diff --git a/defaults/main.yaml b/defaults/main.yaml
index 8125cd3..ad30ded 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -36,6 +36,27 @@ zuul_file_gearman_logging_conf_mode: 0644
 zuul_file_gearman_logging_conf_owner: "{{ zuul_user_name }}"
 zuul_file_gearman_logging_conf_src: etc/zuul/gearman-logging.conf
 
+zuul_file_gearman_ssl_ca_content:
+zuul_file_gearman_ssl_ca_dest: /etc/zuul/ssl/root-ca.pem
+zuul_file_gearman_ssl_ca_group: "{{ zuul_user_group }}"
+zuul_file_gearman_ssl_ca_mode: 0644
+zuul_file_gearman_ssl_ca_owner: "{{ zuul_user_name }}"
+zuul_file_gearman_ssl_ca_src: etc/zuul/ssl/root-ca.pem
+
+zuul_file_gearman_ssl_cert_content:
+zuul_file_gearman_ssl_cert_dest: /etc/zuul/ssl/client.pem
+zuul_file_gearman_ssl_cert_group: "{{ zuul_user_group }}"
+zuul_file_gearman_ssl_cert_mode: 0644
+zuul_file_gearman_ssl_cert_owner: "{{ zuul_user_name }}"
+zuul_file_gearman_ssl_cert_src: etc/zuul/ssl/client.pem
+
+zuul_file_gearman_ssl_key_content:
+zuul_file_gearman_ssl_key_dest: /etc/zuul/ssl/client.key
+zuul_file_gearman_ssl_key_group: "{{ zuul_user_group }}"
+zuul_file_gearman_ssl_key_mode: 0600
+zuul_file_gearman_ssl_key_owner: "{{ zuul_user_name }}"
+zuul_file_gearman_ssl_key_src: etc/zuul/ssl/client.key
+
 zuul_file_executor_logging_conf_dest: /etc/zuul/executor-logging.conf
 zuul_file_executor_logging_conf_group: "{{ zuul_user_group }}"
 zuul_file_executor_logging_conf_mode: 0644
diff --git a/tasks/config.yaml b/tasks/config.yaml
index 8fa76c5..67b8a52 100644
--- a/tasks/config.yaml
+++ b/tasks/config.yaml
@@ -21,6 +21,7 @@
     state: directory
   with_items:
     - /etc/zuul
+    - /etc/zuul/ssl
     - /var/log/zuul
 
 - name: Install gearman logging file.
@@ -78,6 +79,36 @@
   register: zuul_file_scheduler_logging_conf
   notify: Reload zuul-scheduler
 
