infrastructure
/
ansible-role-ipa-getcert
mirror of https://github.com/rocky-linux/ansible-role-ipa-getcert.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ansible-role-ipa-getcert/tasks/main.yml

77 lines
2.6 KiB
YAML
Raw Blame History

---
# Request the certificate for the host from IPA
# System must be enrolled as an IPA Client and must be ran as root
- name: Check if host is IPA enrolled
shell: /usr/sbin/ipa-client-install --unattended 2>&1 | grep "already configured"
register: ipacheck
ignore_errors: true
- name: IPA Certificate Operations
block:
- name: Request Certificate
command: ipa-getcert request -r -w \
-I "{{ item }}" \
-N "CN={{ item }}" \
-D "{{ item }}" \
-k "{{ ipa_getcert_key_location }}" \
-f "{{ ipa_getcert_cert_location }}" \
-K "host/{{ item }}"
args:
creates: "{{ ipa_getcert_cert_location }}/{{ item }}.crt"
with_items: "{{ ipa_getcert_requested_hostnames }}"
register: ipa_cert_request
- name: Symlink the fqdn certificate as localhost
file:
state: link
force: true
src: "{{ item.src }}"
path: "{{ item.path }}"
owner: root
group: root
with_items:
- src: "{{ ipa_getcert_cert_location }}/{{ ipa_getcert_requested_hostnames | first }}.key"
path: "{{ ipa_getcert_cert_location }}/localhost.crt"
- src: "{{ ipa_getcert_key_location }}/{{ ipa_getcert_requested_hostnames | first }}.key"
path: "{{ ipa_getcert_key_location }}/localhost.key"
- name: Chain link certificates
block:
- name: Create chain directory
file:
state: directory
path: "{{ ipa_getcert_chain_location }}"
owner: root
group: "{{ ipa_getcert_group }}"
mode: '0750'
- name: Chain link certs
file:
state: link
src: "{{ ipa_getcert_cert_location }}/{{ item }}.crt"
dest: "{{ ipa_getcert_chain_location }}/{{ item }}.crt"
owner: root
group: root
with_items: "{{ ipa_getcert_requested_hostnames }}"
- name: Chain link keys
file:
state: link
src: "{{ ipa_getcert_key_location }}/{{ item }}.key"
path: "{{ ipa_getcert_chain_location }}/{{ item }}.key"
owner: root
group: root
with_items: "{{ ipa_getcert_requested_hostnames }}"
- name: Assemble the chain
assemble:
src: "{{ ipa_getcert_chain_location }}"
dest: "{{ ipa_getcert_chain_location }}/{{ item }}.pem"
regexp: "^{{ item }}.(crt|key)$"
owner: root
group: "{{ ipa_getcert_group }}"
mode: '0640'
with_items: "{{ ipa_getcert_requested_hostnames }}"
when: ipa_getcert_chain
when: ipacheck.rc == 0
Reference in New Issue View Git Blame Copy Permalink