Make use of become
in role
This commit is contained in:
parent
6e9d07b6f6
commit
f9c51842fd
1 changed files with 11 additions and 0 deletions
|
@ -5,6 +5,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "755"
|
||||
become: true
|
||||
|
||||
- name: Ensure sub-directory for the certificate exists
|
||||
ansible.builtin.file:
|
||||
|
@ -13,6 +14,7 @@
|
|||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "755"
|
||||
become: true
|
||||
|
||||
- name: Ensure private key is generated
|
||||
community.crypto.openssl_privatekey:
|
||||
|
@ -22,6 +24,7 @@
|
|||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0600"
|
||||
become: true
|
||||
|
||||
- name: Ensure certificate signing request is created
|
||||
community.crypto.openssl_csr:
|
||||
|
@ -31,6 +34,7 @@
|
|||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
become: true
|
||||
register: cert__csr_result
|
||||
|
||||
- name: Check certificate status and create ACME challenge if needed
|
||||
|
@ -45,6 +49,7 @@
|
|||
csr: "/etc/ansible_certs/{{ item }}/csr.pem"
|
||||
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||
become: true
|
||||
register: cert__acme_challenge
|
||||
|
||||
- name: Retrieve certificate and fulfill challenge if needed # noqa no-handler
|
||||
|
@ -74,6 +79,7 @@
|
|||
dest: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||
fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||
data: "{{ cert__acme_challenge }}"
|
||||
become: true
|
||||
notify: "{{ cert__handlers }}"
|
||||
always:
|
||||
- name: Ensure DNS record is removed
|
||||
|
@ -93,6 +99,7 @@
|
|||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
become: true
|
||||
|
||||
- name: Ensure correct permissions for fullchain cert are set
|
||||
ansible.builtin.file:
|
||||
|
@ -100,15 +107,18 @@
|
|||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
become: true
|
||||
|
||||
- name: Get content of cert.pem
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/ansible_certs/{{ item }}/cert.pem"
|
||||
become: true
|
||||
register: cert__cert_slurp
|
||||
|
||||
- name: Get content of fullchain.pem
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/ansible_certs/{{ item }}/fullchain.pem"
|
||||
become: true
|
||||
register: cert__fullchain_slurp
|
||||
|
||||
- name: Ensure ca.pem is created
|
||||
|
@ -118,3 +128,4 @@
|
|||
owner: "{{ cert__owner }}"
|
||||
group: "{{ cert__group }}"
|
||||
mode: "0660"
|
||||
become: true
|
||||
|
|
Loading…
Reference in a new issue