ansible-role-basic-system-s.../tasks/certificate_from_private_ca...

48 lines
1.5 KiB
YAML
Raw Normal View History

2023-07-12 19:25:22 +02:00
---
- name: Create the certificate using the private CA
tags: [pki, tls, tls_certificate]
block:
2023-07-13 11:31:24 +02:00
- name: Set the common group between mkcert-ca and ansible
ansible.builtin.set_fact:
ansible_common_remote_group: ansible
2023-07-12 19:25:22 +02:00
- name: Create the certificate (delegate to the CA vm)
become: true
2023-07-12 19:25:22 +02:00
become_user: mkcert-ca
become_method: su
become_flags: '-s /bin/bash'
2023-07-12 19:25:22 +02:00
ansible.builtin.command:
cmd: mkcert -cert-file {{ mkcert_cert_name }} -key-file {{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}
args:
chdir: /srv/mkcert-ca
2023-07-12 19:25:22 +02:00
creates: "/srv/mkcert-ca/{{ mkcert_cert_name }}"
delegate_to: "{{ mkcert_ca_host }}"
- name: Manage the certificate installation
tags: [pki, tls, tls_certificate]
block:
- name: Get the certificate and its key from the CA server
ansible.builtin.fetch:
src: "/srv/mkcert-ca/{{ item }}"
dest: "files/{{ item }}"
loop:
- "{{ mkcert_cert_name }}"
- "{{ mkcert_key_name }}"
delegate_to: "{{ mkcert_ca_host }}"
- name: Copy the certificate to the destination server
ansible.builtin.copy:
src: "files/{{ mkcert_cert_name }}"
dest: "{{ pki_dir }}/certs/{{ mkcert_cert_name }}"
owner: root
group: root
mode: 0444
- name: Copy the certificate to the destination server
ansible.builtin.copy:
src: "files/{{ mkcert_key_name }}"
dest: "{{ pki_dir }}/keys/{{ mkcert_key_name }}"
owner: root
group: root
mode: 0440