From f9c51842fdd90c83cace61f1173366f784f77fd8 Mon Sep 17 00:00:00 2001 From: julian Date: Tue, 25 Apr 2023 17:13:10 +0200 Subject: [PATCH] Make use of `become` in role --- playbooks/roles/cert/tasks/deploy_cert.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/playbooks/roles/cert/tasks/deploy_cert.yml b/playbooks/roles/cert/tasks/deploy_cert.yml index 28c6a8c..f60a049 100644 --- a/playbooks/roles/cert/tasks/deploy_cert.yml +++ b/playbooks/roles/cert/tasks/deploy_cert.yml @@ -5,6 +5,7 @@ owner: root group: root mode: "755" + become: true - name: Ensure sub-directory for the certificate exists ansible.builtin.file: @@ -13,6 +14,7 @@ owner: "{{ cert__owner }}" group: "{{ cert__group }}" mode: "755" + become: true - name: Ensure private key is generated community.crypto.openssl_privatekey: @@ -22,6 +24,7 @@ owner: "{{ cert__owner }}" group: "{{ cert__group }}" mode: "0600" + become: true - name: Ensure certificate signing request is created community.crypto.openssl_csr: @@ -31,6 +34,7 @@ owner: "{{ cert__owner }}" group: "{{ cert__group }}" mode: "0660" + become: true register: cert__csr_result - name: Check certificate status and create ACME challenge if needed @@ -45,6 +49,7 @@ csr: "/etc/ansible_certs/{{ item }}/csr.pem" dest: "/etc/ansible_certs/{{ item }}/cert.pem" fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem" + become: true register: cert__acme_challenge - name: Retrieve certificate and fulfill challenge if needed # noqa no-handler @@ -74,6 +79,7 @@ dest: "/etc/ansible_certs/{{ item }}/cert.pem" fullchain_dest: "/etc/ansible_certs/{{ item }}/fullchain.pem" data: "{{ cert__acme_challenge }}" + become: true notify: "{{ cert__handlers }}" always: - name: Ensure DNS record is removed @@ -93,6 +99,7 @@ owner: "{{ cert__owner }}" group: "{{ cert__group }}" mode: "0660" + become: true - name: Ensure correct permissions for fullchain cert are set ansible.builtin.file: @@ -100,15 +107,18 @@ owner: "{{ cert__owner }}" group: "{{ cert__group }}" mode: "0660" + become: true - name: Get content of cert.pem ansible.builtin.slurp: src: "/etc/ansible_certs/{{ item }}/cert.pem" + become: true register: cert__cert_slurp - name: Get content of fullchain.pem ansible.builtin.slurp: src: "/etc/ansible_certs/{{ item }}/fullchain.pem" + become: true register: cert__fullchain_slurp - name: Ensure ca.pem is created @@ -118,3 +128,4 @@ owner: "{{ cert__owner }}" group: "{{ cert__group }}" mode: "0660" + become: true