Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

42 lines
1.6KB

  1. ---
  2. - include_role:
  3. name: certificate
  4. vars:
  5. certificate_name: ca
  6. certificate_provider: manual
  7. certificate_authority: true
  8. certificate_key_usage:
  9. - digitalSignature
  10. - cRLSign
  11. - keyCertSign
  12. certificate_directory: "{{ certificate_authority_directory }}"
  13. certificate_file: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
  14. certificate_signing_request_file: "{{ certificate_authority_directory }}/csr/ca.csr.pem"
  15. certificate_signing_request_config_file: "{{ certificate_authority_directory }}/csr/ca.csr.cnf"
  16. certificate_private_key_file: "{{ certificate_authority_directory }}/private/ca.key.pem"
  17. certificate_private_key_password: "{{ certificate_authority_private_key_password }}"
  18. - name: self sign certificate
  19. command: openssl ca -selfsign -batch -notext
  20. -config cnf/ca.cnf
  21. -in csr/ca.csr.pem
  22. -out certs/ca.cert.pem
  23. {{ certificate_authority_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }}
  24. args:
  25. chdir: "{{ certificate_authority_directory }}"
  26. creates: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
  27. environment:
  28. PRIVATE_KEY_PASSWORD: "{{ certificate_authority_private_key_password | default('') }}"
  29. when: certificate_authority_type == "root"
  30. # - name: certificate stat
  31. # stat:
  32. # path: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
  33. # register: _certificate_authority_stat
  34. # changed_when: not _certificate_authority_stat.stat.exists
  35. # notify: self sign certificate
  36. # - debug:
  37. # msg: "{{ _certificate_authority_stat }}"