Commit 7be55289 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

remove loop, check only first item

parent c7c0a8d8
......@@ -4,6 +4,7 @@
apache_digicert_uib_home: "/etc/digicert-uib"
apache_digicert_uib_archive: "/etc/digicert-uib/archive"
apache_digicert_uib_csr: "/etc/digicert-uib/csr"
apache_cert_vhost: "{{ apache_vhosts[0] }}"
- name: "register a list of aliases to add to SSL (All aliases must be set in certalias or serveralias. certalias is not added to httpd, but just to config.)"
set_fact:
......@@ -31,14 +32,13 @@
- name: "create directory for vhosts"
file:
path: "{{ apache_digicert_uib_archive }}/{{ item.servername }}"
path: "{{ apache_digicert_uib_archive }}/{{ apache_cert_vhost.servername }}"
state: "directory"
owner: "root"
group: "root"
mode: "0550"
setype: "cert_t"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type == 'uib'"
when: "apache_cert_vhost.ssl_type == 'uib'"
- name: "stat archive"
stat:
......@@ -53,73 +53,67 @@
- name: "generate ssl private key"
openssl_privatekey:
path: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/priv_key.pem"
path: "{{ apache_digicert_uib_archive }}/{{ apache_cert_vhost.servername }}/priv_key.pem"
backup: "yes"
size: "2048"
setype: "cert_t"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type | default('certbot')== 'uib'"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib'"
- name: "generate an OpenSSL Certificate Signin request"
openssl_csr:
backup: "yes"
path: "{{ apache_digicert_uib_csr }}/{{ item.servername }}.csr"
privatekey_path: "{{ apache_digicert_uib_home }}/archive/{{ item.servername }}/priv_key.pem"
path: "{{ apache_digicert_uib_csr }}/{{ apache_cert_vhost.servername }}.csr"
privatekey_path: "{{ apache_digicert_uib_home }}/archive/{{ apache_cert_vhost.servername }}/priv_key.pem"
country_name: "NO"
organization_name: "Universitetet_i_Bergen"
common_name: "{{ item.servername }}"
subject_altname: "{{ item.altname | default(omit) }}"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type | default('certbot')== 'uib'"
common_name: "{{ apache_cert_vhost.servername }}"
subject_altname: "{{ apache_cert_vhost.altname | default(omit) }}"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib'"
register: "apache_csr_result"
- name: "send csr file by mail"
mail:
sender: "ansible@{{ item.servername }}"
subject: "csr certificate request for {{ item.servername }}"
to: "{{ item.serveradmin }}"
sender: "ansible@{{ apache_cert_vhost.servername }}"
subject: "csr certificate request for {{ apache_cert_vhost.servername }}"
to: "{{ apache_cert_vhost.serveradmin }}"
attach:
- "{{ apache_digicert_uib_csr}}/{{ item.servername }}.csr"
- "{{ apache_digicert_uib_csr}}/{{ apache_cert_vhost.servername }}.csr"
body: |
Ønsker å bestille SSL sertifikat.
common_name "{{ item.servername }}"
altname: "{{ item.altname | default ('ingen') }}"
wildcard: "{{ item.wildcard | default ('nei') }}"
common_name "{{ apache_cert_vhost.servername }}"
altname: "{{ apache_cert_vhost.altname | default ('ingen') }}"
wildcard: "{{ apache_cert_vhost.wildcard | default ('nei') }}"
Kan du også oppdatere sertifikatdatasen (CMDB) for {{ item.serveradmin }}?
Kan du også oppdatere sertifikatdatasen (CMDB) for {{ apache_cert_vhost.serveradmin }}?
Takk!
