2017-08-05 02:18:11 +08:00
|
|
|
---
|
2017-10-05 22:40:07 +08:00
|
|
|
- name: create ssl crt/key files
|
2017-08-05 02:18:11 +08:00
|
|
|
shell: |
|
|
|
|
openssl req -newkey rsa:2048 -nodes -keyout /etc/ceph/iscsi-gateway.key -x509 -days 365 -out /etc/ceph/iscsi-gateway.crt -subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
|
|
|
|
run_once: True
|
|
|
|
|
2017-10-05 22:40:07 +08:00
|
|
|
- name: create pem
|
2017-08-05 02:18:11 +08:00
|
|
|
shell: |
|
|
|
|
cat /etc/ceph/iscsi-gateway.crt /etc/ceph/iscsi-gateway.key > /etc/ceph/iscsi-gateway.pem
|
|
|
|
run_once: True
|
|
|
|
register: pem
|
|
|
|
|
2017-10-05 22:40:07 +08:00
|
|
|
- name: create public key from pem
|
2017-08-05 02:18:11 +08:00
|
|
|
shell: |
|
|
|
|
openssl x509 -inform pem -in /etc/ceph/iscsi-gateway.pem -pubkey -noout > /etc/ceph/iscsi-gateway-pub.key
|
|
|
|
run_once: True
|
|
|
|
when:
|
|
|
|
- pem.changed
|
|
|
|
|
|
|
|
- name: lock ssl file access to root only
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
mode: 0400
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
with_items: "{{ crt_files }}"
|
|
|
|
|
|
|
|
- name: copy crt(s) to the ansible server
|
|
|
|
fetch:
|
|
|
|
src: "{{ item }}"
|
|
|
|
dest: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
|
|
|
|
flat: yes
|
|
|
|
with_items: "{{ crt_files }}"
|