ka
/
ansible-role-certificate
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
12 Révisions
1 Branche
40KB
Aborescence: dde36d7d32
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'dde36d7d32'
${ noResults }
ansible-role-certificate/tasks/provider-letsencrypt.yml

91 lignes
2.9KB
Brut Annotations Historique 

  1. ---

  2. 

  3. - name: letsencrypt account private key

  4.   command: openssl genrsa

  5.     -out "{{certificate_letsencrypt_account_key_file}}"

  6.     4096

  7.   args:

  8.     creates: "{{ certificate_letsencrypt_account_key_file }}"

  9. 

  10. - include_tasks: key.yml

  11. - include_tasks: csr.yml

  12. 

  13. - name: check if the certificate will expire soon

  14.   command: openssl x509 -checkend {{ 60*60*24*30 }} -noout -in {{certificate_file}}

  15.   register: _certificate_checkend

  16.   changed_when: _certificate_checkend.rc == 1

  17.   failed_when: _certificate_checkend.rc > 1

  18. 

  19. - name: delete certificate when certificate is about to expire

  20.   file:

  21.     path: "{{ certificate_file }}"

  22.     state: absent

  23.   when: _certificate_checkend.rc == 1

  24. 

  25. - name: letsencrypt request

  26.   letsencrypt:

  27.     account_key: "{{certificate_letsencrypt_account_key_file}}"

  28.     csr: "{{certificate_signing_request_file}}"

  29.     dest: "{{certificate_file}}"

  30.     challenge: http-01

  31.     acme_directory: https://acme-v01.api.letsencrypt.org/directory

  32.     agreement: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

  33.   register: _letsencrypt_request

  34. 

  35. # - debug:

  36. #     msg:

  37. #       _letsencrypt_request: "{{_letsencrypt_request}}"

  38. 

  39. - block:

  40.     - name: acme http directory

  41.       file:

  42.         path: /var/www/default/.well-known/acme-challenge

  43.         state: directory

  44. 

  45.     - name: copy acme challenge resource

  46.       copy:

  47.         dest: /var/www/default/{{ item.resource }}

  48.         content: "{{ item.resource_value }}"

  49.       with_items: "{{ _letsencrypt_request | json_query('challenge_data.*.\"http-01\"') }}"

  50. 

  51.     - letsencrypt:

  52.         account_key: "{{certificate_letsencrypt_account_key_file}}"

  53.         csr: "{{certificate_signing_request_file}}"

  54.         dest: "{{certificate_file}}"

  55.         challenge: http-01

  56.         acme_directory: https://acme-v01.api.letsencrypt.org/directory

  57.         agreement: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

  58.         data: "{{ _letsencrypt_request }}"

  59.       register: _letsencrypt

  60. 

  61.     # - debug:

  62.     #     msg:

  63.     #       _letsencrypt: "{{_letsencrypt}}"

  64. 

  65.   when: _letsencrypt_request.changed

  66. 

  67. - name: download letsencrypt certificate

  68.   get_url:

  69.     url: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt

  70.     dest: "{{certificate_chain_file}}"

  71.     checksum: sha512:0fa893f751f0880c7d89c398cae9708f5ff04d466832fb6160a824395032259ac52e02a44da531d0f8bf7e310298b0067b1e8257f816d3223034f391ecba491d

  72. 

  73. - name: fetch certificate

  74.   fetch:

  75.     src: "{{ certificate_file }}"

  76.     dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.cert.pem

  77.     flat: yes

  78.     fail_on_missing: yes

  79. 

  80. - name: fetch certificate chain

  81.   fetch:

  82.     src: "{{ certificate_chain_file }}"

  83.     dest: host_files/{{inventory_hostname}}/certificate/{{certificate_name}}.chain.pem

  84.     flat: yes

  85.     fail_on_missing: yes

  86. 

  87. - name: create full certificate chain

  88.   template:

  89.     src: fullchain.pam.j2

  90.     dest: "{{ certificate_fullchain_file }}"