You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.0 KiB
74 lines
2.0 KiB
- name: define dh param dict
|
|
set_fact:
|
|
dh: "{{ {'remote_gen': true, 'size': 2048, 'backup': false} | combine(dh_params | d({})) }}"
|
|
|
|
|
|
- name: check if dhparam file exists
|
|
stat:
|
|
path: "{{ dh.path | mandatory }}"
|
|
register: res
|
|
|
|
|
|
- block:
|
|
- name: ensure cryptography toolkit is installed
|
|
include_tasks: tasks/install_packages.yml
|
|
vars:
|
|
package:
|
|
- alpine: py3-cryptography
|
|
debian: python3-cryptography
|
|
when: dh.remote_gen == false
|
|
|
|
|
|
- block:
|
|
- name: wait until ca becomes available
|
|
wait_for_connection:
|
|
timeout: 10
|
|
|
|
- name: create temporary file for dh params
|
|
tempfile:
|
|
state: file
|
|
register: tf
|
|
|
|
delegate_to: "{{ services.ca.hostname }}"
|
|
when: dh.remote_gen == true
|
|
|
|
|
|
- name: generate dh params
|
|
community.crypto.openssl_dhparam:
|
|
path: "{%- if dh.remote_gen == false -%}{{ dh.path | mandatory }}\
|
|
{%- else -%}{{ tf.path }}\
|
|
{%- endif -%}"
|
|
size: "{{ dh.size }}"
|
|
backup: "{{ dh.backup }}"
|
|
mode: "{{ (dh.mode | d('0400')) if (dh.remote_gen == false) else '0400' }}"
|
|
owner: "{{ (dh.owner | d(omit)) if (dh.remote_gen == false) else omit }}"
|
|
group: "{{ (dh.group | d(omit)) if (dh.remote_gen == false) else omit }}"
|
|
return_content: "{{ dh.remote_gen == true }}"
|
|
delegate_to: "{{ inventory_hostname if (dh.remote_gen == false) else services.ca.hostname }}"
|
|
notify: "{{ dh.notify | d(omit) }}"
|
|
register: dh_result
|
|
|
|
|
|
- block:
|
|
- name: remove temporary file
|
|
file:
|
|
path: "{{ tf.path }}"
|
|
state: absent
|
|
delegate_to: "{{ services.ca.hostname }}"
|
|
|
|
- name: copy dh result to remote node
|
|
copy:
|
|
content: "{{ dh_result.dhparams }}"
|
|
dest: "{{ dh.path | mandatory }}"
|
|
mode: "{{ dh.mode | d('0400') }}"
|
|
owner: "{{ dh.owner | d(omit) }}"
|
|
group: "{{ dh.group | d(omit) }}"
|
|
|
|
when: dh.remote_gen == true
|
|
|
|
when: (not res.stat.exists) or (dh.remote_gen == false)
|
|
|
|
|
|
- name: unset dh param dict
|
|
set_fact:
|
|
dh: "{{ {} }}"
|
|
|