library/roles/ubuntu-deb-general: Create a generic directory where to store local SSL certificates.

This commit is contained in:
Andrea Dell'Amico 2016-04-08 18:16:00 +02:00
parent 1fd136d485
commit 8362be052b
3 changed files with 18 additions and 1 deletions

View File

@ -82,6 +82,12 @@ services_to_be_disabled:
- atd
- acpid
# A generic PKI directory where the local certificates will be stored
pki_dir: /etc/pki
pki_subdirs:
- certs
- keys
disable_ipv6: True
ipv6_sysctl_value: 1
ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf

View File

@ -5,7 +5,6 @@
- include: packages.yml
- include: ntp.yml
- include: remove-unneeded-pkgs.yml
- include: disable-unneeded-services.yml
- include: manage-ipv6-status.yml
when: is_not_debian_less_than_6
- include: disable-ipv6-old-servers.yml
@ -23,5 +22,7 @@
- include: unattended-upgrades.yml
- include: install_external_ca_cert.yml
- include: manage_su_limits.yml
- include: pki-dir.yml
- include: disable-unneeded-services.yml

View File

@ -0,0 +1,10 @@
---
- name: Ensure that the PKI directory exists
file: path={{ pki_dir }} state=directory owner=root group=root mode=0755
tags: [ 'pki', 'ssl' ]
- name: Ensure that the PKI subdirectories exist
file: path={{ pki_dir }}/{{ item }} state=directory owner=root group=root mode=0755
with_items: '{{ pki_subdirs }}'
tags: [ 'pki', 'ssl' ]