ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ceph-ansible/roles/ceph-iscsi-gw/tasks/deploy_ssl_keys.yml

61 lines
1.7 KiB
YAML
Raw Blame History

---
- name: set_fact crt_files
set_fact:
crt_files:
- "iscsi-gateway.crt"
- "iscsi-gateway.key"
- "iscsi-gateway.pem"
- "iscsi-gateway-pub.key"
- name: stat for crt file(s)
stat:
path: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
delegate_to: localhost
with_items: "{{ crt_files }}"
changed_when: false
failed_when: false
check_mode: no
register: crt_files_exist
- name: create ssl crt/key files
command: >
openssl req -newkey rsa:2048 -nodes -keyout {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key
-x509 -days 365 -out {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt
-subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
delegate_to: localhost
become: False
run_once: True
with_items: "{{ crt_files_exist.results }}"
when: not item.stat.exists
- name: create pem
shell: >
cat {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt
{{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem
delegate_to: localhost
become: False
run_once: True
register: pem
with_items: "{{ crt_files_exist.results }}"
when: not item.stat.exists
- name: create public key from pem
shell: >
openssl x509 -inform pem -in {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem
-pubkey -noout > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway-pub.key
delegate_to: localhost
become: False
run_once: True
when: pem.changed
tags: skip_ansible_lint
- name: copy crt file(s) to gateway nodes
copy:
src: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
dest: "/etc/ceph/{{ item }}"
owner: root
group: root
mode: 0400
changed_when: false
with_items: "{{ crt_files }}"
Reference in New Issue View Git Blame Copy Permalink