Browse Source

Merge "Fix Galera self-signed SSL functionality"

Zuul 5 months ago
parent
commit
ea327ee579
1 changed files with 23 additions and 22 deletions
  1. 23
    22
      tasks/galera_ssl_self_signed.yml

+ 23
- 22
tasks/galera_ssl_self_signed.yml View File

@@ -21,11 +21,12 @@
21 21
     - "{{ galera_ssl_ca_cert }}"
22 22
     - "{{ galera_ssl_cert }}"
23 23
     - "{{ galera_ssl_key }}"
24
+    - "{{ galera_ssl_ca_cert | dirname }}/galera-csr.pem"
24 25
   when:
25 26
     - galera_ssl_self_signed_regen | bool
26 27
     - inventory_hostname == galera_server_bootstrap_node
27 28
 
28
-- name: Create galera CA cert
29
+- name: Create Galera CA cert
29 30
   command: >
30 31
     openssl req -new -nodes -x509 -subj
31 32
     "{{ galera_ssl_ca_self_signed_subject }}"
@@ -36,7 +37,7 @@
36 37
     - inventory_hostname == galera_server_bootstrap_node
37 38
   notify: Restart all mysql
38 39
 
39
-- name: Get CA key contents and store as var
40
+- name: Get CA cert contents and store as var
40 41
   slurp:
41 42
     src: "{{ galera_ssl_ca_cert }}"
42 43
   register: galera_ca
@@ -44,21 +45,21 @@
44 45
   when:
45 46
     - inventory_hostname == galera_server_bootstrap_node
46 47
 
47
-- name: Register a fact for the CA key
48
+- name: Register a fact for the CA cert
48 49
   set_fact:
49
-    galera_server_ca_key: "{{ galera_ca.content }}"
50
+    galera_server_ca_cert: "{{ galera_ca.content }}"
50 51
   when:
51 52
     - inventory_hostname == galera_server_bootstrap_node
52 53
 
53
-- name: Create galera ssl request
54
+- name: Create Galera SSL CSR
54 55
   command: >
55 56
     openssl req -new -nodes -sha256 -subj
56 57
     "{{ galera_ssl_self_signed_subject }}"
57 58
     -days 3650
58 59
     -keyout {{ galera_ssl_key }}
59
-    -out {{ galera_ssl_ca_cert | dirname }}/galera-req.pem
60
+    -out {{ galera_ssl_ca_cert | dirname }}/galera-csr.pem
60 61
     -extensions v3_ca
61
-    creates={{ galera_ssl_ca_cert | dirname }}/galera-req.pem
62
+    creates={{ galera_ssl_ca_cert | dirname }}/galera-csr.pem
62 63
   register: create_galera_ssl_request
63 64
   when:
64 65
     - inventory_hostname == galera_server_bootstrap_node
@@ -74,25 +75,25 @@
74 75
     - inventory_hostname == galera_server_bootstrap_node
75 76
   notify: Restart all mysql
76 77
 
77
-- name: Get REQ key contents and store as var
78
+- name: Get CSR private key contents and store as var
78 79
   slurp:
79
-    src: "{{ galera_ssl_ca_cert | dirname }}/galera-req.pem"
80
-  register: galera_req
80
+    src: "{{ galera_ssl_key }}"
81
+  register: galera_private_key
81 82
   changed_when: false
82 83
   when:
83 84
     - inventory_hostname == galera_server_bootstrap_node
84 85
 
85
-- name: Register a fact for the REQ key
86
+- name: Register a fact for the CSR private key
86 87
   set_fact:
87
-    galera_server_req_key: "{{ galera_req.content }}"
88
+    galera_server_private_key: "{{ galera_private_key.content }}"
88 89
   when:
89 90
     - inventory_hostname == galera_server_bootstrap_node
90 91
 
91
-- name: Create galera ssl cert
92
+- name: Create Galera SSL signed cert
92 93
   command: >
93 94
     openssl x509 -req
94 95
     -days 3650
95
-    -in {{ galera_ssl_ca_cert | dirname }}/galera-req.pem
96
+    -in {{ galera_ssl_ca_cert | dirname }}/galera-csr.pem
96 97
     -CA {{ galera_ssl_ca_cert }}
97 98
     -CAkey {{ galera_ssl_key | dirname }}/galera-ca.key
98 99
     -out {{ galera_ssl_cert }}
@@ -102,7 +103,7 @@
102 103
     - inventory_hostname == galera_server_bootstrap_node
103 104
   notify: Restart all mysql
104 105
 
105
-- name: Get CERT key contents and store as var
106
+- name: Get signed cert contents and store as var
106 107
   slurp:
107 108
     src: "{{ galera_ssl_cert }}"
108 109
   register: galera_cert
@@ -110,13 +111,13 @@
110 111
   when:
111 112
     - inventory_hostname == galera_server_bootstrap_node
112 113
 
113
-- name: Register a fact for the CERT key
114
+- name: Register a fact for the signed cert contents
114 115
   set_fact:
115
-    galera_server_cert_key: "{{ galera_cert.content }}"
116
+    galera_server_cert: "{{ galera_cert.content }}"
116 117
   when:
117 118
     - inventory_hostname == galera_server_bootstrap_node
118 119
 
119
-- name: Copy CA cert and key (SELF)
120
+- name: Copy CA cert, private key, and signed cert (SELF)
120 121
   copy:
121 122
     content: "{{ hostvars[galera_server_bootstrap_node][item.key] | b64decode }}"
122 123
     dest: "{{ item.dest }}"
@@ -124,12 +125,12 @@
124 125
     group: "mysql"
125 126
     mode: "{{ item.mode | default('0640') }}"
126 127
   with_items:
127
-    - key: "galera_server_ca_key"
128
+    - key: "galera_server_ca_cert"
128 129
       dest: "{{ galera_ssl_ca_cert }}"
129
-    - key: "galera_server_req_key"
130
-      dest: "{{ galera_ssl_cert }}"
131
-    - key: "galera_server_cert_key"
130
+    - key: "galera_server_private_key"
132 131
       dest: "{{ galera_ssl_key }}"
132
+    - key: "galera_server_cert"
133
+      dest: "{{ galera_ssl_cert }}"
133 134
       mode: "0600"
134 135
   when:
135 136
     - inventory_hostname != galera_server_bootstrap_node

Loading…
Cancel
Save