reihenfolge korrigiert
This commit is contained in:
parent
0e9dde4f19
commit
e0ccd32ffe
@ -2,3 +2,8 @@
|
|||||||
- name: reload systemd
|
- name: reload systemd
|
||||||
sudo: yes
|
sudo: yes
|
||||||
command: systemctl daemon-reload
|
command: systemctl daemon-reload
|
||||||
|
|
||||||
|
- name: restart step-ca
|
||||||
|
service:
|
||||||
|
name: step-ca
|
||||||
|
state: restarted
|
||||||
|
|||||||
@ -33,7 +33,7 @@
|
|||||||
dest: /etc/step-ca/password.txt
|
dest: /etc/step-ca/password.txt
|
||||||
owner: step
|
owner: step
|
||||||
group: step
|
group: step
|
||||||
mode: "0640"
|
mode: "0770"
|
||||||
|
|
||||||
- name: link .step to /etc/step-ca
|
- name: link .step to /etc/step-ca
|
||||||
file:
|
file:
|
||||||
@ -42,7 +42,7 @@
|
|||||||
dest: ~/.step
|
dest: ~/.step
|
||||||
|
|
||||||
- name: init step-ca
|
- name: init step-ca
|
||||||
command: step ca init --name="{{ pki_name }}" --dns stats --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
|
command: step ca init --name="{{ pki_name }}" --dns {{ ansible_hostname }} --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
|
||||||
args:
|
args:
|
||||||
creates: /etc/step-ca/config
|
creates: /etc/step-ca/config
|
||||||
|
|
||||||
@ -71,22 +71,6 @@
|
|||||||
- /etc/step-ca/config/ca.json
|
- /etc/step-ca/config/ca.json
|
||||||
- /etc/step-ca/config/defaults.json
|
- /etc/step-ca/config/defaults.json
|
||||||
|
|
||||||
- name: list provisioners
|
|
||||||
command: step ca provisioner list
|
|
||||||
register: povisionerlist
|
|
||||||
|
|
||||||
- name: add acme provisioner
|
|
||||||
command: step ca provisioner add acme --type ACME
|
|
||||||
when: povisionerlist.stdout.find ("ACME") == -1
|
|
||||||
notify:
|
|
||||||
- restart step-ca
|
|
||||||
|
|
||||||
- name: remove jwk provisioner
|
|
||||||
command: step ca provisioner remove "{{ pki_name }}" --type JWK
|
|
||||||
when: povisionerlist.stdout.find ("ACME") == 1
|
|
||||||
notify:
|
|
||||||
- restart step-ca
|
|
||||||
|
|
||||||
- name: generate /etc/systemd/system/step-ca.service
|
- name: generate /etc/systemd/system/step-ca.service
|
||||||
template:
|
template:
|
||||||
src: step-ca.service.j2
|
src: step-ca.service.j2
|
||||||
@ -97,8 +81,27 @@
|
|||||||
notify:
|
notify:
|
||||||
- reload systemd
|
- reload systemd
|
||||||
|
|
||||||
|
- name: Flush handlers
|
||||||
|
meta: flush_handlers
|
||||||
|
|
||||||
- name: enable step-ca
|
- name: enable step-ca
|
||||||
systemd:
|
systemd:
|
||||||
name: step-ca
|
name: step-ca
|
||||||
enabled: yes
|
enabled: yes
|
||||||
masked: no
|
masked: no
|
||||||
|
|
||||||
|
- name: list provisioners
|
||||||
|
command: step ca provisioner list
|
||||||
|
register: povisionerlist
|
||||||
|
|
||||||
|
- name: add acme provisioner
|
||||||
|
command: step ca provisioner add acme --type ACME
|
||||||
|
when: not povisionerlist.stdout.find ("ACME") != -1
|
||||||
|
notify:
|
||||||
|
- restart step-ca
|
||||||
|
|
||||||
|
- name: remove jwk provisioner
|
||||||
|
command: step ca provisioner remove "{{ pki_name }}" --type JWK
|
||||||
|
when: povisionerlist.stdout.find ("JWK") != -1
|
||||||
|
notify:
|
||||||
|
- restart step-ca
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user