contrib/provision/roles/certs/tasks/main.yml at 7dfdf32e8577

322:7dfdf32e8577

Anton Shestakov <av6@dwimlabs.net>, Sat, 14 Jul 2018 20:23:13 +0800

index: authorizing contact also adds it to the roster Maybe there are cases when this doesn't make sense, but so far this looks like the right thing to do.

previous change

211:4b03f725cb69

contrib/provision/roles/certs/tasks/main.yml

Permissions: -rw-r--r--

File Latest Revisions Annotate Diff Comparison

Other formats:

JSON Raw

Feeds:

Atom RSS

---
- name: Install packages
  apt:
    pkg: '{{ item }}'
    state: present
  with_items:
    - openssl
    - ssl-cert
- name: Make sure {{ path }} exists
  file:
    path: '{{ path }}'
    state: directory
    owner: root
    group: ssl-cert
    mode: 0710
- name: Make sure domain directories exist
  file:
    path: '{{ path }}/{{ item }}'
    state: directory
    owner: root
    group: ssl-cert
    mode: 0710
  with_items: '{{ selfsigned }}'
- name: Generate private keys
  command: >
    openssl genrsa
    -out '{{ path }}/{{ item }}/clean.key'
    2048
  args:
    creates: '{{ path }}/{{ item }}/clean.key'
  with_items: '{{ selfsigned }}'
- name: Set permissions for private keys
  file:
    path: '{{ path }}/{{ item }}/clean.key'
    state: file
    owner: root
    group: ssl-cert
    mode: 0640
  with_items: '{{ selfsigned }}'
- name: Generate self-signed certificates
  command: >
    openssl req
    -new
    -x509
    -subj '/CN={{ item }}'
    -extensions v3_ca
    -days 3650
    -key '{{ path }}/{{ item }}/clean.key'
    -out '{{ path }}/{{ item }}/selfsigned.pem'
  args:
    creates: '{{ path }}/{{ item }}/selfsigned.pem'
  with_items: '{{ selfsigned }}'
- name: Set permissions for self-signed certificates
  file:
    path: '{{ path }}/{{ item }}/selfsigned.pem'
    state: file
    owner: root
    group: ssl-cert
    mode: 0640
  with_items: '{{ selfsigned }}'
...