kaushikc.org / k8s-mitm-cert-push
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Initial commit

authored by

Kaushik Chakraborty and committed by
Kaushik Chakraborty 83ae0d98

+94
+3
.gitignore
··· 1 + *.pem 2 + *.crt 3 + *.retry
+15
README.md
··· 1 + # Overview 2 + 3 + This is a simple script to update a remote host's certificate store with an enterprise's Man-In-The-Middle (MITM) root certificate. 4 + 5 + Update the value of `local_cert_file` variable in the `playbook.yml` with the actual path of the ROOT certificate (in PEM format) placed somewhere in the host system. 6 + 7 + Please make sure to update the `group_vars/all/vault.yml` with the relevant sensitive data of remote server IPs and ssh user id using the command 8 + 9 + `ansible-vault edit group_vars/all/vault.yml` 10 + 11 + ### Executing playbook 12 + 13 + ``` 14 + $ ansible-playbook -i hosts -kK -v --ask-vault-pass playbook.yml 15 + ```
+30
group_vars/all/vault.yml
··· 1 + $ANSIBLE_VAULT;1.1;AES256 2 + 34373334653862656630373438396362363339353163383639373937623833353634623938663235 3 + 6239373733363739343062636362613739643066646331650a353061623264333063306161636531 4 + 31663636346336623766646236616363646264623964356239616639313739303233633831663266 5 + 3835626561323036310a303635376234356664303663396461633665663535663731326264346461 6 + 33613761306531626139636264316432393137316163366164303234303164643137326264336432 7 + 31326136326532326165323134396136663037636265363538353931666239346565633937316539 8 + 65343561353230303438666663396366303765303336626233383633306363636362663330623730 9 + 31306165313331393136323631383738643663386461353738323338653536386465366534646530 10 + 34326263633936336634623061643365373432636333626436656163653263326639393463626131 11 + 39326338346636653437326364366234336563333761656633356435393861663536626162366664 12 + 34656533376538643661653238653266363033363466393436656139366433663339643861343330 13 + 62633731306463383738363563326266643232356236323664326563353430393637633737353234 14 + 38636139376433326661323565383335306363323230343262666165393831313961343339346632 15 + 31306335663537663236333837336233366234613134363961316436663062343738643938393765 16 + 62666237383562656164633136353730363065383833306364633932626438343764633238353530 17 + 61306236363361663230366136393661396161373232353863373435656431656261653361643335 18 + 65666461623536366438626430636432343839623139626362656563633163333362346363396366 19 + 65333565363466643265643339386632303865623361383834643966313862323064323930326166 20 + 34313863306533333137643666636133663831643034623664646163363232383366303966356661 21 + 36353035363834333437353539383237386330323437663433316138633330623137323465306238 22 + 32383065383861343339636261666434613761393231663466333131373633653662333561373933 23 + 37656239623833643731386231363937666163346437633665316266343466633930326536303066 24 + 30633461633363666135343838323462306235353164623566356131346662653863323435636336 25 + 30663764383965323230323630303763343439626331326337343234636137646562383864353363 26 + 38306466326534386338373331333339636436613035393233303730636430613134303864343163 27 + 65323465346162633262356563613837306432313631346464353264376335333736313862393536 28 + 30316533333466366561653930643432646361396336656237643164326364646533643630383339 29 + 65353266313738313365393765316331613430353136663664343833363535326462346135386338 30 + 3138
+18
hosts
··· 1 + [all] 2 + node1 ansible_ssh_host={{vault_hosts.ips.node1}} ansible_user={{vault_hosts.ssh_user}} 3 + node2 ansible_ssh_host={{vault_hosts.ips.node2}} ansible_user={{vault_hosts.ssh_user}} 4 + node3 ansible_ssh_host={{vault_hosts.ips.node3}} ansible_user={{vault_hosts.ssh_user}} 5 + node4 ansible_ssh_host={{vault_hosts.ips.node4}} ansible_user={{vault_hosts.ssh_user}} 6 + node5 ansible_ssh_host={{vault_hosts.ips.node5}} ansible_user={{vault_hosts.ssh_user}} 7 + node6 ansible_ssh_host={{vault_hosts.ips.node6}} ansible_user={{vault_hosts.ssh_user}} 8 + node7 ansible_ssh_host={{vault_hosts.ips.node7}} ansible_user={{vault_hosts.ssh_user}} 9 + node8 ansible_ssh_host={{vault_hosts.ips.node8}} ansible_user={{vault_hosts.ssh_user}} 10 + node9 ansible_ssh_host={{vault_hosts.ips.node9}} ansible_user={{vault_hosts.ssh_user}} 11 + node10 ansible_ssh_host={{vault_hosts.ips.node10}} ansible_user={{vault_hosts.ssh_user}} 12 + node11 ansible_ssh_host={{vault_hosts.ips.node11}} ansible_user={{vault_hosts.ssh_user}} 13 + node12 ansible_ssh_host={{vault_hosts.ips.node12}} ansible_user={{vault_hosts.ssh_user}} 14 + node13 ansible_ssh_host={{vault_hosts.ips.node13}} ansible_user={{vault_hosts.ssh_user}} 15 + node14 ansible_ssh_host={{vault_hosts.ips.node14}} ansible_user={{vault_hosts.ssh_user}} 16 + node15 ansible_ssh_host={{vault_hosts.ips.node15}} ansible_user={{vault_hosts.ssh_user}} 17 + node16 ansible_ssh_host={{vault_hosts.ips.node16}} ansible_user={{vault_hosts.ssh_user}} 18 + node17 ansible_ssh_host={{vault_hosts.ips.node17}} ansible_user={{vault_hosts.ssh_user}}
+28
playbook.yml
··· 1 + --- 2 + - hosts : all 3 + vars : 4 + local_cert_file : "" ## make sure to update this with a real path before executing the playbook 5 + ca_cert_path : "" 6 + tasks : 7 + - name : push MITM cert to all nodes of cluster 8 + become : yes 9 + become_method : sudo 10 + copy: 11 + src: "{{ local_cert_file }}" 12 + dest: "{{ ca_cert_path }}" 13 + register: ca_cert 14 + - name : update ca-certificates 15 + become : yes 16 + become_method : sudo 17 + command: update-ca-certificates 18 + when : ca_cert.changed 19 + notify : restart docker 20 + 21 + handlers : 22 + - name : restart docker 23 + become: yes 24 + become_method : sudo 25 + service : 26 + name : docker 27 + state : restarted 28 + ...