2022-09-04 12:51:07 +00:00
|
|
|
- name: Configure fallback name resolution
|
2022-08-30 12:39:01 +00:00
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /etc/hosts
|
2023-01-25 09:28:28 +00:00
|
|
|
line: "{{ vapp['guestinfo.ipaddress'] }} {{ item ~ '.' ~ vapp['metacluster.fqdn'] }}"
|
2022-08-30 12:39:01 +00:00
|
|
|
state: present
|
|
|
|
loop:
|
|
|
|
# TODO: Make this list dynamic
|
2022-08-30 19:14:51 +00:00
|
|
|
- ca
|
2022-08-30 12:39:01 +00:00
|
|
|
- git
|
|
|
|
- gitops
|
|
|
|
- ingress
|
|
|
|
- registry
|
|
|
|
- storage
|
2023-01-29 11:43:55 +00:00
|
|
|
|
|
|
|
- name: Initialize tempfile
|
|
|
|
ansible.builtin.tempfile:
|
|
|
|
state: file
|
|
|
|
register: stepca_password
|
|
|
|
|
|
|
|
- name: Store password in tempfile
|
|
|
|
ansible.builtin.copy:
|
|
|
|
dest: "{{ stepca_password.path }}"
|
|
|
|
content: "{{ vapp['metacluster.password'] }}"
|
|
|
|
no_log: true
|
|
|
|
|
|
|
|
- name: Generate root CA
|
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: >-
|
|
|
|
step ca init \
|
|
|
|
--helm \
|
|
|
|
--deployment-type=standalone \
|
|
|
|
--name=ca.{{ vapp['metacluster.fqdn'] }} \
|
|
|
|
--dns=ca.{{ vapp['metacluster.fqdn'] }} \
|
|
|
|
--dns=step-certificates.step-ca.svc.cluster.local \
|
|
|
|
--dns=127.0.0.1 \
|
|
|
|
--address=:443 \
|
|
|
|
--provisioner=admin \
|
|
|
|
--acme \
|
|
|
|
--password-file={{ stepca_password.path }}
|
|
|
|
register: stepca_helmvalues
|
|
|
|
|
|
|
|
- name: Cleanup tempfile
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "{{ stepca_password.path }}"
|
|
|
|
state: absent
|
|
|
|
when: stepca_password.path is defined
|
|
|
|
|
|
|
|
- name: Store root CA certificate
|
|
|
|
ansible.builtin.copy:
|
|
|
|
dest: /usr/local/share/ca-certificates/root_ca.crt
|
|
|
|
content: "{{ (stepca_values.stdout | from_yaml).inject.certificates.root_ca }}"
|
|
|
|
|
|
|
|
- name: Update certificate truststore
|
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: update-ca-certificates
|