ansible-roles/ssl/tasks/main.yml

---
- name: Copy SSL certificate
  ansible.builtin.copy:
    src: "ssl/{{ ssl_cert }}.pem"
    dest: "/etc/ssl/certs/{{ ssl_cert }}.pem"
    mode: "0644"
  register: ssl_copy_cert
  tags:
    - ssl

- name: Copy SSL key
  ansible.builtin.copy:
    src: "ssl/{{ ssl_cert }}.key"
    dest: "/etc/ssl/private/{{ ssl_cert }}.key"
    mode: "0640"
    owner: root
    group: ssl-cert
  register: ssl_copy_key
  tags:
    - ssl

- name: Copy SSL dhparam
  ansible.builtin.copy:
    src: "ssl/{{ ssl_cert }}.dhp"
    dest: "/etc/ssl/certs/{{ ssl_cert }}.dhp"
    mode: "0644"
  register: ssl_copy_dhp
  tags:
    - ssl

- name: Check if Haproxy is installed
  ansible.builtin.shell:
    cmd: "set -o pipefail && dpkg -l haproxy 2>/dev/null | grep -q -E '^(i|h)i'"
    executable: /bin/bash
  register: haproxy_check
  check_mode: no
  changed_when: False
  failed_when: False
  tags:
    - ssl

- name: Collect facts about system services
  service_facts:

- ansible.builtin.include: haproxy.yml
  when:
    - haproxy_check.rc == 0
    - ansible_facts.services['haproxy.service']['state'] == "running"
    - ansible_facts.services['haproxy.service']['status'] == "enabled"
Add an SSL role for certificates deployment 2018-11-06 16:15:42 +01:00			`---`
			`- name: Copy SSL certificate`
Use FQCN Fully Qualified Collection Name 2023-03-20 23:33:19 +01:00			`ansible.builtin.copy:`
Add an SSL role for certificates deployment 2018-11-06 16:15:42 +01:00			`src: "ssl/{{ ssl_cert }}.pem"`
			`dest: "/etc/ssl/certs/{{ ssl_cert }}.pem"`
			`mode: "0644"`
			`register: ssl_copy_cert`
			`tags:`
			`- ssl`

			`- name: Copy SSL key`
Use FQCN Fully Qualified Collection Name 2023-03-20 23:33:19 +01:00			`ansible.builtin.copy:`
Add an SSL role for certificates deployment 2018-11-06 16:15:42 +01:00			`src: "ssl/{{ ssl_cert }}.key"`
			`dest: "/etc/ssl/private/{{ ssl_cert }}.key"`
ssl: strengthen SSL private key permissions 2019-04-25 13:36:17 +02:00			`mode: "0640"`
			`owner: root`
			`group: ssl-cert`
Add an SSL role for certificates deployment 2018-11-06 16:15:42 +01:00			`register: ssl_copy_key`
			`tags:`
			`- ssl`

			`- name: Copy SSL dhparam`
Use FQCN Fully Qualified Collection Name 2023-03-20 23:33:19 +01:00			`ansible.builtin.copy:`
whitespaces 2019-04-25 13:36:25 +02:00			`src: "ssl/{{ ssl_cert }}.dhp"`
			`dest: "/etc/ssl/certs/{{ ssl_cert }}.dhp"`
			`mode: "0644"`
Add an SSL role for certificates deployment 2018-11-06 16:15:42 +01:00			`register: ssl_copy_dhp`
			`tags:`
			`- ssl`

			`- name: Check if Haproxy is installed`
Use FQCN Fully Qualified Collection Name 2023-03-20 23:33:19 +01:00			`ansible.builtin.shell:`
			`cmd: "set -o pipefail && dpkg -l haproxy 2>/dev/null \| grep -q -E '^(i\|h)i'"`
fix pipefail option for shell invocations 2021-05-18 14:04:54 +02:00			`executable: /bin/bash`
Add an SSL role for certificates deployment 2018-11-06 16:15:42 +01:00			`register: haproxy_check`
fix pipefail option for shell invocations 2021-05-18 14:04:54 +02:00			`check_mode: no`
Add an SSL role for certificates deployment 2018-11-06 16:15:42 +01:00			`changed_when: False`
ssl: haproxy package check must no fail 2018-11-06 16:21:16 +01:00			`failed_when: False`
Add an SSL role for certificates deployment 2018-11-06 16:15:42 +01:00			`tags:`
			`- ssl`

#73871 ssl: no not execute haproxy tasks and reload if haproxy is disabled 2023-11-17 15:51:33 +01:00			`- name: Collect facts about system services`
			`service_facts:`

Use FQCN Fully Qualified Collection Name 2023-03-20 23:33:19 +01:00			`- ansible.builtin.include: haproxy.yml`
#73871 ssl: no not execute haproxy tasks and reload if haproxy is disabled 2023-11-17 15:51:33 +01:00			`when:`
			`- haproxy_check.rc == 0`
			`- ansible_facts.services['haproxy.service']['state'] == "running"`
			`- ansible_facts.services['haproxy.service']['status'] == "enabled"`