requirements.yml

@@ -4,6 +4,9 @@
 - src: https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_ca
   scm: git
 
+- src: https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_certs_httpd
+  scm: git
+
 - src: https://gitlab.cyberbrain.pw/ansible/roles/ssl_refresher
   scm: git
 

run.yml

@@ -6,49 +6,11 @@
   roles:
     - freeipa_le_ca
 
-- name: Install ssl-refresher
-  hosts: ipaserver:ipareplicas
-  become: yes
-  vars:
-    - ssl_refresher_success: |
-        systemctl restart httpd.service
-  roles:
-    - ssl_refresher
-
 - name: Bind ssl-refresher certs
   hosts: ipaserver:ipareplicas
   become: yes
-  tasks:
-    - name: Update IPA certs
-      ansible.builtin.shell: ipa-certupdate
-      changed_when: False
-    - name: Put cert in httpd config
-      ansible.builtin.lineinfile:
-        path: "/etc/httpd/conf.d/ssl.conf"
-        state: present
-        insertafter: "^<VirtualHost +_default_:443>$"
-        # insertbefore: "^</VirtualHost>$"
-        regexp: "^SSLCertificateFile .*"
-        line: "SSLCertificateFile /opt/ssl/fullchain.pem"
-        backup: yes
-      notify:
-        - Restart ipa
-    - name: Put key in httpd config
-      ansible.builtin.lineinfile:
-        path: "/etc/httpd/conf.d/ssl.conf"
-        state: present
-        insertafter: "^<VirtualHost +_default_:443>$"
-        # insertbefore: "^</VirtualHost>$"
-        regexp: "^SSLCertificateKeyFile .*"
-        line: "SSLCertificateKeyFile /opt/ssl/privkey.pem"
-        backup: yes
-      notify:
-        - Restart ipa
-  handlers:
-    - name: Restart ipa
-      ansible.builtin.systemd:
-        name: httpd.service
-        state: restarted
+  roles:
+    - freeipa_le_certs_httpd
 
 - name: Install ucarp with dependencies
   hosts: ipaserver:ipareplicas