Tyler/Ansible-Linux_Base
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity
Ansible-Linux_Base/roles/base/tasks/core_cert.yml
Tyler Hale 49c2cf296b
Fixing hostname/cert
2024-01-21 15:00:29 -07:00

73 lines
2.1 KiB
YAML
Raw Permalink Blame History

---
# file: roles/base/tasks/core_cert.yml
- name: Install pip
package:
name: python3-pip
state: latest
register: pip_install
when: ansible_python_version is version('3', '>=')
- name: Upgrade pip
pip:
name: pip
executable: pip3
state: latest
extra_args: --upgrade
when: ansible_python_version is version('3', '>=')
become: false
- name: check if pip3 file exists
stat:
path: /bin/pip3
register: pip3_status
- name: Create a symbolic link for pip
file:
src: /usr/local/bin/pip3
dest: /bin/pip3
state: link
when: pip3_status.stat.exists == false
- name: Install latest python2-cryptography
package:
name: python2-cryptography
state: latest
when: ((ansible_python_version is version('2', '>=')) and (ansible_python_version is version('3', '<')) )
become: false
- name: Install latest cryptography
pip:
name: cryptography
executable: pip3
state: latest
when: ansible_python_version is version('3', '>=')
become: true
- name: Ensure directory exists for local self-signed TLS certs
file:
path: /etc/ssl/{{ base_core_cert_common_name }}/live
state: directory
- name: Generate an OpenSSL private key
openssl_privatekey:
path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
- name: Generate an OpenSSL CSR
openssl_csr:
path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
common_name: "{{ base_core_cert_common_name }}"
- name: Generate a self signed OpenSSL certificate
openssl_certificate:
path: /etc/ssl/{{ base_core_cert_common_name }}/live/fullchain.pem
privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
csr_path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
provider: selfsigned
- name: Create merged certificate
assemble:
src: /etc/ssl/{{ base_core_cert_common_name }}/live/
dest: /etc/ssl/{{ base_core_cert_common_name }}/live/merged.pem
regexp: '(fullchain.pem$|privkey.pem$)'
Reference in a new issue View git blame Copy permalink