reihenfolge korrigiert
This commit is contained in:
parent
0e9dde4f19
commit
e0ccd32ffe
|
|
@ -2,3 +2,8 @@
|
|||
- name: reload systemd
|
||||
sudo: yes
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: restart step-ca
|
||||
service:
|
||||
name: step-ca
|
||||
state: restarted
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@
|
|||
dest: /etc/step-ca/password.txt
|
||||
owner: step
|
||||
group: step
|
||||
mode: "0640"
|
||||
mode: "0770"
|
||||
|
||||
- name: link .step to /etc/step-ca
|
||||
file:
|
||||
|
|
@ -42,7 +42,7 @@
|
|||
dest: ~/.step
|
||||
|
||||
- name: init step-ca
|
||||
command: step ca init --name="{{ pki_name }}" --dns stats --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
|
||||
command: step ca init --name="{{ pki_name }}" --dns {{ ansible_hostname }} --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
|
||||
args:
|
||||
creates: /etc/step-ca/config
|
||||
|
||||
|
|
@ -71,22 +71,6 @@
|
|||
- /etc/step-ca/config/ca.json
|
||||
- /etc/step-ca/config/defaults.json
|
||||
|
||||
- name: list provisioners
|
||||
command: step ca provisioner list
|
||||
register: povisionerlist
|
||||
|
||||
- name: add acme provisioner
|
||||
command: step ca provisioner add acme --type ACME
|
||||
when: povisionerlist.stdout.find ("ACME") == -1
|
||||
notify:
|
||||
- restart step-ca
|
||||
|
||||
- name: remove jwk provisioner
|
||||
command: step ca provisioner remove "{{ pki_name }}" --type JWK
|
||||
when: povisionerlist.stdout.find ("ACME") == 1
|
||||
notify:
|
||||
- restart step-ca
|
||||
|
||||
- name: generate /etc/systemd/system/step-ca.service
|
||||
template:
|
||||
src: step-ca.service.j2
|
||||
|
|
@ -97,8 +81,27 @@
|
|||
notify:
|
||||
- reload systemd
|
||||
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
- name: enable step-ca
|
||||
systemd:
|
||||
name: step-ca
|
||||
enabled: yes
|
||||
masked: no
|
||||
masked: no
|
||||
|
||||
- name: list provisioners
|
||||
command: step ca provisioner list
|
||||
register: povisionerlist
|
||||
|
||||
- name: add acme provisioner
|
||||
command: step ca provisioner add acme --type ACME
|
||||
when: not povisionerlist.stdout.find ("ACME") != -1
|
||||
notify:
|
||||
- restart step-ca
|
||||
|
||||
- name: remove jwk provisioner
|
||||
command: step ca provisioner remove "{{ pki_name }}" --type JWK
|
||||
when: povisionerlist.stdout.find ("JWK") != -1
|
||||
notify:
|
||||
- restart step-ca
|
||||
|
|
|
|||
Loading…
Reference in New Issue