File tree Expand file tree Collapse file tree 1 file changed +7
-2
lines changed
roles/StackStorm.st2web/tasks Expand file tree Collapse file tree 1 file changed +7
-2
lines changed Original file line number Diff line number Diff line change 4949 # RedHat 7 comes with openssl 1.0.2k-fips which requires an extra openssl.conf to specify the SAN
5050 become : yes
5151 block :
52+ - name : Check if there is already an existing key file
53+ stat :
54+ path : /etc/ssl/st2/st2.key
55+ register : keyfile
5256 - name : Render openssl.cnf
5357 ansible.builtin.template :
5458 src : openssl.cnf.j2
5559 dest : /tmp/openssl.cnf
5660 mode : ' 0644'
61+ when : not keyfile.stat.exists
5762 - name : Generate self-signed SSL certificate on RedHat 7
5863 shell : openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information Technology/CN=$(hostname)" -config /tmp/openssl.cnf
59- args :
60- creates : /etc/ssl/st2/st2.key
6164 notify :
6265 - restart nginx
66+ when : not keyfile.stat.exists
6367 - name : Delete the openssl.cnf
6468 ansible.builtin.file :
6569 path : /tmp/openssl.cnf
6670 state : absent
71+ when : not keyfile.stat.exists
6772 when :
6873 - not st2web_ssl_certificate
6974 - not st2web_ssl_certificate_key
You can’t perform that action at this time.
0 commit comments