implement keystore setup
This commit is contained in:
parent
2c8b450d77
commit
0780691c2b
|
@ -43,8 +43,6 @@ unifi_open_ports:
|
|||
state: present
|
||||
|
||||
unifi_tls_deploment_enabled: False
|
||||
unifi_tls_pkcs12_path: /tmp/unifi.p12
|
||||
unifi_tls_pkcs12_passphrase: temppass
|
||||
unifi_tls_cert_path: /etc/pki/tls/certs/cert.pem
|
||||
unifi_tls_key_path: /etc/pki/tls/private/key.pem
|
||||
unifi_tls_lookup_user: "{{ ansible_user_dir }}"
|
||||
|
|
|
@ -1,15 +1,55 @@
|
|||
---
|
||||
- name: Copy tls cert and key
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: "{{ item.mode }}"
|
||||
with_items:
|
||||
- "{ src: {{ unifi_tls_key_path }}, dest: '/etc/pki/tls/private/unifi.pem' ,mode: '0600' }"
|
||||
- "{ src: {{ unifi_tls_cert_path }}, dest: '/etc/pki/tls/certs/unifi.pem',mode: '0750' }"
|
||||
register: __unifi_certs
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- block:
|
||||
- name: Setup temp. openssl pkcs12 keystore
|
||||
- set_fact:
|
||||
__unifi_pkcs12_path: /tmp/unifi.p12
|
||||
__unifi_keystore_path: "{{ unifi_base_dir }}/{{ unifi_version }}//UniFi/data/keystore"
|
||||
|
||||
- name: Create temp openssl pkcs12 keystore at '{{ __unifi_pkcs12_path }}'
|
||||
openssl_pkcs12:
|
||||
path: "{{ unifi_tls_pkcs12_path }}"
|
||||
path: "{{ __unifi_pkcs12_path }}"
|
||||
friendly_name: ubnt
|
||||
privatekey_path: "{{ unifi_tls_key_path }}"
|
||||
cert_path: "{{ unifi_tls_cert_path }}"
|
||||
privatekey_path: /etc/pki/tls/private/unifi.pem
|
||||
cert_path: /etc/pki/tls/certs/unifi.pem
|
||||
passphrase: "{{ unifi_tls_pkcs12_passphrase }}"
|
||||
state: present
|
||||
force: True
|
||||
delegate_to: localhost
|
||||
changed_when: False
|
||||
|
||||
- name: Delete current keystore file
|
||||
file:
|
||||
path: "{{ __unifi_keystore_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Create java keystore at '{{ __unifi_keystore_path }}'
|
||||
pkcs12_path: "/tmp/importkeystore.p12"
|
||||
cert_alias: ubnt
|
||||
keystore_path: "{{ __unifi_keystore_path }}"
|
||||
keystore_pass: aircontrolenterprise
|
||||
keystore_create: yes
|
||||
state: present
|
||||
notify: __unifi_restart
|
||||
|
||||
- name: Adjust keystore filesystem permissions
|
||||
file:
|
||||
path: "{{ __unifi_keystore_path }}"
|
||||
owner: "{{ unifi_user }}"
|
||||
group: "{{ unifi_group }}"
|
||||
mode: 0600
|
||||
|
||||
- name: Remove '{{ __unifi_pkcs12_path }}'
|
||||
file:
|
||||
path: "{{ __unifi_pkcs12_path }}"
|
||||
state: absent
|
||||
become: True
|
||||
become_user: "{{ unifi_tls_lookup_user }}"
|
||||
become_user: root
|
||||
when: __unifi_certs.changed
|
||||
|
|
Loading…
Reference in New Issue