16649df878
- run `pre-commit autoupdate` and fixed new issues - adopted newer pre-commit config for ansible-lint 4.2.0+ - fixed some reported broken rules - temporary disabled few rules, just to contain the size of of review, planning to drop/fix them in follow-ups. Change-Id: I807ba4e919527be56c85ec72d0f4c7148f04e994
36 lines
1.2 KiB
YAML
36 lines
1.2 KiB
YAML
---
|
|
# tasks file for ansible-role-tripleo-ssl
|
|
- when: ssl_overcloud|bool
|
|
block:
|
|
- name: Ensure rpm requirements for ssl and heat template are installed
|
|
become: true
|
|
# noqa 403
|
|
package:
|
|
name:
|
|
- openssl
|
|
- openstack-tripleo-heat-templates
|
|
state: latest
|
|
|
|
- name: Create overcloud-create-ssl-cert.sh
|
|
template:
|
|
src: "{{ overcloud_ssl_cert_script }}"
|
|
dest: "{{ working_dir }}/overcloud-create-ssl-cert.sh"
|
|
mode: 0755
|
|
|
|
- name: Generate SSL certificates
|
|
shell: >
|
|
set -o pipefail &&
|
|
{{ working_dir }}/overcloud-create-ssl-cert.sh 2>&1 {{ timestamper_cmd }} >
|
|
{{ overcloud_ssl_cert_log }}
|
|
|
|
- name: fetch template from single remote host
|
|
tls_tht:
|
|
enable_tls_overcloud: "{{ ssl_overcloud }}"
|
|
source_dir: "/usr/share/openstack-tripleo-heat-templates/"
|
|
dest_dir: "{{ working_dir }}/"
|
|
cert_filename: "{{ working_dir }}/server-cert.pem"
|
|
cert_ca_filename: "{{ working_dir }}/overcloud-cacert.pem"
|
|
key_filename: "{{ working_dir }}/server-key.pem"
|
|
tht_release: '{{ release }}'
|
|
when: ssl_overcloud|bool or undercloud_generate_service_certificate|bool
|