--- - name: Copy certificates from ipa-getcert directory copy: src: "/etc/pki/tls/certs/{{ gitlab_domain }}.crt" dest: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt" owner: gitlab-www group: root mode: '0644' remote_src: true when: "not gitlab_create_self_signed_cert|bool" - name: Copy keys from ipa-getcert directory copy: src: "/etc/pki/tls/private/{{ gitlab_domain }}.key" dest: "/etc/gitlab/ssl/{{ gitlab_domain }}.key" owner: gitlab-www group: root mode: '0600' remote_src: true when: "not gitlab_create_self_signed_cert|bool" - name: Symlink the IPA CA file: src: "/etc/ipa/ca.crt" dest: "/etc/gitlab/trusted-certs/ipa-ca.crt" owner: root group: root state: link - name: Turn on necessary SELinux booleans ansible.posix.seboolean: name: "{{ item }}" state: true persistent: true loop: - httpd_can_network_connect - httpd_can_network_relay - httpd_can_connect_ldap - httpd_read_user_content - name: Reconfigure gitlab is we're asked to command: /usr/bin/gitlab-ctl reconfigure register: gitlab_ctl_result changed_when: "gitlab_ctl_result.rc == 0" when: - "gitlab_reconfigure_only is defined and (gitlab_reconfigure_only|bool)" - name: Add firewall rules - http/s ansible.posix.firewalld: service: "{{ item }}" permanent: true state: enabled immediate: true loop: - http - https - name: Deploy correct script template: src: "usr/local/bin/fix_gitlab_certs.sh" dest: "/usr/local/bin/fix_gitlab_certs.sh" owner: root group: root mode: '0750' ...