projects / lttng-ci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ansible: restrict mode on internal certificate private key to user
[lttng-ci.git] / automation / ansible / roles / common / tasks / certs.yml
1 ---
2 - name: Deploy internal certificate
3 ansible.builtin.copy:
4 dest: "{{common_certificate_cert_path_prefix}}/internal.efficios.com.pem"
5 mode: '0644'
6 owner: 'root'
7 group: 'root'
8 src: 'internal.efficios.com.pem'
9 register: cert
10 - name: Deploy internal certificate key
11 ansible.builtin.copy:
12 dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key"
13 mode: '0600'
14 owner: 'root'
15 group: 'root'
16 content: "{{lookup('community.general.bitwarden', 'TLS Certificate internal.efficios.com', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0]['notes'] }}"
17 register: key
18 - name: Deploy combined cert+key
19 # haproxy uses a combined certificate and key file
20 when: (cert.changed or key.changed) and common_certificate_deploy_combined_pem
21 ansible.builtin.shell:
22 cmd: "cat {{common_certificate_cert_path_prefix}}/internal.efficios.com.pem {{common_certificate_key_path_prefix}}/internal.efficios.com.key > {{common_certificate_key_path_prefix}}/internal.efficios.com.pem"
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.02988 seconds and 4 git commands to generate.