contrib/provision/roles/certs/tasks/main.yml at ff39be154d7d

6:ff39be154d7d

Anton Shestakov <av6@dwimlabs.net>, Sat, 19 Mar 2016 01:03:43 +0800

provision: add tram-im role

next change	211:4b03f725cb69
previous change	5:4213233fc119

contrib/provision/roles/certs/tasks/main.yml

Permissions: -rw-r--r--

File Latest Revisions Annotate Diff Comparison

Other formats:

JSON Raw

Feeds:

Atom RSS

---
- name: Install packages
  apt: pkg={{ item }} state=present
  with_items:
    - openssl
    - ssl-cert
- name: Make sure {{ path }} exists
  file: path='{{ path }}' state=directory owner=root group=ssl-cert mode=0710
- name: Make sure domain directories exist
  file: path='{{ path }}/{{ item }}' state=directory owner=root group=ssl-cert mode=0710
  with_items: '{{ selfsigned }}'
- name: Generate private keys
  command: >
    openssl genrsa
    -out '{{ path }}/{{ item }}/clean.key'
    2048
  args:
    creates: '{{ path }}/{{ item }}/clean.key'
  with_items: '{{ selfsigned }}'
- name: Set permissions for private keys
  file: path='{{ path }}/{{ item }}/clean.key' state=file owner=root group=ssl-cert mode=0640
  with_items: '{{ selfsigned }}'
- name: Generate self-signed certificates
  command: >
    openssl req
    -new
    -x509
    -subj '/CN={{ item }}'
    -extensions v3_ca
    -days 3650
    -key '{{ path }}/{{ item }}/clean.key'
    -out '{{ path }}/{{ item }}/selfsigned.pem'
  args:
    creates: '{{ path }}/{{ item }}/selfsigned.pem'
  with_items: '{{ selfsigned }}'
- name: Set permissions for self-signed certificates
  file: path='{{ path }}/{{ item }}/selfsigned.pem' state=file owner=root group=ssl-cert mode=0640
  with_items: '{{ selfsigned }}'
...