--- - hosts: preseed vars: host_tls_info: - hostname: ldap service: ldap name: LDAP - hostname: mail service: imap name: IMAP - hostname: mail service: smtp name: SMTP - hostname: phpinfo service: https name: PHP Info - hostname: web service: https name: Web - hostname: wsgi service: https name: WSGI Hello World - hostname: wsgireq service: https name: WSGI Hello World - hostname: xmpp service: xmpp name: XMPP extra_dns_names: - "{{ testsite_domain }}" tasks: - name: Create GnuTLS certificate templates for all hosts template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg" with_items: "{{ host_tls_info }}" - name: Create the CA key command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key args: creates: ../tls/ca.key - name: Create the CA certificate command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem args: creates: ../tls/ca.pem - name: Create private keys for all hosts command: certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key" with_items: "{{ host_tls_info }}" args: creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key" - name: Issue certificates for all hosts shell: sleep 1 && certtool --generate-certificate --load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem" --template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg" --load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key" --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem" with_items: "{{ host_tls_info }}" args: creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"