--- - block: - name: Create tls folder structure file: path: "{{ item }}" state: directory owner: "{{ unifi_user }}" group: "{{ unifi_group }}" recurse: True loop: - "{{ unifi_tls_certs_dir }}" - "{{ unifi_tls_key_dir }}" become: True become_user: root - block: - name: Copy certs and private key (file) copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" loop: - { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' } - { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' } loop_control: label: "{{ item.dest }}" register: __unifi_certs_file when: unifi_tls_source_use_files - name: Copy certs and private key (content) copy: content: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" loop: - { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' } - { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' } loop_control: label: "{{ item.dest }}" register: __unifi_certs_content when: unifi_tls_source_use_content - name: Set internal control variables set_fact: __unifi_pkcs12_path: /tmp/unifi.p12 __unifi_keystore_path: "{{ unifi_base_dir }}/{{ unifi_version }}//UniFi/data/keystore" become: True become_user: "{{ unifi_user }}" - block: - name: Create temp openssl pkcs12 keystore at '{{ __unifi_pkcs12_path }}' openssl_pkcs12: path: "{{ __unifi_pkcs12_path }}" friendly_name: ubnt privatekey_path: "{{ unifi_tls_key_file }}" cert_path: "{{ unifi_tls_cert_file }}" passphrase: "{{ unifi_tls_pkcs12_passphrase }}" state: present - name: Delete current keystore file file: path: "{{ __unifi_keystore_path }}" state: absent - name: Create java keystore at '{{ __unifi_keystore_path }}' java_cert: pkcs12_path: "{{ __unifi_pkcs12_path }}" cert_alias: ubnt pkcs12_alias: ubnt keystore_path: "{{ __unifi_keystore_path }}" keystore_pass: aircontrolenterprise pkcs12_password: "{{ unifi_tls_pkcs12_passphrase }}" keystore_create: yes state: present notify: __unifi_restart - name: Adjust keystore filesystem permissions file: path: "{{ __unifi_keystore_path }}" owner: "{{ unifi_user }}" group: "{{ unifi_group }}" mode: 0600 - name: Remove '{{ __unifi_pkcs12_path }}' file: path: "{{ __unifi_pkcs12_path }}" state: absent become: True become_user: "{{ unifi_user }}" when: __unifi_certs_file.changed or __unifi_certs_content.changed