You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 lines
984 B
26 lines
984 B
5 years ago
|
---
|
||
|
|
||
|
- name: Ensure openssl is installed
|
||
|
yum: name=openssl
|
||
|
when: ansible_os_family == 'RedHat'
|
||
|
|
||
|
- name: Ensure openssl is installed
|
||
|
apt: name=openssl
|
||
|
when: ansible_os_family == 'Debian'
|
||
|
|
||
|
- name: Create cert dir
|
||
|
file: path={{ cert_path | dirname }} state=directory
|
||
|
|
||
|
- name: Create private key directory
|
||
|
file: path={{ cert_key_path | dirname }} state=directory mode=700 owner={{ cert_user | default(omit) }}
|
||
|
|
||
|
- name: Create the self signed certificate
|
||
|
command: openssl req -x509 -newkey rsa:{{ cert_key_size | default(4096) }} \
|
||
|
-subj "{{ cert_subj | default('/C=FR/ST=Aquitaine/L=Firewall Services/O=IT Security/CN=' + inventory_hostname) }}" \
|
||
|
-nodes -keyout {{ cert_key_path }} -out {{ cert_path }} -days {{ cert_validity | default(3650) }}
|
||
|
args:
|
||
|
creates: "{{ cert_path }}"
|
||
|
|
||
|
- name: Restrict permissions of the private key
|
||
|
file: path={{ cert_key_path }} owner={{ cert_user | default(omit) }} group={{ cert_user | default(omit) }} mode=600
|