|
|
@@ -1,6 +1,6 @@
|
|
|
- name: 'Create ssl certificates directory for in /etc/ssl'
|
|
|
file:
|
|
|
- path: '/etc/ssl/{{ item }}'
|
|
|
+ path: '/etc/ssl/local/certs/{{ item }}'
|
|
|
state: 'directory'
|
|
|
owner: 'root'
|
|
|
group: 'root'
|
|
|
@@ -11,29 +11,56 @@
|
|
|
- name: 'Install ssl certificates (certificate)'
|
|
|
copy:
|
|
|
content: "{{lookup('file', 'data/ssl/' + item + '/' + item + '.crt')}}"
|
|
|
- dest: '/etc/ssl/{{ item }}/{{ item }}.crt'
|
|
|
+ dest: '/etc/ssl/local/certs/{{ item }}/cert.pem'
|
|
|
owner: 'root'
|
|
|
group: 'root'
|
|
|
mode: '0640'
|
|
|
+ register: ssl_cert_result
|
|
|
with_items: ssl_certs
|
|
|
when: ssl_certs
|
|
|
|
|
|
-- name: 'Install ssl certificates (key)'
|
|
|
+- name: 'Install ssl certificates (private key)'
|
|
|
copy:
|
|
|
content: "{{lookup('file', 'data/ssl/' + item + '/' + item + '.key')}}"
|
|
|
- dest: '/etc/ssl/{{ item }}/{{ item }}.key'
|
|
|
+ dest: '/etc/ssl/local/certs/{{ item }}/privkey.pem'
|
|
|
owner: 'root'
|
|
|
group: 'root'
|
|
|
mode: '0640'
|
|
|
+ register: ssl_key_result
|
|
|
with_items: ssl_certs
|
|
|
when: ssl_certs
|
|
|
|
|
|
-- name: 'Install ssl certificates (bundle)'
|
|
|
+- name: 'Install ssl certificates (chain)'
|
|
|
copy:
|
|
|
content: "{{lookup('file', 'data/ssl/' + item + '/bundle.crt')}}"
|
|
|
- dest: '/etc/ssl/{{ item }}/bundle.crt'
|
|
|
+ dest: '/etc/ssl/local/certs/{{ item }}/chain.pem'
|
|
|
owner: 'root'
|
|
|
group: 'root'
|
|
|
mode: '0644'
|
|
|
+ register: ssl_chain_result
|
|
|
with_items: ssl_certs
|
|
|
when: ssl_certs
|
|
|
+
|
|
|
+- name: 'Gathering info about ssl full chain (certificate + chain)'
|
|
|
+ stat:
|
|
|
+ path: '/etc/ssl/local/certs/{{ item }}/fullchain.pem'
|
|
|
+ with_items: ssl_certs
|
|
|
+ register: ssl_fullchain_stats
|
|
|
+ when: ssl_certs
|
|
|
+
|
|
|
+- name: 'Gathering info about ssl bundle (key + fullchain)'
|
|
|
+ stat:
|
|
|
+ path: '/etc/ssl/local/certs/{{ item }}/bundle.pem'
|
|
|
+ with_items: ssl_certs
|
|
|
+ register: ssl_bundle_stats
|
|
|
+ when: ssl_certs
|
|
|
+
|
|
|
+- name: 'Create ssl certificates full chain (certificate + chain)'
|
|
|
+ shell: sed '/^\s*$/d' '/etc/ssl/local/certs/{{ item.item }}/cert.pem' '/etc/ssl/local/certs/{{ item.item }}/chain.pem' > '/etc/ssl/local/certs/{{ item.item }}/fullchain.pem'
|
|
|
+ with_items: ssl_fullchain_stats.results
|
|
|
+ when: ssl_certs and (not item.stat.exists or ssl_cert_result|changed or ssl_chain_result|changed)
|
|
|
+
|
|
|
+- name: 'Create ssl certificates bundle (key + certificate + bundle)'
|
|
|
+ shell: sed '/^\s*$/d' '/etc/ssl/local/certs/{{ item.item }}/privkey.pem' '/etc/ssl/local/certs/{{ item.item }}/cert.pem' '/etc/ssl/local/certs/{{ item.item }}/chain.pem' > '/etc/ssl/local/certs/{{ item.item }}/bundle.pem'
|
|
|
+ with_items: ssl_bundle_stats.results
|
|
|
+ when: ssl_certs and (not item.stat.exists or ssl_key_result|changed or ssl_cert_result|changed or ssl_chain_result|changed)
|
