Anton Shestakov <av6@dwimlabs.net>, Sat, 25 Jun 2016 12:28:29 +0800
remove commented out CSP header (not used)
roles/nginx/tasks/easy-rsa.yml
Permissions: -rw-r--r--
- name: Set up a local easy-rsa certificates directory command: make-cadir /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/ - name: Editing vars in-place lineinfile: dest=/etc/nginx/easy-rsa/vars regexp: '^export KEY_{{ item.key }}="' line: 'export KEY_{{ item.key }}="{{ item.value }}"' with_items: '{{ munin_ca_vars }}' - name: Running clean-all shell: . ./vars && ./clean-all chdir: /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/keys/index.txt shell: . ./vars && ./build-ca --batch chdir: /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/keys/ca.key - name: Running build-key-server shell: . ./vars && ./build-key-server --batch munin.{{ hostname }} chdir: /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.key - name: Running build-key shell: . ./vars && ./build-key --batch munin.{{ hostname }}.{{ item }} chdir: /etc/nginx/easy-rsa/ creates: /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.key with_items: '{{ munin_clients }}' - name: Export client certificate as a PKCS#12 file -out /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.p12 -inkey /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.key -in /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.crt -certfile /etc/nginx/easy-rsa/keys/ca.crt -passout 'pass:{{ munin_pkcs12_pass }}' creates: /etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.p12 with_items: '{{ munin_clients }}' - name: Fetch the resulting PKCS#12 file fetch: src=/etc/nginx/easy-rsa/keys/munin.{{ hostname }}.{{ item }}.p12 dest=./pkcs12/ flat=yes fail_on_missing=yes with_items: '{{ munin_clients }}'