cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-10 06:52:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update OpenSSL tasks in Deployer tasks

Browse Source
This commit is contained in:
Christer Warén
2025-09-09 15:48:11 +03:00
parent d2222d9c2e
commit b5c59f3f0d
1 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
tasks/deployer.yml
View File

@@ -541,7 +541,7 @@
- openssl - openssl
- www - www
- name: "Deployer - OpenSSL - Configure - Generate Certificate" - name: "Deployer - OpenSSL - Configure - Generate Certificate / Root"
community.crypto.x509_certificate: community.crypto.x509_certificate:
path: "/root/data/openssl/{{ cert }}/cert.pem" path: "/root/data/openssl/{{ cert }}/cert.pem"
privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem" privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
@@ -550,6 +550,7 @@
ownca_path: /etc/ssl/crt/ansible_CA.crt ownca_path: /etc/ssl/crt/ansible_CA.crt
ownca_privatekey_path: /etc/ssl/private/ansible_CA.pem ownca_privatekey_path: /etc/ssl/private/ansible_CA.pem
provider: selfsigned provider: selfsigned
selfsigned_not_after: "+7300d"
loop: "{{ config.openssl.certificates.keys() | list }}" loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control: loop_control:
label: "{{ cert }}" label: "{{ cert }}"
@@ -557,7 +558,7 @@
when: when:
- config.openssl.certificates[cert].issuer is undefined - config.openssl.certificates[cert].issuer is undefined
- name: "Deployer - OpenSSL - Configure - Generate Certificate" - name: "Deployer - OpenSSL - Configure - Generate Certificate / Intermediate"
community.crypto.x509_certificate: community.crypto.x509_certificate:
path: "/root/data/openssl/{{ cert }}/cert.pem" path: "/root/data/openssl/{{ cert }}/cert.pem"
privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem" privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
@@ -566,11 +567,31 @@
ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem" ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem" ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
provider: ownca provider: ownca
ownca_not_after: "+365d"
loop: "{{ config.openssl.certificates.keys() | list }}" loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control: loop_control:
label: "{{ cert }}" label: "{{ cert }}"
loop_var: "cert" loop_var: "cert"
when: when:
- config.openssl.certificates[cert].domains is undefined
- config.openssl.certificates[cert].issuer is defined
- name: "Deployer - OpenSSL - Configure - Generate Certificate / Service"
community.crypto.x509_certificate:
path: "/root/data/openssl/{{ cert }}/cert.pem"
privatekey_path: "/root/data/openssl/{{ cert }}/privkey.pem"
csr_path: "/root/data/openssl/{{ cert }}/csr.pem"
provider: "ownca"
ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
provider: ownca
ownca_not_after: "+30d"
loop: "{{ config.openssl.certificates.keys() | list }}"
loop_control:
label: "{{ cert }}"
loop_var: "cert"
when:
- config.openssl.certificates[cert].domains is defined
- config.openssl.certificates[cert].issuer is defined - config.openssl.certificates[cert].issuer is defined
- name: "Deployer - Nginx - Configure - Create Folder" - name: "Deployer - Nginx - Configure - Create Folder"