46 lines
1.5 KiB
YAML
46 lines
1.5 KiB
YAML
---
|
|
- name: Ensure OpenSSL is installed
|
|
package: name=openssl state=present
|
|
tags: [ssl-certs,packages]
|
|
|
|
- name: Ensure ssl folder exist
|
|
file:
|
|
path: "{{ ssl_certs_path }}"
|
|
state: directory
|
|
owner: "{{ ssl_certs_path_owner }}"
|
|
group: "{{ ssl_certs_path_group }}"
|
|
mode: "{{ ssl_certs_mode }}"
|
|
tags: [ssl-certs,configuration]
|
|
|
|
- local_action: stat path={{ ssl_certs_local_privkey_path }}
|
|
register: stat_privkey
|
|
become: no
|
|
tags: [ssl-certs,configuration]
|
|
|
|
- local_action: stat path={{ ssl_certs_local_cert_path }}
|
|
register: stat_cert
|
|
become: no
|
|
tags: [ssl-certs,configuration]
|
|
|
|
- name: Test if privkey file is needed
|
|
fail: msg="Privkey file {{ ssl_certs_local_privkey_path }} is missing"
|
|
when: not stat_privkey.stat.exists and stat_cert.stat.exists
|
|
tags: [ssl-certs,configuration]
|
|
|
|
- name: Test if cert file is needed
|
|
fail: msg="Cert file {{ ssl_certs_local_cert_path }} is missing"
|
|
when: stat_privkey.stat.exists and not stat_cert.stat.exists
|
|
tags: [ssl-certs,configuration]
|
|
|
|
- include: generate.yml
|
|
when: >
|
|
( not stat_privkey.stat.exists and not stat_cert.stat.exists )
|
|
and ( ssl_certs_local_privkey_data == '' and ssl_certs_local_cert_data == '' )
|
|
tags: [ssl-certs,configuration]
|
|
|
|
- name: Generate strong DHE parameter - https://weakdh.org/
|
|
command: openssl dhparam -out {{ssl_certs_dhparam_path}} {{ssl_certs_dhparam_size}} creates={{ssl_certs_dhparam_path}}
|
|
when: ssl_certs_generate_dh_param
|
|
tags: [ssl-certs,configuration]
|
|
|