infra/ansible-role-certificates
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix linter errors

Browse source
This commit is contained in:
nd 2021-07-16 20:50:05 +02:00
parent 30fc930c4d
commit aa1de02b8c
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
6 changed files with 43 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

21
tasks/common_cert.yml
View file

@ -1,6 +1,8 @@
- set_fact: - name: store base cert path
set_fact:
basepath: "/etc/ssl" basepath: "/etc/ssl"
- set_fact: - name: store cert path
set_fact:
cert_paths: cert_paths:
csrpath: "{{ basepath + '/' + certname + '.csr' }}" csrpath: "{{ basepath + '/' + certname + '.csr' }}"
capath: "{{ basepath + '/' + certname + '.ca' }}" capath: "{{ basepath + '/' + certname + '.ca' }}"
@ -8,18 +10,23 @@
certpath: "{{ basepath + '/' + certname + '.crt' }}" certpath: "{{ basepath + '/' + certname + '.crt' }}"
chainpath: "{{ basepath + '/' + certname + '.chain.crt' }}" chainpath: "{{ basepath + '/' + certname + '.chain.crt' }}"
fullpath: "{{ basepath + '/private/' + certname + '.complete.pem' }}" fullpath: "{{ basepath + '/private/' + certname + '.complete.pem' }}"
- set_fact: - name: store cert object
set_fact:
cert: "{{ {}|combine(certificates.defaults, cert_paths, certificates.certs[certname]|d({}), {'name': certname}, recursive=True ) }}" cert: "{{ {}|combine(certificates.defaults, cert_paths, certificates.certs[certname]|d({}), {'name': certname}, recursive=True ) }}"
- set_fact: - name: store cert_backend object
set_fact:
cert_backend: "{{ {}|combine(certificates.backends[cert.backend], cert.backend_override|d({}), recursive=True) }}" cert_backend: "{{ {}|combine(certificates.backends[cert.backend], cert.backend_override|d({}), recursive=True) }}"
- debug: - name: debug cert object
debug:
verbosity: 1 verbosity: 1
var: cert var: cert
- debug: - name: debug cert_backend object
debug:
verbosity: 1 verbosity: 1
var: cert_backend var: cert_backend
- debug: - name: debug inventory certs object
debug:
verbosity: 1 verbosity: 1
var: certificates.certs[certname] var: certificates.certs[certname]

14
tasks/letsencrypt_cert.yml
View file

@ -1,6 +1,7 @@
- include_tasks: common_cert.yml - include_tasks: common_cert.yml
- set_fact: - name: store challenge type
set_fact:
external_challenge_type: "{{ map_challenge_type_letsencrypt[cert_backend.challenge]|d(cert_backend.challenge) }}" external_challenge_type: "{{ map_challenge_type_letsencrypt[cert_backend.challenge]|d(cert_backend.challenge) }}"
- name: "get challenge for {{ certname }}" - name: "get challenge for {{ certname }}"
@ -75,7 +76,7 @@
- name: "setup challenge server for {{ certname }} (dns challenge)" - name: "setup challenge server for {{ certname }} (dns challenge)"
when: when:
- challenge is changed - challenge is changed # noqa no-handler
- cert_backend.challenge == "dns-01" - cert_backend.challenge == "dns-01"
delegate_to: "{{ serverchallengepair.0 }}" delegate_to: "{{ serverchallengepair.0 }}"
loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}" loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}"
@ -91,7 +92,7 @@
- name: "setup challenge server for {{ certname }} (manual dns challenge)" - name: "setup challenge server for {{ certname }} (manual dns challenge)"
when: when:
- challenge is changed - challenge is changed # noqa no-handler
- cert_backend.challenge == "dns-01-manual" - cert_backend.challenge == "dns-01-manual"
loop: "{{ challenge.challenge_data_dns|d({})|dict2items }}" loop: "{{ challenge.challenge_data_dns|d({})|dict2items }}"
loop_control: loop_control:
@ -103,12 +104,12 @@
pause: pause:
prompt: "When the relevant lines were added to dns and synced, press enter" prompt: "When the relevant lines were added to dns and synced, press enter"
when: when:
- challenge is changed - challenge is changed # noqa no-handler
- cert_backend.challenge == "dns-01-manual" - cert_backend.challenge == "dns-01-manual"
- name: "setup challenge server for {{ certname }} (http challenge)" - name: "setup challenge server for {{ certname }} (http challenge)"
when: when:
- challenge is changed - challenge is changed # noqa no-handler
- cert_backend.challenge == "http-01" - cert_backend.challenge == "http-01"
delegate_to: "{{ serverchallengepair.0 }}" delegate_to: "{{ serverchallengepair.0 }}"
loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}" loop: "{{ cert_backend.challengeserver|product(challenge.challenge_data.keys()|list)|list }}"
@ -124,7 +125,8 @@
<<: *acmetask <<: *acmetask
data: "{{ challenge }}" data: "{{ challenge }}"
- set_fact: - name: store if the cert was changed
set_fact:
certchanged: "{{ challenge is changed }}" certchanged: "{{ challenge is changed }}"
- name: handle postflight - name: handle postflight
include: common_post.yml include: common_post.yml

