42 lines
1.4 KiB
YAML
42 lines
1.4 KiB
YAML
- set_fact:
|
|
basepath: "/etc/ssl"
|
|
- set_fact:
|
|
cert_paths:
|
|
csrpath: "{{ basepath + '/' + certname + '.csr' }}"
|
|
capath: "{{ basepath + '/' + certname + '.ca' }}"
|
|
keypath: "{{ basepath + '/private/' + certname + '.key' }}"
|
|
certpath: "{{ basepath + '/' + certname + '.crt' }}"
|
|
chainpath: "{{ basepath + '/' + certname + '.chain.crt' }}"
|
|
fullpath: "{{ basepath + '/private/' + certname + '.complete.pem' }}"
|
|
- set_fact:
|
|
cert: "{{ {}|combine(certificates.defaults, cert_paths, certificates.certs[certname]|d({}), {'name': certname}, recursive=True ) }}"
|
|
- set_fact:
|
|
cert_backend: "{{ {}|combine(certificates.backends[cert.backend], cert.backend_override|d({}), recursive=True) }}"
|
|
|
|
- debug:
|
|
verbosity: 1
|
|
var: cert
|
|
- debug:
|
|
verbosity: 1
|
|
var: cert_backend
|
|
- debug:
|
|
verbosity: 1
|
|
var: certificates.certs[certname]
|
|
|
|
- name: "generate key for {{ certname }}"
|
|
openssl_privatekey:
|
|
path: "{{ cert.keypath }}"
|
|
size: 4096
|
|
type: RSA
|
|
mode: 0640
|
|
owner: root
|
|
group: ssl-cert
|
|
|
|
- name: "generate csr for {{ certname }}"
|
|
openssl_csr:
|
|
path: "{{ cert.csrpath }}"
|
|
privatekey_path: "{{ cert.keypath }}"
|
|
common_name: "{% if cert.cn %}{{ cert.cn }}{% elif cert.san|length > 0 %}{{ cert.san[0] }}{% else %}{{ cert.name }}{% endif %}"
|
|
subject_alt_name: "{{ cert.san | map('regex_replace', '^', 'DNS:') | list }}"
|
|
register: task_generate_csr
|
|
|