public_git
/
ansibleguy.infra_certs
mirror of https://github.com/ansibleguy/infra_certs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

remove 'Debian' from task-names, config-check tags

This commit is contained in:
AnsibleGuy 2023-05-13 22:21:46 +02:00
parent 8c1ca9c1a7
commit 73cc205da2
No known key found for this signature in database
GPG Key ID: 52984C069F5AD3CD
13 changed files with 49 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tasks/debian/letsencrypt/apache.yml
View File

@ -1,17 +1,17 @@
--- ---
- name: Certificates | Debian | LetsEncrypt Certbot | Apache | Install package - name: Certificates | LetsEncrypt Certbot | Apache | Install package
ansible.builtin.package: ansible.builtin.package:
name: ['python3-certbot-apache'] name: ['python3-certbot-apache']
state: present state: present
- name: Certificates | Debian | LetsEncrypt Certbot | Apache | Checking sites - name: Certificates | LetsEncrypt Certbot | Apache | Checking sites
ansible.builtin.command: 'ls /etc/apache2/sites-enabled/' ansible.builtin.command: 'ls /etc/apache2/sites-enabled/'
changed_when: false changed_when: false
register: enabled_apache_sites register: enabled_apache_sites
check_mode: false check_mode: false
- name: Certificates | Debian | LetsEncrypt Certbot | Apache | Deploying temporary apache site - name: Certificates | LetsEncrypt Certbot | Apache | Deploying temporary apache site
ansible.builtin.template: ansible.builtin.template:
src: 'templates/etc/apache2/sites-enabled/le_dummy.conf.j2' src: 'templates/etc/apache2/sites-enabled/le_dummy.conf.j2'
dest: '/etc/apache2/sites-enabled/tmp_le_dummy.conf' dest: '/etc/apache2/sites-enabled/tmp_le_dummy.conf'
@ -21,7 +21,7 @@
register: tmp_site_enable register: tmp_site_enable
when: enabled_apache_sites.stdout_lines | length == 0 when: enabled_apache_sites.stdout_lines | length == 0
- name: Certificates | Debian | LetsEncrypt Certbot | Apache | Reloading apache - name: Certificates | LetsEncrypt Certbot | Apache | Reloading apache
ansible.builtin.systemd: ansible.builtin.systemd:
name: 'apache2.service' name: 'apache2.service'
state: reloaded state: reloaded

4
tasks/debian/letsencrypt/apache_cleanup.yml
View File

@ -1,12 +1,12 @@
--- ---
- name: Certificates | Debian | LetsEncrypt Certbot | Apache | Disable temporary site - name: Certificates | LetsEncrypt Certbot | Apache | Disable temporary site
ansible.builtin.file: ansible.builtin.file:
state: absent state: absent
path: '/etc/apache2/sites-enabled/tmp_le_dummy.conf' path: '/etc/apache2/sites-enabled/tmp_le_dummy.conf'
register: tmp_site_disable register: tmp_site_disable
- name: Certificates | Debian | LetsEncrypt Certbot | Apache | Reloading apache - name: Certificates | LetsEncrypt Certbot | Apache | Reloading apache
ansible.builtin.systemd: ansible.builtin.systemd:
name: 'apache2.service' name: 'apache2.service'
state: reloaded state: reloaded

6
tasks/debian/letsencrypt/apache_dependencies.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Apache | Debian | LetsEncrypt Certbot | Dependencies | Deploying temporary apache site - name: Apache | LetsEncrypt Certbot | Dependencies | Deploying temporary apache site
ansible.builtin.template: ansible.builtin.template:
src: 'templates/etc/apache2/sites-available/le_dummy.conf.j2' src: 'templates/etc/apache2/sites-available/le_dummy.conf.j2'
dest: '/etc/apache2/sites-available/tmp_le_dummy.conf' dest: '/etc/apache2/sites-available/tmp_le_dummy.conf'
@ -8,7 +8,7 @@
group: 'root' group: 'root'
mode: 0644 mode: 0644
- name: Apache | Debian | LetsEncrypt Certbot | Dependencies | Enable apache site - name: Apache | LetsEncrypt Certbot | Dependencies | Enable apache site
ansible.builtin.file: ansible.builtin.file:
state: link state: link
src: '/etc/apache2/sites-available/tmp_le_dummy.conf' src: '/etc/apache2/sites-available/tmp_le_dummy.conf'
@ -17,7 +17,7 @@
group: 'root' group: 'root'
mode: 0644 mode: 0644
- name: Apache | Debian | LetsEncrypt Certbot | Dependencies | Reload apache - name: Apache | LetsEncrypt Certbot | Dependencies | Reload apache
ansible.builtin.systemd: ansible.builtin.systemd:
name: 'apache2.service' name: 'apache2.service'
state: reloaded state: reloaded

