ceph-ansible/roles/ceph-iscsi-gw/tasks/deploy_ssl_keys.yml

63 lines
1.7 KiB
YAML

---
- name: set_fact crt_files
set_fact:
crt_files:
- "iscsi-gateway.crt"
- "iscsi-gateway.key"
- "iscsi-gateway.pem"
- "iscsi-gateway-pub.key"
- name: stat for crt file(s)
stat:
path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
delegate_to: localhost
with_items: "{{ crt_files }}"
changed_when: false
failed_when: false
check_mode: no
register: crt_files_exist
- name: create ssl crt/key files
command: >
openssl req -newkey rsa:2048 -nodes -keyout {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key
-x509 -days 365 -out {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt
-subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
delegate_to: localhost
run_once: True
with_items: "{{ crt_files_exist.results }}"
when:
- not item.stat.exists
- name: create pem
shell: >
cat {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt
{{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem
delegate_to: localhost
run_once: True
register: pem
with_items: "{{ crt_files_exist.results }}"
when:
- not item.stat.exists
- name: create public key from pem
shell: >
openssl x509 -inform pem -in {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem
-pubkey -noout > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway-pub.key
delegate_to: localhost
run_once: True
when:
- pem.changed
tags:
- skip_ansible_lint
- name: copy crt file(s) to gateway nodes
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
dest: "/etc/ceph/{{ item }}"
owner: root
group: root
mode: 0400
become: true
changed_when: false
with_items: "{{ crt_files }}"