Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 393f5007dceabf16e80da0b3a3a9fc53f66abb8a / . / roles / certificates / tasks / main.yml
blob: cfbaca330f38c5a466c1a1bc7136d27352387111 [file] [log] [blame]
Mohammed Naser57b53392022-09-30 19:39:07 +0000[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15- name: Bootstrap PKI
16 block:
17 - name: Wait till the secret is created
18 kubernetes.core.k8s_info:
19 api_version: v1
20 kind: Secret
Mohammed Naser6e557c82022-10-01 20:10:13 +0000[diff] [blame]21 name: "{{ (atmosphere_issuer_config.type == 'self-signed') | ternary('cert-manager-selfsigned-ca', 'cert-manager-issuer-ca') }}"
Mohammed Naser57b53392022-09-30 19:39:07 +0000[diff] [blame]22 namespace: openstack
23 wait: true
24 wait_sleep: 1
25 wait_timeout: 300
26 register: _openstack_helm_root_secret
Mohammed Naser57b53392022-09-30 19:39:07 +0000[diff] [blame]27
28 - name: Copy CA certificate on host
29 ansible.builtin.copy:
30 content: "{{ _openstack_helm_root_secret.resources[0].data['tls.crt'] | b64decode }}"
31 dest: "/usr/local/share/ca-certificates/self-signed-osh-ca.crt"
32 mode: "0644"
33
34 - name: Update CA certificates on host
35 ansible.builtin.command:
36 cmd: update-ca-certificates
37 changed_when: false
38 when:
Mohammed Naser625b1e42022-09-30 22:09:10 +0000[diff] [blame]39 - atmosphere_issuer_config.type is defined
40 - atmosphere_issuer_config.type in ("self-signed", "ca")