- name: create sign user
|
|
user:
|
|
name: sign
|
|
shell: /usr/local/bin/ca-shell
|
|
|
|
- name: create request user
|
|
user:
|
|
name: request
|
|
shell: /usr/local/bin/ca-server
|
|
|
|
- name: install ca packages
|
|
apt:
|
|
pkg:
|
|
- python3
|
|
- python3-pip
|
|
- python3-setuptools
|
|
# Waiting for ca_manager update
|
|
# Remove after ca_manager update --->
|
|
- git
|
|
# <---
|
|
state: present
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
install_recommends: '{{ install_recommends | default("no") }}'
|
|
|
|
- name: install from release
|
|
pip:
|
|
# Waiting for ca_manager update
|
|
# Replace after ca_manager update --->
|
|
#name: https://github.com/LILiK-117bis/ca_manager/tarball/v0.3
|
|
name: git+https://github.com/LILik-117bis/ca_manager.git@peewee3+rfc5280
|
|
# <---
|
|
executable: pip3
|
|
|
|
- name: create /var/lib/ca_manager
|
|
file:
|
|
path: /var/lib/ca_manager
|
|
owner: sign
|
|
group: sign
|
|
mode: 0751
|
|
state: directory
|
|
|
|
- name: set outputs permissions
|
|
file:
|
|
path: /var/lib/ca_manager/outputs
|
|
owner: sign
|
|
group: sign
|
|
mode: 0751
|
|
state: directory
|
|
|
|
- name: set private permissions
|
|
file:
|
|
path: /var/lib/ca_manager/private
|
|
owner: sign
|
|
group: sign
|
|
mode: 0700
|
|
state: directory
|
|
|
|
- name: set requests permissions
|
|
file:
|
|
path: /var/lib/ca_manager/requests
|
|
owner: sign
|
|
group: request
|
|
mode: 0730
|
|
state: directory
|
|
|
|
- name: set results permissions
|
|
file:
|
|
path: /var/lib/ca_manager/results
|
|
owner: sign
|
|
group: sign
|
|
mode: 0751
|
|
state: directory
|