`TASK [dare.common.microk8s : read in given tls.crt to variable]` now fails for monolithic deployment

[mikej888]

Running monolithic_mk8s_example/1-vm-setup-and-deploy.yaml (originally from DARE-SeRP-Dev-Deployment Version: 43f688f (Thu Sep 14 17:15:42 2023 +0100) main branch) now fails with the current dare.common collection.

$ ansible-galaxy install -r requirements.yaml 
Cloning into '/home/ubuntu/.ansible/tmp/ansible-local-103006_rp_t2rm/tmp94xn4jbl/DARE-Teleportcgtcu3jt'...
...
dare.common:1.1.0 was installed successfully

$ ansible-playbook -i inventories/eidf-tre-teleport.yaml 1-vm-setup-and-deploy-epcc.yaml -v
...
TASK [dare.common.microk8s : read in given tls.crt to variable] ****************
fatal: [single_host]: FAILED! => {"msg": "The 'file' lookup had an issue accessing the file ''. an error occurred while trying to read the file '/home/ubuntu/.ansible/collections/ansible_collections/dare/common/roles/microk8s/files/': [Errno 21] Is a directory: b'/home/ubuntu/.ansible/collections/ansible_collections/dare/common/roles/microk8s/files'. [Errno 21] Is a directory: b'/home/ubuntu/.ansible/collections/ansible_collections/dare/common/roles/microk8s/files'"}

PLAY RECAP *********************************************************************
single_host                : ok=16   changed=9    unreachable=0    failed=1    skipped=6    rescued=0    ignored=0   

The dare.common version I'd used up to now just predated commit 0df324f, Tue Oct 3 11:52:38 2023 +0100 fix(prom-stack): use server side apply for argo due to bundle size (#95).

From the commits after that it seems the problem is due to changes at commit f35d8f5, Wed Oct 11 12:53:06 2023 +0100 feat(mk8s): configure cert-manager with clusterIssuer as part of microk8s installation (#100).

[mikej888]

It looked like the playbook now needs to provide values for cert_manager_tls_cert_file and cert_manager_tls_key_file

I createda self-signed private key and public certificate with 1 year validity:

$ openssl req -x509 -newkey rsa:4096 -keyout teleport-key.pem -out teleport-cert.pem \
  -sha256 -days 365 -nodes \
  -subj "/C=UK/ST=Scotland/L=Edinburgh/O=UniversityOfEdinburgh/OU=EPCC/CN=teleport"

I updated 1-vm-setup-and-deploy.yaml:

    ##############################
    #### dare.common.microk8s ####
    ##############################

    # plugins to enable for microk8s
    microk8s_plugins:
      dns: true
      ingress: true
      cert-manager: true
      hostpath-storage: true
...
+    cert_manager_tls_cert_file: "teleport-cert.pem"
+    cert_manager_tls_key_file: "teleport-key.pem"

Reran playbook:

$ ansible-playbook -i inventories/eidf-tre-teleport.yaml 1-vm-setup-and-deploy.yaml -v
...
PLAY RECAP *********************************************************************
single_host                : ok=115  changed=49   unreachable=0    failed=0    skipped=44   rescued=0    ignored=1   

Is creating the certificate and keys in this way what was required? Thanks!