Преглед изворни кода

properly install changed SSL certificate

Dan Milon пре 9 година
родитељ
комит
e063abaa51
1 измењених фајлова са 9 додато и 2 уклоњено
  1. 9
    2
      roles/common/tasks/ssl.yml

+ 9
- 2
roles/common/tasks/ssl.yml Прегледај датотеку

@@ -1,15 +1,19 @@
1 1
 - name: Copy SSL private key into place
2 2
   copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640
3
+  register: private_key
3 4
 
4 5
 - name: Copy SSL public certificate into place
5 6
   copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644
7
+  register: certificate
6 8
 
7 9
 - name: Copy CA combined certificate into place
8 10
   copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644
11
+  register: ca_certificate
9 12
 
10 13
 - name: Create a combined version of the public cert with intermediate and root CAs
11 14
   shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >
12
-    /etc/ssl/certs/wildcard_combined.pem creates=/etc/ssl/certs/wildcard_combined.pem
15
+    /etc/ssl/certs/wildcard_combined.pem
16
+  when: private_key.changed or certificate.changed or ca_certificate.changed
13 17
 
14 18
 - name: Set permissions on combined public cert
15 19
   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
@@ -18,7 +22,10 @@
18 22
   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
19 23
 
20 24
 - name: Enable NameVirtualHost for HTTPS
21
-  lineinfile: dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443' insertafter='^<IfModule mod_ssl.c>' line='    NameVirtualHost *:443'
25
+  lineinfile:
26
+    dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443'
27
+    insertafter='^<IfModule mod_ssl.c>'
28
+    line='    NameVirtualHost *:443'
22 29
 
23 30
 - name: Add common Apache SSL config
24 31
   template:

Loading…
Откажи
Сачувај