19
tasks/debian/letsencrypt/cert.yml
View File

@ -1,12 +1,12 @@
--- ---
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Showing debug info" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Showing debug info"
ansible.builtin.debug: ansible.builtin.debug:
var: le_cert var: le_cert
when: debug | bool when: debug | bool
# ToDo: path validation # ToDo: path validation
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Checking config" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Checking config"
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- CERT_CONFIG.letsencrypt.service in CERT_HC.letsencrypt.options.service - CERT_CONFIG.letsencrypt.service in CERT_HC.letsencrypt.options.service
@ -16,15 +16,16 @@
- le_cert.email | validate_email or CERT_CONFIG.cert.email | validate_email - le_cert.email | validate_email or CERT_CONFIG.cert.email | validate_email
ignore_errors: true ignore_errors: true
register: le_cnf_check register: le_cnf_check
tags: always
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Invalid config" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Invalid config"
ansible.builtin.fail: ansible.builtin.fail:
msg: "LetsEncrypt-CONFIG: {{ CERT_CONFIG.letsencrypt }} | {{ le_cert }}" msg: "LetsEncrypt-CONFIG: {{ CERT_CONFIG.letsencrypt }} | {{ le_cert }}"
when: when:
- le_cnf_check.failed is defined - le_cnf_check.failed is defined
- le_cnf_check.failed - le_cnf_check.failed
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Creating directory" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Creating directory"
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
@ -36,7 +37,7 @@
- "{{ le_path }}" - "{{ le_path }}"
changed_when: false changed_when: false
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Certbot command (FYI)"
ansible.builtin.debug: ansible.builtin.debug:
msg: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug or testing %} --staging{% endif %} msg: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug or testing %} --staging{% endif %}
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }} --{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
@ -47,7 +48,7 @@
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}" {% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
when: le_changed when: le_changed
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Running certbot" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Running certbot"
ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug or testing %} --staging{% endif %} ansible.builtin.command: "certbot certonly --non-interactive --agree-tos --no-redirect{% if debug or testing %} --staging{% endif %}
--{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }} --{{ CERT_CONFIG.letsencrypt.service }} --cert-name {{ le_name }}
-{{ CERT_CONFIG.letsencrypt.verbosity }} -{{ CERT_CONFIG.letsencrypt.verbosity }}
@ -58,11 +59,11 @@
when: le_changed when: le_changed
changed_when: false changed_when: false
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Adding dummy certs" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Adding dummy certs"
ansible.builtin.include_tasks: test.yml ansible.builtin.include_tasks: test.yml
when: testing when: testing
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking cert" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Linking cert"
ansible.builtin.file: ansible.builtin.file:
state: link state: link
src: "{{ item.src }}" src: "{{ item.src }}"
@ -77,7 +78,7 @@
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.chain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/chain.pem"} - {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.chain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/chain.pem"}
- {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.fullchain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/fullchain.pem"} - {'dst': "{{ CERT_CONFIG.path }}/{{ le_name }}.fullchain.{{ CERT_CONFIG.extension_cert }}", 'src': "{{ le_path }}/fullchain.pem"}
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking key" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | Linking key"
ansible.builtin.file: ansible.builtin.file:
state: link state: link
src: "{{ le_path }}/privkey.pem" src: "{{ le_path }}/privkey.pem"

