ansible-role-basic-system-s.../tasks/certificate_from_private_ca...

---
- name: certificate_from_private_ca | Create the certificate using the private CA
  tags: [pki, tls, tls_certificate]
  block:
    - name: certificate_from_private_ca | Set the common group between mkcert-ca and ansible
      ansible.builtin.set_fact:
        ansible_common_remote_group: ansible

    - name: certificate_from_private_ca | Create the certificate (delegate to the CA vm)
      ansible.builtin.command:
        cmd: mkcert -cert-file /srv/mkcert-ca/{{ mkcert_cert_name }} -key-file /srv/mkcert-ca/{{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}
      args:
        chdir: /srv/mkcert-ca
        creates: "/srv/mkcert-ca/{{ mkcert_cert_name }}"
      environment:
        CAROOT: /srv/mkcert-ca/.local/share/mkcert
      delegate_to: "{{ mkcert_ca_host }}"

- name: certificate_from_private_ca | Manage the certificate installation
  tags: [pki, tls, tls_certificate]
  block:
    - name: certificate_from_private_ca | Get the certificate and its key from the CA server
      ansible.builtin.fetch:
        src: "/srv/mkcert-ca/{{ item }}"
        dest: "files/"
        flat: true
      loop:
        - "{{ mkcert_cert_name }}"
        - "{{ mkcert_key_name }}"
      delegate_to: "{{ mkcert_ca_host }}"

    - name: certificate_from_private_ca | Copy the certificate to the destination server
      ansible.builtin.copy:
        src: "files/{{ mkcert_cert_name }}"
        dest: "{{ mkcert_cert_dest_path }}"
        owner: root
        group: root
        mode: 0444

    - name: certificate_from_private_ca | Copy the certificate to the destination server
      ansible.builtin.copy:
        src: "files/{{ mkcert_key_name }}"
        dest: "{{ mkcert_key_dest_path }}"
        owner: root
        group: root
        mode: 0440
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`---`
Fixes to the names syntax. 2023-10-08 17:48:49 +02:00			`- name: certificate_from_private_ca \| Create the certificate using the private CA`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`tags: [pki, tls, tls_certificate]`
			`block:`
Fixes to the names syntax. 2023-10-08 17:48:49 +02:00			`- name: certificate_from_private_ca \| Set the common group between mkcert-ca and ansible`
Try to set the common group. 2023-07-13 11:31:24 +02:00			`ansible.builtin.set_fact:`
			`ansible_common_remote_group: ansible`

Fixes to the names syntax. 2023-10-08 17:48:49 +02:00			`- name: certificate_from_private_ca \| Create the certificate (delegate to the CA vm)`
Set the CAROOT env variable. 2023-07-13 11:43:28 +02:00			`ansible.builtin.command:`
Fix a typo. 2023-07-13 11:45:02 +02:00			`cmd: mkcert -cert-file /srv/mkcert-ca/{{ mkcert_cert_name }} -key-file /srv/mkcert-ca/{{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`args:`
Give a valid shell to the mkcert-ca user. 2023-07-13 11:18:18 +02:00			`chdir: /srv/mkcert-ca`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`creates: "/srv/mkcert-ca/{{ mkcert_cert_name }}"`
Set the CAROOT env variable. 2023-07-13 11:43:28 +02:00			`environment:`
			`CAROOT: /srv/mkcert-ca/.local/share/mkcert`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`delegate_to: "{{ mkcert_ca_host }}"`

Fixes to the names syntax. 2023-10-08 17:48:49 +02:00			`- name: certificate_from_private_ca \| Manage the certificate installation`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`tags: [pki, tls, tls_certificate]`
			`block:`
Fixes to the names syntax. 2023-10-08 17:48:49 +02:00			`- name: certificate_from_private_ca \| Get the certificate and its key from the CA server`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`ansible.builtin.fetch:`
			`src: "/srv/mkcert-ca/{{ item }}"`
mkcert certs: flat fetch destination. 2023-07-13 12:05:12 +02:00			`dest: "files/"`
			`flat: true`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`loop:`
			`- "{{ mkcert_cert_name }}"`
			`- "{{ mkcert_key_name }}"`
			`delegate_to: "{{ mkcert_ca_host }}"`

Fixes to the names syntax. 2023-10-08 17:48:49 +02:00			`- name: certificate_from_private_ca \| Copy the certificate to the destination server`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`ansible.builtin.copy:`
			`src: "files/{{ mkcert_cert_name }}"`
Add a variable to set the mkcert path. 2023-07-13 13:00:10 +02:00			`dest: "{{ mkcert_cert_dest_path }}"`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`owner: root`
			`group: root`
			`mode: 0444`

Fixes to the names syntax. 2023-10-08 17:48:49 +02:00			`- name: certificate_from_private_ca \| Copy the certificate to the destination server`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`ansible.builtin.copy:`
			`src: "files/{{ mkcert_key_name }}"`
Add a variable to set the mkcert path. 2023-07-13 13:00:10 +02:00			`dest: "{{ mkcert_key_dest_path }}"`
Add support for mkcert. 2023-07-12 19:25:22 +02:00			`owner: root`
			`group: root`
			`mode: 0440`