- name: set_fact crt_files
set_fact:
crt_files:
- - "/etc/ceph/iscsi-gateway.crt"
- - "/etc/ceph/iscsi-gateway.key"
- - "/etc/ceph/iscsi-gateway.pem"
- - "/etc/ceph/iscsi-gateway-pub.key"
+ - "iscsi-gateway.crt"
+ - "iscsi-gateway.key"
+ - "iscsi-gateway.pem"
+ - "iscsi-gateway-pub.key"
- name: stat for crt file(s)
local_action:
check_mode: no
register: crt_files_exist
-- name: try to fetch crt file(s)
+- name: create ssl crt/key files
+ local_action:
+ module: shell openssl req -newkey rsa:2048 -nodes -keyout {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key -x509 -days 365 -out {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt -subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
+ run_once: True
+ with_items: "{{ crt_files_exist.results }}"
+ when:
+ - item.stat.exists == false
+
+- name: create pem
+ local_action:
+ module: shell cat {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.crt {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.key > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem
+ run_once: True
+ register: pem
+ with_items: "{{ crt_files_exist.results }}"
+ when:
+ - item.stat.exists == false
+
+- name: create public key from pem
+ local_action:
+ module: shell openssl x509 -inform pem -in {{ fetch_directory }}/{{ fsid }}/iscsi-gateway.pem -pubkey -noout > {{ fetch_directory }}/{{ fsid }}/iscsi-gateway-pub.key
+ run_once: True
+ when:
+ - pem.changed
+
+- name: copy crt file(s) to gateway nodes
copy:
- src: "{{ fetch_directory }}/{{ fsid }}/{{ item.0 }}"
- dest: "{{ item.0 }}"
+ src: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
+ dest: "/etc/ceph/{{ item }}"
owner: root
group: root
mode: 0400
changed_when: false
- with_together:
- - "{{ crt_files }}"
- - "{{ crt_files_exist.results }}"
- when: item.1.stat.exists == true
-
-- name: set_fact generate_crt
- set_fact:
- generate_crt: true
- with_items: "{{ crt_files_exist.results }}"
- when: item.stat.exists == false
-
-- name: include generate_crt.yml
- include: generate_crt.yml
- when: generate_crt|default(false)|bool
+ with_items: "{{ crt_files }}"
+++ /dev/null
----
-- name: create ssl crt/key files
- shell: |
- openssl req -newkey rsa:2048 -nodes -keyout /etc/ceph/iscsi-gateway.key -x509 -days 365 -out /etc/ceph/iscsi-gateway.crt -subj "/C=US/ST=./L=./O=RedHat/OU=Linux/CN={{ ansible_hostname }}"
- run_once: True
-
-- name: create pem
- shell: |
- cat /etc/ceph/iscsi-gateway.crt /etc/ceph/iscsi-gateway.key > /etc/ceph/iscsi-gateway.pem
- run_once: True
- register: pem
-
-- name: create public key from pem
- shell: |
- openssl x509 -inform pem -in /etc/ceph/iscsi-gateway.pem -pubkey -noout > /etc/ceph/iscsi-gateway-pub.key
- run_once: True
- when:
- - pem.changed
-
-- name: lock ssl file access to root only
- file:
- path: "{{ item }}"
- mode: 0400
- owner: root
- group: root
- with_items: "{{ crt_files }}"
-
-- name: copy crt(s) to the ansible server
- fetch:
- src: "{{ item }}"
- dest: "{{ fetch_directory }}/{{ fsid }}/{{ item }}"
- flat: yes
- with_items: "{{ crt_files }}"
when:
- containerized_deployment
-- name: check_mandatory_vars.yml
+- name: include check_mandatory_vars.yml
include: check_mandatory_vars.yml
- name: include prerequisites.yml
# the API for https support.
- name: include deploy_ssl_keys.yml
include: deploy_ssl_keys.yml
+ when:
+ - generate_crt|bool
-- name: configure_iscsi.yml
+- name: include configure_iscsi.yml
include: configure_iscsi.yml
projects / ceph-ansible.git / commitdiff