reihenfolge korrigiert

2021-05-30 18:43:31 +01:00 · 2021-05-30 18:43:31 +01:00 · e0ccd32ffe
commit e0ccd32ffe
parent 0e9dde4f19
2 changed files with 27 additions and 19 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -2,3 +2,8 @@
 - name: reload systemd
  sudo: yes
  command: systemctl daemon-reload
+
+- name: restart step-ca
+  service: 
+    name: step-ca
+    state: restarted
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -33,7 +33,7 @@
    dest: /etc/step-ca/password.txt
    owner: step
    group: step
-    mode: "0640"
+    mode: "0770"

 - name: link .step to /etc/step-ca
  file:
@ -42,7 +42,7 @@
    dest: ~/.step

 - name: init step-ca
-  command: step ca init --name="{{ pki_name }}" --dns stats --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
+  command: step ca init --name="{{ pki_name }}" --dns {{ ansible_hostname }} --issuer="{{ pki_name }}" --address=:4343 --provisioner="{{ pki_name }}" --password-file=/etc/step-ca/password.txt --provisioner-password-file=/etc/step-ca/password.txt
  args:
    creates: /etc/step-ca/config

@ -71,22 +71,6 @@
  - /etc/step-ca/config/ca.json
  - /etc/step-ca/config/defaults.json

- name: list provisioners
-  command: step ca provisioner list
-  register: povisionerlist
-
- name: add acme provisioner
-  command: step ca provisioner add acme --type ACME
-  when: povisionerlist.stdout.find ("ACME") == -1
-  notify:
-    - restart step-ca
-
- name: remove jwk provisioner
-  command: step ca provisioner remove "{{ pki_name }}" --type JWK
-  when: povisionerlist.stdout.find ("ACME") == 1
-  notify:
-    - restart step-ca
-
 - name: generate /etc/systemd/system/step-ca.service
  template:
    src: step-ca.service.j2
@ -97,8 +81,27 @@
  notify:
    - reload systemd

+- name: Flush handlers
+  meta: flush_handlers
+
 - name: enable step-ca
  systemd:
    name: step-ca
    enabled: yes
-    masked: no
+    masked: no
+
+- name: list provisioners
+  command: step ca provisioner list
+  register: povisionerlist
+
+- name: add acme provisioner
+  command: step ca provisioner add acme --type ACME
+  when: not povisionerlist.stdout.find ("ACME") != -1
+  notify:
+    - restart step-ca
+
+- name: remove jwk provisioner
+  command: step ca provisioner remove "{{ pki_name }}" --type JWK
+  when: povisionerlist.stdout.find ("JWK") != -1
+  notify:
+    - restart step-ca