58 lines
1.5 KiB
YAML
58 lines
1.5 KiB
YAML
---
|
|
# This playbook is intended to be used i.e. during bootstraping
|
|
# of the system to generate required TLS certs using Acme
|
|
# (LetsEncrypt) on localhost.
|
|
# It expects following variables:
|
|
# - :dns_cloud: name of the clouds.yaml entry on the localhost
|
|
# which is hosting target DNS zone
|
|
#
|
|
# - :certs_path: path to the folder where certificates would be
|
|
# places
|
|
#
|
|
# - :ssl_certs: a dictionary for the requested certificates
|
|
# key: cert name (file name) to be used
|
|
# value: list of DNS names
|
|
- hosts: localhost
|
|
become: true
|
|
vars_prompt:
|
|
|
|
- name: certs_path
|
|
prompt: Path to the certs folder
|
|
default: "certs"
|
|
|
|
vars:
|
|
ssl_certs:
|
|
vault1:
|
|
- vault1.scs.otc-service.com
|
|
- vault-lb.scs.otc-service.com
|
|
vault2:
|
|
- vault2.scs.otc-service.com
|
|
- vault-lb.scs.otc-service.com
|
|
vault3:
|
|
- vault3.scs.otc-service.com
|
|
- vault-lb.scs.otc-service.com
|
|
|
|
tasks:
|
|
- name: Generate CSRs
|
|
ansible.builtin.include_role:
|
|
name: acme_request_certs
|
|
|
|
- name: Add localhost into the ssl_certs group as expected by the role
|
|
ansible.builtin.add_host:
|
|
name: localhost
|
|
group: ssl_certs
|
|
ansible_connection: local
|
|
|
|
- name: Install TXT records
|
|
ansible.builtin.include_role:
|
|
name: acme_install_txt_records
|
|
|
|
- name: Generate Certs
|
|
ansible.builtin.include_role:
|
|
name: acme_create_certs
|
|
|
|
- name: Remove TXT records
|
|
ansible.builtin.include_role:
|
|
name: acme_drop_txt_records
|
|
|