Anton Shestakov <av6@dwimlabs.net>, Tue, 02 Jan 2018 17:57:18 +0800
replace always_run with check_mode
roles/nginx/tasks/easy-rsa.yml
Permissions: -rw-r--r--
- name: Set up a local easy-rsa certificates directory command: make-cadir /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/ - name: Make sure fallback openssl.cnf exists (OpenSSL 1.1.0 is too fresh for whichopensslcnf) src: /etc/nginx/easy-rsa/openssl-1.0.0.cnf dest: /etc/nginx/easy-rsa/openssl.cnf - name: Editing vars in-place dest: /etc/nginx/easy-rsa/vars regexp: '^export KEY_{{ item.key }}="' line: 'export KEY_{{ item.key }}="{{ item.value }}"' with_items: '{{ munin_ca_vars }}' - name: Running clean-all shell: . ./vars && ./clean-all chdir: /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/keys/index.txt shell: . ./vars && ./build-ca --batch chdir: /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/keys/ca.key - name: Running build-key-server shell: . ./vars && ./build-key-server --batch munin.{{ hostname }} chdir: /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.key - name: Running build-key shell: . ./vars && ./build-key --batch munin.{{ hostname }}.{{ item }} chdir: /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.key with_items: '{{ munin_clients }}' - name: Export client certificate as a PKCS#12 file -out /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.p12 -inkey /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.key -in /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.crt -certfile /etc/nginx/easy-rsa/keys/ca.crt -passout 'pass:{{ munin_pkcs12_pass }}' creates: /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.p12 with_items: '{{ munin_clients }}' - name: Fetch the resulting PKCS#12 file src: /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.p12 with_items: '{{ munin_clients }}'