58 lines
1.7 KiB
YAML
58 lines
1.7 KiB
YAML
---
|
|
- name: Copy tls cert and key
|
|
copy:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: "{{ item.mode }}"
|
|
with_items:
|
|
- { src: "{{ unifi_tls_key_path }}", dest: '/etc/pki/tls/private/unifi.pem', mode: '0600' }
|
|
- { src: "{{ unifi_tls_cert_path }}", dest: '/etc/pki/tls/certs/unifi.pem', mode: '0750' }
|
|
register: __unifi_certs
|
|
become: True
|
|
become_user: root
|
|
|
|
- block:
|
|
- set_fact:
|
|
__unifi_pkcs12_path: /tmp/unifi.p12
|
|
__unifi_keystore_path: "{{ unifi_base_dir }}/{{ unifi_version }}//UniFi/data/keystore"
|
|
|
|
- name: Create temp openssl pkcs12 keystore at '{{ __unifi_pkcs12_path }}'
|
|
openssl_pkcs12:
|
|
path: "{{ __unifi_pkcs12_path }}"
|
|
friendly_name: ubnt
|
|
privatekey_path: /etc/pki/tls/private/unifi.pem
|
|
cert_path: /etc/pki/tls/certs/unifi.pem
|
|
passphrase: "{{ unifi_tls_pkcs12_passphrase }}"
|
|
state: present
|
|
|
|
- name: Delete current keystore file
|
|
file:
|
|
path: "{{ __unifi_keystore_path }}"
|
|
state: absent
|
|
|
|
- name: Create java keystore at '{{ __unifi_keystore_path }}'
|
|
java_cert:
|
|
pkcs12_path: "{{ __unifi_pkcs12_path }}"
|
|
cert_alias: ubnt
|
|
keystore_path: "{{ __unifi_keystore_path }}"
|
|
keystore_pass: aircontrolenterprise
|
|
pkcs12_password: "{{ unifi_tls_pkcs12_passphrase }}"
|
|
keystore_create: yes
|
|
state: present
|
|
notify: __unifi_restart
|
|
|
|
- name: Adjust keystore filesystem permissions
|
|
file:
|
|
path: "{{ __unifi_keystore_path }}"
|
|
owner: "{{ unifi_user }}"
|
|
group: "{{ unifi_group }}"
|
|
mode: 0600
|
|
|
|
- name: Remove '{{ __unifi_pkcs12_path }}'
|
|
file:
|
|
path: "{{ __unifi_pkcs12_path }}"
|
|
state: absent
|
|
become: True
|
|
become_user: root
|
|
when: __unifi_certs.changed
|