Tyler/Ansible-MariaDB-Cluster
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity
Ansible-MariaDB-Cluster/roles/mariadb_cluster/tasks/certificates.yml
Tyler Hale 828a542896
Adding SSL Support
2024-08-01 14:43:13 -06:00

67 lines
1.9 KiB
YAML
Raw Permalink Blame History

---
# file: roles/mariadb_cluster/tasks/certificates.yml
- name: Ensure directory exists for local self-signed TLS certs
file:
path: /etc/ssl/galera/
state: directory
owner: mysql
group: mysql
recurse: true
- name: CA Setup
block:
- name: Generate an OpenSSL private key
community.crypto.openssl_privatekey:
path: /etc/ssl/galera/ca-certificate.key
- name: Create certificate signing request (CSR) for CA certificate
community.crypto.openssl_csr_pipe:
privatekey_path: /etc/ssl/galera/ca-certificate.key
common_name: Galera-Ansible
use_common_name_for_san: false
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: true
key_usage:
- keyCertSign
key_usage_critical: true
register: ca_csr
changed_when: false
- name: Create self-signed CA certificate from CSR
community.crypto.x509_certificate:
path: /etc/ssl/galera/ca-certificate.pem
csr_content: "{{ ca_csr.csr }}"
privatekey_path: /etc/ssl/galera/ca-certificate.key
selfsigned_not_after: "{{ mariadb_cluster_cert_length }}"
provider: selfsigned
- name: Copy ca-certificate locally for transfer
fetch:
src: /etc/ssl/galera/ca-certificate.pem
dest: /tmp/galera-ca-certificate.pem
flat: yes
when: inventory_hostname == mariadb_cluster_master
- name: Transfer ca cert to other members
copy:
src: /tmp/galera-ca-certificate.pem
dest: /etc/ssl/galera/ca-certificate.pem
owner: mysql
group: mysql
mode: '0644'
- name: Server Certificates
include_tasks: certificates-server.yml
loop: "{{ groups['mariadb_cluster'] }}"
loop_control:
extended: yes
- name: Ensure mysql has permissions to access certs
file:
path: /etc/ssl/galera/
state: directory
owner: mysql
group: mysql
recurse: true
Reference in a new issue View git blame Copy permalink