roles/burp-server: Deploy BURP server

The *burp-server* role installs and configures a BURP server. It is
adapted from a previous iteration, and should support CentOS/RHEL/Fedora
and Gentoo, as well as both BURP 1.x and 2.x (depending on which version
gets installed by the system package manager).

To manage the certificate authority, the *burp-server* role uses the
`burp_ca` command. This has the advantage of not requiring any external
certificate management, but effectively binds the CA to a specific
machine.

roles/burp-server/tasks/ca.yml

@@ -0,0 +1,41 @@
+- name: ensure burp ca is configured
+  template:
+    src=CA.cnf.j2
+    dest=/etc/burp/CA.cnf
+    mode=0644
+- name: ensure burp ca is initialized
+  become: true
+  become_user: burp
+  command:
+    burp_ca --ca burpCA --dir {{ burp_ca_dir }}
+    --config /etc/burp/CA.cnf
+    --init
+    creates={{ burp_ca_dir }}/CA_burpCA.crt
+- name: ensure burp server private key exists
+  become: true
+  become_user: burp
+  command:
+    burp_ca --ca burpCA --dir {{ burp_ca_dir }}
+    --config /etc/burp/CA.cnf
+    --request --key --name {{ burp_ca_server_name }} --batch
+    creates={{ burp_ca_dir }}/{{ burp_ca_server_name }}.key
+- name: ensure burp server certificate exists
+  become: true
+  become_user: burp
+  command:
+    burp_ca --ca burpCA --dir {{ burp_ca_dir }}
+    --config /etc/burp/CA.cnf
+    --sign --name {{ burp_ca_server_name }} --batch
+    creates={{ burp_ca_dir }}/{{ burp_ca_server_name }}.crt
+- name: ensure burp certificate symlinks exist
+  file:
+    path=/etc/burp/{{ item.path }}
+    src={{ burp_ca_dir }}/{{ item.src }}
+    state=link
+  with_items:
+  - path: ssl_cert_ca.pem
+    src: CA_burpCA.crt
+  - path: ssl_cert-server.key
+    src: '{{ burp_ca_server_name }}.key'
+  - path: ssl_cert-server.pem
+    src: '{{ burp_ca_server_name }}.crt'