50 lines
1.6 KiB
YAML
50 lines
1.6 KiB
YAML
---
|
|
# Check SSL files
|
|
- name: Getting the list of Docker secrets
|
|
shell: docker secret ls | tail -n +2 | awk '{print $2}'
|
|
register: docker_secrets
|
|
become: true
|
|
|
|
- name: Checking if dhparam.pem file exists in /onelab/ssl
|
|
stat:
|
|
path: "{{ onelab_path }}/ssl/dhparam.pem"
|
|
register: dhparam
|
|
failed_when: not dhparam.stat.exists
|
|
|
|
- name: Checking if server.pem file exists in /onelab/ssl
|
|
stat:
|
|
path: "{{ onelab_path }}/ssl/server.pem"
|
|
register: serverpem
|
|
failed_when: not serverpem.stat.exists
|
|
|
|
- name: Checking if server.key file exists in /onelab/ssl
|
|
stat:
|
|
path: "{{ onelab_path }}/ssl/server.key"
|
|
register: serverkey
|
|
failed_when: not serverkey.stat.exists
|
|
|
|
- name: Checking if chain.pem file exists in /onelab/ssl
|
|
stat:
|
|
path: "{{ onelab_path }}/ssl/chain.pem"
|
|
register: chain
|
|
failed_when: not chain.stat.exists
|
|
|
|
- name: Checking if certificate and key are matching (part 1/2)
|
|
shell: >
|
|
openssl rsa -noout -modulus -in {{ onelab_path }}/ssl/server.key | openssl md5
|
|
register: serverkey_modulus
|
|
become: true
|
|
when:
|
|
- "'ssl_passphrase' not in docker_secrets.stdout_lines"
|
|
- (onelab.deployment.skip_ssl is undefined) or (onelab.deployment.skip_ssl == false)
|
|
|
|
- name: Checking if certificate and key are matching (part 2/2)
|
|
shell: >
|
|
openssl x509 -noout -modulus -in {{ onelab_path }}/ssl/server.pem | openssl md5
|
|
register: serverpem_modulus
|
|
failed_when: serverpem_modulus.stdout != serverkey_modulus.stdout
|
|
become: true
|
|
when:
|
|
- "'ssl_passphrase' not in docker_secrets.stdout_lines"
|
|
- (onelab.deployment.skip_ssl is undefined) or (onelab.deployment.skip_ssl == false)
|