diff options
| -rw-r--r-- | galaxy.yml | 2 | ||||
| -rw-r--r-- | roles/signed_certificate/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/signed_certificate/tasks/main.yml | 11 |
3 files changed, 13 insertions, 2 deletions
@@ -1,6 +1,6 @@ namespace: kompetenzbolzen name: stuff -version: 0.0.2 +version: 0.0.3 readme: README.md authors: - Jonas Gunz <himself@jonasgunz.de> diff --git a/roles/signed_certificate/defaults/main.yml b/roles/signed_certificate/defaults/main.yml index c46ef37..d0ee48e 100644 --- a/roles/signed_certificate/defaults/main.yml +++ b/roles/signed_certificate/defaults/main.yml @@ -4,7 +4,7 @@ key_path: '/etc/ssl/private/' cert_path: '/etc/ssl/certs/' alt_name: '{{ "DNS:" + ansible_facts.fqdn }}' owner: root -group: root +group: ssl-cert signed_certificate: issuer_cn: '' diff --git a/roles/signed_certificate/tasks/main.yml b/roles/signed_certificate/tasks/main.yml index 3e1a7b2..d5491ac 100644 --- a/roles/signed_certificate/tasks/main.yml +++ b/roles/signed_certificate/tasks/main.yml @@ -21,9 +21,20 @@ path: '{{ key_path }}/{{ cert_name }}.key' owner: '{{ owner }}' group: '{{ group }}' + mode: '640' become: yes when: key_check.failed +- name: Check file permissions for Key + file: + path: '{{ key_path }}/{{ cert_name }}.key' + state: file + owner: '{{ owner }}' + group: '{{ group }}' + mode: '640' + become: yes + when: not key_check.failed + - name: Read existing Certificate community.crypto.x509_certificate_info: path: '{{ cert_path }}/{{ cert_name }}.pem' |