Commit c7c0a8d8 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

only run uib on first item in vhosts

parent 15d7b24f
......@@ -5,6 +5,14 @@
apache_digicert_uib_archive: "/etc/digicert-uib/archive"
apache_digicert_uib_csr: "/etc/digicert-uib/csr"
- name: "register a list of aliases to add to SSL (All aliases must be set in certalias or serveralias. certalias is not added to httpd, but just to config.)"
set_fact:
ssl_alias: "{{ [ apache_vhosts[0].serveralias | default('deleteme'), apache_vhosts[0].certalias | default('deleteme') ] | reject('equalto','deleteme') | list }}"
- name: "debug"
debug:
msg: "{{ ssl_alias }}"
- name: "install package for mod_ssl"
package:
name: "mod_ssl"
......@@ -29,7 +37,7 @@
group: "root"
mode: "0550"
setype: "cert_t"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type == 'uib'"
- name: "stat archive"
......@@ -49,7 +57,7 @@
backup: "yes"
size: "2048"
setype: "cert_t"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type | default('certbot')== 'uib'"
- name: "generate an OpenSSL Certificate Signin request"
......@@ -61,12 +69,13 @@
organization_name: "Universitetet_i_Bergen"
common_name: "{{ item.servername }}"
subject_altname: "{{ item.altname | default(omit) }}"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type | default('certbot')== 'uib'"
register: "apache_csr_result"
- name: "send csr file by mail"
mail:
sender: "ansible@{{ item.servername }}"
subject: "csr certificate request for {{ item.servername }}"
to: "{{ item.serveradmin }}"
attach:
......@@ -81,7 +90,7 @@
Kan du også oppdatere sertifikatdatasen (CMDB) for {{ item.serveradmin }}?
Takk!
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type | default('certbot')== 'uib' and apache_csr_result.changed | bool"
- name: "create symlinks for private keys"
......@@ -89,11 +98,11 @@
state: "link"
src: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/priv_key.pem"
dest: "/etc/pki/tls/private/{{item.servername }}.pem"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
when: "item.ssl_type | default('certbot')== 'uib'"
- name: "Get certificate with certificate only"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
get_url:
url: "{{ item.certificate_only_url }}"
setype: "cert_t"
......@@ -103,7 +112,7 @@
when: "item.ssl_type | default('certbot')== 'uib' and item.certificate_only_url is defined"
- name: "Get intermediate certs only"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
get_url:
url: "{{ item.certificate_interm_only_url }}"
setype: "cert_t"
......@@ -126,7 +135,7 @@
# creates: "{ apache_digicert_uib_archive }}//{{ item.servername }}/cert.pem"
- name: "Create symlinks for certificates to /etc/pki/"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
file:
state: "link"
src: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/cert.cer"
......@@ -134,7 +143,7 @@
when: "item.ssl_type | default('certbot')== 'uib' and item.certificate_only_url is defined"
- name: "Create symlinks for chains to /etc/pki/"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
file:
state: "link"
src: "{{ apache_digicert_uib_archive }}/{{ item.servername }}/cert_interm.cer"
......@@ -152,7 +161,7 @@
# validate: "apachectl configtest"
notify: restart apache
when: "item.ssl_type | default('certbot')== 'uib'"
loop: "{{ apache_vhosts }}"
loop: "{{ apache_vhosts[0] }}"
vars:
current_vhost: "{{ item.servername }}"
become: true
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment