|
|
@ -69,6 +69,7 @@
|
|
|
|
dest: "/tmp/ansible_hacky_pki_ca.key"
|
|
|
|
dest: "/tmp/ansible_hacky_pki_ca.key"
|
|
|
|
mode: u=rw,g=,o=
|
|
|
|
mode: u=rw,g=,o=
|
|
|
|
delegate_to: localhost
|
|
|
|
delegate_to: localhost
|
|
|
|
|
|
|
|
no_log: yes
|
|
|
|
when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
|
|
|
|
when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
|
|
|
|
|
|
|
|
|
|
|
|
- name: Sign the certificate
|
|
|
|
- name: Sign the certificate
|
|
|
@ -91,6 +92,7 @@
|
|
|
|
owner: "{{ owner | default('root') }}"
|
|
|
|
owner: "{{ owner | default('root') }}"
|
|
|
|
group: "{{ group | default('root') }}"
|
|
|
|
group: "{{ group | default('root') }}"
|
|
|
|
mode: "{{ key_mode | default('u=rw,g=,o=') }}"
|
|
|
|
mode: "{{ key_mode | default('u=rw,g=,o=') }}"
|
|
|
|
|
|
|
|
no_log: yes
|
|
|
|
when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
|
|
|
|
when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
|
|
|
|
|
|
|
|
|
|
|
|
- name: Send certificate to the server
|
|
|
|
- name: Send certificate to the server
|
|
|
|