41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
|
---
|
||
|
- name: Create the certificate using the private CA
|
||
|
tags: [pki, tls, tls_certificate]
|
||
|
block:
|
||
|
- name: Create the certificate (delegate to the CA vm)
|
||
|
become_user: mkcert-ca
|
||
|
ansible.builtin.command:
|
||
|
cmd: mkcert -cert-file {{ mkcert_cert_name }} -key-file {{ mkcert_key_name }} {{ mkcert_dsn_and_ip_list }}
|
||
|
args:
|
||
|
creates: "/srv/mkcert-ca/{{ mkcert_cert_name }}"
|
||
|
delegate_to: "{{ mkcert_ca_host }}"
|
||
|
|
||
|
- name: Manage the certificate installation
|
||
|
tags: [pki, tls, tls_certificate]
|
||
|
block:
|
||
|
- name: Get the certificate and its key from the CA server
|
||
|
become_user: mkcert-ca
|
||
|
ansible.builtin.fetch:
|
||
|
src: "/srv/mkcert-ca/{{ item }}"
|
||
|
dest: "files/{{ item }}"
|
||
|
loop:
|
||
|
- "{{ mkcert_cert_name }}"
|
||
|
- "{{ mkcert_key_name }}"
|
||
|
delegate_to: "{{ mkcert_ca_host }}"
|
||
|
|
||
|
- name: Copy the certificate to the destination server
|
||
|
ansible.builtin.copy:
|
||
|
src: "files/{{ mkcert_cert_name }}"
|
||
|
dest: "{{ pki_dir }}/certs/{{ mkcert_cert_name }}"
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: 0444
|
||
|
|
||
|
- name: Copy the certificate to the destination server
|
||
|
ansible.builtin.copy:
|
||
|
src: "files/{{ mkcert_key_name }}"
|
||
|
dest: "{{ pki_dir }}/keys/{{ mkcert_key_name }}"
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: 0440
|