From 69b704dac3c02b392a33d3d2b953362ffc746b44 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Tue, 5 Apr 2016 08:42:31 +0200 Subject: [PATCH] Update certmgr version and dependencies. --- group_vars/all | 2 ++ roles/certmgr/tasks/main.yml | 22 +++++++++++++--------- roles/certmgr/templates/acme.conf.j2 | 3 ++- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/group_vars/all b/group_vars/all index efa8002..d5f7641 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1,5 +1,7 @@ --- +certmgr_mode: webserver + ldap_ca: /etc/ldap/ssl/BKCA.crt ldap_uri: ldaps://ldap.binary.kitchen/ ldap_host: ldap.binary.kitchen diff --git a/roles/certmgr/tasks/main.yml b/roles/certmgr/tasks/main.yml index 97364eb..5a757ce 100644 --- a/roles/certmgr/tasks/main.yml +++ b/roles/certmgr/tasks/main.yml @@ -1,40 +1,44 @@ --- +- name: Enable backports + apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present + - name: Install dependencies apt: name={{ item }} state=present with_items: + - git - python-dateutil - python-yaml - tags: certmgr + +- name: Install python-openssl + apt: name=python-openssl default_release=jessie-backports state=latest - name: Install acertmgr - git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=e54caefff08809c09084df4f7d3604cb4d1c0db8 - tags: certmgr + git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=6e9742ca8b73aa4db70475fd1fcd97543559b140 - name: Create config directories file: path={{ item }} state=directory mode=0755 with_items: - /etc/acme - /etc/acme/domains.d - tags: certmgr - name: Configure acertmgr template: src=acme.conf.j2 dest=/etc/acme/acme.conf - tags: certmgr -- name: Create certificates +- name: Create private keys command: openssl genrsa -out {{ item }} 4096 creates={{ item }} with_items: - /etc/acme/account.key - /etc/acme/server.key - tags: certmgr -- name: Ensure certificate permissoins +- name: Ensure private key permissoins file: path={{ item }} owner=root mode=0400 with_items: - /etc/acme/account.key - /etc/acme/server.key - tags: certmgr + +- name: Create challenge directory + file: path=/var/www/acme-challenge/ owner=root mode=0755 state=directory #- name: Enable acertmgr cronjob # cron: name=certmgr special_time=daily job=/opt/acertmgr/acertmgr.py diff --git a/roles/certmgr/templates/acme.conf.j2 b/roles/certmgr/templates/acme.conf.j2 index ecb70f2..511dde1 100644 --- a/roles/certmgr/templates/acme.conf.j2 +++ b/roles/certmgr/templates/acme.conf.j2 @@ -1,7 +1,8 @@ --- -mode: standalone +mode: {{ certmgr_mode }} webdir: /var/www/acme-challenge/ ttl_days: 30 +authority: "https://acme-v01.api.letsencrypt.org" defaults: