73 lines
2.1 KiB
YAML
73 lines
2.1 KiB
YAML
---
|
|
# file: roles/base/tasks/core_cert.yml
|
|
|
|
- name: Install pip
|
|
package:
|
|
name: python3-pip
|
|
state: latest
|
|
register: pip_install
|
|
when: ansible_python_version is version('3', '>=')
|
|
|
|
- name: Upgrade pip
|
|
pip:
|
|
name: pip
|
|
executable: pip3
|
|
state: latest
|
|
extra_args: --upgrade
|
|
when: ansible_python_version is version('3', '>=')
|
|
become: false
|
|
|
|
- name: check if pip3 file exists
|
|
stat:
|
|
path: /bin/pip3
|
|
register: pip3_status
|
|
|
|
- name: Create a symbolic link for pip
|
|
file:
|
|
src: /usr/local/bin/pip3
|
|
dest: /bin/pip3
|
|
state: link
|
|
when: pip3_status.stat.exists == false
|
|
|
|
- name: Install latest python2-cryptography
|
|
package:
|
|
name: python2-cryptography
|
|
state: latest
|
|
when: ((ansible_python_version is version('2', '>=')) and (ansible_python_version is version('3', '<')) )
|
|
become: false
|
|
|
|
- name: Install latest cryptography
|
|
pip:
|
|
name: cryptography
|
|
executable: pip3
|
|
state: latest
|
|
when: ansible_python_version is version('3', '>=')
|
|
become: true
|
|
|
|
- name: Ensure directory exists for local self-signed TLS certs
|
|
file:
|
|
path: /etc/ssl/{{ base_core_cert_common_name }}/live
|
|
state: directory
|
|
|
|
- name: Generate an OpenSSL private key
|
|
openssl_privatekey:
|
|
path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
|
|
|
|
- name: Generate an OpenSSL CSR
|
|
openssl_csr:
|
|
path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
|
|
privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
|
|
common_name: "{{ base_core_cert_common_name }}"
|
|
|
|
- name: Generate a self signed OpenSSL certificate
|
|
openssl_certificate:
|
|
path: /etc/ssl/{{ base_core_cert_common_name }}/live/fullchain.pem
|
|
privatekey_path: /etc/ssl/{{ base_core_cert_common_name }}/live/privkey.pem
|
|
csr_path: /etc/ssl/{{ base_core_cert_common_name }}/{{ base_core_cert_common_name }}.csr
|
|
provider: selfsigned
|
|
|
|
- name: Create merged certificate
|
|
assemble:
|
|
src: /etc/ssl/{{ base_core_cert_common_name }}/live/
|
|
dest: /etc/ssl/{{ base_core_cert_common_name }}/live/merged.pem
|
|
regexp: '(fullchain.pem$|privkey.pem$)'
|