generate private key on localhost

2021-09-08 21:01:51 +02:00 · 2021-09-08 21:01:51 +02:00 · d01e17c4dd
commit d01e17c4dd
parent 957f3e29ff
2 changed files with 26 additions and 5 deletions
--- a/example.yml
+++ b/example.yml
@ -4,4 +4,5 @@
  roles:
    - generate-cert
  vars:
-    path: /tmp/test-client
+    directory: /tmp/test-pki
+    cname: test-client
--- a/roles/generate-cert/tasks/main.yml
+++ b/roles/generate-cert/tasks/main.yml
@ -3,10 +3,30 @@
  ansible.builtin.debug:
    msg: "Test"

+- name: Ensure the directory containing the cert exist
+  file:
+    path: "{{ directory }}"
+    state: directory
+
+- name: Test if the key already exist
+  stat:
+    path: "{{ directory }}/{{ cname }}.key"
+  register: key_file
+
 - name: Generate private key
+  become: false
  openssl_privatekey:
-    path: "{{ path }}.key"
-    owner: "{{ owner | default(omit) }}"
-    group: "{{ group | default(omit) }}"
-    mode: "{{ key_mode | default(omit) }}"
+    path: "/tmp/ansible_hacky_pki_{{ cname }}.key"
+    mode: u=rw,g=,o=
    size: "{{ key_size | default(omit) }}"
+  delegate_to: localhost
+  when: not key_file.stat.exists
+
+- name: Send private key to the server
+  copy:
+    src: "/tmp/ansible_hacky_pki_{{ cname }}.key"
+    dest: "{{ directory }}/{{ cname }}.key"
+    owner: "{{ owner | default('root') }}"
+    group: "{{ group | default('root') }}"
+    mode: "{{ key_mode | default('u=rw,g=,o=') }}"
+  when: not key_file.stat.exists