initial commit

2019-10-13 17:49:12 +02:00 · 2019-10-13 17:49:12 +02:00 · ff1cfedadf
commit ff1cfedadf
6 changed files with 186 additions and 0 deletions
--- a/tasks/common_cert.yml
+++ b/tasks/common_cert.yml
@ -0,0 +1,33 @@
+- set_fact:
+    basepath: "/etc/ssl"
+- set_fact:
+    cert_paths:
+      csrpath: "{{ basepath + '/' + certname + '.csr' }}"
+      keypath: "{{ basepath + '/private/' + certname + '.key' }}"
+      certpath: "{{ basepath + '/' + certname + '.crt' }}"
+      chainpath: "{{ basepath + '/' + certname + '.chain.crt' }}"
+      fullpath: "{{ basepath + '/private/' + certname + '.complete.pem' }}"
+- set_fact:
+    cert: "{{ certificates.defaults|combine(cert_paths, certificates.certs[certname]|d({}), {'name': certname} ) }}"
+
+- debug:
+    verbosity: 1
+    var: cert
+
+- name: "generate key for {{ certname }}"
+  openssl_privatekey:
+    path: "{{ cert.keypath }}"
+    size: 4096
+    type: RSA
+    mode: 0640
+    owner: root
+    group: ssl-cert
+
+- name: "generate csr for {{ certname }}"
+  openssl_csr:
+    path: "{{ cert.csrpath }}"
+    privatekey_path: "{{ cert.keypath }}"
+    common_name: "{% if cert.cn %}{{ cert.cn }}{% else %}{{ cert.san[0] }}{% endif %}"
+    subject_alt_name: "{{ cert.san | map('regex_replace', '^', 'DNS:') | list }}"
+  register: task_generate_csr
+