61 lines
1.6 KiB
YAML
61 lines
1.6 KiB
YAML
---
|
|
|
|
- name: create hostkey group
|
|
group:
|
|
name: hostkey
|
|
system: true
|
|
|
|
- name: copy ca certificate
|
|
copy:
|
|
src: "/srv/ca/certs/ca.crt"
|
|
dest: "{{ tls_certs }}/ca.crt"
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: get ca certificate hash
|
|
command: "openssl x509 -in /srv/ca/certs/ca.crt -noout -hash"
|
|
delegate_to: localhost
|
|
register: result
|
|
changed_when: false
|
|
- name: store ca certificate hash
|
|
set_fact:
|
|
pki_cacert_hash: "{{ result.stdout }}"
|
|
|
|
- name: copy host certificate
|
|
copy:
|
|
src: "/srv/ca/certs/{{ inventory_hostname }}.crt"
|
|
dest: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: add ansible certificate fact
|
|
copy:
|
|
content: |
|
|
#!/bin/sh
|
|
[ -f {{ tls_certs }}/{{ inventory_hostname }}.crt ] && awk '
|
|
BEGIN { printf "\"" }
|
|
{ if (!/^-\-/) printf "%s",$0 }
|
|
END { print "\"" }
|
|
' {{ tls_certs }}/{{ inventory_hostname }}.crt
|
|
|
|
dest: /etc/ansible/facts.d/ansible_certificate.fact
|
|
mode: 0755
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: create full chain of host certficate and ca
|
|
shell: "cat {{ tls_certs }}/{{ inventory_hostname }}.crt \
|
|
{{ tls_certs }}/ca.crt > \
|
|
{{ tls_certs }}/{{ inventory_hostname }}-fullchain.crt"
|
|
args:
|
|
creates: "{{ tls_certs }}/{{ inventory_hostname }}-fullchain.crt"
|
|
|
|
- name: copy host key
|
|
copy:
|
|
src: "/srv/ca/private/{{ inventory_hostname }}.key"
|
|
dest: "{{ tls_private }}/{{ inventory_hostname }}.key"
|
|
mode: 0640
|
|
owner: root
|
|
group: hostkey
|