Add some spacing between tasks
This commit is contained in:
julian
parent
f8d89c9742
commit
6e9d07b6f6
|
|
@ -5,6 +5,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "755"
|
mode: "755"
|
||||||
|
|
||||||
- name: Ensure sub-directory for the certificate exists
|
- name: Ensure sub-directory for the certificate exists
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/etc/ansible_certs/{{ item }}"
|
path: "/etc/ansible_certs/{{ item }}"
|
||||||
|
|
@ -12,6 +13,7 @@
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "755"
|
mode: "755"
|
||||||
|
|
||||||
- name: Ensure private key is generated
|
- name: Ensure private key is generated
|
||||||
community.crypto.openssl_privatekey:
|
community.crypto.openssl_privatekey:
|
||||||
path: "/etc/ansible_certs/{{ item }}/key.pem"
|
path: "/etc/ansible_certs/{{ item }}/key.pem"
|
||||||
|
|
@ -20,6 +22,7 @@
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
|
||||||
- name: Ensure certificate signing request is created
|
- name: Ensure certificate signing request is created
|
||||||
community.crypto.openssl_csr:
|
community.crypto.openssl_csr:
|
||||||
path: "/etc/ansible_certs/{{ item }}/csr.pem"
|
path: "/etc/ansible_certs/{{ item }}/csr.pem"
|
||||||
|
|
@ -29,6 +32,7 @@
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
register: cert__csr_result
|
register: cert__csr_result
|
||||||
|
|
||||||
- name: Check certificate status and create ACME challenge if needed
|
- name: Check certificate status and create ACME challenge if needed
|
||||||
community.crypto.acme_certificate:
|
community.crypto.acme_certificate:
|
||||||
account_email: "{{ cert__acme_account.email }}"
|
account_email: "{{ cert__acme_account.email }}"
|
||||||
|
|
@ -42,6 +46,7 @@
|
||||||
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||||
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||||
register: cert__acme_challenge
|
register: cert__acme_challenge
|
||||||
|
|
||||||
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
|
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
|
||||||
when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason
|
when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason
|
||||||
block:
|
block:
|
||||||
|
|
@ -81,26 +86,31 @@
|
||||||
type: TXT
|
type: TXT
|
||||||
ttl: 60
|
ttl: 60
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: Ensure correct permissions for certificate are set
|
- name: Ensure correct permissions for certificate are set
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/etc/ansible_certs/{{ item }}/cert.pem"
|
path: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
|
||||||
- name: Ensure correct permissions for fullchain cert are set
|
- name: Ensure correct permissions for fullchain cert are set
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
path: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||||
owner: "{{ cert__owner }}"
|
owner: "{{ cert__owner }}"
|
||||||
group: "{{ cert__group }}"
|
group: "{{ cert__group }}"
|
||||||
mode: "0660"
|
mode: "0660"
|
||||||
|
|
||||||
- name: Get content of cert.pem
|
- name: Get content of cert.pem
|
||||||
ansible.builtin.slurp:
|
ansible.builtin.slurp:
|
||||||
src: "/etc/ansible_certs/{{ item }}/cert.pem"
|
src: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||||
register: cert__cert_slurp
|
register: cert__cert_slurp
|
||||||
|
|
||||||
- name: Get content of fullchain.pem
|
- name: Get content of fullchain.pem
|
||||||
ansible.builtin.slurp:
|
ansible.builtin.slurp:
|
||||||
src: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
src: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||||
register: cert__fullchain_slurp
|
register: cert__fullchain_slurp
|
||||||
|
|
||||||
- name: Ensure ca.pem is created
|
- name: Ensure ca.pem is created
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
|
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue