- name: define dh param dict set_fact: dh: "{{ {'remote_gen': true, 'size': 2048, 'backup': false} | combine(dh_params | d({})) }}" - name: check if dhparam file exists stat: path: "{{ dh.path | mandatory }}" register: res - block: - name: ensure cryptography toolkit is installed include_tasks: tasks/install_packages.yml vars: package: - alpine: py3-cryptography debian: python3-cryptography when: dh.remote_gen == false - block: - name: wait until ca becomes available wait_for_connection: timeout: 10 - name: create temporary file for dh params tempfile: state: file register: tf delegate_to: "{{ services.ca.hostname }}" when: dh.remote_gen == true - name: generate dh params community.crypto.openssl_dhparam: path: "{%- if dh.remote_gen == false -%}{{ dh.path | mandatory }}\ {%- else -%}{{ tf.path }}\ {%- endif -%}" size: "{{ dh.size }}" backup: "{{ dh.backup }}" mode: "{{ (dh.mode | d('0400')) if (dh.remote_gen == false) else '0400' }}" owner: "{{ (dh.owner | d(omit)) if (dh.remote_gen == false) else omit }}" group: "{{ (dh.group | d(omit)) if (dh.remote_gen == false) else omit }}" return_content: "{{ dh.remote_gen == true }}" delegate_to: "{{ inventory_hostname if (dh.remote_gen == false) else services.ca.hostname }}" notify: "{{ dh.notify | d(omit) }}" register: dh_result - block: - name: remove temporary file file: path: "{{ tf.path }}" state: absent delegate_to: "{{ services.ca.hostname }}" - name: copy dh result to remote node copy: content: "{{ dh_result.dhparams }}" dest: "{{ dh.path | mandatory }}" mode: "{{ dh.mode | d('0400') }}" owner: "{{ dh.owner | d(omit) }}" group: "{{ dh.group | d(omit) }}" when: dh.remote_gen == true when: (not res.stat.exists) or (dh.remote_gen == false) - name: unset dh param dict set_fact: dh: "{{ {} }}"