6bc6929d09
Supports two scenarios: 1) variables defined in defaults/main.yml are sufficient to create a root/intermediate CA certificate for mariadb when this role is used outside openstack-ansible. 2) when: openstack_pki_dir openstack_pki_setup_host openstack_pki_authorities openstack_pki_service_intermediate_cert_name are defined, an external CA already created on the deploy host with a previous run of ansible-role-pki will be used as the CA. Server certificates for the galera instances are created from the data in galera_pki_certificates in both situations Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/807771 Change-Id: I72738e4f8bd2233dedbed4428baafd4436de84b5
36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Prepare the package list
|
|
set_fact:
|
|
galera_packages_list: "{{ galera_client_distro_packages }}"
|
|
|
|
- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
|
|
when:
|
|
- galera_client_package_install | bool
|
|
|
|
- include_tasks: galera_client_post_install.yml
|
|
|
|
- name: Create and install SSL certificates
|
|
include_role:
|
|
name: pki
|
|
tasks_from: "main_certs.yml"
|
|
vars:
|
|
pki_setup_host: "{{ galera_ssl_server }}"
|
|
pki_dir: "{{ galera_pki_dir }}"
|
|
pki_install_ca: "{{ galera_pki_install_ca }}"
|
|
when:
|
|
- galera_use_ssl | bool
|