ara | File #7573: /home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage

/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml

Execution

Date 20 Mar 2026 12:47:47 +0000

Duration 00:01:33.33

Controller ssh-gw-4.layershift.com

User root

Versions

Ansible 2.16.13

ara 1.7.4 / 1.7.4

Python 3.10.10

Summary

5 Hosts

3 Tasks

15 Results

1 Plays

1 Files

0 Records

remote_user:root check:False tags:all

Date
20 Mar 2026 12:47:47 +0000
Path
/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml

Argument	Value
version	None
verbosity	0
private_key_file	/home/ssh-gateway/.ssh/id_rsa
remote_user	root
connection	ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	False
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/ssh-gateway/ansible/zimbra/inv-stage']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	20
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['install_zimbra_certificate_stage_le.yaml']

File: /home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml

---
- name: Playbook to install 
  hosts: all
  gather_facts: false
  vars:
    files:
      - commercial_stage_le.key
      - ssl_stage_le.crt
      - chain_stage_le.crt
  tasks:
    - name: Cleanup first
      ansible.builtin.shell: |
        set -o pipefail
        mv /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date +%s)
        mkdir /opt/zimbra/ssl/zimbra
        mkdir /opt/zimbra/ssl/zimbra/ca
        mkdir /opt/zimbra/ssl/zimbra/commercial
        mkdir /opt/zimbra/ssl/zimbra/server
        chown zimbra:zimbra -R /opt/zimbra/ssl/
        chmod 750 /opt/zimbra/ssl/zimbra
        chmod 750 /opt/zimbra/ssl/zimbra/*
        rm -f /opt/zimbra/ssl/zimbra/commercial/commercial.key
        rm -f /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt
      args:
        executable: /bin/bash
      changed_when: false

    - name: Upload files on host
      ansible.builtin.copy:
        src: "{{ item }}"
        dest: /tmp/
        force: true
        mode: '0640'
      loop: "{{ files }}"

    - name: Install certificate on host
      ansible.builtin.shell: |
        set -o pipefail
        chown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt
        su -l zimbra -c "cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key"
        su -l zimbra -c "zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt"
        su -l zimbra -c "zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt"
        su -l zimbra -c "zmlocalconfig -e ldap_starttls_required=true"
        su -l zimbra -c "zmlocalconfig -e ldap_starttls_supported=1"
        su -l zimbra -c "zmcontrol restart"
        su -l zimbra -c "zmcertmgr viewdeployedcrt"
      args:
        executable: /bin/bash
      changed_when: false

Playbook #5415

File: /home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml