Add some spacing between tasks
This commit is contained in:
parent
f8d89c9742
commit
6e9d07b6f6
|
@ -5,6 +5,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "755"
|
||||
|
||||
- name: Ensure sub-directory for the certificate exists
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/{{ item }}"
|
||||
|
@ -12,6 +13,7 @@
|
|||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "755"
|
||||
|
||||
- name: Ensure private key is generated
|
||||
community.crypto.openssl_privatekey:
|
||||
path: "/etc/ansible_certs/{{ item }}/key.pem"
|
||||
|
@ -20,6 +22,7 @@
|
|||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0600"
|
||||
|
||||
- name: Ensure certificate signing request is created
|
||||
community.crypto.openssl_csr:
|
||||
path: "/etc/ansible_certs/{{ item }}/csr.pem"
|
||||
|
@ -29,6 +32,7 @@
|
|||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
register: cert__csr_result
|
||||
|
||||
- name: Check certificate status and create ACME challenge if needed
|
||||
community.crypto.acme_certificate:
|
||||
account_email: "{{ cert__acme_account.email }}"
|
||||
|
@ -42,6 +46,7 @@
|
|||
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||
register: cert__acme_challenge
|
||||
|
||||
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
|
||||
when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason
|
||||
block:
|
||||
|
@ -81,26 +86,31 @@
|
|||
type: TXT
|
||||
ttl: 60
|
||||
state: absent
|
||||
|
||||
- name: Ensure correct permissions for certificate are set
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
|
||||
- name: Ensure correct permissions for fullchain cert are set
|
||||
ansible.builtin.file:
|
||||
path: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
|
||||
- name: Get content of cert.pem
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||
register: cert__cert_slurp
|
||||
|
||||
- name: Get content of fullchain.pem
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||
register: cert__fullchain_slurp
|
||||
|
||||
- name: Ensure ca.pem is created
|
||||
ansible.builtin.copy:
|
||||
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
|
||||
|
|
Loading…
Reference in a new issue