diff options
| author | Matthew Fennell <matthew@fennell.dev> | 2026-01-02 13:38:09 +0000 |
|---|---|---|
| committer | Matthew Fennell <matthew@fennell.dev> | 2026-01-02 13:38:09 +0000 |
| commit | d9305b275096db83180f4306a0f962fd0785b823 (patch) | |
| tree | 30d46d23b8e8bfecd97311475c7fa2b349237371 /playbook.yaml | |
| parent | 0b52acfa72b6ac6aa6e006ea00459ae7ee112723 (diff) | |
Store stdout as DANE hash instead of full command
I only want to store the actual hash in dane_hash and not a full python object
corresponding to the execution of the command.
Diffstat (limited to 'playbook.yaml')
| -rw-r--r-- | playbook.yaml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/playbook.yaml b/playbook.yaml index 2a85ba1..9cc207d 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -82,10 +82,14 @@ ~/.lego/certificates/{{ virtual_host }}.crt -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -sha256 -binary | hexdump -ve '/1 "%02x"' - register: dane_hash + register: dane_result changed_when: false delegate_to: localhost + - name: Take note of DANE hash + ansible.builtin.set_fact: + dane_hash: "{{ dane_result.stdout }}" + # We allow status code 400 here as this is returned by deSEC if the domain # already exists. Ideally, we should filter out genuinely good/bad requests # here using the response. |