2024-04-27 15:18:41 +02:00
|
|
|
---
|
2024-05-13 18:14:16 +02:00
|
|
|
- name: Install EasyRSA
|
|
|
|
ansible.builtin.package:
|
|
|
|
name: easy-rsa
|
2024-04-27 15:18:41 +02:00
|
|
|
|
2024-05-10 13:32:56 +02:00
|
|
|
- name: Add easyrsa binary to path
|
|
|
|
ansible.builtin.file:
|
2024-05-13 18:14:16 +02:00
|
|
|
src: /usr/share/easy-rsa/easyrsa
|
2024-04-27 15:18:41 +02:00
|
|
|
dest: /usr/local/sbin/easyrsa
|
|
|
|
state: link
|
2024-05-13 18:14:16 +02:00
|
|
|
|
|
|
|
- name: Create CA directory
|
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: "make-cadir {{ easyrsa_ca_dir }}"
|
|
|
|
creates: "{{ easyrsa_ca_dir }}"
|
|
|
|
|
|
|
|
- name: Init PKI
|
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: easyrsa init-pki
|
|
|
|
chdir: "{{ easyrsa_ca_dir }}"
|
|
|
|
creates: "{{ easyrsa_ca_dir }}/pki"
|
|
|
|
environment:
|
|
|
|
EASYRSA_BATCH: "1"
|
|
|
|
|
|
|
|
- name: Create symlinks
|
|
|
|
ansible.builtin.file:
|
|
|
|
src: "{{ easyrsa_ca_dir }}/{{ item }}"
|
|
|
|
dest: "{{ easyrsa_ca_dir }}/pki/{{ item }}"
|
|
|
|
state: link
|
|
|
|
loop:
|
|
|
|
- x509-types
|
|
|
|
- openssl-easyrsa.cnf
|
|
|
|
|
|
|
|
- name: Create random file
|
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: "openssl rand -writerand {{ easyrsa_ca_dir }}/pki/.rnd"
|
|
|
|
creates: "{{ easyrsa_ca_dir }}/pki/.rnd"
|
|
|
|
|
|
|
|
- name: Build CA
|
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: easyrsa build-ca nopass
|
|
|
|
chdir: "{{ easyrsa_ca_dir }}"
|
|
|
|
creates: "{{ easyrsa_ca_dir }}/pki/ca.crt"
|
|
|
|
environment:
|
|
|
|
EASYRSA_BATCH: "1"
|
|
|
|
|
|
|
|
- name: Generate DH parameters
|
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: easyrsa gen-dh
|
|
|
|
chdir: "{{ easyrsa_ca_dir }}"
|
|
|
|
creates: "{{ easyrsa_ca_dir }}/pki/dh.pem"
|
|
|
|
environment:
|
|
|
|
EASYRSA_BATCH: "1"
|
|
|
|
|
|
|
|
- name: Generate client certificates
|
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: "easyrsa build-client-full {{ item }} nopass"
|
|
|
|
chdir: "{{ easyrsa_ca_dir }}"
|
|
|
|
creates: "{{ easyrsa_ca_dir }}/pki/private/{{ item }}.key"
|
|
|
|
environment:
|
|
|
|
EASYRSA_BATCH: "1"
|
|
|
|
loop: "{{ easyrsa_clients | default([]) }}"
|