--- # Copyright 2021, BBC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Create Server certificates include_tasks: "{{ pki_method }}/create_cert.yml" loop: "{{ _pki_certificates_defs }}" loop_control: loop_var: cert vars: cert_dir: "{{ pki_dir }}/certs" when: - pki_create_certificates | default(true) - name: Slurp up server certificates from pki setup host ({{ pki_setup_host }}) delegate_to: "{{ pki_setup_host }}" slurp: src: "{{ item.src }}" register: _cert_slurp loop: "{{ _pki_install_certificates_defs }}" ignore_errors: "{{ ansible_check_mode }}" - name: Create certificate destination directories file: path: "{{ install }}" state: directory mode: "0755" loop: "{{ _cert_slurp.results | map(attribute='item') | map(attribute='dest') | map('dirname') | unique }}" loop_control: loop_var: install label: "{{ loop_label | to_json }}" vars: loop_label: path: "{{ install }}" state: directory mode: '0755' - name: Install Server certificates to targets copy: content: "{{ install.content | b64decode }}" dest: "{{ install.item.dest }}" owner: "{{ install.item.owner | default(omit) }}" group: "{{ install.item.group | default(omit) }}" mode: "{{ install.item.mode | default('0644') }}" loop: "{{ _cert_slurp.results }}" loop_control: loop_var: install label: "{{ loop_label | to_json }}" vars: loop_label: dest: "{{ install.item.dest }}" owner: "{{ install.item.owner | default(omit) }}" group: "{{ install.item.group | default('omit') }}" mode: "{{ install.item.mode | default('0644') }}" ignore_errors: "{{ ansible_check_mode }}" notify: - "{{ pki_handler_cert_installed }}"