Skip to content
Snippets Groups Projects
Commit bad4e6a0 authored by ale's avatar ale
Browse files

Fix error in computing CA path for each credential

parent ac8ea3df
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
playbooks/init-credentials.yml
+ 5
1
View file @ bad4e6a0
...@@ -53,5 +53,9 @@ ...@@ -53,5 +53,9 @@
- name: Generate global DH params - name: Generate global DH params
local_action: command openssl dhparam -out "{{ credentials_dir }}/x509/dhparam" "{{ dhparam_bits | default('2048') }}" creates="{{ credentials_dir }}/x509/dhparam" local_action: command openssl dhparam -out "{{ credentials_dir }}/x509/dhparam" "{{ dhparam_bits | default('2048') }}" creates="{{ credentials_dir }}/x509/dhparam"
- set_fact:
default_x509_ca_list:
- {tag: x509}
- name: Generate the X509 CA certificate - name: Generate the X509 CA certificate
local_action: x509_ca ca_subject="{{ x509_ca_subject | default('CN=Service CA') }}" ca_cert_path="{{ credentials_dir }}/x509/ca.pem" ca_key_path="{{ credentials_dir }}/x509/ca_private_key.pem" local_action: x509_ca ca_subject="{{ item.subject | default('CN=Service CA') }}" ca_cert_path="{{ credentials_dir }}/{{ item.tag }}/ca.pem" ca_key_path="{{ credentials_dir }}/{{ item.tag }}/ca_private_key.pem"
loop: "{{ x509_ca_list | default(default_x509_ca_list) }}"
roles/float-util-credentials/tasks/main.yml
+ 3
5
View file @ bad4e6a0
...@@ -19,8 +19,6 @@ ...@@ -19,8 +19,6 @@
- set_fact: - set_fact:
# Default CA name. # Default CA name.
default_ca_tag: "{{ ca_tag | default('x509') }}" default_ca_tag: "{{ ca_tag | default('x509') }}"
# Select the local CA.
effective_local_ca_path: "{{ local_ca_path | default(credentials_dir + '/' + (ca_tag | default('x509'))) }}"
# Get the credential names from the list of certs. # Get the credential names from the list of certs.
credentials_names: "{{ credentials | map(attribute='credentials') | map(attribute='name') | unique | list }}" credentials_names: "{{ credentials | map(attribute='credentials') | map(attribute='name') | unique | list }}"
...@@ -38,7 +36,7 @@ ...@@ -38,7 +36,7 @@
- name: Copy CA - name: Copy CA
copy: copy:
src: "{{ effective_local_ca_path }}/ca.pem" src: "{{ local_ca_path | default(credentials_dir + '/' + (item.credentials.ca_tag | default(default_ca_tag))) }}/ca.pem"
dest: "/etc/credentials/{{ item.credentials.ca_tag | default(default_ca_tag) }}/{{ item.credentials.name }}/ca.pem" dest: "/etc/credentials/{{ item.credentials.ca_tag | default(default_ca_tag) }}/{{ item.credentials.name }}/ca.pem"
owner: root owner: root
group: root group: root
...@@ -86,8 +84,8 @@ ...@@ -86,8 +84,8 @@
x509_sign: x509_sign:
csr: "{{ item.1.csr }}" csr: "{{ item.1.csr }}"
mode: "{{ item.0.mode }}" mode: "{{ item.0.mode }}"
ca_cert_path: "{{ effective_local_ca_path }}/ca.pem" ca_cert_path: "{{ local_ca_path | default(credentials_dir + '/' + (item.0.credentials.ca_tag | default(default_ca_tag))) }}/ca.pem"
ca_key_path: "{{ effective_local_ca_path }}/ca_private_key.pem" ca_key_path: "{{ local_ca_path | default(credentials_dir + '/' + (item.0.credentials.ca_tag | default(default_ca_tag))) }}/ca_private_key.pem"
when: "item.1.changed" when: "item.1.changed"
loop: "{{ credentials | zip(x509_csr.results) | list }}" loop: "{{ credentials | zip(x509_csr.results) | list }}"
register: x509_sign register: x509_sign
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment