54 lines
1.5 KiB
YAML
54 lines
1.5 KiB
YAML
---
|
|
- name: "copy certificates from dns master's dehydrated"
|
|
command: "rsync -a --info=NAME {{ dns_dehydratedpath }}/ {{ local_certpath }}"
|
|
delegate_to: localhost
|
|
run_once: yes
|
|
register: dns_rsync
|
|
changed_when: "dns_rsync.stdout != ''"
|
|
|
|
- name: "create cert directory"
|
|
file:
|
|
path: "/etc/ssl/{{ item }}"
|
|
state: directory
|
|
loop: "{{ certdistrib }}"
|
|
|
|
- name: "copy fullchain"
|
|
copy:
|
|
src: "{{ local_certpath }}/{{ item }}/fullchain.pem"
|
|
dest: "/etc/ssl/{{ item }}/fullchain.pem"
|
|
loop: "{{ certdistrib }}"
|
|
register: copy_cert
|
|
|
|
- name: "copy key"
|
|
copy:
|
|
src: "{{ local_certpath }}/{{ item }}/privkey.pem"
|
|
dest: "/etc/ssl/{{ item }}/privkey.pem"
|
|
loop: "{{ certdistrib }}"
|
|
register: copy_key
|
|
|
|
- name: "create privfull"
|
|
copy:
|
|
content: "{{ lookup('file', local_certpath +'/'+ item +'/privkey.pem') }}\n{{ lookup('file', local_certpath +'/'+ item +'/fullchain.pem') }}\n"
|
|
dest: "/etc/ssl/{{ item }}/privfull.pem"
|
|
loop: "{{ certdistrib }}"
|
|
register: create_privfull
|
|
|
|
- name: reload services
|
|
shell: "if systemctl is-active {{ item }}; then systemctl reload {{ item }}; fi"
|
|
changed_when: no
|
|
loop:
|
|
- apache2
|
|
- httpd
|
|
- nginx
|
|
- haproxy
|
|
when: "copy_cert.changed or copy_key.changed or create_privfull.changed"
|
|
|
|
- name: extra reload command
|
|
shell: "{{ certdistrib_reload }}"
|
|
when:
|
|
- "copy_cert.changed or copy_key.changed or create_privfull.changed"
|
|
- certdistrib_reload is defined
|
|
|
|
|
|
# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
|