fix: add back tls cert handling
Some checks failed
ci/woodpecker/push/lint Pipeline failed
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/notify Pipeline was successful

This commit is contained in:
Robert Kaussow 2024-07-14 13:53:57 +02:00
parent a11faf29ca
commit 69e2aa435b
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
4 changed files with 51 additions and 0 deletions

View File

@ -2,6 +2,10 @@
pve_nodes: pve_nodes:
- node1 - node1
pve_tls_enabled: False
pve_tls_cert_source: mycert.pem
pve_tls_key_source: mykey.pem
pve_pamd_motd_enabled: True pve_pamd_motd_enabled: True
pve_disk_mount: [] pve_disk_mount: []

8
handlers/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: Restart pveproxy
service:
state: restarted
name: pveproxy
listen: __pveproxy_restart
become: True
become_user: root

View File

@ -2,3 +2,6 @@
- ansible.builtin.import_tasks: pve.yml - ansible.builtin.import_tasks: pve.yml
- ansible.builtin.import_tasks: pam.yml - ansible.builtin.import_tasks: pam.yml
- ansible.builtin.import_tasks: auth.yml - ansible.builtin.import_tasks: auth.yml
- ansible.builtin.import_tasks: tls.yml
when: pve_tls_enabled | bool
tags: tls_renewal

36
tasks/tls.yml Normal file
View File

@ -0,0 +1,36 @@
---
- block:
- name: Create pki folder structure
file:
path: "{{ item }}"
state: directory
recurse: True
loop:
- /etc/pki/tls/certs
- /etc/pki/tls/private
- name: Copy certs and private key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: "{{ pve_tls_cert_source }}"
dest: "/etc/pki/tls/certs/pveproxy-ssl.pem"
mode: "0750"
- src: "{{ pve_tls_key_source }}"
dest: "/etc/pki/tls/private/pveproxy-ssl.key"
mode: "0600"
loop_control:
label: "{{ item.dest }}"
register: __pve_tls_copy
- name: Copy cert/key to pve filesystem
command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
changed_when: item[0].changed
loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
loop_control:
label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
notify: __pveproxy_restart
become: True
become_user: root