send the cert in the right file and clean localhost

3 years ago · 3c643fe012
parent 7081c0411c
commit 3c643fe012
2 changed files with 35 additions and 2 deletions
--- a/example.yml
+++ b/example.yml
@ -4,5 +4,5 @@
  roles:
    - generate-cert
  vars:
-    directory: /tmp/test-pki
-    cname: test-client
+    directory: /etc/nginx/certs/
+    cname: example.com
--- a/roles/generate-cert/tasks/main.yml
+++ b/roles/generate-cert/tasks/main.yml
@ -79,6 +79,15 @@
    mode: "{{ key_mode | default('u=rw,g=,o=') }}"
  when: not key_file.stat.exists

+- name: Send certificate to the server
+  copy:
+    src: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
+    dest: "{{ directory }}/{{ cname }}.crt"
+    owner: "{{ owner | default('root') }}"
+    group: "{{ group | default('root') }}"
+    mode: "{{ key_mode | default('u=rw,g=r,o=r') }}"
+  when: not key_file.stat.exists
+
 # Clean up
 - name: Remove the local cert key
  become: false
@ -95,3 +104,27 @@
    state: absent
  delegate_to: localhost
  when: not key_file.stat.exists
+
+- name: Remove the local certificate
+  become: false
+  file:
+    path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
+    state: absent
+  delegate_to: localhost
+  when: not key_file.stat.exists
+
+- name: Remove the CA certificate
+  become: false
+  file:
+    path: /tmp/ansible_hacky_pki_ca.crt
+    state: absent
+  delegate_to: localhost
+  when: not key_file.stat.exists
+
+- name: Remove the CA key
+  become: false
+  file:
+    path: /tmp/ansible_hacky_pki_ca.key
+    state: absent
+  delegate_to: localhost
+  when: not key_file.stat.exists