apigee-tls-lb-terminating.yml - private-cloud-ansible-playbooks/apigee-opdk-playbook-installation-single-region - Git at Google

 ---
 - name: Update cache for target servers
   hosts: ms,rmp
   tags: ['cache']
   vars_files:
   - ~/.apigee/custom-properties.yml
   roles:
   - { role: apigee-opdk-setup-default-settings }

 - name: Configure Management Server for TLS
   hosts: ms
   become: yes
   become_user: apigee
   tags: ['ms']
   vars_files:
   - ~/.apigee-secure/credentials.yml
   vars:
     cwc_properties:
     - { key: 'conf_virtualhost_virtual.host.properties.names', value: 'proxy_read_timeout,keepalive_timeout,ssl_ciphers,ssl_protocols,proxy_request_buffering,proxy_buffering,listen', file_name: 'management-server' }
   roles:
   - { role: apigee-opdk-cwc-update, tags: ['update'] }
   - { role: apigee-opdk-stop-components, tags: ['restart','ms-restart'] }
   - { role: apigee-opdk-start-components, tags: ['restart','ms-restart'] }

 - name: Configure Each Router for TLS
   hosts: rmp
   become: yes
   become_user: apigee
   tags: ['router']
   vars_files:
   - ~/.apigee-secure/credentials.yml
   vars:
     cwc_properties:
     - { key: 'conf_virtualhost_virtual.host.properties.names', value: 'proxy_read_timeout,keepalive_timeout,ssl_ciphers,ssl_protocols,proxy_request_buffering,proxy_buffering,listen', file_name: 'management-server' }
   roles:
   - { role: apigee-opdk-cwc-update, tags: ['update'] }
   - { role: apigee-opdk-stop-components, tags: ['restart','r-restart'] }
   - { role: apigee-opdk-start-components, tags: ['restart','r-restart'] }

 - name: Update VHOST Configuration
   hosts: ms
   tags: ['vhost']
   vars_files:
   - ~/.apigee-secure/credentials.yml
   vars:
     keystore: testKeystore
     clientAuthEnabled: False
     sslinfo_enabled: true

   tasks:
 #  - name: Upload Keystore

   - name: Update VHOST Configuration
     uri:
       url: "http://{{ local_mgmt_ip }}:8080/v1/organizations/{{ org_name }}/environments/{{ env_name }}/virtualhosts/{{ virtual_host_name }}"
       method: POST
       user: "{{ opdk_user_email }}"
       password: "{{ opdk_user_pass }}"
       force_basic_auth: yes
       headers:
         Content-Type: "application/xml"
       body: |
         <VirtualHost name='{{ virtual_host_name }}'>
           <HostAliases>
             <HostAlias>{{ virtual_host_alias }}</HostAlias>
           </HostAliases>
           <Interfaces/>
           <Port>{{ virtual_host_port }}</Port>
           <SSLInfo>
             <Enabled>{{ sslinfo_enabled }}</Enabled>
             <ClientAuthEnabled>{{ clientAuthEnabled }}</ClientAuthEnabled>
             <KeyStore>{{ keystore }}</KeyStore>
             <KeyAlias>{{ virtual_host_alias }}</KeyAlias>
           </SSLInfo>
          </VirtualHost>
	---
	- name: Update cache for target servers
	hosts: ms,rmp
	tags: ['cache']
	vars_files:
	- ~/.apigee/custom-properties.yml
	roles:
	- { role: apigee-opdk-setup-default-settings }

	- name: Configure Management Server for TLS
	hosts: ms
	become: yes
	become_user: apigee
	tags: ['ms']
	vars_files:
	- ~/.apigee-secure/credentials.yml
	vars:
	cwc_properties:
	- { key: 'conf_virtualhost_virtual.host.properties.names', value: 'proxy_read_timeout,keepalive_timeout,ssl_ciphers,ssl_protocols,proxy_request_buffering,proxy_buffering,listen', file_name: 'management-server' }
	roles:
	- { role: apigee-opdk-cwc-update, tags: ['update'] }
	- { role: apigee-opdk-stop-components, tags: ['restart','ms-restart'] }
	- { role: apigee-opdk-start-components, tags: ['restart','ms-restart'] }

	- name: Configure Each Router for TLS
	hosts: rmp
	become: yes
	become_user: apigee
	tags: ['router']
	vars_files:
	- ~/.apigee-secure/credentials.yml
	vars:
	cwc_properties:
	- { key: 'conf_virtualhost_virtual.host.properties.names', value: 'proxy_read_timeout,keepalive_timeout,ssl_ciphers,ssl_protocols,proxy_request_buffering,proxy_buffering,listen', file_name: 'management-server' }
	roles:
	- { role: apigee-opdk-cwc-update, tags: ['update'] }
	- { role: apigee-opdk-stop-components, tags: ['restart','r-restart'] }
	- { role: apigee-opdk-start-components, tags: ['restart','r-restart'] }

	- name: Update VHOST Configuration
	hosts: ms
	tags: ['vhost']
	vars_files:
	- ~/.apigee-secure/credentials.yml
	vars:
	keystore: testKeystore
	clientAuthEnabled: False
	sslinfo_enabled: true

	tasks:
	# - name: Upload Keystore

	- name: Update VHOST Configuration
	uri:
	url: "http://{{ local_mgmt_ip }}:8080/v1/organizations/{{ org_name }}/environments/{{ env_name }}/virtualhosts/{{ virtual_host_name }}"
	method: POST
	user: "{{ opdk_user_email }}"
	password: "{{ opdk_user_pass }}"
	force_basic_auth: yes
	headers:
	Content-Type: "application/xml"
	body: \|
	<VirtualHost name='{{ virtual_host_name }}'>
	<HostAliases>
	<HostAlias>{{ virtual_host_alias }}</HostAlias>
	</HostAliases>
	<Interfaces/>
	<Port>{{ virtual_host_port }}</Port>
	<SSLInfo>
	<Enabled>{{ sslinfo_enabled }}</Enabled>
	<ClientAuthEnabled>{{ clientAuthEnabled }}</ClientAuthEnabled>
	<KeyStore>{{ keystore }}</KeyStore>
	<KeyAlias>{{ virtual_host_alias }}</KeyAlias>
	</SSLInfo>
	</VirtualHost>