infra/ansible-role-certificates
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed some bugs

Browse source
This commit is contained in:
nd 2019-11-01 15:59:04 +01:00
parent ff1cfedadf
commit 313452f5e2
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
4 changed files with 12 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
defaults/main.yml
View file

@ -13,4 +13,5 @@ certificates:
mail: "example@example.com" mail: "example@example.com"
ou: "cyber" ou: "cyber"
cn: ~ cn: ~
san: []
certs: {} certs: {}

4
tasks/common_cert.yml
View file

@ -8,7 +8,7 @@
chainpath: "{{ basepath + '/' + certname + '.chain.crt' }}" chainpath: "{{ basepath + '/' + certname + '.chain.crt' }}"
fullpath: "{{ basepath + '/private/' + certname + '.complete.pem' }}" fullpath: "{{ basepath + '/private/' + certname + '.complete.pem' }}"
- set_fact: - set_fact:
cert: "{{ certificates.defaults|combine(cert_paths, certificates.certs[certname]|d({}), {'name': certname} ) }}" cert: "{{ {}|combine(certificates.defaults, cert_paths, certificates.certs[certname]|d({}), {'name': certname} ) }}"
- debug: - debug:
verbosity: 1 verbosity: 1
@ -27,7 +27,7 @@
openssl_csr: openssl_csr:
path: "{{ cert.csrpath }}" path: "{{ cert.csrpath }}"
privatekey_path: "{{ cert.keypath }}" privatekey_path: "{{ cert.keypath }}"
common_name: "{% if cert.cn %}{{ cert.cn }}{% else %}{{ cert.san[0] }}{% endif %}" common_name: "{% if cert.cn %}{{ cert.cn }}{% elif cert.san|length > 0 %}{{ cert.san[0] }}{% else %}{{ cert.name }}{% endif %}"
subject_alt_name: "{{ cert.san | map('regex_replace', '^', 'DNS:') | list }}" subject_alt_name: "{{ cert.san | map('regex_replace', '^', 'DNS:') | list }}"
register: task_generate_csr register: task_generate_csr

11
tasks/letsencrypt_cert.yml
View file

@ -12,6 +12,7 @@
fullchain_dest: "{{ cert.chainpath }}" fullchain_dest: "{{ cert.chainpath }}"
remaining_days: "{{ certificates.backends.letsencrypt.remainingdays }}" remaining_days: "{{ certificates.backends.letsencrypt.remainingdays }}"
challenge: "{{ certificates.backends.letsencrypt.challange }}" challenge: "{{ certificates.backends.letsencrypt.challange }}"
deactivate_authzs: yes
register: challenge register: challenge
- name: "setup challenge server for {{ certname }} (dns challange)" - name: "setup challenge server for {{ certname }} (dns challange)"
@ -27,8 +28,14 @@
- "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}" - "{{ challenge.challenge_data[item.1]['dns-01'].resource_value }}"
- name: "setup challenge server for {{ certname }} (http challange)" - name: "setup challenge server for {{ certname }} (http challange)"
debug: msg=a when:
- challenge is changed
- certificates.backends.letsencrypt.challange == "http-01"
delegate_to: "{{ item.0 }}"
loop: "{{ certificates.backends.letsencrypt.challangeserver|product(challenge.challenge_data.keys()|list)|list }}"
copy:
dest: "/var/www/letsencrypt/{{ challenge.challenge_data[item.1]['http-01'].resource | basename }}"
content: "{{ challenge.challenge_data.[item.1]['http-01'].resource_value }}"
- name: "get certificate {{ certname }}" - name: "get certificate {{ certname }}"
acme_certificate: acme_certificate:

1
tasks/main.yml
View file

@ -2,7 +2,6 @@
apt: apt:
pkg: pkg:
- openssl - openssl
- python3-openssl
- python3-cryptography - python3-cryptography
- name: add group ssl-cert - name: add group ssl-cert