pki: ansible-lint fixes
This commit is contained in:
parent
6bc466e191
commit
a849d1f2a9
1 changed files with 10 additions and 10 deletions
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
- name: create hostkey group
|
- name: Create hostkey group
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: hostkey
|
name: hostkey
|
||||||
system: true
|
system: true
|
||||||
|
|
||||||
- name: copy ca certificate
|
- name: Copy ca certificate
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "/srv/ca/certs/ca.crt"
|
src: "/srv/ca/certs/ca.crt"
|
||||||
dest: "{{ tls_certs }}/ca.crt"
|
dest: "{{ tls_certs }}/ca.crt"
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: "{{ ansible_wheel }}"
|
group: "{{ ansible_wheel }}"
|
||||||
|
|
||||||
- name: get ca certificate hash
|
- name: Get ca certificate hash
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
argv:
|
argv:
|
||||||
- openssl
|
- openssl
|
||||||
|
|
@ -25,11 +25,11 @@
|
||||||
register: result
|
register: result
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: store ca certificate hash
|
- name: Store ca certificate hash
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
pki_cacert_hash: "{{ result.stdout }}"
|
pki_cacert_hash: "{{ result.stdout }}"
|
||||||
|
|
||||||
- name: fix private key directory permissions
|
- name: Fix private key directory permissions
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ tls_private }}"
|
path: "{{ tls_private }}"
|
||||||
mode: 0750
|
mode: 0750
|
||||||
|
|
@ -37,7 +37,7 @@
|
||||||
group: hostkey
|
group: hostkey
|
||||||
when: ansible_system == "OpenBSD"
|
when: ansible_system == "OpenBSD"
|
||||||
|
|
||||||
- name: copy host certificate
|
- name: Copy host certificate
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
|
src: "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt"
|
||||||
dest: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
|
dest: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
|
||||||
|
|
@ -45,7 +45,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: "{{ ansible_wheel }}"
|
group: "{{ ansible_wheel }}"
|
||||||
|
|
||||||
- name: add ansible certificate fact
|
- name: Add ansible certificate fact
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: |
|
content: |
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
@ -60,7 +60,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: "{{ ansible_wheel }}"
|
group: "{{ ansible_wheel }}"
|
||||||
|
|
||||||
- name: create full chain certificate contents
|
- name: Create full chain certificate contents
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
argv:
|
argv:
|
||||||
- cat
|
- cat
|
||||||
|
|
@ -69,7 +69,7 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: pki_host_fullchain
|
register: pki_host_fullchain
|
||||||
|
|
||||||
- name: copy full chain certificate file
|
- name: Copy full chain certificate file
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: "{{ tls_certs }}/{{ inventory_hostname }}-fullchain.crt"
|
dest: "{{ tls_certs }}/{{ inventory_hostname }}-fullchain.crt"
|
||||||
content: "{{ pki_host_fullchain.stdout }}"
|
content: "{{ pki_host_fullchain.stdout }}"
|
||||||
|
|
@ -77,7 +77,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: "{{ ansible_wheel }}"
|
group: "{{ ansible_wheel }}"
|
||||||
|
|
||||||
- name: copy host key
|
- name: Copy host key
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: "/srv/ca/private/{{ inventory_hostname }}.key"
|
src: "/srv/ca/private/{{ inventory_hostname }}.key"
|
||||||
dest: "{{ tls_private }}/{{ inventory_hostname }}.key"
|
dest: "{{ tls_private }}/{{ inventory_hostname }}.key"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue