infra/ansible-role-certificates
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-certificates/tasks/selfsigned_cert.yml
psy 6e41bb2275
fix deprecated includes
2023-11-26 19:43:17 +01:00

40 lines
1.2 KiB
YAML
Raw Blame History

- include_tasks: common_cert.yml
- name: "sign certificate for {{ certname }}"
register: selfsignedsign
openssl_certificate:
path: "{{ cert.certpath }}"
privatekey_path: "{{ cert.keypath }}"
csr_path: "{{ cert.csrpath }}"
provider: selfsigned
selfsigned_not_after: "{{ cert_backend.not_after }}"
- name: "generate concatinated versions (chain) for {{ certname }}"
shell: "umask 0137; cat {{ cert.certpath }} > {{ cert.chainpath }}"
args:
creates: "{{ cert.chainpath }}"
- name: "set permission for concatinated versions (chain) for {{ certname }}"
file:
path: "{{ cert.chainpath }}"
mode: 0644
owner: root
group: ssl-cert
- name: "generate concatinated versions (full) for {{ certname }}"
shell: "umask 0137; cat {{ cert.chainpath }} {{ cert.keypath }} > {{ cert.fullpath }}"
args:
creates: "{{ cert.fullpath }}"
- name: "set permissions for concatinated versions (full) for {{ certname }}"
file:
path: "{{ cert.fullpath }}"
mode: 0640
owner: root
group: ssl-cert
- name: store if the cert was changed
set_fact:
certchanged: "{{ selfsignedsign is changed }}"
- name: handle postflight
include_tasks: common_post.yml
Reference in a new issue View git blame Copy permalink