public_git
/
ansibleguy.infra_mariadb
mirror of https://github.com/ansibleguy/infra_certs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed after testing

This commit is contained in:
AnsibleGuy 2021-11-07 21:18:22 +01:00
parent 0ea98de23e
commit e41ae43cfe
3 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tasks/debian/letsencrypt/cert.yml
View File

@ -4,11 +4,14 @@
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Creating directory" - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Creating directory"
ansible.builtin.file: ansible.builtin.file:
path: "{{ le_path }}" path: "{{ item }}"
state: directory state: directory
owner: 'root' owner: 'root'
group: 'root' group: 'root'
mode: 0755 mode: 0755
loop:
- "{{ CERT_CONFIG.path }}"
- "{{ le_path }}"
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Command to be executed" - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Command to be executed"
ansible.builtin.debug: ansible.builtin.debug:
@ -18,7 +21,7 @@
--rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }} --rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
--config-dir {{ CERT_CONFIG.letsencrypt.path }} --config-dir {{ CERT_CONFIG.letsencrypt.path }}
{% for domain in le_cert.domains %}{% if domain | valid_domain %}--domain {{ domain }} {% endif %}{% endfor %} {% for domain in le_cert.domains %}{% if domain | valid_domain %}--domain {{ domain }} {% endif %}{% endfor %}
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% elif CERT_CONFIG.cert.email | default(none, true) is not none %}--email {{ CERT_CONFIG.cert.email }} {% endif %}" {% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
when: existing_certs_raw.stdout.find(name) == -1 when: existing_certs_raw.stdout.find(name) == -1
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Starting certbot" - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Starting certbot"
@ -28,7 +31,7 @@
--rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }} --rsa-key-size {{ le_cert.key_size | default(CERT_CONFIG.cert.key_size, true) }}
--config-dir {{ CERT_CONFIG.letsencrypt.path }} --config-dir {{ CERT_CONFIG.letsencrypt.path }}
{% for domain in le_cert.domains %}{% if domain | valid_domain %}--domain {{ domain }} {% endif %}{% endfor %} {% for domain in le_cert.domains %}{% if domain | valid_domain %}--domain {{ domain }} {% endif %}{% endfor %}
{% if le_cert.email is not none %}--email {{ le_cert.email }} {% elif CERT_CONFIG.cert.email | default(none, true) is not none %}--email {{ CERT_CONFIG.cert.email }} {% endif %}" {% if le_cert.email is not none %}--email {{ le_cert.email }} {% else %}--email {{ CERT_CONFIG.cert.email }} {% endif %}"
when: existing_certs_raw.stdout.find(name) == -1 when: existing_certs_raw.stdout.find(name) == -1
- name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking cert" - name: "Certificates | Debian | LetsEncrypt Certbot | {{ le_name }} | Linking cert"

2
tasks/debian/letsencrypt/main.yml
View File

@ -36,7 +36,7 @@
vars: vars:
le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}" le_cert: "{{ default_le_certbot_cert_config | combine(cert_item.value, recursive=true) }}"
le_name: "{{ cert_item.key | safe_key }}" le_name: "{{ cert_item.key | safe_key }}"
le_path: "{{ CERT_CONFIG.letsencrypt.path }}/live/{{ name }}" le_path: "{{ CERT_CONFIG.letsencrypt.path }}/live/{{ le_name }}"
loop_control: loop_control:
loop_var: cert_item loop_var: cert_item
no_log: true no_log: true

4
tasks/main.yml
View File

@ -6,10 +6,6 @@
Needed: 'certs'" Needed: 'certs'"
when: certs is undefined when: certs is undefined
- name: Certificates | Setting name
ansible.builtin.set_fact:
name: "{% if CERT_CONFIG.cert.name is not none %}{{ CERT_CONFIG.cert.name | safe_key }}{% else %}{{ CERT_CONFIG.cert.cn | safe_key }}{% endif %}"
- name: Certificates | Internal signed - name: Certificates | Internal signed
ansible.builtin.include_tasks: internal/main.yml ansible.builtin.include_tasks: internal/main.yml
when: "CERT_CONFIG.mode in ['ca_full', 'ca', 'selfsigned']" when: "CERT_CONFIG.mode in ['ca_full', 'ca', 'selfsigned']"