ansible/xoxys.unifi
1
0
Fork 0
Code Issues Pull Requests Releases Activity
ea4fa2b335
xoxys.unifi/tasks/tls.yml
Robert Kaussow 1f293c2108
Some checks failed
continuous-integration/drone/push Build is failing
Details
modernize
2019-08-04 22:31:25 +02:00

77 lines
2.3 KiB
YAML
Raw Blame History

---
- block:
- name: Create tls folder structure
file:
path: "{{ item }}"
state: directory
owner: "{{ unifi_user }}"
group: "{{ unifi_group }}"
recurse: True
loop:
- "{{ unifi_tls_certs_dir }}"
- "{{ unifi_tls_key_dir }}"
become: True
become_user: root
- block:
- name: Copy certs and private key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' }
- { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
register: __unifi_tls
- name: Set internal control variables
set_fact:
__unifi_pkcs12_path: /tmp/unifi.p12
__unifi_keystore_path: "{{ unifi_base_dir }}/{{ unifi_version }}//UniFi/data/keystore"
become: True
become_user: "{{ unifi_user }}"
- block:
- name: Create temp openssl pkcs12 keystore at '{{ __unifi_pkcs12_path }}'
openssl_pkcs12:
path: "{{ __unifi_pkcs12_path }}"
friendly_name: ubnt
privatekey_path: "{{ unifi_tls_key_file }}"
cert_path: "{{ unifi_tls_cert_file }}"
passphrase: "{{ unifi_tls_pkcs12_passphrase }}"
state: present
- name: Delete current keystore file
file:
path: "{{ __unifi_keystore_path }}"
state: absent
- name: Create java keystore at '{{ __unifi_keystore_path }}'
java_cert:
pkcs12_path: "{{ __unifi_pkcs12_path }}"
cert_alias: ubnt
pkcs12_alias: ubnt
keystore_path: "{{ __unifi_keystore_path }}"
keystore_pass: aircontrolenterprise
pkcs12_password: "{{ unifi_tls_pkcs12_passphrase }}"
keystore_create: yes
state: present
notify: __unifi_restart
- name: Adjust keystore filesystem permissions
file:
path: "{{ __unifi_keystore_path }}"
owner: "{{ unifi_user }}"
group: "{{ unifi_group }}"
mode: 0600
- name: Remove '{{ __unifi_pkcs12_path }}'
file:
path: "{{ __unifi_pkcs12_path }}"
state: absent
when: __unifi_tls.changed
become: True
become_user: "{{ unifi_user }}"
Reference in New Issue View Git Blame Copy Permalink