Ansible/pki-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a369b460426d7fbfdfafb5aa21ff6a95384294e1
pki-server/roles/create_ldap_cert/tasks/main.yml
ytshih a369b46042
All checks were successful
Ansible Playbook lint / ansible-lint (push) Successful in 13s
Details
Chore: add full-chain for ldap
2025-09-25 00:14:41 +08:00

52 lines
1.4 KiB
YAML
Raw Blame History

---
- name: Install ldap directory
ansible.builtin.file:
path: /etc/pki/ldap.konchin.com
state: directory
mode: '0700'
owner: root
group: root
- name: Create private key for ldap
community.crypto.openssl_privatekey:
path: /etc/pki/ldap.konchin.com/cert.key
- name: Create CSR for ldap
community.crypto.openssl_csr_pipe:
privatekey_path: /etc/pki/ldap.konchin.com/cert.key
subject_alt_name:
- 'DNS:ldap'
- 'DNS:ldaps'
- 'DNS:ldap.konchin.com'
- 'DNS:ldaps.konchin.com'
register: csr
- name: Sign with root ca
community.crypto.x509_certificate:
path: /etc/pki/ldap.konchin.com/cert.pem
csr_content: "{{ csr.csr }}"
provider: ownca
ownca_path: /etc/pki/konchin.com/rootca.pem
ownca_privatekey_path: /etc/pki/konchin.com/rootca.key
ownca_privatekey_passphrase: "{{ secret_ca_passphrase }}"
ownca_not_after: +365d # valid for one year
ownca_not_before: -1d # valid since yesterday
return_content: true
register: cert
- name: Create full chain
block:
- name: Slurp root ca
ansible.builtin.slurp:
src: /etc/pki/konchin.com/rootca.pem
register: rootca
- name: Create full chain cert
ansible.builtin.copy:
content: |
{{ cert.certificate | trim }}
{{ rootca['content'] | b64decode | trim }}
dest: /etc/pki/ldap.konchin.com/full-chain.pem
mode: '0600'
owner: root
group: root
Reference in New Issue View Git Blame Copy Permalink