forked from evolix/ansible-roles
0825d88552
Don't compare with empty string as an empty string is already false and a non-empty string is already true. Name all tasks.
35 lines
1 KiB
YAML
35 lines
1 KiB
YAML
---
|
|
- name: "Configure openssl key generation"
|
|
ini_file:
|
|
dest: "{{ evoacme_crt_dir }}/openssl.cnf"
|
|
section: 'req'
|
|
option: "{{ item.name }}"
|
|
value: "{{ item.var }}"
|
|
with_items:
|
|
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
|
|
- { name: 'encrypt_key', var: 'yes' }
|
|
- { name: 'distinguished_name', var: 'req_dn' }
|
|
- { name: 'prompt', var: 'no' }
|
|
|
|
- name: Update openssl conf
|
|
ini_file:
|
|
dest: "{{ evoacme_crt_dir }}/openssl.cnf"
|
|
section: 'req_dn'
|
|
option: "{{ item.name }}"
|
|
value: "{{ item.var }}"
|
|
with_items:
|
|
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
|
|
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
|
|
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }
|
|
- { name: 'O', var: "{{ evoacme_ssl_org }}" }
|
|
- { name: 'OU', var: "{{ evoacme_ssl_ou }}" }
|
|
- { name: 'emailAddress', var: "{{ evoacme_ssl_email }}" }
|
|
|
|
- name: Copy new evoacme conf
|
|
template:
|
|
src: templates/evoacme.conf.j2
|
|
dest: /etc/default/evoacme
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|