contrib/provision/roles/certs/tasks/main.yml at 28ad6d3e2618

39:28ad6d3e2618

Anton Shestakov <av6@dwimlabs.net>, Wed, 23 Mar 2016 16:55:52 +0800

index: maintain only one contact with type 'self' This isn't done in an event handler of contacts collection because doing it in 'add' handler would trigger 'sort' event after the model has been added, but before its 'add' event has propagated, and that's dumb.

next change	211:4b03f725cb69
previous change	5:4213233fc119

contrib/provision/roles/certs/tasks/main.yml

Permissions: -rw-r--r--

File Latest Revisions Annotate Diff Comparison

Other formats:

JSON Raw

Feeds:

Atom RSS

---
- name: Install packages
  apt: pkg={{ item }} state=present
  with_items:
    - openssl
    - ssl-cert
- name: Make sure {{ path }} exists
  file: path='{{ path }}' state=directory owner=root group=ssl-cert mode=0710
- name: Make sure domain directories exist
  file: path='{{ path }}/{{ item }}' state=directory owner=root group=ssl-cert mode=0710
  with_items: '{{ selfsigned }}'
- name: Generate private keys
  command: >
    openssl genrsa
    -out '{{ path }}/{{ item }}/clean.key'
    2048
  args:
    creates: '{{ path }}/{{ item }}/clean.key'
  with_items: '{{ selfsigned }}'
- name: Set permissions for private keys
  file: path='{{ path }}/{{ item }}/clean.key' state=file owner=root group=ssl-cert mode=0640
  with_items: '{{ selfsigned }}'
- name: Generate self-signed certificates
  command: >
    openssl req
    -new
    -x509
    -subj '/CN={{ item }}'
    -extensions v3_ca
    -days 3650
    -key '{{ path }}/{{ item }}/clean.key'
    -out '{{ path }}/{{ item }}/selfsigned.pem'
  args:
    creates: '{{ path }}/{{ item }}/selfsigned.pem'
  with_items: '{{ selfsigned }}'
- name: Set permissions for self-signed certificates
  file: path='{{ path }}/{{ item }}/selfsigned.pem' state=file owner=root group=ssl-cert mode=0640
  with_items: '{{ selfsigned }}'
...