forked from ISTI-ansible-roles/ansible-roles
library/roles/ubuntu-deb-general: Create a generic directory where to store local SSL certificates.
This commit is contained in:
parent
1fd136d485
commit
8362be052b
|
@ -82,6 +82,12 @@ services_to_be_disabled:
|
|||
- atd
|
||||
- acpid
|
||||
|
||||
# A generic PKI directory where the local certificates will be stored
|
||||
pki_dir: /etc/pki
|
||||
pki_subdirs:
|
||||
- certs
|
||||
- keys
|
||||
|
||||
disable_ipv6: True
|
||||
ipv6_sysctl_value: 1
|
||||
ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
- include: packages.yml
|
||||
- include: ntp.yml
|
||||
- include: remove-unneeded-pkgs.yml
|
||||
- include: disable-unneeded-services.yml
|
||||
- include: manage-ipv6-status.yml
|
||||
when: is_not_debian_less_than_6
|
||||
- include: disable-ipv6-old-servers.yml
|
||||
|
@ -23,5 +22,7 @@
|
|||
- include: unattended-upgrades.yml
|
||||
- include: install_external_ca_cert.yml
|
||||
- include: manage_su_limits.yml
|
||||
- include: pki-dir.yml
|
||||
- include: disable-unneeded-services.yml
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Ensure that the PKI directory exists
|
||||
file: path={{ pki_dir }} state=directory owner=root group=root mode=0755
|
||||
tags: [ 'pki', 'ssl' ]
|
||||
|
||||
- name: Ensure that the PKI subdirectories exist
|
||||
file: path={{ pki_dir }}/{{ item }} state=directory owner=root group=root mode=0755
|
||||
with_items: '{{ pki_subdirs }}'
|
||||
tags: [ 'pki', 'ssl' ]
|
||||
|
Loading…
Reference in New Issue