diff --git a/handlers/main.yml b/handlers/main.yml index 2fbffcf..05ec040 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,3 +2,8 @@ - name: reload systemd sudo: yes command: systemctl daemon-reload + +- name: restart step-ca + service: + name: step-ca + state: restarted diff --git a/tasks/main.yml b/tasks/main.yml index 4020892..d3efebe 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -33,7 +33,7 @@ dest: /etc/step-ca/password.txt owner: step group: step - mode: "0640" + mode: "0770" - name: link .step to /etc/step-ca file: @@ -42,7 +42,7 @@ dest: ~/.step - name: init step-ca - command: step ca init --name="{{ pki_name }}" --dns stats --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt + command: step ca init --name="{{ pki_name }}" --dns {{ ansible_hostname }} --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt args: creates: /etc/step-ca/config @@ -71,22 +71,6 @@ - /etc/step-ca/config/ca.json - /etc/step-ca/config/defaults.json -- name: list provisioners - command: step ca provisioner list - register: povisionerlist - -- name: add acme provisioner - command: step ca provisioner add acme --type ACME - when: povisionerlist.stdout.find ("ACME") == -1 - notify: - - restart step-ca - -- name: remove jwk provisioner - command: step ca provisioner remove "{{ pki_name }}" --type JWK - when: povisionerlist.stdout.find ("ACME") == 1 - notify: - - restart step-ca - - name: generate /etc/systemd/system/step-ca.service template: src: step-ca.service.j2 @@ -97,8 +81,27 @@ notify: - reload systemd +- name: Flush handlers + meta: flush_handlers + - name: enable step-ca systemd: name: step-ca enabled: yes - masked: no \ No newline at end of file + masked: no + +- name: list provisioners + command: step ca provisioner list + register: povisionerlist + +- name: add acme provisioner + command: step ca provisioner add acme --type ACME + when: not povisionerlist.stdout.find ("ACME") != -1 + notify: + - restart step-ca + +- name: remove jwk provisioner + command: step ca provisioner remove "{{ pki_name }}" --type JWK + when: povisionerlist.stdout.find ("JWK") != -1 + notify: + - restart step-ca