Ansible-MariaDB-Cluster/roles/mariadb_cluster/tasks/certificates-server.yml

---
# file: roles/mariadb_cluster/tasks/certificates-server.yml 


- name: "{{ hostvars[item]['ansible_hostname'] }} - Create private key"
  community.crypto.openssl_privatekey:
    path: /etc/ssl/galera/server.key

- name: "{{ hostvars[item]['ansible_hostname'] }} - Check if server certificate exists"
  stat:
    path: "/etc/ssl/galera/server.pem"
  register: serverCertCheck

- name: "{{ hostvars[item]['ansible_hostname'] }} - CSR"
  block:
  - name: "{{ hostvars[item]['ansible_hostname'] }} - Create CSR for new certificate"
    community.crypto.openssl_csr_pipe:
      privatekey_path: /etc/ssl/galera/server.key
      common_name: "{{ hostvars[item]['ansible_hostname'] }}"
      subject_alt_name:
        - "DNS:{{ mariadb_cluster_wsrep_cluster_name }}"
    register: csr

  - name: "{{ hostvars[item]['ansible_hostname'] }} - Sign certificate with CA"
    community.crypto.x509_certificate_pipe:
      csr_content: "{{ csr.csr }}"
      provider: ownca
      ownca_path: /etc/ssl/galera/ca-certificate.pem
      ownca_privatekey_path: /etc/ssl/galera/ca-certificate.key
      ownca_not_after: "{{ mariadb_cluster_cert_length }}"
      ownca_not_before: "-1d"
    delegate_to: "{{ mariadb_cluster_master }}"
    register: certificate

  - name: "{{ hostvars[item]['ansible_hostname'] }} - Write certificate file"
    copy:
      dest: /etc/ssl/galera/server.pem
      content: "{{ certificate.certificate }}"
  when: not serverCertCheck.stat.exists
Adding SSL Support 2024-08-01 14:43:13 -06:00			`---`
			`# file: roles/mariadb_cluster/tasks/certificates-server.yml`


			`- name: "{{ hostvars[item]['ansible_hostname'] }} - Create private key"`
			`community.crypto.openssl_privatekey:`
			`path: /etc/ssl/galera/server.key`

			`- name: "{{ hostvars[item]['ansible_hostname'] }} - Check if server certificate exists"`
			`stat:`
			`path: "/etc/ssl/galera/server.pem"`
			`register: serverCertCheck`

			`- name: "{{ hostvars[item]['ansible_hostname'] }} - CSR"`
			`block:`
			`- name: "{{ hostvars[item]['ansible_hostname'] }} - Create CSR for new certificate"`
			`community.crypto.openssl_csr_pipe:`
			`privatekey_path: /etc/ssl/galera/server.key`
			`common_name: "{{ hostvars[item]['ansible_hostname'] }}"`
			`subject_alt_name:`
			`- "DNS:{{ mariadb_cluster_wsrep_cluster_name }}"`
			`register: csr`

			`- name: "{{ hostvars[item]['ansible_hostname'] }} - Sign certificate with CA"`
			`community.crypto.x509_certificate_pipe:`
			`csr_content: "{{ csr.csr }}"`
			`provider: ownca`
			`ownca_path: /etc/ssl/galera/ca-certificate.pem`
			`ownca_privatekey_path: /etc/ssl/galera/ca-certificate.key`
			`ownca_not_after: "{{ mariadb_cluster_cert_length }}"`
			`ownca_not_before: "-1d"`
			`delegate_to: "{{ mariadb_cluster_master }}"`
			`register: certificate`

			`- name: "{{ hostvars[item]['ansible_hostname'] }} - Write certificate file"`
			`copy:`
			`dest: /etc/ssl/galera/server.pem`
			`content: "{{ certificate.certificate }}"`
			`when: not serverCertCheck.stat.exists`