Skip to content
Snippets Groups Projects
Commit dcd97881 authored by Bo-Chun Chen's avatar Bo-Chun Chen
Browse files

feat: add ssl_cert role

parent 8a799a3e
No related branches found
No related tags found
2 merge requests!147Fix http proxy cert,!117This MR merges the feat-hpc-factory branch, which was focused on building and deploying proxy images for the COD cluster.
Hide whitespace changes
Inline Side-by-side
ansible/cluster.yml
+ 1
0
View file @ dcd97881
...@@ -9,4 +9,5 @@ ...@@ -9,4 +9,5 @@
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client } - { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
- { name: 'ssh_host_keys', tags: 'ssh_host_keys' } - { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
- { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config } - { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
- { name: 'ssl_cert', tags: 'ssl_cert' }
- { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config } - { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
ansible/roles/ssl_cert/tasks/main.yaml 0 → 100644
+ 46
0
View file @ dcd97881
---
- name: Download SSL Certs from S3
aws_s3:
mode: get
s3_url: "{{ S3_ENDPOINT }}"
bucket: "{{ ssl_cert_s3_bucket }}"
object: "{{ item }}"
dest: "{{ ssl_cert_file_location }}/{{ item }}"
aws_access_key: "{{ LTS_ACCESS_KEY }}"
aws_secret_key: "{{ LTS_SECRET_KEY }}"
vars:
ansible_python_interpreter: /usr/bin/python3
when: ssl_cert_s3_bucket | length > 0 and item | length > 0
loop:
- "{{ ssl_cert_file }}"
- "{{ ssl_cert_chain_file }}"
- name: Download SSL key from S3
aws_s3:
mode: get
s3_url: "{{ S3_ENDPOINT }}"
bucket: "{{ ssl_cert_s3_bucket }}"
object: "{{ ssl_cert_key }}"
dest: "{{ ssl_cert_key_location }}/{{ ssl_cert_key }}"
aws_access_key: "{{ LTS_ACCESS_KEY }}"
aws_secret_key: "{{ LTS_SECRET_KEY }}"
vars:
ansible_python_interpreter: /usr/bin/python3
when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0
- name: Update SSL in Apache config
ansible.builtin.replace:
path: "{{ ssl_apache_config }}"
regexp: "{{ item.regexp }}"
replace: "\\1 {{ item.location }}/{{ item.value }}"
backup: true
when: ssl_apache_config | length > 0 and item.value | length > 0
loop:
- { regexp: "#?(SSLCertificateFile).*$", location: "{{ ssl_cert_file_location }}", value: "{{ ssl_cert_file }}" }
- { regexp: "#?(SSLCertificateChainFile).*$", location: "{{ ssl_cert_file_location }}", value: "{{ ssl_cert_chain_file }}" }
- { regexp: "#?(SSLCertificateKeyFile).*$", location: "{{ ssl_cert_key_location }}", value: "{{ ssl_cert_key }}" }
- name: Restart apache service
ansible.builtin.service:
name: "{{ apache_service }}"
state: restarted
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment