2021-09-01 17:31:49 -06:00
|
|
|
---
|
|
|
|
# file: roles/base/tasks/core_cert.yml
|
|
|
|
|
|
|
|
- name: Install pip
|
|
|
|
package:
|
|
|
|
name: python3-pip
|
|
|
|
state: latest
|
|
|
|
register: pip_install
|
|
|
|
when: ansible_python_version is version('3', '>=')
|
|
|
|
|
2021-09-23 14:48:45 -06:00
|
|
|
- name: Upgrade pip
|
|
|
|
pip:
|
|
|
|
name: pip
|
2022-08-22 15:17:56 -06:00
|
|
|
executable: pip3
|
2021-09-23 14:48:45 -06:00
|
|
|
state: latest
|
2021-10-02 07:14:21 -06:00
|
|
|
extra_args: --upgrade
|
2021-09-29 06:46:46 -06:00
|
|
|
when: ansible_python_version is version('3', '>=')
|
2023-02-04 07:19:32 -07:00
|
|
|
become: false
|
2021-09-23 14:48:45 -06:00
|
|
|
|
2024-01-21 15:00:29 -07:00
|
|
|
- name: check if pip3 file exists
|
|
|
|
stat:
|
|
|
|
path: /bin/pip3
|
|
|
|
register: pip3_status
|
|
|
|
|
|
|
|
- name: Create a symbolic link for pip
|
|
|
|
file:
|
|
|
|
src: /usr/local/bin/pip3
|
|
|
|
dest: /bin/pip3
|
|
|
|
state: link
|
|
|
|
when: pip3_status.stat.exists == false
|
|
|
|
|
2021-09-01 17:31:49 -06:00
|
|
|
- name: Install latest python2-cryptography
|
|
|
|
package:
|
|
|
|
name: python2-cryptography
|
|
|
|
state: latest
|
|
|
|
when: ((ansible_python_version is version('2', '>=')) and (ansible_python_version is version('3', '<')) )
|
2022-08-22 13:18:35 -06:00
|
|
|
become: false
|
2021-09-01 17:31:49 -06:00
|
|
|
|
|
|
|
- name: Install latest cryptography
|
|
|
|
pip:
|
|
|
|
name: cryptography
|
2022-08-22 15:17:56 -06:00
|
|
|
executable: pip3
|
2021-09-01 17:31:49 -06:00
|
|
|
state: latest
|
|
|
|
when: ansible_python_version is version('3', '>=')
|
2024-01-21 15:00:29 -07:00
|
|
|
become: true
|
2021-09-01 17:31:49 -06:00
|
|
|
|
|
|
|
- name: Ensure directory exists for local self-signed TLS certs
|
|
|
|
file:
|
|
|
|
path: /etc/ssl/{{ base_core_cert_common_name }}/live
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: Generate an OpenSSL private key
|
|
|
|
openssl_privatekey:
|
|
|
|
path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
|
|
|
|
|
|
|
|
- name: Generate an OpenSSL CSR
|
|
|
|
openssl_csr:
|
|
|
|
path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
|
|
|
|
privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
|
|
|
|
common_name: "{{ base_core_cert_common_name }}"
|
|
|
|
|
|
|
|
- name: Generate a self signed OpenSSL certificate
|
|
|
|
openssl_certificate:
|
|
|
|
path: /etc/ssl/{{ base_core_cert_common_name }}/live/fullchain.pem
|
|
|
|
privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
|
|
|
|
csr_path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
|
|
|
|
provider: selfsigned
|
|
|
|
|
|
|
|
- name: Create merged certificate
|
|
|
|
assemble:
|
|
|
|
src: /etc/ssl/{{ base_core_cert_common_name }}/live/
|
|
|
|
dest: /etc/ssl/{{ base_core_cert_common_name }}/live/merged.pem
|
|
|
|
regexp: '(fullchain.pem$|privkey.pem$)'
|