contrib/provision/roles/certs/tasks/main.yml at 845780bce8cd

288:845780bce8cd

Anton Shestakov <av6@dwimlabs.net>, Sat, 16 Sep 2017 22:40:16 +0800

provision: use become instead of sudo

previous change

211:4b03f725cb69

contrib/provision/roles/certs/tasks/main.yml

Permissions: -rw-r--r--

File Latest Revisions Annotate Diff Comparison

Other formats:

JSON Raw

Feeds:

Atom RSS

---
- name: Install packages
  apt:
    pkg: '{{ item }}'
    state: present
  with_items:
    - openssl
    - ssl-cert
- name: Make sure {{ path }} exists
  file:
    path: '{{ path }}'
    state: directory
    owner: root
    group: ssl-cert
    mode: 0710
- name: Make sure domain directories exist
  file:
    path: '{{ path }}/{{ item }}'
    state: directory
    owner: root
    group: ssl-cert
    mode: 0710
  with_items: '{{ selfsigned }}'
- name: Generate private keys
  command: >
    openssl genrsa
    -out '{{ path }}/{{ item }}/clean.key'
    2048
  args:
    creates: '{{ path }}/{{ item }}/clean.key'
  with_items: '{{ selfsigned }}'
- name: Set permissions for private keys
  file:
    path: '{{ path }}/{{ item }}/clean.key'
    state: file
    owner: root
    group: ssl-cert
    mode: 0640
  with_items: '{{ selfsigned }}'
- name: Generate self-signed certificates
  command: >
    openssl req
    -new
    -x509
    -subj '/CN={{ item }}'
    -extensions v3_ca
    -days 3650
    -key '{{ path }}/{{ item }}/clean.key'
    -out '{{ path }}/{{ item }}/selfsigned.pem'
  args:
    creates: '{{ path }}/{{ item }}/selfsigned.pem'
  with_items: '{{ selfsigned }}'
- name: Set permissions for self-signed certificates
  file:
    path: '{{ path }}/{{ item }}/selfsigned.pem'
    state: file
    owner: root
    group: ssl-cert
    mode: 0640
  with_items: '{{ selfsigned }}'
...