Jeltz
4f1d598fb5
Les CSR ne contiennent pas d'informations sensibles et peuvent donc être accessibles en lecture au monde. Cela permet d'exécuter une tâche Ansible sans élévation de privilèges.
25 lines
No EOL
512 B
YAML
25 lines
No EOL
512 B
YAML
---
|
|
- name: Install python3-cryptography library
|
|
become: true
|
|
apt:
|
|
name: python3-cryptography
|
|
state: present
|
|
|
|
- name: Create directories for storing certificates
|
|
become: true
|
|
file:
|
|
path: "/etc/{{ item.name }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- name: ssl
|
|
mode: u=rwx,g=rx,o=rx
|
|
- name: ssl/private
|
|
mode: u=rwx,g=,o=
|
|
- name: ssl/csr
|
|
mode: u=rwx,g=rx,o=rx
|
|
- name: ssl/certs
|
|
mode: u=rwx,g=rx,o=rx
|
|
... |