d572f3395b
'with_' clauses are evaluated before 'when' clauses. In Ansible 1.9 the task is silently skipped when a variable within a 'with_' clause is undefined, Ansible 2 provides a deprecation warning. Separate the task deploying a user provided ssl cert and key into two and check them individually for 'haproxy_user_ssl_cert' or 'haproxy_user_ssl_key' being defined. Change-Id: I75367fe25d15d35ff60203b7c1d78437d613404d
87 lines
2.2 KiB
YAML
87 lines
2.2 KiB
YAML
---
|
|
# Copyright 2015, Jean-Philippe Evrard <jean-philippe.evrard@belnet.be>
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Deploy user provided ssl cert
|
|
copy:
|
|
src: "{{ haproxy_user_ssl_cert }}"
|
|
dest: "{{ haproxy_ssl_cert }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
when: haproxy_user_ssl_cert is defined
|
|
notify:
|
|
- regen pem
|
|
tags:
|
|
- haproxy-ssl
|
|
|
|
- name: Deploy user provided ssl key
|
|
copy:
|
|
src: "{{ haproxy_user_ssl_key }}"
|
|
dest: "{{ haproxy_ssl_key }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0600"
|
|
when: haproxy_user_ssl_key is defined
|
|
notify:
|
|
- regen pem
|
|
tags:
|
|
- haproxy-ssl
|
|
|
|
- name: Drop user provided ssl CA cert
|
|
copy:
|
|
src: "{{ haproxy_user_ssl_ca_cert }}"
|
|
dest: "{{ haproxy_ssl_ca_cert }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
when: haproxy_user_ssl_ca_cert is defined
|
|
notify:
|
|
- regen pem
|
|
tags:
|
|
- haproxy-ssl
|
|
|
|
- name: Ensure the private ssl directory exists
|
|
file:
|
|
dest: "/etc/ssl/private"
|
|
state: "directory"
|
|
tags:
|
|
- haproxy-ssl
|
|
|
|
- name: Remove signed certs and keys for regen
|
|
file:
|
|
dest: "{{ haproxy_ssl_cert }}"
|
|
state: "absent"
|
|
with_items:
|
|
- "{{ haproxy_ssl_pem }}"
|
|
- "{{ haproxy_ssl_key }}"
|
|
- "{{ haproxy_ssl_cert }}"
|
|
when: haproxy_ssl_self_signed_regen | bool
|
|
tags:
|
|
- haproxy-ssl
|
|
|
|
- name: Create self-signed ssl cert if no certificate exists
|
|
command: >
|
|
openssl req -new -nodes -sha256 -x509 -subj
|
|
"{{ haproxy_ssl_self_signed_subject }}"
|
|
-days 3650
|
|
-keyout {{ haproxy_ssl_key }}
|
|
-out {{ haproxy_ssl_cert }}
|
|
-extensions v3_ca
|
|
creates={{ haproxy_ssl_cert }}
|
|
notify:
|
|
- regen pem
|
|
tags:
|
|
- haproxy-ssl
|