infrastructure/ansible-role-ipa-getcert
7
0
Fork 0
mirror of https://github.com/rocky-linux/ansible-role-ipa-getcert.git synced 2024-12-04 17:16:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

start using FQCN

Browse Source
This commit is contained in:
nazunalika 2022-03-27 19:36:15 -07:00
parent 8f96f9baa5
commit 44a2106fbd
Signed by: label
GPG Key ID: 6735C0E1BD65D048
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tasks/main.yml
View File

@ -8,7 +8,7 @@
changed_when: false changed_when: false
- name: Verify host is IPA enrolled - name: Verify host is IPA enrolled
assert: ansible.builtin.assert:
that: that:
- ipacheck.rc == 0 | mandatory - ipacheck.rc == 0 | mandatory
fail_msg: "System is not enrolled to IPA" fail_msg: "System is not enrolled to IPA"
@ -18,7 +18,7 @@
- name: IPA Certificate Operations - name: IPA Certificate Operations
block: block:
- name: Deploy ipa-getcert script - name: Deploy ipa-getcert script
template: ansible.builtin.template:
src: "get_cert.sh.j2" src: "get_cert.sh.j2"
dest: "/root/get_cert.sh" dest: "/root/get_cert.sh"
owner: root owner: root
@ -26,13 +26,13 @@
mode: '0750' mode: '0750'
- name: Request Certificate - name: Request Certificate
raw: /root/get_cert.sh ansible.builtin.raw: /root/get_cert.sh
register: ipa_cert_request register: ipa_cert_request
- name: Chain link certificates - name: Chain link certificates
block: block:
- name: Create chain directory - name: Create chain directory
file: ansible.builtin.file:
state: directory state: directory
path: "{{ ipa_getcert_chain_location }}" path: "{{ ipa_getcert_chain_location }}"
owner: root owner: root
@ -40,7 +40,7 @@
mode: '0750' mode: '0750'
- name: Chain link certs - name: Chain link certs
file: ansible.builtin.file:
state: link state: link
src: "{{ item.cert_location | default(ipa_getcert_cert_default_location) }}/{{ item.name }}.crt" src: "{{ item.cert_location | default(ipa_getcert_cert_default_location) }}/{{ item.name }}.crt"
dest: "{{ ipa_getcert_chain_location }}/{{ item.name }}.crt" dest: "{{ ipa_getcert_chain_location }}/{{ item.name }}.crt"
@ -49,7 +49,7 @@
with_items: "{{ ipa_getcert_requested_hostnames }}" with_items: "{{ ipa_getcert_requested_hostnames }}"
- name: Chain link keys - name: Chain link keys
file: ansible.builtin.file:
state: link state: link
src: "{{ item.key_location | default(ipa_getcert_cert_default_location) }}/{{ item.name }}.key" src: "{{ item.key_location | default(ipa_getcert_cert_default_location) }}/{{ item.name }}.key"
path: "{{ ipa_getcert_chain_location }}/{{ item.name }}.key" path: "{{ ipa_getcert_chain_location }}/{{ item.name }}.key"
@ -58,7 +58,7 @@
with_items: "{{ ipa_getcert_requested_hostnames }}" with_items: "{{ ipa_getcert_requested_hostnames }}"
- name: Assemble the chain - name: Assemble the chain
assemble: ansible.builtin.assemble:
src: "{{ ipa_getcert_chain_location }}" src: "{{ ipa_getcert_chain_location }}"
dest: "{{ ipa_getcert_chain_location }}/{{ item.name }}.pem" dest: "{{ ipa_getcert_chain_location }}/{{ item.name }}.pem"
regexp: "^{{ item.name }}.(crt|key)$" regexp: "^{{ item.name }}.(crt|key)$"
@ -71,7 +71,7 @@
- ipa_cert_request.rc == 0 - ipa_cert_request.rc == 0
rescue: rescue:
- name: "Erroring out with message" - name: "Erroring out with message"
debug: ansible.builtin.debug:
msg: "We caught an error, likely with the ipa-getcert script. Please verify the output." msg: "We caught an error, likely with the ipa-getcert script. Please verify the output."
when: when:
- ipacheck.rc == 0 - ipacheck.rc == 0