42 lines
1.6 KiB
YAML
42 lines
1.6 KiB
YAML
- name: Check if gearman tls cert is already created
|
|
set_fact:
|
|
gearman_certs: "{{ lookup('k8s', api_version='v1', kind='Secret', namespace=namespace, resource_name=zuul_name + '-gearman-tls') }}"
|
|
|
|
- name: Generate and store certs
|
|
when:
|
|
- not cert_manager
|
|
- gearman_certs.data is not defined
|
|
block:
|
|
- name: Generate certs
|
|
command: "{{ item }}"
|
|
loop:
|
|
# CA
|
|
- "openssl req -new -newkey rsa:2048 -nodes -keyout ca-{{ zuul_name }}.key -x509 -days 3650 -out ca-{{ zuul_name }}.pem -subj '/C=US/ST=Texas/L=Austin/O=Zuul/CN=gearman-ca'"
|
|
# Client
|
|
- "openssl req -new -newkey rsa:2048 -nodes -keyout client-{{ zuul_name }}.key -out client-{{ zuul_name }}.csr -subj '/C=US/ST=Texas/L=Austin/O=Zuul/CN=client-{{ zuul_name }}'"
|
|
- "openssl x509 -req -days 3650 -in client-{{ zuul_name }}.csr -out client-{{ zuul_name }}.pem -CA ca-{{ zuul_name }}.pem -CAkey ca-{{ zuul_name }}.key -CAcreateserial"
|
|
|
|
- name: Create k8s secret
|
|
community.kubernetes.k8s:
|
|
state: "{{ state }}"
|
|
namespace: "{{ namespace }}"
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: "{{ zuul_name }}-gearman-tls"
|
|
stringData:
|
|
ca.crt: "{{ lookup('file', 'ca-' + zuul_name + '.pem') }}"
|
|
tls.key: "{{ lookup('file', 'client-' + zuul_name + '.key') }}"
|
|
tls.crt: "{{ lookup('file', 'client-' + zuul_name + '.pem') }}"
|
|
|
|
- name: Write client certs locally
|
|
when: gearman_certs.data is defined
|
|
copy:
|
|
content: "{{ gearman_certs.data[item] | b64decode }}"
|
|
dest: "{{ item }}"
|
|
loop:
|
|
- ca.crt
|
|
- tls.key
|
|
- tls.crt
|