27
tasks/debian/letsencrypt/main.yml
View File

@ -1,34 +1,35 @@
--- ---
- name: Certificates | Debian | LetsEncrypt Certbot | Checking config - name: Certificates | LetsEncrypt Certbot | Checking config
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- CERT_CONFIG.letsencrypt.certs | length > 0 - CERT_CONFIG.letsencrypt.certs | length > 0
- CERT_CONFIG.letsencrypt.service | default(false, true) - CERT_CONFIG.letsencrypt.service | default(false, true)
- CERT_CONFIG.letsencrypt.email | default(false, true) or CERT_CONFIG.letsencrypt.certs | check_email - CERT_CONFIG.letsencrypt.email | default(false, true) or CERT_CONFIG.letsencrypt.certs | check_email
- CERT_CONFIG.letsencrypt.service in CERT_HC.letsencrypt.options.service - CERT_CONFIG.letsencrypt.service in CERT_HC.letsencrypt.options.service
tags: always
- name: Certificates | Debian | LetsEncrypt Certbot | Configure for Apache2 - name: Certificates | LetsEncrypt Certbot | Configure for Apache2
ansible.builtin.import_tasks: apache.yml ansible.builtin.import_tasks: apache.yml
when: CERT_CONFIG.letsencrypt.service == 'apache' when: CERT_CONFIG.letsencrypt.service == 'apache'
- name: Certificates | Debian | LetsEncrypt Certbot | Configure for Nginx - name: Certificates | LetsEncrypt Certbot | Configure for Nginx
ansible.builtin.import_tasks: nginx.yml ansible.builtin.import_tasks: nginx.yml
when: CERT_CONFIG.letsencrypt.service == 'nginx' when: CERT_CONFIG.letsencrypt.service == 'nginx'
- name: Certificates | Debian | LetsEncrypt Certbot | Pulling existing certs (this can take some time) - name: Certificates | LetsEncrypt Certbot | Pulling existing certs (this can take some time)
ansible.builtin.command: "certbot certificates --config-dir {{ CERT_CONFIG.letsencrypt.path }}{% if debug or testing %} --staging{% endif %}" ansible.builtin.command: "certbot certificates --config-dir {{ CERT_CONFIG.letsencrypt.path }}{% if debug or testing %} --staging{% endif %}"
register: existing_certs_raw register: existing_certs_raw
changed_when: false changed_when: false
check_mode: false check_mode: false
timeout: 120 timeout: 120
- name: Certificates | Debian | LetsEncrypt Certbot | Existing certificates - name: Certificates | LetsEncrypt Certbot | Existing certificates
ansible.builtin.debug: ansible.builtin.debug:
var: existing_certs_raw.stdout var: existing_certs_raw.stdout
when: debug | bool when: debug | bool
- name: Certificates | Debian | LetsEncrypt Certbot | Adding certificates - name: Certificates | LetsEncrypt Certbot | Adding certificates
ansible.builtin.include_tasks: cert.yml ansible.builtin.include_tasks: cert.yml
when: when:
- le_cert.domains | length > 0 - le_cert.domains | length > 0
@ -44,7 +45,7 @@
with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}" with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}"
# todo: task gets stuck # todo: task gets stuck
- name: Certificates | Debian | LetsEncrypt Certbot | Revoking certificates - name: Certificates | LetsEncrypt Certbot | Revoking certificates
ansible.builtin.command: "certbot revoke --cert-name {{ le_name }}{% if debug or testing %} --staging{% endif %}" ansible.builtin.command: "certbot revoke --cert-name {{ le_name }}{% if debug or testing %} --staging{% endif %}"
changed_when: false changed_when: false
when: when:
@ -57,7 +58,7 @@
loop_var: cert_item loop_var: cert_item
with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}" with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}"
- name: Certificates | Debian | LetsEncrypt Certbot | Deleting certificates - name: Certificates | LetsEncrypt Certbot | Deleting certificates
ansible.builtin.command: "certbot delete --cert-name {{ le_name }}{% if debug or testing %} --staging{% endif %}" ansible.builtin.command: "certbot delete --cert-name {{ le_name }}{% if debug or testing %} --staging{% endif %}"
changed_when: false changed_when: false
when: when:
@ -70,15 +71,15 @@
loop_var: cert_item loop_var: cert_item
with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}" with_dict: "{{ CERT_CONFIG.letsencrypt.certs }}"
- name: Certificates | Debian | LetsEncrypt Certbot | Cleanup for Apache2 - name: Certificates | LetsEncrypt Certbot | Cleanup for Apache2
ansible.builtin.import_tasks: apache_cleanup.yml ansible.builtin.import_tasks: apache_cleanup.yml
when: CERT_CONFIG.letsencrypt.service == 'apache' when: CERT_CONFIG.letsencrypt.service == 'apache'
- name: Certificates | Debian | LetsEncrypt Certbot | Cleanup for Nginx - name: Certificates | LetsEncrypt Certbot | Cleanup for Nginx
ansible.builtin.import_tasks: nginx_cleanup.yml ansible.builtin.import_tasks: nginx_cleanup.yml
when: CERT_CONFIG.letsencrypt.service == 'nginx' when: CERT_CONFIG.letsencrypt.service == 'nginx'
- name: Certificates | Debian | LetsEncrypt Certbot | Adding service for certbot renewal - name: Certificates | LetsEncrypt Certbot | Adding service for certbot renewal
ansible.builtin.template: ansible.builtin.template:
src: "templates/etc/systemd/system/{{ item }}.j2" src: "templates/etc/systemd/system/{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}" dest: "/etc/systemd/system/{{ item }}"
@ -89,7 +90,7 @@
- 'ansibleguy.infra_certs.LetsEncryptCertbot.service' - 'ansibleguy.infra_certs.LetsEncryptCertbot.service'
- 'ansibleguy.infra_certs.LetsEncryptCertbot.timer' - 'ansibleguy.infra_certs.LetsEncryptCertbot.timer'
- name: Certificates | Debian | LetsEncrypt Certbot | Enabling cert-renewal timer - name: Certificates | LetsEncrypt Certbot | Enabling cert-renewal timer
ansible.builtin.systemd: ansible.builtin.systemd:
daemon_reload: yes daemon_reload: yes
name: 'ansibleguy.infra_certs.LetsEncryptCertbot.timer' name: 'ansibleguy.infra_certs.LetsEncryptCertbot.timer'
@ -97,7 +98,7 @@
state: started state: started
# Renew all previously obtained certificates that are near expiry # Renew all previously obtained certificates that are near expiry
- name: Certificates | Debian | LetsEncrypt Certbot | Running renewal - name: Certificates | LetsEncrypt Certbot | Running renewal
ansible.builtin.command: "certbot renew --force-renewal{% if debug or testing %} --staging{% endif %}" ansible.builtin.command: "certbot renew --force-renewal{% if debug or testing %} --staging{% endif %}"
when: CERT_CONFIG.letsencrypt.renew when: CERT_CONFIG.letsencrypt.renew
changed_when: false changed_when: false

