You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

provider-ca.yml 2.4KB

7 jaren geleden
7 jaren geleden
7 jaren geleden
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. ---
  2. - include_tasks: key.yml
  3. - include_tasks: csr.yml
  4. - name: certificate host_files directory
  5. local_action: file
  6. args:
  7. path: host_files/{{inventory_hostname}}/certificate
  8. state: directory
  9. - name: fetch certificate signing request
  10. fetch:
  11. src: "{{ certificate_signing_request_file }}"
  12. dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.csr.pem
  13. flat: yes
  14. fail_on_missing: yes
  15. - name: copy certificate signing request
  16. copy:
  17. src: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.csr.pem
  18. dest: "{{ certificate_authority_directory }}/csr/{{inventory_hostname}}-{{certificate_name}}.csr.pem"
  19. delegate_to: "{{ certificate_authority_host }}"
  20. - name: sign certificate with ca
  21. command: openssl ca -batch -notext
  22. -config cnf/ca.cnf
  23. -in csr/{{inventory_hostname}}-{{certificate_name}}.csr.pem
  24. -out certs/{{inventory_hostname}}-{{certificate_name}}.cert.pem
  25. {{ certificate_authority_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }}
  26. args:
  27. chdir: "{{ certificate_authority_directory }}"
  28. creates: "{{ certificate_authority_directory }}/certs/{{inventory_hostname}}-{{certificate_name}}.cert.pem"
  29. environment:
  30. PRIVATE_KEY_PASSWORD: "{{ certificate_authority_private_key_password | default('') }}"
  31. delegate_to: "{{ certificate_authority_host }}"
  32. - name: fetch certificate
  33. fetch:
  34. src: "{{ certificate_authority_directory }}/certs/{{inventory_hostname}}-{{certificate_name}}.cert.pem"
  35. dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.cert.pem
  36. flat: yes
  37. fail_on_missing: yes
  38. delegate_to: "{{ certificate_authority_host }}"
  39. - name: copy certificate
  40. copy:
  41. src: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.cert.pem
  42. dest: "{{ certificate_file }}"
  43. - name: fetch root certificate chain
  44. fetch:
  45. src: "{{ certificate_authority_directory }}/certs/ca.fullchain.pem"
  46. dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.chain.pem
  47. flat: yes
  48. fail_on_missing: yes
  49. delegate_to: "{{ certificate_authority_host }}"
  50. - name: copy root certificate chain
  51. copy:
  52. src: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.chain.pem
  53. dest: "{{ certificate_chain_file }}"
  54. - name: create full certificate chain
  55. template:
  56. src: fullchain.pam.j2
  57. dest: "{{ certificate_fullchain_file }}"