Playbook #2389
/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage.yaml
Execution
Date 27 Dec 2024 09:07:16 +0000
Duration 00:02:19.93
Controller ssh-gw-4.layershift.com
User root
Versions
Ansible 2.16.11
ara 1.7.2 / 1.7.2
Python 3.10.10
Summary
5 Hosts
3 Tasks
15 Results
1 Plays
1 Files
0 Records
remote_user:root check:False tags:all

File: /home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---
- name: Playbook to install zimbra wildcard certificate on cluster
  hosts: all
  gather_facts: false
  vars:
    files:
      - commercial_stage.key
      - ssl_stage.crt
      - chain_stage.crt
  tasks:
    - name: Cleanup first
      ansible.builtin.shell: |
        set -o pipefail
        rm -f /opt/zimbra/ssl/zimbra/commercial/commercial.key
        rm -f /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt
      args:
        executable: /bin/bash
      changed_when: false

    - name: Upload files on host
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: /tmp/
        force: true
        mode: '0640'
      loop: "{{ files }}"

    - name: Install certificate on host
      ansible.builtin.shell: |
        set -o pipefail
        chown zimbra.zimbra /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt
        su -l zimbra -c "cp -prf /tmp/commercial_stage.key /opt/zimbra/ssl/zimbra/commercial/commercial.key"
        su -l zimbra -c "zmcertmgr verifycrt comm /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt"
        su -l zimbra -c "zmcertmgr deploycrt comm /tmp/ssl_stage.crt /tmp/chain_stage.crt"
        su -l zimbra -c "zmlocalconfig -e ldap_starttls_required=true"
        su -l zimbra -c "zmlocalconfig -e ldap_starttls_supported=1"
        su -l zimbra -c "zmcontrol restart"
        su -l zimbra -c "zmcertmgr viewdeployedcrt"
      args:
        executable: /bin/bash
      changed_when: false