ansible-galaxy/cacert
1
0
Fork 0
mirror of https://gitea.0xace.cc/ansible-galaxy/cacert.git synced 2024-11-25 07:16:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
01ec4a120f
cacert/tasks/certs.yaml
ace c06c4aac08
first commit
2022-08-22 17:32:32 +03:00

109 lines
4.1 KiB
YAML
Raw Blame History

- name: CA and cert | Check if dest dir exist on remote hosts
become: true
file:
name: "{{ dest.path }}"
state: directory
delegate_to: "{{ dest.host }}"
loop: "{{ item.dest }}"
loop_control:
loop_var: dest
- name: CA and certs | Generate clients certs and keys
block:
- name: Generate an OpenSSL private client key with the default values (4096 bits, RSA)
community.crypto.openssl_privatekey:
path: "{{ cacert_ssl_gen_path }}/{{ item.name }}.key"
when: cacert_cert is not defined
register: cacert_client_key_gen
- name: Generate subject_alt_ips
set_fact:
client_subject_alt_ips: "{{ item.subject_alt_ips | map('regex_replace', '^', 'IP:') | list }}"
when: item.subject_alt_ips is defined
- name: Generate subject_alt_names
set_fact:
client_subject_alt_names: "{{ item.subject_alt_names | map('regex_replace', '^', 'DNS:') | list }}"
when: item.subject_alt_names is defined
- name: Generate an OpenSSL Certificate Signing Request for client
community.crypto.openssl_csr:
path: "{{ cacert_ssl_gen_path }}/{{ item.name }}.csr"
privatekey_path: "{{ cacert_ssl_gen_path }}/{{ item.name }}.key"
common_name: "{{ item.name }}"
register: cacert_client_csr
when:
- item.subject_alt_names is not defined
- item.subject_alt_ips is not defined
- name: Generate an OpenSSL Certificate Signing Request for client with subject_alt_name
community.crypto.openssl_csr:
path: "{{ cacert_ssl_gen_path }}/{{ item.name }}.csr"
privatekey_path: "{{ cacert_ssl_gen_path }}/{{ item.name }}.key"
common_name: "{{ item.name }}"
subject_alt_name: "{{ ((client_subject_alt_ips | default([])) + (client_subject_alt_names | default([]) + (['DNS:' ~ item.name]))) }}"
register: cacert_client_csr
when: item.subject_alt_names is defined or item.subject_alt_ips is defined
- name: Generate an OpenSSL certificate for client signed with your own CA certificate
community.crypto.x509_certificate:
path: "{{ cacert_ssl_gen_path }}/{{ item.name }}.crt"
csr_path: "{{ cacert_ssl_gen_path }}/{{ item.name }}.csr"
ownca_path: "{{ cacert_ssl_gen_path }}/{{ cacert_ca_name }}.crt"
ownca_privatekey_path: "{{ cacert_ssl_gen_path }}/{{ cacert_ca_name }}.key"
provider: ownca
register: cacert_client_cert
- name: Get {{ item.name }} OpenSSL crt and key content
ansible.builtin.shell: |
cat {{ cacert_ssl_gen_path }}/{{ item.name }}.{crt,key}
register: concated_crt_key
changed_when: false
- name: Concatenate and save {{ item.name }} OpenSSL crt and key to single file
copy:
content: "{{ concated_crt_key.stdout }}"
dest: "{{ cacert_ssl_gen_path }}/{{ dest.name | default(item.name) }}.{{ dest.concat }}"
loop: "{{ item.dest }}"
loop_control:
loop_var: dest
when:
- dest.concat is defined
- name: Distribute client certs
become: true
block:
- name: Write {{ item.name }} OpenSSL key
copy:
src: "{{ cacert_ssl_gen_path }}/{{ item.name }}.key"
dest: "{{ dest.path }}/{{ dest.name | default(item.name) }}.key"
mode: 0600
delegate_to: "{{ dest.host }}"
loop: "{{ item.dest }}"
loop_control:
loop_var: dest
when:
- dest.concat is not defined
- name: Write {{ item.name }} OpenSSL crt
copy:
src: "{{ cacert_ssl_gen_path }}/{{ item.name }}.crt"
dest: "{{ dest.path }}/{{ dest.name | default(item.name) }}.crt"
delegate_to: "{{ dest.host }}"
loop: "{{ item.dest }}"
loop_control:
loop_var: dest
when:
- dest.concat is not defined
- name: Write concatenated {{ item.name }} OpenSSL crt and key
copy:
src: "{{ cacert_ssl_gen_path }}/{{ dest.name | default(item.name) }}.{{ dest.concat }}"
dest: "{{ dest.path }}/{{ dest.name | default(item.name) }}.{{ dest.concat }}"
delegate_to: "{{ dest.host }}"
loop: "{{ item.dest }}"
loop_control:
loop_var: dest
when:
- dest.concat is defined
Reference in New Issue View Git Blame Copy Permalink