oidc-parent/deployment/roles/oidc_idp/tasks/main.yml
Jan Dittberner 4023cfc718 Update to Debian 12 Bookworm
- improve README.md add test scenarios
- update Vagrant setup to Debian 12
- update dependency installation to be compatible with Debian 12
- use mkcert from Debian 12 package
2023-06-19 19:46:25 +02:00

120 lines
3.2 KiB
YAML

---
- name: Create CAcert group
ansible.builtin.group:
name: "{{ cacert_os_group }}"
state: present
system: true
- name: Create CAcert user
ansible.builtin.user:
name: "{{ cacert_os_user }}"
group: "{{ cacert_os_group }}"
home: "{{ cacert_home }}"
state: present
system: true
- name: Create CAcert directories
ansible.builtin.file:
path: "{{ cacert_home }}/{{ item.path }}"
owner: "{{ cacert_os_user }}"
group: "{{ cacert_os_group }}"
mode: "{{ item.mode }}"
state: directory
loop:
- { path: etc, mode: '0750' }
- { path: bin, mode: '0750' }
- { path: download, mode: '0750' }
- name: Copy IDP binary
ansible.builtin.copy:
src: ../oidc_idp/cacert-idp
dest: "{{ cacert_home }}/bin/cacert-idp"
owner: root
group: "{{ cacert_os_group }}"
mode: "0750"
- name: Check whether certificate exists
ansible.builtin.stat:
path: "{{ idp_tls.cert }}"
register: idp_cert_st
- name: Create IDP key and certificate with mkcert
block:
- name: Create temporary directory for IDP key and certificate
ansible.builtin.tempfile:
prefix: "idp-cert."
state: directory
register: idp_cert_temp_dir
- name: Create IDP key and certificate
ansible.builtin.command:
cmd: "mkcert -cert-file {{ idp_cert_temp_dir.path }}/idp.pem -key-file {{ idp_cert_temp_dir.path }}/idp.key.pem {{ oidc_urls.idp.host }}"
- name: Move IDP certificate and key to target
ansible.builtin.copy:
src: "{{ idp_cert_temp_dir.path }}/{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: "{{ cacert_os_group }}"
mode: "{{ item.mode }}"
remote_src: true
loop:
- {src: idp.pem, dest: "{{ idp_tls.cert }}", mode: '0644'}
- {src: idp.key.pem, dest: "{{ idp_tls.key }}", mode: '0640'}
become: true
- name: Remove temporary directory
ansible.builtin.file:
path: "{{ idp_cert_temp_dir.path }}"
state: absent
when: use_mkcert and not idp_cert_st.stat.exists
become: false
- name: Copy IDP key and certificate from inventory
block:
- name: Copy IDP certificate
ansible.builtin.copy:
dest: "{{ idp_tls.cert }}"
owner: root
group: "{{ cacert_os_group }}"
mode: '0644'
content: "{{ idp.server_certificate_data }}"
- name: Copy IDP key
ansible.builtin.copy:
dest: "{{ idp_tls.key }}"
owner: root
group: "{{ cacert_os_group }}"
mode: '0640'
content: "{{ idp.server_key_data }}"
when: not use_mkcert
- name: Copy client CA certificates
ansible.builtin.copy:
dest: "{{ idp_tls.client_cas }}"
owner: root
group: "{{ cacert_os_group }}"
mode: '0640'
content: "{{ idp.client_certificate_data }}"
- name: Create IDP configuration
ansible.builtin.template:
src: idp_config.toml.j2
dest: "{{ cacert_home }}/etc/cacert-idp.toml"
owner: root
group: "{{ cacert_os_group }}"
mode: '0640'
notify: idp_systemd_reload
- name: Create IDP systemd unit file
ansible.builtin.template:
src: cacert-idp.service.j2
dest: /etc/systemd/system/cacert-idp.service
owner: root
group: root
mode: "0640"
notify: idp_systemd_reload