ka
/
ansible-role-certificate
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
9 Révisions
1 Branche
40KB
Aborescence: 6175955734
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '6175955734'
${ noResults }
ansible-role-certificate/tasks/provider-letsencrypt.yml

78 lignes
2.4KB
Brut Annotations Historique 

  1. ---

  2. 

  3. - name: private key

  4.   command: openssl genrsa

  5.     -out "{{certificate_letsencrypt_account_key_file}}"

  6.     4096

  7.   args:

  8.     creates: "{{ certificate_letsencrypt_account_key_file }}"

  9. 

  10. - include_tasks: key.yml

  11. - include_tasks: csr.yml

  12. 

  13. - name: letsencrypt request

  14.   letsencrypt:

  15.     account_key: "{{certificate_letsencrypt_account_key_file}}"

  16.     csr: "{{certificate_signing_request_file}}"

  17.     dest: "{{certificate_file}}"

  18.     challenge: http-01

  19.     acme_directory: https://acme-v01.api.letsencrypt.org/directory

  20.     agreement: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

  21.   register: _letsencrypt_request

  22. 

  23. # - debug:

  24. #     msg:

  25. #       _letsencrypt_request: "{{_letsencrypt_request}}"

  26. 

  27. - block:

  28.     - name: acme http directory

  29.       file:

  30.         path: /var/www/default/.well-known/acme-challenge

  31.         state: directory

  32. 

  33.     - name: copy acme challenge resource

  34.       copy:

  35.         dest: /var/www/default/{{ item.resource }}

  36.         content: "{{ item.resource_value }}"

  37.       with_items: "{{ _letsencrypt_request | json_query('challenge_data.*.\"http-01\"') }}"

  38. 

  39.     - letsencrypt:

  40.         account_key: "{{certificate_letsencrypt_account_key_file}}"

  41.         csr: "{{certificate_signing_request_file}}"

  42.         dest: "{{certificate_file}}"

  43.         challenge: http-01

  44.         acme_directory: https://acme-v01.api.letsencrypt.org/directory

  45.         agreement: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

  46.         data: "{{ _letsencrypt_request }}"

  47.       register: _letsencrypt

  48. 

  49.     # - debug:

  50.     #     msg:

  51.     #       _letsencrypt: "{{_letsencrypt}}"

  52.   when: _letsencrypt_request.changed

  53. 

  54. - name: download letsencrypt certificate

  55.   get_url:

  56.     url: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt

  57.     dest: "{{certificate_chain_file}}"

  58.     checksum: sha512:0fa893f751f0880c7d89c398cae9708f5ff04d466832fb6160a824395032259ac52e02a44da531d0f8bf7e310298b0067b1e8257f816d3223034f391ecba491d

  59. 

  60. - name: fetch certificate

  61.   fetch:

  62.     src: "{{ certificate_file }}"

  63.     dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.cert.pem

  64.     flat: yes

  65.     fail_on_missing: yes

  66. 

  67. - name: fetch certificate chain

  68.   fetch:

  69.     src: "{{ certificate_chain_file }}"

  70.     dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.chain.pem

  71.     flat: yes

  72.     fail_on_missing: yes

  73. 

  74. - name: create full certificate chain

  75.   template:

  76.     src: fullchain.pam.j2

  77.     dest: "{{ certificate_fullchain_file }}"