2
tasks/letsencrypt_setup.yml
View file

@ -9,7 +9,7 @@
- name: register letsencrypt account - name: register letsencrypt account
when: when:
- letsencrypt_account_key is changed - letsencrypt_account_key is changed # noqa no-handler
- not certificates.disable_letsencrypt_account_registration - not certificates.disable_letsencrypt_account_registration
acme_account: acme_account:
account_key_src: /etc/ssl/letsencrypt_account.key account_key_src: /etc/ssl/letsencrypt_account.key

5
tasks/main.yml
View file

@ -18,8 +18,9 @@
owner: root owner: root
group: ssl-cert group: ssl-cert
- debug: - name: debug certificate object
verbosity: 2 debug:
verbosity: 1
var: certificates var: certificates
- import_tasks: letsencrypt_setup.yml - import_tasks: letsencrypt_setup.yml

18
tasks/ownca_cert.yml
View file

@ -1,8 +1,10 @@
- include_tasks: common_cert.yml - include_tasks: common_cert.yml
- set_fact: - name: store ca base path
set_fact:
capath: "{{ cert_backend.basepath }}/{{ cert_backend.name }}" capath: "{{ cert_backend.basepath }}/{{ cert_backend.name }}"
- set_fact: - name: store ca sub paths
set_fact:
cacertpath: "{{ capath }}/ca.crt" cacertpath: "{{ capath }}/ca.crt"
cakeypath: "{{ capath }}/ca.key" cakeypath: "{{ capath }}/ca.key"
cacsrpath: "{{ capath }}/ca.csr" cacsrpath: "{{ capath }}/ca.csr"
@ -81,6 +83,9 @@
copy: copy:
content: "{{ csrfile.content | b64decode }}" content: "{{ csrfile.content | b64decode }}"
dest: "{{ remotecsrpath }}" dest: "{{ remotecsrpath }}"
mode: 0644
owner: root
group: root
- name: "sign certificate for {{ certname }}" - name: "sign certificate for {{ certname }}"
register: casignedsign register: casignedsign
openssl_certificate: openssl_certificate:
@ -100,10 +105,16 @@
copy: copy:
content: "{{ crtfile.content | b64decode }}" content: "{{ crtfile.content | b64decode }}"
dest: "{{ cert.certpath }}" dest: "{{ cert.certpath }}"
mode: 0644
owner: root
group: root
- name: "write ca ({{ certname }})" - name: "write ca ({{ certname }})"
copy: copy:
content: "{{ cafile.content | b64decode }}" content: "{{ cafile.content | b64decode }}"
dest: "{{ cert.capath }}" dest: "{{ cert.capath }}"
mode: 0644
owner: root
group: root
- name: "generate concatinated versions (chain) for {{ certname }}" - name: "generate concatinated versions (chain) for {{ certname }}"
copy: copy:
content: "{{ crtfile.content | b64decode }}{{ cafile.content | b64decode }}" content: "{{ crtfile.content | b64decode }}{{ cafile.content | b64decode }}"
@ -119,7 +130,8 @@
owner: root owner: root
group: ssl-cert group: ssl-cert
- set_fact: - name: store if the cert was changed
set_fact:
certchanged: "{{ casignedsign is changed }}" certchanged: "{{ casignedsign is changed }}"
- name: handle postflight - name: handle postflight
include: common_post.yml include: common_post.yml

3
tasks/selfsigned_cert.yml
View file

@ -33,7 +33,8 @@
owner: root owner: root
group: ssl-cert group: ssl-cert
- set_fact: - name: store if the cert was changed
set_fact:
certchanged: "{{ selfsignedsign is changed }}" certchanged: "{{ selfsignedsign is changed }}"
- name: handle postflight - name: handle postflight
include: common_post.yml include: common_post.yml