Ansible-Linux_Base/roles/base/tasks/core_cert.yml

62 lines
1.8 KiB
YAML
Raw Normal View History

2021-09-01 17:31:49 -06:00
---
# file: roles/base/tasks/core_cert.yml
- name: Install pip
package:
name: python3-pip
state: latest
register: pip_install
when: ansible_python_version is version('3', '>=')
- name: Upgrade pip
pip:
name: pip
2021-10-02 07:14:21 -06:00
executable: pip3
state: latest
2021-10-02 07:14:21 -06:00
extra_args: --upgrade
2021-09-29 06:46:46 -06:00
when: ansible_python_version is version('3', '>=')
2022-08-22 13:18:35 -06:00
become: true
2021-09-01 17:31:49 -06:00
- name: Install latest python2-cryptography
package:
name: python2-cryptography
state: latest
when: ((ansible_python_version is version('2', '>=')) and (ansible_python_version is version('3', '<')) )
2022-08-22 13:18:35 -06:00
become: false
2021-09-01 17:31:49 -06:00
- name: Install latest cryptography
pip:
name: cryptography
2021-10-14 21:00:51 -06:00
executable: pip3
2021-09-01 17:31:49 -06:00
state: latest
when: ansible_python_version is version('3', '>=')
2022-08-22 13:18:35 -06:00
become: true
2021-09-01 17:31:49 -06:00
- name: Ensure directory exists for local self-signed TLS certs
file:
path: /etc/ssl/{{ base_core_cert_common_name }}/live
state: directory
- name: Generate an OpenSSL private key
openssl_privatekey:
path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
- name: Generate an OpenSSL CSR
openssl_csr:
path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
common_name: "{{ base_core_cert_common_name }}"
- name: Generate a self signed OpenSSL certificate
openssl_certificate:
path: /etc/ssl/{{ base_core_cert_common_name }}/live/fullchain.pem
privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
csr_path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
provider: selfsigned
- name: Create merged certificate
assemble:
src: /etc/ssl/{{ base_core_cert_common_name }}/live/
dest: /etc/ssl/{{ base_core_cert_common_name }}/live/merged.pem
regexp: '(fullchain.pem$|privkey.pem$)'