ansible-role-basic-system-s.../tasks/certificate_from_private_ca...

41 lines
1.3 KiB
YAML
Raw Normal View History

2023-07-12 19:25:22 +02:00
---
- name: Create the certificate using the private CA
tags: [pki, tls, tls_certificate]
block:
- name: Create the certificate (delegate to the CA vm)
become_user: mkcert-ca
ansible.builtin.command:
cmd: mkcert -cert-file {{ mkcert_cert_name }} -key-file {{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}
args:
creates: "/srv/mkcert-ca/{{ mkcert_cert_name }}"
delegate_to: "{{ mkcert_ca_host }}"
- name: Manage the certificate installation
tags: [pki, tls, tls_certificate]
block:
- name: Get the certificate and its key from the CA server
become_user: mkcert-ca
ansible.builtin.fetch:
src: "/srv/mkcert-ca/{{ item }}"
dest: "files/{{ item }}"
loop:
- "{{ mkcert_cert_name }}"
- "{{ mkcert_key_name }}"
delegate_to: "{{ mkcert_ca_host }}"
- name: Copy the certificate to the destination server
ansible.builtin.copy:
src: "files/{{ mkcert_cert_name }}"
dest: "{{ pki_dir }}/certs/{{ mkcert_cert_name }}"
owner: root
group: root
mode: 0444
- name: Copy the certificate to the destination server
ansible.builtin.copy:
src: "files/{{ mkcert_key_name }}"
dest: "{{ pki_dir }}/keys/{{ mkcert_key_name }}"
owner: root
group: root
mode: 0440