mirror of https://github.com/ceph/ceph-ansible.git
88 lines
2.9 KiB
YAML
88 lines
2.9 KiB
YAML
---
|
|
- name: create a temporary directory
|
|
tempfile:
|
|
state: directory
|
|
register: iscsi_ssl_tmp_dir
|
|
delegate_to: localhost
|
|
run_once: true
|
|
|
|
- name: set_fact crt_files
|
|
set_fact:
|
|
crt_files:
|
|
- "iscsi-gateway.crt"
|
|
- "iscsi-gateway.key"
|
|
- "iscsi-gateway.pem"
|
|
- "iscsi-gateway-pub.key"
|
|
|
|
- name: check for existing crt file(s) in monitor key/value store
|
|
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config get iscsi/ssl/{{ item }}"
|
|
with_items: "{{ crt_files }}"
|
|
changed_when: false
|
|
failed_when: false
|
|
run_once: true
|
|
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
|
|
register: crt_files_exist
|
|
|
|
- name: set_fact crt_files_missing
|
|
set_fact:
|
|
crt_files_missing: "{{ crt_files_exist.results | selectattr('rc', 'equalto', 0) | map(attribute='rc') | list | length != crt_files | length }}"
|
|
|
|
- name: generate ssl crt/key files
|
|
block:
|
|
- name: create ssl crt/key files
|
|
command: >
|
|
openssl req -newkey rsa:2048 -nodes -keyout {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.key
|
|
-x509 -days 365 -out {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.crt
|
|
-subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_facts['hostname'] }}"
|
|
delegate_to: localhost
|
|
run_once: True
|
|
with_items: "{{ crt_files_exist.results }}"
|
|
|
|
- name: create pem
|
|
shell: >
|
|
cat {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.crt
|
|
{{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.key > {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.pem
|
|
delegate_to: localhost
|
|
run_once: True
|
|
register: pem
|
|
with_items: "{{ crt_files_exist.results }}"
|
|
|
|
- name: create public key from pem
|
|
shell: >
|
|
openssl x509 -inform pem -in {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway.pem
|
|
-pubkey -noout > {{ iscsi_ssl_tmp_dir.path }}/iscsi-gateway-pub.key
|
|
delegate_to: localhost
|
|
run_once: True
|
|
when: pem.changed
|
|
tags: skip_ansible_lint
|
|
|
|
- name: slurp ssl crt/key files
|
|
slurp:
|
|
src: "{{ iscsi_ssl_tmp_dir.path }}/{{ item }}"
|
|
register: iscsi_ssl_files_content
|
|
with_items: "{{ crt_files }}"
|
|
run_once: true
|
|
delegate_to: localhost
|
|
|
|
- name: store ssl crt/key files
|
|
command: "{{ container_exec_cmd }} ceph --cluster {{ cluster }} config-key put iscsi/ssl/{{ item.item }} {{ item.content }}"
|
|
run_once: true
|
|
delegate_to: "{{ groups.get(mon_group_name)[0] }}"
|
|
with_items: "{{ iscsi_ssl_files_content.results }}"
|
|
when: crt_files_missing
|
|
|
|
- name: copy crt file(s) to gateway nodes
|
|
copy:
|
|
content: "{{ item.stdout | b64decode }}"
|
|
dest: "/etc/ceph/{{ item.item }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0400
|
|
changed_when: false
|
|
with_items: "{{ crt_files_exist.results if not crt_files_missing else iscsi_ssl_files_content.results }}"
|
|
when: not crt_files_missing
|
|
|
|
- name: clean temporary directory
|
|
file:
|
|
path: "{{ iscsi_ssl_tmp_dir.path }}"
|
|
state: absent |