Add certmgr role.

2016-02-28 15:19:21 +01:00 · 2016-02-28 15:19:21 +01:00 · 2732c1a4ca
commit 2732c1a4ca
parent e6f0e45ffc
3 changed files with 49 additions and 0 deletions
--- a/roles/certmgr/tasks/main.yml
+++ b/roles/certmgr/tasks/main.yml
@ -0,0 +1,41 @@
+---
+
+- name: Install dependencies
+  apt: name={{ item }} state=present
+  with_items:
+  - python-dateutil
+  - python-yaml
+  tags: certmgr
+
+- name: Install acertmgr
+  git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=e54caefff08809c09084df4f7d3604cb4d1c0db8
+  tags: certmgr
+
+- name: Create config directories
+  file: path={{ item }} state=directory mode=0755
+  with_items:
+  - /etc/acme
+  - /etc/acme/domains.d
+  tags: certmgr
+
+- name: Configure acertmgr
+  template: src=acme.conf.j2 dest=/etc/acme/acme.conf
+  tags: certmgr
+
+- name: Create certificates
+  command: openssl genrsa -out {{ item }} 4096 creates={{ item }}
+  with_items:
+  - /etc/acme/account.key
+  - /etc/acme/server.key
+  tags: certmgr
+
+- name: Ensure certificate permissoins
+  file: path={{ item }} owner=root mode=0400
+  with_items:
+  - /etc/acme/account.key
+  - /etc/acme/server.key
+  tags: certmgr
+
+#- name: Enable acertmgr cronjob
+#  cron: name=certmgr special_time=daily job=/opt/acertmgr/acertmgr.py
+#  tags: certmgr
--- a/roles/certmgr/templates/acme.conf.j2
+++ b/roles/certmgr/templates/acme.conf.j2
@ -0,0 +1,7 @@
+---
+
+mode: standalone
+webdir: /var/www/acme-challenge/
+ttl_days: 30
+
+defaults:
--- a/site.yml
+++ b/site.yml
@ -9,4 +9,5 @@
 - name: Setup test mail server
  hosts: mail.binary-kitchen.com
  roles:
+  - certmgr
  - mail