At present, I have two tasks:
This one installs ssl certs for the host in question:
ssl-certificates/tasks/main.yml
---
- name: certs
copy: src={{item.file}} dest=/usr/local/etc/ssl/ owner=root group=www
mode={{item.chmod}} backup=yes
with_items:
- { file: 'hosts/{{ inventory_hostname }}/{{ inventory_hostname
}}.crt', chmod: '644' }
- { file: 'hosts/{{ inventory_hostname }}/{{ inventory_hostname
}}.nopassword.key', chmod: '600' }
This one is specific to dovecot, the IMAP server:
dovecot/tasks/main.yml
---
- name: certs
copy: src={{item.file}} dest=/usr/local/etc/ssl/ owner=root group=www
mode={{item.chmod}} backup=yes
with_items:
- { file: 'CA/StartSSL/ca.pem',
chmod: '644' }
- { file: 'hosts/{{ inventory_hostname_short }}/server.pem',
chmod: '644' }
- { file: 'hosts/{{ inventory_hostname_short }}/{{ inventory_hostname
}}.nopassword.key', chmod: '600' }
The key difference is dovecot takes a server.pem file (i.e. the usual host
cert with the intermediate cert concatenated to it), hence the different
recipes.
I had wanted to keep all the ssl certs in one place (i.e.
ssl-certificates/files/....) but the different requirements
of dovecot and others are keeping that goal elusive.
Mind you, I have multiple web servers which use the ssl-certificates role,
and just one imap server.
I think I'll just keep them separate unless there's an interesting but
simple solution.
Thanks.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c6cf4b4d-53e4-43be-98d0-d59ff33bd8f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
