acmetool: minor refactroing

author: Christian Pointner <equinox@spreadspace.org> 2022-12-22 22:22:09 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2022-12-22 22:22:09 +0100
commit: 0c469b73df57b25a96e77e0b9ae09ab7cd1bf128 (patch)
tree: febbbcec4a842042fa45a905d83062b72cc6d172 /roles/x509/acmetool/base/tasks/selfsigned.yml
parent: move acmetool to new x509 subdir (diff)
1 files changed, 24 insertions, 24 deletions
diff --git a/roles/x509/acmetool/base/tasks/selfsigned.yml b/roles/x509/acmetool/base/tasks/selfsigned.yml
index 449fbdb9..9b1af903 100644
--- a/roles/x509/acmetool/base/tasks/selfsigned.yml
+++ b/roles/x509/acmetool/base/tasks/selfsigned.yml
@@ -1,16 +1,16 @@
 ---
 - name: get id of existing selfsigned interim certificate
-  ansible.builtin.shell: cat /var/lib/acme/.selfsigned-interim-cert || true
+  shell: cat /var/lib/acme/.selfsigned-interim-cert || true
   changed_when: false
   check_mode: false
   register: existing_selfsigned_interim_cert_id
 
 - name: set existing_selfsigned_interim_cert_id variable
-  ansible.builtin.set_fact:
+  set_fact:
     existing_selfsigned_interim_cert_id: "{{ existing_selfsigned_interim_cert_id.stdout }}"
 
 - name: check if selfsigned interim certificate does exist
-  ansible.builtin.stat:
+  stat:
     path: "/var/lib/acme/certs/{{ existing_selfsigned_interim_cert_id }}"
   register: existing_selfsigned_interim_cert_stat
 
@@ -18,18 +18,18 @@
   when: not existing_selfsigned_interim_cert_id or not existing_selfsigned_interim_cert_stat.stat.exists
   block:
   - name: create temporary directory
-    ansible.builtin.tempfile:
+    tempfile:
       path: /var/lib/acme/tmp
       prefix: selfsigned-interim-cert-
       state: directory
     register: tmpdir
 
   - name: set tmpdir variable
-    ansible.builtin.set_fact:
+    set_fact:
       tmpdir: "{{ tmpdir.path }}"
 
   - name: generate private key for selfsigned interim certificate
-    ansible.builtin.openssl_privatekey:
+    openssl_privatekey:
       path: "{{ tmpdir }}/privkey"
       mode: 0600
 
@@ -43,11 +43,11 @@
   ### this is needed because strftime filter in ansible is exceptionally stupid
   ### see: https://github.com/ansible/ansible/issues/39835
   - name: get remote date-time 10s ago
-    ansible.builtin.command: date -d '10 seconds ago' -u '+%Y%m%d%H%M%SZ'
+    command: date -d '10 seconds ago' -u '+%Y%m%d%H%M%SZ'
     register: remote_datetime_10sago
 
   - name: get remote date-time now
-    ansible.builtin.command: date -u '+%Y%m%d%H%M%SZ'
+    command: date -u '+%Y%m%d%H%M%SZ'
     register: remote_datetime_now
 
   - name: generate selfsigned interim certificate
@@ -64,7 +64,7 @@
     loop:
     - cert
     - fullchain
-    ansible.builtin.copy:
+    copy:
       content: "{{ selfsigned_interim_cert.certificate }}"
       dest: "{{ tmpdir }}/{{ item }}"
 
@@ -72,74 +72,74 @@
     loop:
     - chain
     - selfsigned
-    ansible.builtin.copy:
+    copy:
       content: ""
       dest: "{{ tmpdir }}/{{ item }}"
 
   ### TODO: remove this once acmetool respects it's own storage layout
   ###       see: https://github.com/hlandau/acme/blob/master/_doc/SCHEMA.md#temporary-use-of-self-signed-certificates
   - name: generate fake url file
-    ansible.builtin.copy:
+    copy:
       content: "https://acme.example.com/acme/cert/self-signed\n"
       dest: "{{ tmpdir }}/url"
 
