51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
---
|
|
- name: Request and INstall Certs from Red Hat IdM
|
|
hosts: webservers
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Ensure the IPA client and OpenSSL are installed
|
|
ansible.builtin.package:
|
|
name:
|
|
- ipa-client
|
|
- openssl
|
|
state: present
|
|
|
|
- name: Generate private key
|
|
community.crypto.openssl_privatekey:
|
|
path: "{{ key_path }}"
|
|
size: 2048
|
|
|
|
- name: Generate CSR
|
|
community.crypto.openssl_csr:
|
|
path: "{{ csr_path }}"
|
|
privatekey_path: "{{ key_path }}"
|
|
common_name: "{{ ansible_fqdn }}"
|
|
subject: "{{ cert_subject }}"
|
|
key_usage:
|
|
- digitalSignature
|
|
- keyEncipherment
|
|
extended_key_usage:
|
|
- serverAuth
|
|
|
|
- name: Request a certificate from IdM
|
|
redhat.rhel_idm.ipacert:
|
|
ipaadmin_password: "{{ ipa_admin_password }}"
|
|
csr_path: "{{ csr_path }}"
|
|
principal: "HTTP/{{ ansible_fqdn }}@{{ ipa_domain }}"
|
|
cert_profile: "HTTP_Server"
|
|
cert_out_path: "{{ cert_path }}"
|
|
register: cert_result
|
|
|
|
- name: Install the certificate
|
|
ansible.builtin.copy:
|
|
content: "{{ cert_result.certificate }}"
|
|
dest: "{{ cert_path }}"
|
|
notify:
|
|
- restart web server
|
|
|
|
handlers:
|
|
- name: restart web server
|
|
ansible.builtin.service:
|
|
name: httpd
|
|
state: restarted |