Ansible-Linux_Base/roles/base/tasks/core_cert.yml

---
# file: roles/base/tasks/core_cert.yml

- name: Install pip
  package:
    name: python3-pip
    state: latest
  register: pip_install
  when: ansible_python_version is version('3', '>=')

- name: Upgrade pip
  command : pip3 install -U pip 
  when: pip_install.changed

- name: Install latest python2-cryptography
  package:
    name: python2-cryptography
    state: latest
  when: ((ansible_python_version is version('2', '>=')) and (ansible_python_version is version('3', '<')) )

- name: Install latest cryptography
  pip:
    name: cryptography
    state: latest
  when: ansible_python_version is version('3', '>=')

- name: Ensure directory exists for local self-signed TLS certs
  file:
    path: /etc/ssl/{{ base_core_cert_common_name }}/live
    state: directory

- name: Generate an OpenSSL private key
  openssl_privatekey:
    path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem

- name: Generate an OpenSSL CSR
  openssl_csr:
    path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
    privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
    common_name: "{{ base_core_cert_common_name }}"

- name: Generate a self signed OpenSSL certificate
  openssl_certificate:
    path: /etc/ssl/{{ base_core_cert_common_name }}/live/fullchain.pem
    privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
    csr_path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
    provider: selfsigned

- name: Create merged certificate
  assemble:
    src: /etc/ssl/{{ base_core_cert_common_name }}/live/
    dest: /etc/ssl/{{ base_core_cert_common_name }}/live/merged.pem
    regexp: '(fullchain.pem$|privkey.pem$)'
Initial commit 2021-09-01 17:31:49 -06:00			`---`
			`# file: roles/base/tasks/core_cert.yml`

			`- name: Install pip`
			`package:`
			`name: python3-pip`
			`state: latest`
			`register: pip_install`
			`when: ansible_python_version is version('3', '>=')`

			`- name: Upgrade pip`
			`command : pip3 install -U pip`
			`when: pip_install.changed`

			`- name: Install latest python2-cryptography`
			`package:`
			`name: python2-cryptography`
			`state: latest`
			`when: ((ansible_python_version is version('2', '>=')) and (ansible_python_version is version('3', '<')) )`

			`- name: Install latest cryptography`
			`pip:`
			`name: cryptography`
			`state: latest`
			`when: ansible_python_version is version('3', '>=')`

			`- name: Ensure directory exists for local self-signed TLS certs`
			`file:`
			`path: /etc/ssl/{{ base_core_cert_common_name }}/live`
			`state: directory`

			`- name: Generate an OpenSSL private key`
			`openssl_privatekey:`
			`path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem`

			`- name: Generate an OpenSSL CSR`
			`openssl_csr:`
			`path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr`
			`privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem`
			`common_name: "{{ base_core_cert_common_name }}"`

			`- name: Generate a self signed OpenSSL certificate`
			`openssl_certificate:`
			`path: /etc/ssl/{{ base_core_cert_common_name }}/live/fullchain.pem`
			`privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem`
			`csr_path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr`
			`provider: selfsigned`

			`- name: Create merged certificate`
			`assemble:`
			`src: /etc/ssl/{{ base_core_cert_common_name }}/live/`
			`dest: /etc/ssl/{{ base_core_cert_common_name }}/live/merged.pem`
			`regexp: '(fullchain.pem$\|privkey.pem$)'`