-
Notifications
You must be signed in to change notification settings - Fork 20
/
main.yml
31 lines (25 loc) · 1.36 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
---
# tasks file for step_acme_cert
- ansible.builtin.include_tasks: check.yml
- name: "Compatibility: Respect step_cli_steppath if step_acme_cert_user is root"
ansible.builtin.set_fact:
_resolved_steppath: "{{ (step_cli_steppath is defined and step_acme_cert_user == 'root') | ternary(step_cli_steppath, step_acme_cert_steppath) }}"
- name: Update cert/keyfile dicts with defaults
ansible.builtin.set_fact:
# Role params take precedence over set_fact, so we need to declare a new private variable
step_acme_cert_keyfile_full: "{{ step_acme_cert_keyfile_defaults | combine(step_acme_cert_keyfile) }}"
step_acme_cert_certfile_full: "{{ step_acme_cert_certfile_defaults | combine(step_acme_cert_certfile) }}"
- name: Look for existing certificate
ansible.builtin.stat:
path: "{{ step_acme_cert_certfile_full.path }}"
register: step_acme_cert_current_cert
- name: Check if certificate is valid
ansible.builtin.command: "{{ step_cli_executable }} certificate verify {{ step_acme_cert_certfile_full.path }}"
changed_when: no
check_mode: no
ignore_errors: true
register: _step_acme_cert_validity
when: step_acme_cert_current_cert.stat.exists
- ansible.builtin.include_tasks: get_cert.yml
when: 'not step_acme_cert_current_cert.stat.exists or "failed to verify certificate" in _step_acme_cert_validity.stderr'
- ansible.builtin.include_tasks: renewal.yml