diff options
-rw-r--r-- | roles/common/tasks/ca.yml | 4 | ||||
-rw-r--r-- | roles/common/tasks/repos.yml | 24 | ||||
-rw-r--r-- | roles/proxy/tasks/config.yml | 9 |
3 files changed, 29 insertions, 8 deletions
diff --git a/roles/common/tasks/ca.yml b/roles/common/tasks/ca.yml index 74bde08..43bd853 100644 --- a/roles/common/tasks/ca.yml +++ b/roles/common/tasks/ca.yml @@ -4,6 +4,7 @@ dest: /etc/pki/ca-trust/source/anchors/root.pem mode: 0444 register: cafile + tags: firstinstall - name: Désinstallation de l'autorité de certification CACert file: @@ -13,15 +14,18 @@ - name: Mise à jour de la base de confiance CA command: /usr/bin/update-ca-trust when: cafile is changed + tags: firstinstall - name: Installation CA personnel pour applis serveur copy: src: root.pem dest: /etc/pki/tls/certs/mon-ca.crt mode: 0444 + tags: keys - name: Installation et renouvellement de la CRL copy: src: crt-crl.pem dest: /etc/pki/tls/certs/crt-crl.pem mode: 0444 + tags: keys diff --git a/roles/common/tasks/repos.yml b/roles/common/tasks/repos.yml index dd2fae9..1da874e 100644 --- a/roles/common/tasks/repos.yml +++ b/roles/common/tasks/repos.yml @@ -7,7 +7,8 @@ mode: 0644 when: ansible_distribution_version|int >= mirrorlimitdown and ansible_architecture == "x86_64" and ansible_distribution_release != "Rawhide" - tags: localmirror + tags: [ localmirror, firstinstall ] + - name: Installation du dépôt updates Hidden template: @@ -18,7 +19,8 @@ mode: 0644 when: ansible_distribution_version|int >= mirrorlimitdown and ansible_architecture == "x86_64" and ansible_distribution_release != "Rawhide" - tags: localmirror + tags: [ localmirror, firstinstall ] + - name: Désactivation du dépôt Updates ini_file: @@ -29,7 +31,8 @@ when: ansible_distribution_version|int >= mirrorlimitdown and ansible_architecture == "x86_64" and ansible_distribution_release != "Rawhide" and mirrorenable == "1" or mirrorhiddenenable == "1" - tags: localmirror + tags: [ localmirror, firstinstall ] + - name: Activation du dépôt Updates ini_file: @@ -40,7 +43,8 @@ when: ansible_distribution_version|int >= mirrorlimitdown and ansible_architecture == "x86_64" and ansible_distribution_release != "Rawhide" and mirrorenable == "0" and mirrorhiddenenable == "0" - tags: localmirror + tags: [ localmirror, firstinstall ] + @@ -53,7 +57,8 @@ mode: 0644 when: ansible_distribution_version|int >= mirrorlimitdown and ansible_architecture == "x86_64" and ansible_distribution_release != "Rawhide" - tags: localmirror + tags: [ localmirror, firstinstall ] + - name: Installation du dépôt Fedora fantom Hidden template: @@ -64,7 +69,8 @@ mode: 0644 when: ansible_distribution_version|int >= mirrorlimitdown and ansible_architecture == "x86_64" and ansible_distribution_release != "Rawhide" - tags: localmirror + tags: [ localmirror, firstinstall ] + - name: Désactivation du dépôt Fedora ini_file: @@ -75,7 +81,8 @@ when: ansible_distribution_version|int >= mirrorlimitdown and ansible_architecture == "x86_64" and ansible_distribution_release != "Rawhide" and mirrorenable == "1" or mirrorhiddenenable == "1" - tags: localmirror + tags: [ localmirror, firstinstall ] + - name: Activation du dépôt Fedora ini_file: @@ -86,7 +93,8 @@ when: ansible_distribution_version|int >= mirrorlimitdown and ansible_architecture == "x86_64" and ansible_distribution_release != "Rawhide" and mirrorenable == "0" and mirrorhiddenenable == "0" - tags: localmirror + tags: [ localmirror, firstinstall ] + diff --git a/roles/proxy/tasks/config.yml b/roles/proxy/tasks/config.yml index 596bc0b..176fa03 100644 --- a/roles/proxy/tasks/config.yml +++ b/roles/proxy/tasks/config.yml @@ -33,6 +33,7 @@ group: root mode: 0644 register: crtupdate + tags: keys - name: Installation du fichier dhparam copy: @@ -42,6 +43,7 @@ group: root mode: 0644 register: dhupdate + tags: keys - name: Installation des fichiers clé copy: @@ -51,6 +53,7 @@ group: root mode: 0440 register: keyupdate + tags: keys # Assurer la compabilité avec les anciens services - name: Suppression ancien certificat @@ -58,36 +61,42 @@ path: /etc/pki/tls/certs/casperlefantom.1.crt state: absent when: crtupdate is changed + tags: keys - name: Lien avec les anciens noms de certificat file: src: "/etc/pki/tls/certs/{{ maindomain }}.{{ crtversion }}.crt" dest: /etc/pki/tls/certs/casperlefantom.1.crt state: link + tags: keys - name: Suppression ancien dhparam file: path: /etc/pki/tls/certs/dhparam-4096.pem state: absent when: dhupdate is changed + tags: keys - name: Lien avec les anciens noms de dhparam file: src: "/etc/pki/tls/certs/dhparam-4096.{{ crtversion }}.pem" dest: /etc/pki/tls/certs/dhparam-4096.pem state: link + tags: keys - name: Suppression ancienne clé file: path: /etc/pki/tls/private/casperlefantom.1.key state: absent when: keyupdate is changed + tags: keys - name: Lien avec les anciens noms de clé file: src: "/etc/pki/tls/private/{{ maindomain }}.{{ crtversion }}.key" dest: /etc/pki/tls/private/casperlefantom.1.key state: link + tags: keys - name: Installation du htpasswd pour bittorrent copy: |