diff --git a/defaults/main.yml b/defaults/main.yml index 5243207..ed340ad 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,8 +2,6 @@ pve_nodes: - node1 pve_tls_enabled: False -pve_tls_source_use_content: False -pve_tls_source_use_files: True pve_tls_cert_source: mycert.pem pve_tls_key_source: mykey.pem diff --git a/tasks/tls.yml b/tasks/tls.yml index d258e86..2f20cc2 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -9,43 +9,24 @@ - /etc/pki/tls/certs - /etc/pki/tls/private - - name: Copy certs and private key (file) + - name: Copy certs and private key copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" - with_items: + loop: - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs/pveproxy-ssl.pem", mode: "0750" } - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private/pveproxy-ssl.key", mode: "0600" } loop_control: label: "{{ item.dest }}" - register: __pve_copy_cert_content - when: pve_tls_source_use_files - - - name: Copy certs and private key (content) - copy: - content: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - with_items: - - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs", mode: "0750" } - - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private", mode: "0600" } - loop_control: - label: "{{ item.dest }}" - register: __pve_copy_cert_content - when: pve_tls_source_use_content - - - name: Set tls control variable - set_fact: - __pve_copy_cert: "{{ __pve_copy_cert_content }}" - when: pve_tls_source_use_files or pve_tls_source_use_content + register: __pve_tls_copy - name: Copy cert/key to pve filesystem command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" when: item[0].changed changed_when: item[0].changed with_nested: - - "{{ __pve_copy_cert.results }}" + - "{{ __pve_tls_copy.results }}" - "{{ pve_nodes }}" loop_control: label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"