Create directories for additional x509 CAs

0e6d757d · ale · bad4e6a0 · 0e6d757d
Commit 0e6d757d authored 2 years ago by ale
--- a/playbooks/init-credentials.yml
+++ b/playbooks/init-credentials.yml
@@ -28,7 +28,6 @@
        - dnssec
        - ssh
        - sso
-        - x509
    # First of all, generate secrets from the passwords.yml file.
    - name: Initialize secrets
@@ -50,12 +49,17 @@
    - name: Generate SSO credentials
      local_action: ed25519 privkey="{{ credentials_dir }}/sso/secret.key" pubkey="{{ credentials_dir }}/sso/public.key"
-    - name: Generate global DH params
-      local_action: command openssl dhparam -out "{{ credentials_dir }}/x509/dhparam" "{{ dhparam_bits | default('2048') }}" creates="{{ credentials_dir }}/x509/dhparam"
    - set_fact:
        default_x509_ca_list:
          - {tag: x509}
+    - name: Create X509 CA directory
+      local_action: file path="{{ credentials_dir }}/{{ item.tag }}" state=directory
+      loop: "{{ x509_ca_list | default(default_x509_ca_list) }}"
    - name: Generate the X509 CA certificate
      local_action: x509_ca ca_subject="{{ item.subject | default('CN=Service CA') }}" ca_cert_path="{{ credentials_dir }}/{{ item.tag }}/ca.pem" ca_key_path="{{ credentials_dir }}/{{ item.tag }}/ca_private_key.pem"
      loop: "{{ x509_ca_list | default(default_x509_ca_list) }}"
+    - name: Generate global DH params
+      local_action: command openssl dhparam -out "{{ credentials_dir }}/x509/dhparam" "{{ dhparam_bits | default('2048') }}" creates="{{ credentials_dir }}/x509/dhparam"