---
- name: Generate certificates
hosts: localhost
gather_facts: false
tasks:
- name: Run generate-certificates.sh
command: >
/bin/bash
generate-certificates.sh create
"{{ groups.ipareplicas[0] }}"
"{{ ipareplica_domain | default(groups.ipareplicas[0].split('.')[1:] | join ('.')) }}"
args:
chdir: "{{ playbook_dir }}"
- name: Test ipareplicas installation without CA
hosts: ipareplicas
become: true
vars:
# Root CA certificate
ipareplica_ca_cert_files:
- /root/ca-less-test/ca.crt
# Directory server certificates
ipareplica_dirsrv_cert_name: dirsrv-cert
ipareplica_dirsrv_cert_files:
- /root/ca-less-test/dirsrv.p12
ipareplica_dirsrv_pin: SomePKCS12password
# Apache certificates
ipareplica_http_cert_name: httpd-cert
ipareplica_http_cert_files:
- /root/ca-less-test/httpd.p12
ipareplica_http_pin: SomePKCS12password
# PKINIT configuration
ipareplica_no_pkinit: no
ipareplica_pkinit_cert_name: pkinit-cert
ipareplica_pkinit_cert_files:
- /root/ca-less-test/pkinit.p12
ipareplica_pkinit_pin: SomePKCS12password
pre_tasks:
- name: Remove "/root/ca-less-test"
file:
path: "/root/ca-less-test"
state: absent
- name: Generate "/root/ca-less-test"
file:
path: "/root/ca-less-test"
state: directory
- name: Copy CA certificate
copy:
src: "{{ playbook_dir }}/certificates/root-ca/cert.pem"
dest: "/root/ca-less-test/ca.crt"
owner: root
group: root
mode: "0644"
- name: Copy p12 certificates
copy:
src: "{{ playbook_dir }}/certificates/{{ item }}/{{ groups.ipareplicas[0] }}/cert.p12"
dest: "/root/ca-less-test/{{ item }}.p12"
owner: root
group: root
mode: "0644"
with_items:
- dirsrv
- httpd
- pkinit
roles:
- role: ipareplica
state: present
post_tasks:
- name: Fix KDC certificate permissions
file:
path: /var/kerberos/krb5kdc/kdc.crt
owner: root
group: root
mode: '0644'