Commit 3a2196dd authored by nimrod's avatar nimrod
Browse files

Fixes to the renew-cert tasks file.

- Always run the fact gathring and file stat tasks. Needed for other
tasks and doesn't hurt anything.
- Handle cases when the key files aren't there.
parent 34427855
Loading
Loading
Loading
Loading
Loading
+7 −3
Original line number Diff line number Diff line
@@ -9,17 +9,21 @@
  ansible.builtin.setup:
    gather_subset:
      - date_time
  tags:
    - always

- name: Get account key file stat
  ansible.builtin.stat:
    path: &account_key_src account.key
  register: account_key_stat
  tags:
    - always

- name: Generate account key
  community.crypto.openssl_privatekey:
    # yamllint disable rule:line-length
    force: |-
      {{ (ansible_date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
      {{ account_key_stat.stat.exists and (ansible_date_time.epoch|int - account_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
    # yamllint enable rule:line-length
    mode: 0o0600
    path: *account_key_src
@@ -57,7 +61,7 @@
  community.crypto.openssl_privatekey:
    # yamllint disable rule:line-length
    force: |-
      {{ (ansible_date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
      {{  host_key_stat.stat.exists and (ansible_date_time.epoch|int - host_key_stat.stat.mtime|int)/(60*60*24*365) >= 4 }}
    # yamllint enable rule:line-length
    mode: &mode 0o0600
    path: *key_src
@@ -175,7 +179,7 @@
      community.crypto.openssl_dhparam:
        # yamllint disable rule:line-length
        force: |-
          {{ (ansible_date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
          {{ dhparams_stat.stat.exists and (ansible_date_time.epoch|int - dhparams_stat.stat.mtime|int)/(60*60*24*7) >= 4 }}
        # yamllint enable rule:line-length
        mode: 0o0644
        path: *dhparams