8492420407
We have instructed zuul to connect to tracing.opendev.org, but we are generating a certificate using opendev-ca with S=tracing01.opendev.org. Update the certificate with the correct subject. This also corrects the opendev-ca role which assumed that the cert filename would always be inventory_hostname. Change-Id: I9b6b0534f058d386e01910bb7efc30312f3d72ad
50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
- name: Ensure opendev-ca directory exists
|
|
delegate_to: localhost
|
|
file:
|
|
path: "{{ opendev_ca_root }}"
|
|
state: directory
|
|
|
|
# Run this in flock so that we can run it in plays for multiple target
|
|
# hosts in parallel while serializing access to the CA files.
|
|
- name: Run opendev-ca.sh
|
|
delegate_to: localhost
|
|
script: "opendev-ca.sh {{ opendev_ca_root }} {{ opendev_ca_server }}"
|
|
args:
|
|
executable: "flock {{ opendev_ca_root }}/lock"
|
|
|
|
- name: Ensure cert dir exists
|
|
file:
|
|
path: "{{ opendev_ca_cert_dir }}/certs"
|
|
state: directory
|
|
owner: "{{ opendev_ca_cert_dir_owner }}"
|
|
group: "{{ opendev_ca_cert_dir_group }}"
|
|
mode: '0755'
|
|
|
|
- name: Ensure keys dir exists
|
|
file:
|
|
path: "{{ opendev_ca_cert_dir }}/keys"
|
|
state: directory
|
|
owner: "{{ opendev_ca_cert_dir_owner }}"
|
|
group: "{{ opendev_ca_cert_dir_group }}"
|
|
mode: '0700'
|
|
|
|
- name: Copy TLS cacert into place
|
|
copy:
|
|
src: "{{ opendev_ca_root }}/certs/cacert.pem"
|
|
dest: "{{ opendev_ca_cert_dir }}/certs/cacert.pem"
|
|
|
|
- name: Copy TLS cert into place
|
|
copy:
|
|
src: "{{ opendev_ca_root }}/certs/{{ opendev_ca_server }}.pem"
|
|
dest: "{{ opendev_ca_cert_dir }}/certs/cert.pem"
|
|
|
|
- name: Copy TLS key into place
|
|
copy:
|
|
src: "{{ opendev_ca_root }}/keys/{{ opendev_ca_server }}key.pem"
|
|
dest: "{{ opendev_ca_cert_dir }}/keys/key.pem"
|
|
|
|
- name: Copy TLS keystore into place
|
|
copy:
|
|
src: "{{ opendev_ca_root }}/keystores/{{ opendev_ca_server }}.pem"
|
|
dest: "{{ opendev_ca_cert_dir }}/keys/keystore.pem"
|