search

redhat-cop / automate-tower-ha-dr

Configure High Availability and/or Disaster Recovery on a Tower Cluster
MIT License
63 stars 38 forks source link

Recommend addition of ssl cert copy feature #19

Closed jesseborden closed 4 years ago

jesseborden commented 4 years ago

Recommend creating a root folder for ssl certs then at the top of the tower-setup.yml copy the certs into the roles/nginx/files, roles/postgres/files, and roles/ca_cert/files directories. In this example, the folder is sslcerts, which is added to the root directory.

This can be consolidated most likely using a loop, but:

- name: Create directories for various ssl certs
    file: 
      path: "{{item}}"
      state: directory
    with_items:
      - "{{ playbook_dir }}/{{ tower_installer_current }}/roles/ca_cert/files"
      - "{{ playbook_dir }}/{{ tower_installer_current }}/roles/nginx/files"
      - "{{ playbook_dir }}/{{ tower_installer_current }}/roles/postgres/files"

  - name: Copy CA certs from root directory
    copy:
      src: "{{ item }}"
      dest: "{{ playbook_dir }}/{{ tower_installer_current }}/roles/ca_cert/files/"
      owner: "root"
      mode: 0600
    with_fileglob:
      - "sslcerts/CA/*"

  - name: Copy postgresql certs from root directory
    copy:
      src: "{{ item }}"
      dest: "{{ playbook_dir }}/{{ tower_installer_current }}/roles/postgres/files/"
      owner: "root"
      mode: 0600
    with_fileglob:
      - "sslcerts/postgres/*"

  - name: Copy nginx certs from root directory
    copy:
      src: "{{ item }}"
      dest: "{{ playbook_dir }}/{{ tower_installer_current }}/roles/nginx/files/"
      owner: "root"
      mode: 0600
    with_fileglob:
      - "sslcerts/nginx/*"

Another option is to change the .ini inventory files to yaml so that perhaps jinja templating could be used.

jesseborden commented 4 years ago

Closing for lack of interest.