From 5b15e502dbd0bfa0d2f73e093a97ccc99311e43c Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 30 Sep 2016 18:36:09 +0200 Subject: [PATCH] library/roles/ubuntu-deb-general/tasks/pki-basics.yml: Fix some undefined variables. --- ubuntu-deb-general/tasks/pki-basics.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ubuntu-deb-general/tasks/pki-basics.yml b/ubuntu-deb-general/tasks/pki-basics.yml index f4506260..05034436 100644 --- a/ubuntu-deb-general/tasks/pki-basics.yml +++ b/ubuntu-deb-general/tasks/pki-basics.yml @@ -9,7 +9,7 @@ tags: [ 'pki', 'ssl', 'letsencrypt' ] - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Check if a certificate already exists. If so, skip all the related tasks - stat: path={{ letsencrypt_acme_user_home }}/live/{{ ansible_fqdn }} + stat: path={{ letsencrypt_acme_user_home | default(omit) }}/live/{{ ansible_fqdn }} register: true_cert when: ( letsencrypt_acme_install is defined and letsencrypt_acme_install ) tags: [ 'pki', 'ssl', 'letsencrypt' ] @@ -17,43 +17,43 @@ - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now the physical paths file: path={{ item }} mode=0755 state=directory with_items: - - '{{ letsencrypt_acme_user_home }}/live' - - '{{ letsencrypt_acme_user_home }}/certs/fakeselfsignedcert' - - '{{ letsencrypt_acme_user_home }}/keys/fakeselfsignedcert' + - '{{ letsencrypt_acme_user_home | default(omit) }}/live' + - '{{ letsencrypt_acme_user_home | default(omit) }}/certs/fakeselfsignedcert' + - '{{ letsencrypt_acme_user_home | default(omit) }}/keys/fakeselfsignedcert' when: - ( true_cert.stat.islnk is not defined ) and ( letsencrypt_acme_install is defined and letsencrypt_acme_install ) - - letsencrypt_acme_user_home is defined + - letsencrypt_acme_user_home | default(omit) is defined tags: [ 'pki', 'ssl', 'letsencrypt' ] - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now the certificate and private key - command: openssl req -x509 -newkey rsa:2048 -keyout {{ letsencrypt_acme_user_home }}/keys/fakeselfsignedcert/privkey -out {{ letsencrypt_acme_user_home }}/certs/fakeselfsignedcert/cert -days 10 -nodes -subj '/CN=self signed certificate' + command: openssl req -x509 -newkey rsa:2048 -keyout {{ letsencrypt_acme_user_home | default(omit) }}/keys/fakeselfsignedcert/privkey -out {{ letsencrypt_acme_user_home | default(omit) }}/certs/fakeselfsignedcert/cert -days 10 -nodes -subj '/CN=self signed certificate' args: - creates: '{{ letsencrypt_acme_user_home }}/certs/fakeselfsignedcert/cert' + creates: '{{ letsencrypt_acme_user_home | default(omit) }}/certs/fakeselfsignedcert/cert' when: ( true_cert.stat.islnk is not defined ) and ( letsencrypt_acme_install is defined and letsencrypt_acme_install ) tags: [ 'pki', 'ssl', 'letsencrypt' ] - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now the symbolic links for the private key - file: src=../../keys/fakeselfsignedcert/privkey dest={{ letsencrypt_acme_user_home }}/certs/fakeselfsignedcert/privkey state=link + file: src=../../keys/fakeselfsignedcert/privkey dest={{ letsencrypt_acme_user_home | default(omit) }}/certs/fakeselfsignedcert/privkey state=link when: ( true_cert.stat.islnk is not defined ) and ( letsencrypt_acme_install is defined and letsencrypt_acme_install ) tags: [ 'pki', 'ssl', 'letsencrypt' ] - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now the symbolic links for the chain file - file: src=cert dest={{ letsencrypt_acme_user_home }}/certs/fakeselfsignedcert/chain state=link + file: src=cert dest={{ letsencrypt_acme_user_home | default(omit) }}/certs/fakeselfsignedcert/chain state=link when: ( true_cert.stat.islnk is not defined ) and ( letsencrypt_acme_install is defined and letsencrypt_acme_install ) tags: [ 'pki', 'ssl', 'letsencrypt' ] - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now the symbolic links for the fullchain file - file: src=cert dest={{ letsencrypt_acme_user_home }}/certs/fakeselfsignedcert/fullchain state=link + file: src=cert dest={{ letsencrypt_acme_user_home | default(omit) }}/certs/fakeselfsignedcert/fullchain state=link when: ( true_cert.stat.islnk is not defined ) and ( letsencrypt_acme_install is defined and letsencrypt_acme_install ) tags: [ 'pki', 'ssl', 'letsencrypt' ] - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now the symbolic links for the certificate if there is not one - file: src=../certs/fakeselfsignedcert dest={{ letsencrypt_acme_user_home }}/live/{{ ansible_fqdn }} state=link + file: src=../certs/fakeselfsignedcert dest={{ letsencrypt_acme_user_home | default(omit) }}/live/{{ ansible_fqdn }} state=link when: ( true_cert.stat.islnk is not defined ) and ( letsencrypt_acme_install is defined and letsencrypt_acme_install ) tags: [ 'pki', 'ssl', 'letsencrypt' ] - name: When we are going to install letsencrypt certificates, create a preliminary path and a self signed cert. Now handle the haproxy special case - shell: mkdir {{ pki_dir }}/haproxy ; cat {{ letsencrypt_acme_user_home }}/live/{{ ansible_fqdn }}/privkey {{ letsencrypt_acme_user_home }}/live/{{ ansible_fqdn }}/cert > {{ pki_dir }}/haproxy/haproxy.pem + shell: mkdir {{ pki_dir }}/haproxy ; cat {{ letsencrypt_acme_user_home | default(omit) }}/live/{{ ansible_fqdn }}/privkey {{ letsencrypt_acme_user_home | default(omit) }}/live/{{ ansible_fqdn }}/cert > {{ pki_dir }}/haproxy/haproxy.pem args: creates: '{{ pki_dir }}/haproxy/haproxy.pem' when: