59 lines
1.7 KiB
YAML
59 lines
1.7 KiB
YAML
---
|
|
- name: Kinit
|
|
ansible.builtin.shell:
|
|
cmd: "echo '{{ ansible_password }}' | kinit"
|
|
become: false
|
|
become_user: "{{ ansible_user }}"
|
|
|
|
- name: Create SPN for HTTP
|
|
ansible.builtin.shell:
|
|
cmd: "ipa service-add HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}"
|
|
become: false
|
|
become_user: "{{ ansible_user }}"
|
|
ignore_errors: true
|
|
|
|
- name: Kdestroy
|
|
ansible.builtin.shell:
|
|
cmd: kdestroy
|
|
become: false
|
|
become_user: "{{ ansible_user }}"
|
|
|
|
- name: Get all tracking certificates
|
|
ansible.builtin.shell:
|
|
cmd: "ipa-getcert list | grep -m1 -B5 \"{{ rproxy_dir }}/certs/repo\" | grep Request | awk '{print $NF}' | tr -d \"'\\|:\""
|
|
register: tracking_list
|
|
|
|
- name: Remove certificates from IPA tracking
|
|
ansible.builtin.shell:
|
|
cmd: "ipa-getcert stop-tracking -i {{ item }}"
|
|
loop: "{{ tracking_list.stdout_lines }}"
|
|
ignore_errors: true
|
|
|
|
- name: Request certificate via ipa-getcert
|
|
ansible.builtin.command: >
|
|
ipa-getcert request
|
|
-f {{ rproxy_dir }}/certs/repo.crt
|
|
-k {{ rproxy_dir }}/certs/repo.key
|
|
-K HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
|
|
-N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
|
|
-F {{ rproxy_dir }}/certs/RootCA.crt
|
|
|
|
- name: Wait for certificate to appear
|
|
ansible.builtin.wait_for:
|
|
path: "{{ rproxy_dir }}/certs/repo.crt"
|
|
timeout: 60
|
|
|
|
- name: Change certificate permissions
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/repo.crt"
|
|
mode: "0744"
|
|
|
|
- name: Wait for certificate key to appear
|
|
ansible.builtin.wait_for:
|
|
path: "{{ rproxy_dir }}/certs/repo.key"
|
|
timeout: 60
|
|
|
|
- name: Change certificate key permissions
|
|
ansible.builtin.file:
|
|
path: "{{ rproxy_dir }}/certs/repo.key"
|
|
mode: "0744" |