openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/certificates/tasks/generate-backend.yml
Matus Jenca 23413d4e0f Add backend TLS between MariaDB and ProxySQL 
This commit adds TLS connection between ProxySQL and MariaDB.
Frontend TLS ( between services and ProxySQL) will be
added in another commit.

Parialy Implements: mariadb-ssl-support

Change-Id: I154cbb096469c5515c9d8156c2c1c5dd07b95849
Signed-off-by: Matus Jenca <matus.jenca@dnation.cloud>
2024-10-25 14:38:39 +00:00

94 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Ensuring private backend directory exist
file:
path: "{{ backend_dir }}"
state: "directory"
mode: "0770"
- name: Creating backend SSL configuration file
template:
src: "{{ item }}.j2"
dest: "{{ kolla_certificates_dir }}/{{ item }}"
mode: "0660"
with_items:
- "openssl-kolla-backend.cnf"
- name: Creating backend Server Certificate key
command: >
openssl genrsa
-out "{{ backend_dir }}/backend.key" 2048
args:
creates: "{{ kolla_tls_backend_key }}"
- name: Creating backend Server Certificate signing request
command: >
openssl req
-new
-key "{{ backend_dir }}/backend.key"
-out "{{ backend_dir }}/backend.csr"
-config "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
-sha256
args:
creates: "{{ backend_dir }}/backend.csr"
- name: Creating backend Server Certificate
command: >
openssl x509
-req
-in "{{ backend_dir }}/backend.csr"
-CA "{{ root_dir }}/root.crt"
-CAkey "{{ root_dir }}/root.key"
-CAcreateserial
-extensions v3_req
-extfile "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
-out "{{ backend_dir }}/backend.crt"
-days 500
-sha256
args:
creates: "{{ backend_dir }}/backend.crt"
- name: Setting permissions on backend key
file:
path: "{{ backend_dir }}/backend.key"
mode: "0660"
state: file
- name: Copy backend cert to default configuration location
copy:
src: "{{ backend_dir }}/backend.crt"
dest: "{{ kolla_certificates_dir }}/backend-cert.pem"
mode: "0660"
- name: Copy backend key to default configuration location
copy:
src: "{{ backend_dir }}/backend.key"
dest: "{{ kolla_certificates_dir }}/backend-key.pem"
mode: "0660"
- name: Copy backend TLS certificate and key for RabbitMQ
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
remote_src: true
with_items:
- src: "{{ kolla_tls_backend_cert }}"
dest: "{{ kolla_certificates_dir }}/rabbitmq-cert.pem"
- src: "{{ kolla_tls_backend_key }}"
dest: "{{ kolla_certificates_dir }}/rabbitmq-key.pem"
when:
- rabbitmq_enable_tls | bool
- name: Copy backend TLS certificate and key for Mariadb
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0660"
remote_src: true
with_items:
- src: "{{ kolla_tls_backend_cert }}"
dest: "{{ kolla_certificates_dir }}/mariadb-cert.pem"
- src: "{{ kolla_tls_backend_key }}"
dest: "{{ kolla_certificates_dir }}/mariadb-key.pem"
when:
- database_enable_tls_backend | bool
View Git Blame Copy Permalink