forked from infra/ansible
Update certmgr version and dependencies.
This commit is contained in:
parent
26951c89a6
commit
69b704dac3
@ -1,5 +1,7 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
certmgr_mode: webserver
|
||||||
|
|
||||||
ldap_ca: /etc/ldap/ssl/BKCA.crt
|
ldap_ca: /etc/ldap/ssl/BKCA.crt
|
||||||
ldap_uri: ldaps://ldap.binary.kitchen/
|
ldap_uri: ldaps://ldap.binary.kitchen/
|
||||||
ldap_host: ldap.binary.kitchen
|
ldap_host: ldap.binary.kitchen
|
||||||
|
|||||||
@ -1,40 +1,44 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Enable backports
|
||||||
|
apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
|
||||||
|
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
apt: name={{ item }} state=present
|
apt: name={{ item }} state=present
|
||||||
with_items:
|
with_items:
|
||||||
|
- git
|
||||||
- python-dateutil
|
- python-dateutil
|
||||||
- python-yaml
|
- python-yaml
|
||||||
tags: certmgr
|
|
||||||
|
- name: Install python-openssl
|
||||||
|
apt: name=python-openssl default_release=jessie-backports state=latest
|
||||||
|
|
||||||
- name: Install acertmgr
|
- name: Install acertmgr
|
||||||
git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=e54caefff08809c09084df4f7d3604cb4d1c0db8
|
git: repo=https://github.com/moepman/acertmgr.git dest=/opt/acertmgr depth=1 version=6e9742ca8b73aa4db70475fd1fcd97543559b140
|
||||||
tags: certmgr
|
|
||||||
|
|
||||||
- name: Create config directories
|
- name: Create config directories
|
||||||
file: path={{ item }} state=directory mode=0755
|
file: path={{ item }} state=directory mode=0755
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/acme
|
- /etc/acme
|
||||||
- /etc/acme/domains.d
|
- /etc/acme/domains.d
|
||||||
tags: certmgr
|
|
||||||
|
|
||||||
- name: Configure acertmgr
|
- name: Configure acertmgr
|
||||||
template: src=acme.conf.j2 dest=/etc/acme/acme.conf
|
template: src=acme.conf.j2 dest=/etc/acme/acme.conf
|
||||||
tags: certmgr
|
|
||||||
|
|
||||||
- name: Create certificates
|
- name: Create private keys
|
||||||
command: openssl genrsa -out {{ item }} 4096 creates={{ item }}
|
command: openssl genrsa -out {{ item }} 4096 creates={{ item }}
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/acme/account.key
|
- /etc/acme/account.key
|
||||||
- /etc/acme/server.key
|
- /etc/acme/server.key
|
||||||
tags: certmgr
|
|
||||||
|
|
||||||
- name: Ensure certificate permissoins
|
- name: Ensure private key permissoins
|
||||||
file: path={{ item }} owner=root mode=0400
|
file: path={{ item }} owner=root mode=0400
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/acme/account.key
|
- /etc/acme/account.key
|
||||||
- /etc/acme/server.key
|
- /etc/acme/server.key
|
||||||
tags: certmgr
|
|
||||||
|
- name: Create challenge directory
|
||||||
|
file: path=/var/www/acme-challenge/ owner=root mode=0755 state=directory
|
||||||
|
|
||||||
#- name: Enable acertmgr cronjob
|
#- name: Enable acertmgr cronjob
|
||||||
# cron: name=certmgr special_time=daily job=/opt/acertmgr/acertmgr.py
|
# cron: name=certmgr special_time=daily job=/opt/acertmgr/acertmgr.py
|
||||||
|
|||||||
@ -1,7 +1,8 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
mode: standalone
|
mode: {{ certmgr_mode }}
|
||||||
webdir: /var/www/acme-challenge/
|
webdir: /var/www/acme-challenge/
|
||||||
ttl_days: 30
|
ttl_days: 30
|
||||||
|
authority: "https://acme-v01.api.letsencrypt.org"
|
||||||
|
|
||||||
defaults:
|
defaults:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user