Fix the self signed certificate generation.

2020-07-18 17:13:31 +02:00 · 2020-07-18 17:13:31 +02:00 · 2c19eff17f
parent f5e287613b
commit 2c19eff17f
1 changed files with 16 additions and 4 deletions
--- a/tasks/rsyslog-server.yml
+++ b/tasks/rsyslog-server.yml
@ -51,11 +51,23 @@
      get_url: url={{ rsyslog_remote_ca_url }} dest={{ rsyslog_tls_ca }} owner=root group=root mode='0644'
      when: rsyslog_ca_is_remote

-    - name: Check if the certificate file is present
+    - name: Check if a private key for the certificate is present
      stat:
-          path: '{{ rsyslog_tls_cert }}'
+          path: '{{ rsyslog_tls_key }}'
          get_checksum: no
-      register: cert_file_presence
+      register: cert_key_presence
+
+    - name: Create a certificate private key
+      openssl_privatekey:
+        path: '{{ rsyslog_tls_key }}'
+      when: not cert_key_presence.stat.exists
+
+    - name: Create a certificate request
+      openssl_csr:
+        path: '{{ rsyslog_tls_certs_dir }}/cert.csr'
+        privatekey_path: '{{ rsyslog_tls_key }}'
+        common_name: '{{ ansible_fqdn }}'
+      when: not cert_key_presence.stat.exists

    - name: Create a self signed certificate is one is not present
      openssl_certificate:
@ -63,7 +75,7 @@
        privatekey_path: '{{ rsyslog_tls_key }}'
        csr_path: '{{ rsyslog_tls_certs_dir }}/cert.csr'
        provider: selfsigned
-      when: not cert_file_presence.stat.exists
+      when: not cert_key_presence.stat.exists

  when:
    - rsyslog_tls_status == 'enabled'