Update RHV Certificates
This commit is contained in:
Patrick Toal
@@ -9,6 +9,7 @@
|
|||||||
acme_email: ptoal@takeflight.ca
|
acme_email: ptoal@takeflight.ca
|
||||||
challenge: dns-01
|
challenge: dns-01
|
||||||
dns_provider: dme
|
dns_provider: dme
|
||||||
|
root_certificate: https://letsencrypt.org/certs/trustid-x3-root.pem.txt
|
||||||
domains:
|
domains:
|
||||||
- rhv.mgmt.toal.ca
|
- rhv.mgmt.toal.ca
|
||||||
|
|
||||||
@@ -16,6 +17,7 @@
|
|||||||
- name: Ensure Let's Encrypt Account Exists
|
- name: Ensure Let's Encrypt Account Exists
|
||||||
acme_account:
|
acme_account:
|
||||||
state: present
|
state: present
|
||||||
|
acme_directory: "{{ acme_directory }}"
|
||||||
terms_agreed: true
|
terms_agreed: true
|
||||||
allow_creation: true
|
allow_creation: true
|
||||||
contact:
|
contact:
|
||||||
@@ -26,12 +28,82 @@
|
|||||||
- acme-certificate
|
- acme-certificate
|
||||||
|
|
||||||
|
|
||||||
# - name: Install custom CA Certificate in RHV-M
|
- name: Install custom CA Certificate in RHV-M
|
||||||
# hosts: rhv.lab.toal.ca
|
hosts: rhv.mgmt.toal.ca
|
||||||
|
become: true
|
||||||
|
|
||||||
# tasks:
|
tasks:
|
||||||
# - name: Download LetsEncrypt Root/Intermediate Certificates
|
- name: Certificate trust in store
|
||||||
|
copy:
|
||||||
|
src: "{{ acme_rootchain_file }}"
|
||||||
|
dest: /etc/pki/ca-trust/source/anchors/
|
||||||
|
register: rootchain_result
|
||||||
|
notify: restart httpd
|
||||||
|
|
||||||
|
- name: Certificate store updated
|
||||||
|
command: /usr/bin/update-ca-trust
|
||||||
|
when: rootchain_result.changed
|
||||||
|
notify: restart httpd
|
||||||
|
|
||||||
|
- name: CA Rootchain in Apache config
|
||||||
|
copy:
|
||||||
|
src: "{{ acme_rootchain_file }}"
|
||||||
|
dest: /etc/pki/ovirt-engine/apache-ca.pem
|
||||||
|
backup: yes
|
||||||
|
notify: restart httpd
|
||||||
|
|
||||||
|
- name: Private key installed
|
||||||
|
copy:
|
||||||
|
src: "{{ acme_key_file }}"
|
||||||
|
dest: /etc/pki/ovirt-engine/keys/apache.key.nopass
|
||||||
|
backup: yes
|
||||||
|
notify: restart httpd
|
||||||
|
|
||||||
|
- name: Certificate installed
|
||||||
|
copy:
|
||||||
|
src: "{{ acme_cert_file }}"
|
||||||
|
dest: /etc/pki/ovirt-engine/certs/apache.cer
|
||||||
|
backup: yes
|
||||||
|
notify: restart httpd
|
||||||
|
|
||||||
|
- name: Trust Store Configuration
|
||||||
|
copy:
|
||||||
|
dest: /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf
|
||||||
|
content: |
|
||||||
|
ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
|
||||||
|
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""
|
||||||
|
notify:
|
||||||
|
- restart ovn
|
||||||
|
- restart ovirt-engine
|
||||||
|
|
||||||
|
- name: Websocket Proxy configuration
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
|
||||||
|
state: present
|
||||||
|
backup: yes
|
||||||
|
line: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache.cer
|
||||||
|
- SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
|
||||||
|
notify:
|
||||||
|
- restart ovn
|
||||||
|
- restart ovirt-engine
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: restart httpd
|
||||||
|
service:
|
||||||
|
name: httpd
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart ovn
|
||||||
|
service:
|
||||||
|
name: ovirt-provider-ovn
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart ovirt-engine
|
||||||
|
service:
|
||||||
|
name: ovirt-engine
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
|
||||||
- name: Create RHV/ovirt VLANs
|
- name: Create RHV/ovirt VLANs
|
||||||
@@ -53,4 +125,4 @@
|
|||||||
loop: "{{ ovirt_networks }}"
|
loop: "{{ ovirt_networks }}"
|
||||||
register: networkinfo
|
register: networkinfo
|
||||||
|
|
||||||
- debug: msg="{{networkinfo}}"
|
- debug: msg="{{networkinfo}}"
|
||||||
Reference in New Issue
Block a user