ceph-ansible/roles/ceph-iscsi-gw/tasks/generate_crt.yml

34 lines
944 B
YAML
Raw Normal View History

---
- name: create ssl crt/key files
shell: |
openssl req -newkey rsa:2048 -nodes -keyout /etc/ceph/iscsi-gateway.key -x509 -days 365 -out /etc/ceph/iscsi-gateway.crt -subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
run_once: True
- name: create pem
shell: |
cat /etc/ceph/iscsi-gateway.crt /etc/ceph/iscsi-gateway.key > /etc/ceph/iscsi-gateway.pem
run_once: True
register: pem
- name: create public key from pem
shell: |
openssl x509 -inform pem -in /etc/ceph/iscsi-gateway.pem -pubkey -noout > /etc/ceph/iscsi-gateway-pub.key
run_once: True
when:
- pem.changed
- name: lock ssl file access to root only
file:
path: "{{ item }}"
mode: 0400
owner: root
group: root
with_items: "{{ crt_files }}"
- name: copy crt(s) to the ansible server
fetch:
src: "{{ item }}"
dest: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
flat: yes
with_items: "{{ crt_files }}"