Merge "Support adding a trusted CA certificate in ansible"
This commit is contained in:
commit
7a9bc2f330
|
@ -130,6 +130,22 @@ docker_registries:
|
|||
|
||||
#is_secure_registry: True
|
||||
|
||||
# Certificates
|
||||
# =================
|
||||
#
|
||||
# These values provide a means to install certificates onto the system.
|
||||
# For example the ssl_ca_cert parameter may be used to install a trusted CA to
|
||||
# the system. A trusted CA certificate will be required if the end user
|
||||
# configures a private docker registry that is signed by an unknown Certificate
|
||||
# Authority.
|
||||
#
|
||||
# The certificate value is the absolute path of the certificate file.
|
||||
# The certificate must be in PEM format.
|
||||
# The supported certificates are:
|
||||
# - ssl_ca_cert
|
||||
#
|
||||
#ssl_ca_cert: /path/to/ssl_ca_cert_file
|
||||
|
||||
# ADMIN CREDENTIALS
|
||||
# =================
|
||||
#
|
||||
|
|
|
@ -186,6 +186,34 @@
|
|||
|
||||
when: save_config
|
||||
|
||||
- block:
|
||||
- name: Copy ssl_ca certificate
|
||||
copy:
|
||||
src: "{{ ssl_ca_cert }}"
|
||||
dest: "{{ temp_ssl_ca }}"
|
||||
|
||||
- name: Remove ssl_ca complete flag
|
||||
file:
|
||||
path: "{{ ssl_ca_complete_flag }}"
|
||||
state: absent
|
||||
|
||||
- name: Add ssl_ca certificate
|
||||
shell: source /etc/platform/openrc; system certificate-install -m ssl_ca {{ temp_ssl_ca }}
|
||||
|
||||
- name: Wait for certificate install
|
||||
wait_for:
|
||||
path: "{{ ssl_ca_complete_flag }}"
|
||||
state: present
|
||||
timeout: 360
|
||||
msg: Timeout waiting for ssl_ca certificate install
|
||||
|
||||
- name: Cleanup temporary certificate
|
||||
file:
|
||||
path: "{{ temp_ssl_ca }}"
|
||||
state: absent
|
||||
|
||||
when: ssl_ca_cert is defined and ssl_ca_cert
|
||||
|
||||
# PXE boot files
|
||||
- name: Set pxeboot files source if address allocation is dynamic
|
||||
set_fact:
|
||||
|
|
|
@ -3,3 +3,5 @@ keyring_workdir: /tmp/python_keyring
|
|||
docker_proxy_conf: /etc/systemd/system/docker.service.d/http-proxy.conf
|
||||
minimum_root_disk_size: 240
|
||||
default_security_feature: "nopti nospectre_v2"
|
||||
temp_ssl_ca: /tmp/ca_cert.pem
|
||||
ssl_ca_complete_flag: /etc/platform/.ssl_ca_complete
|
||||
|
|
|
@ -389,6 +389,12 @@
|
|||
(docker_images_archive_source is not none)
|
||||
|
||||
|
||||
- name: Check for ssl_ca_cert file
|
||||
fail:
|
||||
msg: "ssl_ca_cert file not found. ({{ ssl_ca_cert }})"
|
||||
when: ssl_ca_cert is defined and (not ssl_ca_cert is file)
|
||||
|
||||
|
||||
# bootstrap_config ini file generation
|
||||
- block:
|
||||
- name: Create config workdir
|
||||
|
|
Loading…
Reference in New Issue