8
tasks/debian/letsencrypt/nginx.yml
View File

@ -1,17 +1,17 @@
--- ---
- name: Certificates | Debian | LetsEncrypt Certbot | Nginx | Install package - name: Certificates | LetsEncrypt Certbot | Nginx | Install package
ansible.builtin.package: ansible.builtin.package:
name: ['python3-certbot-nginx'] name: ['python3-certbot-nginx']
state: present state: present
- name: Certificates | Debian | LetsEncrypt Certbot | Nginx | Checking sites - name: Certificates | LetsEncrypt Certbot | Nginx | Checking sites
ansible.builtin.command: 'ls /etc/nginx/sites-enabled/' ansible.builtin.command: 'ls /etc/nginx/sites-enabled/'
changed_when: false changed_when: false
register: enabled_nginx_sites register: enabled_nginx_sites
check_mode: false check_mode: false
- name: Certificates | Debian | LetsEncrypt Certbot | Nginx | Deploying temporary nginx site - name: Certificates | LetsEncrypt Certbot | Nginx | Deploying temporary nginx site
ansible.builtin.template: ansible.builtin.template:
src: 'templates/etc/nginx/sites-enabled/le_dummy.j2' src: 'templates/etc/nginx/sites-enabled/le_dummy.j2'
dest: '/etc/nginx/sites-enabled/tmp_le_dummy' dest: '/etc/nginx/sites-enabled/tmp_le_dummy'
@ -21,7 +21,7 @@
register: tmp_site_enable register: tmp_site_enable
when: enabled_nginx_sites.stdout_lines | length == 0 when: enabled_nginx_sites.stdout_lines | length == 0
- name: Certificates | Debian | LetsEncrypt Certbot | Nginx | Reloading apache - name: Certificates | LetsEncrypt Certbot | Nginx | Reloading apache
ansible.builtin.systemd: ansible.builtin.systemd:
name: 'nginx.service' name: 'nginx.service'
state: reloaded state: reloaded

4
tasks/debian/letsencrypt/nginx_cleanup.yml
View File

@ -1,12 +1,12 @@
--- ---
- name: Certificates | Debian | LetsEncrypt Certbot | Nginx | Disable temporary site - name: Certificates | LetsEncrypt Certbot | Nginx | Disable temporary site
ansible.builtin.file: ansible.builtin.file:
state: absent state: absent
path: '/etc/nginx/sites-enabled/tmp_le_dummy' path: '/etc/nginx/sites-enabled/tmp_le_dummy'
register: tmp_site_disable register: tmp_site_disable
- name: Certificates | Debian | LetsEncrypt Certbot | Nginx | Reloading apache - name: Certificates | LetsEncrypt Certbot | Nginx | Reloading apache
ansible.builtin.systemd: ansible.builtin.systemd:
name: 'nginx.service' name: 'nginx.service'
state: reloaded state: reloaded