+- name: Install zuul gearman ssl ca configuration.
+  become: yes
+  template:
+    dest: "{{ zuul_file_gearman_ssl_ca_dest }}"
+    group: "{{ zuul_file_gearman_ssl_ca_group }}"
+    mode: "{{ zuul_file_gearman_ssl_ca_mode }}"
+    owner: "{{ zuul_file_gearman_ssl_ca_owner }}"
+    src: "{{ zuul_file_gearman_ssl_ca_src }}"
+  register: zuul_file_gearman_ssl_ca
+
+- name: Install zuul gearman ssl cert configuration.
+  become: yes
+  template:
+    dest: "{{ zuul_file_gearman_ssl_cert_dest }}"
+    group: "{{ zuul_file_gearman_ssl_cert_group }}"
+    mode: "{{ zuul_file_gearman_ssl_cert_mode }}"
+    owner: "{{ zuul_file_gearman_ssl_cert_owner }}"
+    src: "{{ zuul_file_gearman_ssl_cert_src }}"
+  register: zuul_file_gearman_ssl_cert
+
+- name: Install zuul gearman ssl key configuration.
+  become: yes
+  template:
+    dest: "{{ zuul_file_gearman_ssl_key_dest }}"
+    group: "{{ zuul_file_gearman_ssl_key_group }}"
+    mode: "{{ zuul_file_gearman_ssl_key_mode }}"
+    owner: "{{ zuul_file_gearman_ssl_key_owner }}"
+    src: "{{ zuul_file_gearman_ssl_key_src }}"
+  register: zuul_file_gearman_ssl_key
+
 - name: Install web logging file.
   become: yes
   template:
diff --git a/templates/etc/zuul/ssl/client.key b/templates/etc/zuul/ssl/client.key
new file mode 100644
index 0000000..7371c1e
--- /dev/null
+++ b/templates/etc/zuul/ssl/client.key
@@ -0,0 +1,4 @@
+# This file is generated by Ansible
+#  DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
+#
+{{ zuul_file_gearman_ssl_key_content }}
diff --git a/templates/etc/zuul/ssl/client.pem b/templates/etc/zuul/ssl/client.pem
new file mode 100644
index 0000000..9a35af6
--- /dev/null
+++ b/templates/etc/zuul/ssl/client.pem
@@ -0,0 +1,4 @@
+# This file is generated by Ansible
+#  DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
+#
+{{ zuul_file_gearman_ssl_cert_content }}
diff --git a/templates/etc/zuul/ssl/root-ca.pem b/templates/etc/zuul/ssl/root-ca.pem
new file mode 100644
index 0000000..c547b43
--- /dev/null
+++ b/templates/etc/zuul/ssl/root-ca.pem
@@ -0,0 +1,4 @@
+# This file is generated by Ansible
+#  DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
+#
+{{ zuul_file_gearman_ssl_ca_content }}
diff --git a/tests/collect-logs.yaml b/tests/collect-logs.yaml
index 2564039..901afcc 100644
--- a/tests/collect-logs.yaml
+++ b/tests/collect-logs.yaml
@@ -37,10 +37,11 @@
       synchronize:
         dest: "{{ zuul.executor.log_root }}/logs"
         mode: pull
+        recursive: false
         rsync_opts:
           - "--relative"
         src: "{{ item }}"
         verify_host: true
       with_items:
-        - /etc/zuul
-        - /var/log/zuul
+        - /etc/zuul/*
+        - /var/log/zuul/*
diff --git a/tests/test.yaml b/tests/test.yaml
index 52fdec2..3643a71 100644
--- a/tests/test.yaml
+++ b/tests/test.yaml
@@ -32,6 +32,9 @@
       assert:
         that:
           - zuul_file_gearman_logging_conf
+          - zuul_file_gearman_ssl_ca
+          - zuul_file_gearman_ssl_cert
+          - zuul_file_gearman_ssl_key
           - zuul_file_executor_logging_conf
           - zuul_file_fingergw_logging_conf
           - zuul_file_merger_logging_conf
@@ -135,6 +138,48 @@
           - zuul_conf_stat.stat.pw_name == 'zuul-test'
           - zuul_conf_stat.stat.gr_name == 'zuul-test'
 
+    - name: Register /etc/zuul/ssl/root-ca.pem
+      stat:
+        path: /etc/zuul/ssl/root-ca.pem
+      register: _zuul_file_gearman_ssl_ca_stat
+
+    - name: Assert _zuul_file_gearman_ssl_ca_stat tests.
+      assert:
+        that:
+          - _zuul_file_gearman_ssl_ca_stat.stat.exists
+          - _zuul_file_gearman_ssl_ca_stat.stat.isreg
+          - _zuul_file_gearman_ssl_ca_stat.stat.pw_name == 'zuul-test'
+          - _zuul_file_gearman_ssl_ca_stat.stat.gr_name == 'zuul-test'
+          - _zuul_file_gearman_ssl_ca_stat.stat.mode == '0644'
+
+    - name: Register /etc/zuul/ssl/client.pem
+      stat:
+        path: /etc/zuul/ssl/client.pem
+      register: _zuul_file_gearman_ssl_cert_stat
+
+    - name: Assert _zuul_file_gearman_ssl_cert_stat tests.
+      assert:
+        that:
+          - _zuul_file_gearman_ssl_cert_stat.stat.exists
+          - _zuul_file_gearman_ssl_cert_stat.stat.isreg
+          - _zuul_file_gearman_ssl_cert_stat.stat.pw_name == 'zuul-test'
+          - _zuul_file_gearman_ssl_cert_stat.stat.gr_name == 'zuul-test'
+          - _zuul_file_gearman_ssl_cert_stat.stat.mode == '0644'
+
+    - name: Register /etc/zuul/ssl/client.key
+      stat:
+        path: /etc/zuul/ssl/client.key
+      register: _zuul_file_gearman_ssl_key_stat
+
+    - name: Assert _zuul_file_gearman_ssl_key_stat tests.
+      assert:
+        that:
+          - _zuul_file_gearman_ssl_key_stat.stat.exists
+          - _zuul_file_gearman_ssl_key_stat.stat.isreg
+          - _zuul_file_gearman_ssl_key_stat.stat.pw_name == 'zuul-test'
+          - _zuul_file_gearman_ssl_key_stat.stat.gr_name == 'zuul-test'
+          - _zuul_file_gearman_ssl_key_stat.stat.mode == '0600'
+
     - name: Register /etc/systemd/system/zuul-executor.service.d/override.conf
       stat:
         path: /etc/systemd/system/zuul-executor.service.d/override.conf