--- - block: - name: Create pki folder structure file: path: "{{ item }}" state: directory recurse: True with_items: - /etc/pki/tls/certs - /etc/pki/tls/private - name: Copy certs and private key (file) copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs/pveproxy-ssl.pem", mode: "0750" } - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private/pveproxy-ssl.key", mode: "0600" } loop_control: label: "{{ item.dest }}" register: __pve_copy_cert_file when: pve_tls_source_use_files - name: Set tls control variable set_fact: __pve_copy_cert: "{{ __pve_copy_cert_file }}" when: pve_tls_source_use_files - name: Copy certs and private key (content) copy: content: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs", mode: "0750" } - { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private", mode: "0600" } loop_control: label: "{{ item.dest }}" register: __pve_copy_cert_content when: pve_tls_source_use_content - name: Set tls control variable set_fact: __pve_copy_cert: "{{ __pve_copy_cert_content }}" when: pve_tls_source_use_content - name: Copy cert/key to pve filesystem command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" when: item[0].changed changed_when: item[0].changed with_nested: - "{{ __pve_copy_cert.results }}" - "{{ pve_nodes }}" loop_control: label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}" notify: __pveproxy_restart become: True become_user: root