Ildar Saidashev isaidashev

openssl req -new -newkey rsa:4096 -days 365 -x509 -subj /CN=Kafka-Security-Ca -keyout ca-key.pem -out ca-cert.pem -nodes

Создаем хранилище

keytool -genkey -keyalg RSA -keystore kafka.server.keystore.jks -validity 365 -storepass secret -keypass secret -dname CN=kafka-centos-8 -storetype pkcs12

Импорт CA в хранилище

keytool -keystore kafka.server.keystore.jks -alias CAroot -import -file ca-cert.pem -storepass secret -keypass secret -noprompt #Создаем запрос на сертификат keytool -keystore kafka.server.keystore.jks -certreq -file cert-request.pem -storepass secret -keypass secret

Создаем новый самописный сертификат на основе запроса

openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in cert-request.pem -out cert-signed.pem -days 365 -CAcreateserial -passin pass:secret

Импортируем СA в хранилище

	lineinfile:
	name: /tmp/my.conf
	line: "127.0.0.1"
	state: present
	check_mode: yes
	register: conf
	failed_when: (conf is changed) or (conf is failed)

	#!/bin/bash
	if [ $# -ne "2" ];then
	echo "Usage: $0 SERVICE_ACCOUNT NAMESPACE"
	exit 1
	fi
	sa=${1}
	ns=${2}
	name=`kubectl get sa $sa -n $ns -o yaml\|grep secrets: -A1\|grep name\| awk -F":" '{print $2}'\| tr -d " "`
	ca="$(kubectl get secret/$name -n $ns -o jsonpath='{.data.ca\.crt}')"
	token="$(kubectl get secret $name -n $ns -o jsonpath='{.data.token}' \| base64 -d)"

	- name: "Verify that required string variables are defined"
	assert:
	that: ahs_var is defined and ahs_var \| length > 0 and ahs_var != None
	fail_msg: "{{ ahs_var }} needs to be set for the role to work "
	success_msg: "Required variables {{ ahs_var }} is defined"
	loop_control:
	loop_var: ahs_var
	with_items:
	- ahs_item1
	- ahs_item2

	useradd username
	usermod -a -G wheel username
	mkdir /home/username/.ssh
	echo 'hahahahahahah' > /home/username/.ssh/authorized_keys

	VAGRANTFILE_API_VERSION = "2"

	Vagrant.configure(VAGRANTFILE_API_VERSION) do \|config\|
	# Use the same key for each machine
	config.ssh.insert_key = false

	config.vm.define "vagrant1" do \|vagrant1\|
	vagrant1.vm.box = "ubuntu/trusty64"
	end
	config.vm.define "vagrant2" do \|vagrant2\|

	- name: Get value broker.id from config file
	ansible.builtin.set_fact:
	_broker_id: "{{ _file_server_properties.content \| b64decode \| regex_search('^broker.id=.*$', multiline=True) }}"

	# https://blog.ukrnames.com/bezopasnost/openssl-proverka-ssl-sertifikatov-cherez-terminal
	#Проверта сертификата SSL
	openssl x509 -in /etc/ssl/certs/server.crt -text -noout

	# -- mode: ruby --
	# vi: set ft=ruby :

	# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
	VAGRANTFILE_API_VERSION = "2"

	Vagrant.configure(VAGRANTFILE_API_VERSION) do \|config\|
	# Use the same key for each machine
	config.ssh.insert_key = false

	## 1.Мультиплексирование
	cat <<EOF >> ~/.ssh/config
	Host *
	ControlMaster auto
	ControlPath $HOME/.ansible/cp/asnible-ssh-%h-%p-%r
	ControlPersist 60s
	EOF

	## Оключение сбора фактов в сценарии
	gapher_facts: False