevOps - Jeff Geerling's NEDCamp 2018 Keynote
 
Ansible and Kubernetes
Ansible and KubernetesAnsible and Kubernetes
Ansible and Kubernetes
 
Drupal VM for Drupal 8 Dev - Drupal Camp STL 2017
Drupal VM for Drupal 8 Dev - Drupal Camp STL 2017Drupal VM for Drupal 8 Dev - Drupal Camp STL 2017
Drupal VM for Drupal 8 Dev - Drupal Camp STL 2017
 
Drupal VM for Drupal 8 Dev - MidCamp 2017
Drupal VM for Drupal 8 Dev - MidCamp 2017Drupal VM for Drupal 8 Dev - MidCamp 2017
Drupal VM for Drupal 8 Dev - MidCamp 2017
 
ProTips for Staying Sane while Working from Home
ProTips for Staying Sane while Working from Home ProTips for Staying Sane while Working from Home
ProTips for Staying Sane while Working from Home
 
Highly available Drupal on a Raspberry Pi cluster
Highly available Drupal on a Raspberry Pi clusterHighly available Drupal on a Raspberry Pi cluster
Highly available Drupal on a Raspberry Pi cluster
 
Ansible 2 and Ansible Galaxy 2
Ansible 2 and Ansible Galaxy 2Ansible 2 and Ansible Galaxy 2
Ansible 2 and Ansible Galaxy 2
 
High Performance Drupal
High Performance DrupalHigh Performance Drupal
High Performance Drupal
 
Ansible for Drupal infrastructure and deployments
Ansible for Drupal infrastructure and deploymentsAnsible for Drupal infrastructure and deployments
Ansible for Drupal infrastructure and deployments
 
Ansible + Drupal: A Fortuitous DevOps Match
Ansible + Drupal: A Fortuitous DevOps MatchAnsible + Drupal: A Fortuitous DevOps Match
Ansible + Drupal: A Fortuitous DevOps Match
 
DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!DevOps for Humans - Ansible for Drupal Deployment Victory!
DevOps for Humans - Ansible for Drupal Deployment Victory!
 
Drupal 8 - A Brief Introduction
Drupal 8 - A Brief IntroductionDrupal 8 - A Brief Introduction
Drupal 8 - A Brief Introduction
 
Server Check.in case study - Drupal and Node.js
Server Check.in case study - Drupal and Node.jsServer Check.in case study - Drupal and Node.js
Server Check.in case study - Drupal and Node.js
 
Local Dev on Virtual Machines - Vagrant, VirtualBox and Ansible
Local Dev on Virtual Machines - Vagrant, VirtualBox and AnsibleLocal Dev on Virtual Machines - Vagrant, VirtualBox and Ansible
Local Dev on Virtual Machines - Vagrant, VirtualBox and Ansible
 
Florissant TIF - Cross Keys Redevelopment
Florissant TIF - Cross Keys RedevelopmentFlorissant TIF - Cross Keys Redevelopment
Florissant TIF - Cross Keys Redevelopment
 
How to Build a Drupal Module
How to Build a Drupal ModuleHow to Build a Drupal Module
How to Build a Drupal Module
 

Dernier

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 

Dernier (20)

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 

HTTPS and Ansible

  • 1. Ansible St. Louis Meetup http://www.meetup.com/Ansible-St-Louis/ @ansiblestl
  • 2. Thanks to tonight's meetup location sponsor:
  • 3. HTTPS and Ansible Jeff Geerling
 Ansible St. Louis
 2018-02-12
  • 4. What's required for HTTPS? • OpenSSL (usually) • Webserver support (Apache, Nginx, Node, Lightthpd, Caddy, etc.) • A certificate and key!
  • 5. What can Ansible automate? • OpenSSL (usually) • Webserver support (Apache, Nginx, Node, Lightthpd, Caddy, etc.) • A certificate and key!
  • 6. Server setup for HTTPS • Check Ansible Galaxy for tuned/easy-to-use roles • I'm a little biased, but at least check out geerlingguy.nginx, geerlingguy.apache... • Use SSL Labs' server test to validate
  • 7. BYOC • "Bring your own cert" • Downside: Manual or out-of-band updates • E.g. - copy:
 content: "{{ my_cert }}"
 dest: /path/to/cert.crt - copy:
 content: /local/path/to/cert.crt
 dest: /path/to/cert.crt
  • 8. ACM (or equivalent) • Generate certs via APIs • Downside: tied to specific services • AWS CloudFormation template to generate AWS::CertificateManager::Certificate • Use Ansible's cloudformation module
  • 9. Let's Encrypt • Free certs for all! • Downside: requires public-facing server • E.g. geerlingguy.certbot Ansible letsencrypt module
  • 10. Local / Self-Signed • Free certs for all! • Downside: browser support == headaches • E.g. See my blog post Ansible openssl_* modules
  • 11. Q&A