diff options
Diffstat (limited to 'roles/x509/selfsigned/cert/prepare/tasks')
-rw-r--r-- | roles/x509/selfsigned/cert/prepare/tasks/main.yml | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/roles/x509/selfsigned/cert/prepare/tasks/main.yml b/roles/x509/selfsigned/cert/prepare/tasks/main.yml index dead5dd5..a5ac8159 100644 --- a/roles/x509/selfsigned/cert/prepare/tasks/main.yml +++ b/roles/x509/selfsigned/cert/prepare/tasks/main.yml @@ -21,6 +21,7 @@ type: "{{ selfsigned_cert_config.key.type | default(omit) }}" size: "{{ selfsigned_cert_config.key.size | default(omit) }}" notify: reload services for x509 certificates + register: _selfsigned_key_ - name: generate csr for selfsigned certificate community.crypto.openssl_csr: @@ -74,6 +75,7 @@ selfsigned_not_after: "{{ selfsigned_cert_config.cert.not_after | default(omit) }}" force: "{{ _selfsigned_cert_file_.stat.exists and (not _selfsigned_cert_info_.valid_at.renew_margin) }}" notify: reload services for x509 certificates + register: _selfsigned_cert_ - name: export paths to certificate files set_fact: @@ -81,3 +83,16 @@ x509_certificate_path_cert: "{{ selfsigned_cert_path }}/{{ selfsigned_cert_name }}-crt.pem" x509_certificate_path_chain: "" x509_certificate_path_fullchain: "{{ selfsigned_cert_path }}/{{ selfsigned_cert_name }}-crt.pem" + +- name: generate custom post-renewal script + when: x509_certificate_renewal is defined + template: + src: updated.sh.j2 + dest: "{{ selfsigned_cert_path }}/updated.sh" + mode: 0755 + +- name: call custom post-renewal script + when: + - x509_certificate_renewal is defined + - (_selfsigned_key_ is changed) or (_selfsigned_cert_ is changed) + command: "{{ selfsigned_cert_path }}/updated.sh" |