5:4213233fc119
Anton Shestakov <av6@dwimlabs.net>, Sat, 19 Mar 2016 00:45:41 +0800
provision: add certs role for generating self-signed certificates
next change 211:4b03f725cb69

contrib/provision/roles/certs/tasks/main.yml

Permissions: -rw-r--r--

File Latest Revisions Annotate Diff Comparison
Other formats:
JSON Raw
Feeds:
Atom RSS 
---
- name: Install packages
  apt: pkg={{ item }} state=present
  with_items:
    - openssl
    - ssl-cert
- name: Make sure {{ path }} exists
  file: path='{{ path }}' state=directory owner=root group=ssl-cert mode=0710
- name: Make sure domain directories exist
  file: path='{{ path }}/{{ item }}' state=directory owner=root group=ssl-cert mode=0710
  with_items: '{{ selfsigned }}'
- name: Generate private keys
  command: >
    openssl genrsa
    -out '{{ path }}/{{ item }}/clean.key'
    2048
  args:
    creates: '{{ path }}/{{ item }}/clean.key'
  with_items: '{{ selfsigned }}'
- name: Set permissions for private keys
  file: path='{{ path }}/{{ item }}/clean.key' state=file owner=root group=ssl-cert mode=0640
  with_items: '{{ selfsigned }}'
- name: Generate self-signed certificates
  command: >
    openssl req
    -new
    -x509
    -subj '/CN={{ item }}'
    -extensions v3_ca
    -days 3650
    -key '{{ path }}/{{ item }}/clean.key'
    -out '{{ path }}/{{ item }}/selfsigned.pem'
  args:
    creates: '{{ path }}/{{ item }}/selfsigned.pem'
  with_items: '{{ selfsigned }}'
- name: Set permissions for self-signed certificates
  file: path='{{ path }}/{{ item }}/selfsigned.pem' state=file owner=root group=ssl-cert mode=0640
  with_items: '{{ selfsigned }}'
...