8
tasks/debian/letsencrypt/test.yml
View File

@ -2,7 +2,7 @@
# adding dummy certificates for ansible-molecule testing # adding dummy certificates for ansible-molecule testing
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | DUMMY | Setting dummy config" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | DUMMY | Setting dummy config"
ansible.builtin.set_fact: ansible.builtin.set_fact:
dummy_cert: dummy_cert:
path: "{{ le_path }}" path: "{{ le_path }}"
@ -15,16 +15,16 @@
cn: 'Molecule Dummy CA' cn: 'Molecule Dummy CA'
email: "{{ le_cert.email }}" email: "{{ le_cert.email }}"
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | DUMMY | Installing dependencies" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | DUMMY | Installing dependencies"
ansible.builtin.package: ansible.builtin.package:
pkg: ['python3-cryptography'] pkg: ['python3-cryptography']
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | DUMMY | Creating dummy CA" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | DUMMY | Creating dummy CA"
ansible.builtin.include_tasks: internal/ca_minimal.yml ansible.builtin.include_tasks: internal/ca_minimal.yml
vars: vars:
config_ca: "{{ CERT_CONFIG | combine(dummy_cert, recursive=true) }}" config_ca: "{{ CERT_CONFIG | combine(dummy_cert, recursive=true) }}"
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | DUMMY | Creating dummy Certificate" - name: "Certificates | LetsEncrypt Certbot | {{ le_name }} | DUMMY | Creating dummy Certificate"
ansible.builtin.include_tasks: internal/cert.yml ansible.builtin.include_tasks: internal/cert.yml
vars: vars:
config_cert: "{{ CERT_CONFIG | combine(dummy_cert, recursive=true) }}" config_cert: "{{ CERT_CONFIG | combine(dummy_cert, recursive=true) }}"

2
tasks/debian/pki.yml
View File

@ -3,7 +3,7 @@
# creating ca with full pki # creating ca with full pki
# to be continued (; # to be continued (;
- name: Certificates | Debian | Internal | CA | Not yet implemented - name: Certificates | Internal | CA | Not yet implemented
ansible.builtin.debug: ansible.builtin.debug:
msg: "The certificate mode 'pki' is not yet implemented!" msg: "The certificate mode 'pki' is not yet implemented!"
tags: ca tags: ca

1
tasks/internal/ca_minimal.yml
View File

@ -9,6 +9,7 @@
- config_ca.ca.email | default(none, true) is none or config_ca.ca.email | validate_email - config_ca.ca.email | default(none, true) is none or config_ca.ca.email | validate_email
ignore_errors: true ignore_errors: true
register: ca_cnf_check register: ca_cnf_check
tags: always
- name: Certificates | Internal | Minimal CA | Invalid config - name: Certificates | Internal | Minimal CA | Invalid config
ansible.builtin.fail: ansible.builtin.fail:

1
tasks/internal/cert.yml
View File

@ -7,6 +7,7 @@
- config_cert.cert.email | default(none, true) is none or config_cert.cert.email | validate_email - config_cert.cert.email | default(none, true) is none or config_cert.cert.email | validate_email
ignore_errors: true ignore_errors: true
register: crt_cnf_check register: crt_cnf_check
tags: always
- name: Certificates | Internal | Minimal CA | Invalid config - name: Certificates | Internal | Minimal CA | Invalid config
ansible.builtin.fail: ansible.builtin.fail:

1
tasks/internal/main.yml
View File

@ -6,6 +6,7 @@
- CERT_CONFIG.cert.name or name - CERT_CONFIG.cert.name or name
- CERT_CONFIG.cert.cn - CERT_CONFIG.cert.cn
- CERT_CONFIG.mode != 'ca' or CERT_CONFIG.ca.cn - CERT_CONFIG.mode != 'ca' or CERT_CONFIG.ca.cn
tags: always
- name: Certificates | Internal | Installing dependencies - name: Certificates | Internal | Installing dependencies
ansible.builtin.package: ansible.builtin.package:

3
tasks/main.yml
View File

@ -6,6 +6,7 @@
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- certs is defined - certs is defined
tags: always
- name: Certificates | Showing debug info - user provided config - name: Certificates | Showing debug info - user provided config
ansible.builtin.debug: ansible.builtin.debug:
@ -33,7 +34,7 @@
ansible.builtin.include_tasks: debian/pki.yml ansible.builtin.include_tasks: debian/pki.yml
when: CERT_CONFIG.mode == 'pki' when: CERT_CONFIG.mode == 'pki'
- name: Certificates | Debian | Letsencrypt - name: Certificates | Letsencrypt
ansible.builtin.include_tasks: debian/letsencrypt/main.yml ansible.builtin.include_tasks: debian/letsencrypt/main.yml
when: when:
- CERT_CONFIG.mode == 'le_certbot' - CERT_CONFIG.mode == 'le_certbot'