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type | default('certbot')== 'uib' and apache_csr_result.changed | bool"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib' and apache_csr_result.changed | bool"
- name: "create symlinks for private keys"
file:
state: "link"
src: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/priv_key.pem"
dest: "/etc/pki/tls/private/{{item.servername }}.pem"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type | default('certbot')== 'uib'"
src: "{{ apache_digicert_uib_archive }}/{{ apache_cert_vhost.servername }}/priv_key.pem"
dest: "/etc/pki/tls/private/{{apache_cert_vhost.servername }}.pem"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib'"
- name: "Get certificate with certificate only"
loop: "{{ apache_vhosts[0] }}"
get_url:
url: "{{ item.certificate_only_url }}"
url: "{{ apache_cert_vhost.certificate_only_url }}"
setype: "cert_t"
dest: "{{ apache_digicert_uib_archive }}//{{ item.servername }}/cert.cer"
dest: "{{ apache_digicert_uib_archive }}//{{ apache_cert_vhost.servername }}/cert.cer"
backup: "yes"
mode: "0444"
when: "item.ssl_type | default('certbot')== 'uib' and item.certificate_only_url is defined"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib' and apache_cert_vhost.certificate_only_url is defined"
- name: "Get intermediate certs only"
loop: "{{ apache_vhosts[0] }}"
get_url:
url: "{{ item.certificate_interm_only_url }}"
url: "{{ apache_cert_vhost.certificate_interm_only_url }}"
setype: "cert_t"
dest: "{{ apache_digicert_uib_archive }}//{{ item.servername }}/cert_interm.cer"
dest: "{{ apache_digicert_uib_archive }}//{{ apache_cert_vhost.servername }}/cert_interm.cer"
backup: "yes"
mode: "0444"
when: "item.ssl_type | default('certbot')== 'uib' and item.certificate_interm_only_url is defined"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib' and apache_cert_vhost.certificate_interm_only_url is defined"
#- name: "concat cert and intermediate"
......@@ -135,35 +129,32 @@
# creates: "{ apache_digicert_uib_archive }}//{{ item.servername }}/cert.pem"
- name: "Create symlinks for certificates to /etc/pki/"
loop: "{{ apache_vhosts[0] }}"
file:
state: "link"
src: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/cert.cer"
dest: "/etc/pki/tls/certs/{{ item.servername }}.pem"
when: "item.ssl_type | default('certbot')== 'uib' and item.certificate_only_url is defined"
src: "{{ apache_digicert_uib_archive }}/{{ apache_cert_vhost.servername }}/cert.cer"
dest: "/etc/pki/tls/certs/{{ apache_cert_vhost.servername }}.pem"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib' and apache_cert_vhost.certificate_only_url is defined"
- name: "Create symlinks for chains to /etc/pki/"
loop: "{{ apache_vhosts[0] }}"
file:
state: "link"
src: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/cert_interm.cer"
dest: "/etc/pki/tls/certs/{{ item.servername }}.chain.pem"
when: "item.ssl_type | default('certbot')== 'uib' and item.certificate_interm_only_url is defined"
src: "{{ apache_digicert_uib_archive }}/{{ apache_cert_vhost.servername }}/cert_interm.cer"
dest: "/etc/pki/tls/certs/{{ apache_cert_vhost.servername }}.chain.pem"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib' and apache_cert_vhost.certificate_interm_only_url is defined"
- name: "Add apache vhosts ssl template"
template:
src: "{{ apache_vhosts_template_ssl }}"
dest: "{{ apache_conf_path }}/00_{{ item.servername }}_ssl.conf"
dest: "{{ apache_conf_path }}/00_{{ apache_cert_vhost.servername }}_ssl.conf"
owner: root
group: root
mode: 0644
backup: true
# validate: "apachectl configtest"
notify: restart apache
when: "item.ssl_type | default('certbot')== 'uib'"
loop: "{{ apache_vhosts[0] }}"
when: "apache_cert_vhost.ssl_type | default('certbot')== 'uib'"
vars:
current_vhost: "{{ item.servername }}"
current_vhost: "{{ apache_cert_vhost.servername }}"
become: true
#- name: "get certificate url from ITA"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment