inofix/common-playbooks
1
0
Fork 0
mirror of https://github.com/inofix/common-playbooks.git synced 2026-02-05 12:45:29 +01:00
Code Issues Releases Activity

EasyRSA: Sanity-Check

Browse Source 
Only run on enabled certs anyway.
This commit is contained in:
Michael Lustenberger
2025-09-02 22:46:31 +02:00
parent 6ee93c00dc
commit d972f66c30
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/setup-easyrsa-ca/tasks/main.yml
View File

@@ -1,11 +1,16 @@
---
- name: "Combine and deduplicate the enabled certificates for the check below"
set_fact:
_enabled_certs: "{{ (( easyrsa__ca.enable | map('dict2items') | flatten | map(attribute='value') ) + easyrsa__dh.enable + easyrsa__certificate.enable ) | unique }}"
_available_certs: "{{ easyrsa__ca.available | combine(easyrsa__dh.available) | combine(easyrsa__certificate.available) | dict2items }}"
- name: "Check whether the cert list is written for EasyRSA."
fail:
msg: "All certs in the list must be of app type 'easy-rsa'"
loop: "{{ easyrsa__all_certs | dict2items }}"
loop: "{{ _available_certs }}"
when: >
'app' not in item.value or
item.value.app != 'easy-rsa'
item.key in _enabled_certs and
( 'app' not in item.value or item.value.app != 'easy-rsa' )
- name: "Make sure Easy-RSA has a home."
file:

1
setup-easyrsa-ca.yml
View File

@@ -33,5 +33,4 @@
# Let's select all intermediate CA's by looping through all enabled CA's and selecting the CA based on their distance to the RootCA.
easyrsa__inter_ca_on: "{% set r = [] %}{% for i in range(1, easyrsa__max_ca_depth) %}{% set k = i | string %}{% for item in easyrsa__ca.enable %}{% if k in item %}{% set _ = r.append(item[k]) %}{% endif %}{% endfor %}{% endfor %}{{ r | unique }}"
easyrsa__all_ca_on: "{{ easyrsa__root_ca_on + easyrsa__inter_ca_on }}"
easyrsa__all_certs: "{{ easyrsa__ca.available | combine(easyrsa__dh.available) | combine(easyrsa__certificate.available) }}"