ka
/
ansible-role-certificate
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
4 提交
1 分支
40KB
目录树: c1c72424a5
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'c1c72424a5'
${ noResults }
ansible-role-certificate/tasks/provider-ca.yml

68 行
2.4KB
原始文件 Blame 文件历史 

  1. ---

  2. 

  3. - include: key.yml

  4. - include: csr.yml

  5. 

  6. - name: certificate host_files directory

  7.   local_action: file

  8.   args:

  9.     path: host_files/{{inventory_hostname}}/certificate

  10.     state: directory

  11. 

  12. - name: fetch certificate signing request

  13.   fetch:

  14.     src: "{{ certificate_signing_request_file }}"

  15.     dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.csr.pem

  16.     flat: yes

  17.     fail_on_missing: yes

  18. 

  19. - name: copy certificate signing request

  20.   copy:

  21.     src: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.csr.pem

  22.     dest: "{{ certificate_authority_directory }}/csr/{{inventory_hostname}}-{{certificate_name}}.csr.pem"

  23.   delegate_to: "{{ certificate_authority_host }}"

  24. 

  25. - name: sign certificate with ca

  26.   command: openssl ca -batch -notext

  27.     -config cnf/ca.cnf

  28.     -in csr/{{inventory_hostname}}-{{certificate_name}}.csr.pem

  29.     -out certs/{{inventory_hostname}}-{{certificate_name}}.cert.pem

  30.     {{ certificate_authority_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }}

  31.   args:

  32.     chdir: "{{ certificate_authority_directory }}"

  33.     creates: "{{ certificate_authority_directory }}/certs/{{inventory_hostname}}-{{certificate_name}}.cert.pem"

  34.   environment:

  35.     PRIVATE_KEY_PASSWORD: "{{ certificate_authority_private_key_password | default('') }}"

  36.   delegate_to: "{{ certificate_authority_host }}"

  37. 

  38. - name: fetch certificate

  39.   fetch:

  40.     src: "{{ certificate_authority_directory }}/certs/{{inventory_hostname}}-{{certificate_name}}.cert.pem"

  41.     dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.cert.pem

  42.     flat: yes

  43.     fail_on_missing: yes

  44.   delegate_to: "{{ certificate_authority_host }}"

  45. 

  46. - name: copy certificate

  47.   copy:

  48.     src: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.cert.pem

  49.     dest: "{{ certificate_file }}"

  50. 

  51. - name: fetch root certificate chain

  52.   fetch:

  53.     src: "{{ certificate_authority_directory }}/certs/ca.fullchain.pem"

  54.     dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.chain.pem

  55.     flat: yes

  56.     fail_on_missing: yes

  57.   delegate_to: "{{ certificate_authority_host }}"

  58. 

  59. - name: copy root certificate chain

  60.   copy:

  61.     src: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.chain.pem

  62.     dest: "{{ certificate_chain_file }}"

  63. 

  64. - name: create full certificate chain

  65.   template:

  66.     src: fullchain.pam.j2

  67.     dest: "{{ certificate_fullchain_file }}"