Skip to content

Commit b6f9bc4

Browse files
winemwinem
committed
Move the openssl.cnf to /tmp and delete it once the cert has been created
1 parent aa39d0a commit b6f9bc4

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

roles/StackStorm.st2web/tasks/certificate.yml

+6-2
Original file line numberDiff line numberDiff line change
@@ -52,14 +52,18 @@
5252
- name: Render openssl.cnf
5353
ansible.builtin.template:
5454
src: openssl.cnf.j2
55-
dest: /opt/stackstorm/openssl.cnf
55+
dest: /tmp/openssl.cnf
5656
mode: '0644'
5757
- name: Generate self-signed SSL certificate on RedHat 7
58-
shell: openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information Technology/CN=$(hostname)" -config /opt/stackstorm/openssl.cnf
58+
shell: openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/st2/st2.key -out /etc/ssl/st2/st2.crt -days 365 -nodes -subj "/C=US/ST=California/L=Palo Alto/O=StackStorm/OU=Information Technology/CN=$(hostname)" -config /tmp/openssl.cnf
5959
args:
6060
creates: /etc/ssl/st2/st2.key
6161
notify:
6262
- restart nginx
63+
- name: Delete the openssl.cnf
64+
ansible.builtin.file:
65+
path: /tmp/openssl.cnf
66+
state: absent
6367
when:
6468
- not st2web_ssl_certificate
6569
- not st2web_ssl_certificate_key

0 commit comments

Comments
 (0)