send the cert in the right file and clean localhost

This commit is contained in:
histausse 2021-09-09 22:29:46 +02:00
parent 7081c0411c
commit 3c643fe012
Signed by: histausse
GPG key ID: 67486F107F62E9E9
2 changed files with 35 additions and 2 deletions

View file

@ -4,5 +4,5 @@
roles: roles:
- generate-cert - generate-cert
vars: vars:
directory: /tmp/test-pki directory: /etc/nginx/certs/
cname: test-client cname: example.com

View file

@ -79,6 +79,15 @@
mode: "{{ key_mode | default('u=rw,g=,o=') }}" mode: "{{ key_mode | default('u=rw,g=,o=') }}"
when: not key_file.stat.exists when: not key_file.stat.exists
- name: Send certificate to the server
copy:
src: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
dest: "{{ directory }}/{{ cname }}.crt"
owner: "{{ owner | default('root') }}"
group: "{{ group | default('root') }}"
mode: "{{ key_mode | default('u=rw,g=r,o=r') }}"
when: not key_file.stat.exists
# Clean up # Clean up
- name: Remove the local cert key - name: Remove the local cert key
become: false become: false
@ -95,3 +104,27 @@
state: absent state: absent
delegate_to: localhost delegate_to: localhost
when: not key_file.stat.exists when: not key_file.stat.exists
- name: Remove the local certificate
become: false
file:
path: "/tmp/ansible_hacky_pki_{{ cname }}.crt"
state: absent
delegate_to: localhost
when: not key_file.stat.exists
- name: Remove the CA certificate
become: false
file:
path: /tmp/ansible_hacky_pki_ca.crt
state: absent
delegate_to: localhost
when: not key_file.stat.exists
- name: Remove the CA key
become: false
file:
path: /tmp/ansible_hacky_pki_ca.key
state: absent
delegate_to: localhost
when: not key_file.stat.exists