Add some spacing between tasks

This commit is contained in:
julian 2023-04-25 16:59:02 +02:00
parent f8d89c9742
commit 6e9d07b6f6

View file

@ -5,6 +5,7 @@
owner: root owner: root
group: root group: root
mode: "755" mode: "755"
- name: Ensure sub-directory for the certificate exists - name: Ensure sub-directory for the certificate exists
ansible.builtin.file: ansible.builtin.file:
path: "/etc/ansible_certs/{{ item }}" path: "/etc/ansible_certs/{{ item }}"
@ -12,6 +13,7 @@
owner: "{{ cert__owner }}" owner: "{{ cert__owner }}"
group: "{{ cert__group }}" group: "{{ cert__group }}"
mode: "755" mode: "755"
- name: Ensure private key is generated - name: Ensure private key is generated
community.crypto.openssl_privatekey: community.crypto.openssl_privatekey:
path: "/etc/ansible_certs/{{ item }}/key.pem" path: "/etc/ansible_certs/{{ item }}/key.pem"
@ -20,6 +22,7 @@
owner: "{{ cert__owner }}" owner: "{{ cert__owner }}"
group: "{{ cert__group }}" group: "{{ cert__group }}"
mode: "0600" mode: "0600"
- name: Ensure certificate signing request is created - name: Ensure certificate signing request is created
community.crypto.openssl_csr: community.crypto.openssl_csr:
path: "/etc/ansible_certs/{{ item }}/csr.pem" path: "/etc/ansible_certs/{{ item }}/csr.pem"
@ -29,6 +32,7 @@
group: "{{ cert__group }}" group: "{{ cert__group }}"
mode: "0660" mode: "0660"
register: cert__csr_result register: cert__csr_result
- name: Check certificate status and create ACME challenge if needed - name: Check certificate status and create ACME challenge if needed
community.crypto.acme_certificate: community.crypto.acme_certificate:
account_email: "{{ cert__acme_account.email }}" account_email: "{{ cert__acme_account.email }}"
@ -42,6 +46,7 @@
dest: "/etc/ansible_certs/{{ item }}/cert.pem" dest: "/etc/ansible_certs/{{ item }}/cert.pem"
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem" fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
register: cert__acme_challenge register: cert__acme_challenge
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler - name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason when: cert__acme_challenge.changed # Can't be put in a handler, because then the block "always" tasks won't be executed for some reason
block: block:
@ -81,26 +86,31 @@
type: TXT type: TXT
ttl: 60 ttl: 60
state: absent state: absent
- name: Ensure correct permissions for certificate are set - name: Ensure correct permissions for certificate are set
ansible.builtin.file: ansible.builtin.file:
path: "/etc/ansible_certs/{{ item }}/cert.pem" path: "/etc/ansible_certs/{{ item }}/cert.pem"
owner: "{{ cert__owner }}" owner: "{{ cert__owner }}"
group: "{{ cert__group }}" group: "{{ cert__group }}"
mode: "0660" mode: "0660"
- name: Ensure correct permissions for fullchain cert are set - name: Ensure correct permissions for fullchain cert are set
ansible.builtin.file: ansible.builtin.file:
path: "/etc/ansible_certs/{{ item }}/fullchain.pem" path: "/etc/ansible_certs/{{ item }}/fullchain.pem"
owner: "{{ cert__owner }}" owner: "{{ cert__owner }}"
group: "{{ cert__group }}" group: "{{ cert__group }}"
mode: "0660" mode: "0660"
- name: Get content of cert.pem - name: Get content of cert.pem
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/etc/ansible_certs/{{ item }}/cert.pem" src: "/etc/ansible_certs/{{ item }}/cert.pem"
register: cert__cert_slurp register: cert__cert_slurp
- name: Get content of fullchain.pem - name: Get content of fullchain.pem
ansible.builtin.slurp: ansible.builtin.slurp:
src: "/etc/ansible_certs/{{ item }}/fullchain.pem" src: "/etc/ansible_certs/{{ item }}/fullchain.pem"
register: cert__fullchain_slurp register: cert__fullchain_slurp
- name: Ensure ca.pem is created - name: Ensure ca.pem is created
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}" content: "{{ cert__fullchain_slurp.content | b64decode | replace(cert__cert_slurp.content | b64decode, '') }}"