ansible-role-keycloak/tasks/keycloak-letsencrypt.yml

43 lines
1.3 KiB
YAML
Raw Normal View History

2022-09-23 13:52:06 +02:00
---
- name: TLS certificates management with Letsencrypt
block:
- name: Create the acme hooks directory if it does not yet exist
file:
dest: '{{ letsencrypt_acme_services_scripts_dir }}'
state: directory
owner: root
group: root
- name: Copy the key file where keycloak expects it
copy:
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/privkey'
dest: '{{ keycloak_conf_directory }}/server.key.pem'
owner: root
2022-09-24 18:23:27 +02:00
group: '{{ keycloak_user }}'
2022-09-23 13:52:06 +02:00
mode: 0640
remote_src: true
2022-09-24 18:26:21 +02:00
notify: Restart Keycloak
2022-09-23 13:52:06 +02:00
- name: Copy the certificate file where keycloak expects it
copy:
src: '{{ letsencrypt_acme_sh_certificates_install_path }}/fullchain'
dest: '{{ keycloak_conf_directory }}/server.crt.pem'
owner: root
2022-09-24 18:23:27 +02:00
group: '{{ keycloak_user }}'
2022-09-23 13:52:06 +02:00
mode: 0640
remote_src: true
2022-09-24 18:26:21 +02:00
notify: Restart Keycloak
2022-09-23 13:52:06 +02:00
- name: Install a script that updates the certificates upon renewal
template:
src: keycloak-letsencrypt-hook.j2
dest: '{{ letsencrypt_acme_services_scripts_dir }}/keycloak'
owner: root
group: root
mode: 4555
when:
- keycloak_letsencrypt_certs
- letsencrypt_acme_install
tags: ['keycloak', 'keycloak_baremetal', 'keycloak_letsencrypt']