initial commit
This commit is contained in:
parent
fa2ac0d2fe
commit
4642a463a1
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
pve_nodes:
|
||||
- node1
|
||||
pve_tls_enabled: False
|
||||
pve_tls_source_use_content: False
|
||||
pve_tls_source_use_files: True
|
||||
pve_tls_cert_source: mycert.pem
|
||||
pve_tls_key_source: mykey.pem
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: Restart pveproxy
|
||||
service:
|
||||
state: restarted
|
||||
name: pveproxy
|
||||
listen:
|
||||
- __pveproxy_restart
|
||||
become: True
|
||||
become_user: root
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: xoxys
|
||||
description: Role to configure pve
|
||||
license: MIT
|
||||
min_ansible_version: 2.4
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
galaxy_tags:
|
||||
- pve
|
||||
- kvm
|
||||
- proxmox
|
||||
- virtual
|
||||
dependencies:
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- include_tasks: tls.yml
|
||||
when: pve_tls_enabled
|
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
- block:
|
||||
- name: Create pki folder structure
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
recurse: True
|
||||
with_items:
|
||||
- /etc/pki/tls/certs
|
||||
- /etc/pki/tls/private
|
||||
|
||||
- name: Copy certs and private key (file)
|
||||
copy:
|
||||
src: "{{ item.0.source }}"
|
||||
dest: "{{ item.0.path }}/{{ item.0.name }}"
|
||||
mode: "{{ item.0.mode }}"
|
||||
with_subelements:
|
||||
- "{{ __pve_certificates }}"
|
||||
- nodes
|
||||
loop_control:
|
||||
label: "{{ item.0.path }}/{{ item.0.name }}"
|
||||
register: __pve_copy_cert
|
||||
when: pve_tls_source_use_files
|
||||
|
||||
- name: Copy certs and private key (content)
|
||||
copy:
|
||||
content: "{{ item.0.source }}"
|
||||
dest: "{{ item.0.path }}/{{ item.0.name }}"
|
||||
mode: "{{ item.0.mode }}"
|
||||
with_subelements:
|
||||
- "{{ __pve_certificates }}"
|
||||
- nodes
|
||||
loop_control:
|
||||
label: "{{ item.0.path }}/{{ item.0.name }}"
|
||||
register: __pve_copy_cert
|
||||
when: pve_tls_source_use_content
|
||||
|
||||
- debug:
|
||||
msg: __pve_copy_cert
|
||||
|
||||
# - name: Copy cert/key to pve filesystem
|
||||
# command: "/bin/cp -rf {{ item.0.path }}/{{ item.0.name }} /etc/pve/nodes/{{ item.1 }}/{{ item.0.name }}"
|
||||
# with_subelements:
|
||||
# - "{{ __pve_certificates }}"
|
||||
# - nodes
|
||||
# when: __pve_copy_cert.changed
|
||||
# changed_when: __pve_copy_cert.changed
|
||||
# notify: __pveproxy_restart
|
||||
become: True
|
||||
become_user: root
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
__pve_certificates:
|
||||
cert:
|
||||
name: pveproxy-ssl.pem
|
||||
path: /etc/pki/tls/certs
|
||||
source: "{{ pve_tls_cert_source }}"
|
||||
nodes: "{{ pve_nodes }}"
|
||||
mode: 0750
|
||||
key:
|
||||
name: pveproxy-ssl.key
|
||||
path: /etc/pki/tls/private
|
||||
source: "{{ pve_tls_key_source }}"
|
||||
nodes: "{{ pve_nodes }}"
|
||||
mode: 0600
|
Loading…
Reference in New Issue