library/roles/java-keyring: Fixed some typos. As default do not use the java cacerts keystore.

This commit is contained in:
Andrea Dell'Amico 2017-02-22 13:33:05 +01:00
parent 04ec142a9f
commit 1ed78d5d73
2 changed files with 9 additions and 7 deletions

View File

@ -1,13 +1,15 @@
--- ---
java_keyring_use_default: True java_keyring_use_default: False
java_default_keyring: '{{ jdk_java_home }}/jre/lib/security/cacerts' java_default_keyring: '{{ jdk_java_home }}/jre/lib/security/cacerts'
java_keyring_dir: "{{ pki_dir | default('/etc/pki') }}/jdk" java_keyring_dir: "{{ pki_dir | default('/etc/pki') }}/jdk"
java_keyring_file: '{{ java_default_keyring }}' #java_keyring_file: '{{ java_default_keyring }}'
#java_keyring_file: '{{ java_keyring_dir }}/java.jks' java_keyring_file: '{{ java_keyring_dir }}/java.jks'
java_keytool_bin: '{{ jdk_java_home }}/jre/bin/keytool' java_keytool_bin: '{{ jdk_java_home }}/jre/bin/keytool'
#java_keyring_certs_list: [] #java_keyring_certs_list: []
java_keyring_cert_alias: '{{ ansible_fqdn }}' java_keyring_cert_alias: '{{ ansible_fqdn }}'
# This is the default java password. No need to hide it.
# Change it inside a vault file if you need something good
java_keyring_pwd: changeit java_keyring_pwd: changeit
java_keyring_letsencrypt_trusted_ca: identrustdstx3 java_keyring_letsencrypt_trusted_ca: identrustdstx3
java_import_letsencrypt_cert: True java_import_letsencrypt_cert: True

View File

@ -8,11 +8,11 @@
- block: - block:
- name: Import the certificates - name: Import the certificates
shell: keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ item.alias }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then keytool -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ item.alias }} -file {{ item.certfile | default(omit) }} ; fi shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ item.alias }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then {{ java_keytool_bin }} -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ item.alias }} -file {{ item.certfile }} ; fi
with_items: '{{ java_keyring_certs_list | default([]) }}' with_items: '{{ java_keyring_certs_list | default([]) }}'
- name: Import the certificate key - name: Import the certificate key
shell: keytool -import -alias NOME -keyalg RSA -keystore {{ java_keyring_file }} -dname "CN={{ ansible_fqdn }}" -keypass {{ java_keyring_pwd }} -storepass {{ java_keyring_pwd }} -file {{ item.keyfile }} shell: RETVAL= ; {{ java_keytool_bin }} -import -alias NOME -keyalg RSA -keystore {{ java_keyring_file }} -dname "CN={{ ansible_fqdn }}" -keypass {{ java_keyring_pwd }} -storepass {{ java_keyring_pwd }} -file {{ item.keyfile }}
with_items: '{{ java_keyring_certs_list | default([]) }}' with_items: '{{ java_keyring_certs_list | default([]) }}'
when: java_keyring_certs_list is defined when: java_keyring_certs_list is defined
@ -20,10 +20,10 @@
- block: - block:
- name: Import the Letsencrypt intermediate CA cert - name: Import the Letsencrypt intermediate CA cert
shell: keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then keytool -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ java_keyring_letsencrypt_trusted_ca }} -dname "CN={{ ansible_fqdn }}" -file {{ letsencrypt_acme_certs_dir }}/chain ; fi shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then {{ java_keytool_bin }} -trustcacerts -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias {{ java_keyring_letsencrypt_trusted_ca }} -dname "CN={{ ansible_fqdn }}" -file {{ letsencrypt_acme_certs_dir }}/chain ; fi
- name: Import the letsencrypt certificate - name: Import the letsencrypt certificate
shell: keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/chain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keyring_pwd }} ; keytool -importkeystore -srcstorepass {{ java_keyring_pwd }} -deststorepass {{ java_keyring_pwd }} -destkeystore {{ java_keyring_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12 ; rm -f /var/tmp/{{ ansible_fqdn }}.p12 ; fi shell: RETVAL= ; {{ java_keytool_bin }} -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }} ; RETVAL=$? ; if [ $RETVAL -ne 0 ] ; then openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/chain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keyring_pwd }} ; {{ java_keytool_bin }} -importkeystore -srcstorepass {{ java_keyring_pwd }} -deststorepass {{ java_keyring_pwd }} -destkeystore {{ java_keyring_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12 ; rm -f /var/tmp/{{ ansible_fqdn }}.p12 ; fi
when: when:
- java_import_letsencrypt_cert - java_import_letsencrypt_cert