   - name: get key id
-    ansible.builtin.shell: "openssl x509 -in '{{ tmpdir }}/cert' -noout -pubkey | openssl enc -base64 -d | openssl sha256 -binary | base32 | tr -d '=' | tr '[:upper:]' '[:lower:]'"
+    shell: "openssl x509 -in '{{ tmpdir }}/cert' -noout -pubkey | openssl enc -base64 -d | openssl sha256 -binary | base32 | tr -d '=' | tr '[:upper:]' '[:lower:]'"
     register: selfsigned_interim_key_id
 
   - name: set selfsigned_interim_key_id variable
-    ansible.builtin.set_fact:
+    set_fact:
       selfsigned_interim_key_id: "{{ selfsigned_interim_key_id.stdout }}"
 
   - name: create directory for private key of selfsigned interim certificate
-    ansible.builtin.file:
+    file:
       path: "/var/lib/acme/keys/{{ selfsigned_interim_key_id }}"
       state: directory
       mode: 0700
 
   - name: move private key to its directory
-    ansible.builtin.command: "mv '{{ tmpdir }}/privkey' '/var/lib/acme/keys/{{ selfsigned_interim_key_id }}/privkey'"
+    command: "mv '{{ tmpdir }}/privkey' '/var/lib/acme/keys/{{ selfsigned_interim_key_id }}/privkey'"
 
   - name: create symlink to privkey
-    ansible.builtin.file:
+    file:
       src: "../../keys/{{ selfsigned_interim_key_id }}/privkey"
       dest: "{{ tmpdir }}/privkey"
       state: link
 
   # - name: get certificate id
-  #   ansible.builtin.shell: "openssl x509 -in '{{ tmpdir }}/cert' -outform der | openssl sha256 -binary | base32 | tr -d '=' | tr '[:upper:]' '[:lower:]'"
+  #   shell: "openssl x509 -in '{{ tmpdir }}/cert' -outform der | openssl sha256 -binary | base32 | tr -d '=' | tr '[:upper:]' '[:lower:]'"
   #   register: selfsigned_interim_cert_id
 
   # - name: set selfsigned_interim_cert_id variable
-  #   ansible.builtin.set_fact:
+  #   set_fact:
   #     selfsigned_interim_cert_id: "selfsigned-{{ selfsigned_interim_cert_id.stdout }}"
 
   ### TODO: replace with the above once acmetool respects it's own storage layout
   ###       see: https://github.com/hlandau/acme/blob/master/_doc/SCHEMA.md#temporary-use-of-self-signed-certificates
   - name: get certificate id
-    ansible.builtin.shell: "cat '{{ tmpdir }}/url' | tr -d '\n' | openssl sha256 -binary | base32 | tr -d '=' | tr '[:upper:]' '[:lower:]'"
+    shell: "cat '{{ tmpdir }}/url' | tr -d '\n' | openssl sha256 -binary | base32 | tr -d '=' | tr '[:upper:]' '[:lower:]'"
     register: selfsigned_interim_cert_id
 
   - name: set selfsigned_interim_cert_id variable
-    ansible.builtin.set_fact:
+    set_fact:
       selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}"
 
   - name: set permissions for selfsigned interim certificate directory
-    ansible.builtin.file:
+    file:
       path: "{{ tmpdir }}"
       mode: 0755
       state: directory
 
   - name: move selfsigned interim certificate directory into place
-    ansible.builtin.command: "mv '{{ tmpdir }}' '/var/lib/acme/certs/{{ selfsigned_interim_cert_id }}'"
+    command: "mv '{{ tmpdir }}' '/var/lib/acme/certs/{{ selfsigned_interim_cert_id }}'"
 
   - name: write cert-id of selfsigned interim certificate to state directory
-    ansible.builtin.copy:
+    copy:
       content: "{{ selfsigned_interim_cert_id }}"
       dest: /var/lib/acme/.selfsigned-interim-cert
 
   rescue:
   - name: remove temporary directory for selfsigned interim certificate
-    ansible.builtin.file:
+    file:
       path: "{{ tmpdir }}"
       state: absent
author	Christian Pointner <equinox@spreadspace.org>	2022-12-22 22:22:09 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2022-12-22 22:22:09 +0100
commit	0c469b73df57b25a96e77e0b9ae09ab7cd1bf128 (patch)
tree	febbbcec4a842042fa45a905d83062b72cc6d172 /roles/x509/acmetool/base/tasks/selfsigned.yml
parent	move acmetool to new x509 subdir (diff)