Add both the Root CA and the intermediate one into the mongodb CAfile.
This commit is contained in:
parent
871d540340
commit
e05ee8d07e
|
@ -49,7 +49,6 @@ mongodb_storage_engine: wiredTiger
|
||||||
|
|
||||||
mongodb_ssl_enabled: False
|
mongodb_ssl_enabled: False
|
||||||
mongodb_ssl_letsencrypt_managed: True
|
mongodb_ssl_letsencrypt_managed: True
|
||||||
mongodb_letsencrypt_download_ca_file: False
|
|
||||||
mongodb_ssl_letsencrypt_ca_url: 'https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt'
|
mongodb_ssl_letsencrypt_ca_url: 'https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt'
|
||||||
mongodb_ssl_letsencrypt_ca_dir: '{{ mongodb_ssl_cert_dir }}'
|
mongodb_ssl_letsencrypt_ca_dir: '{{ mongodb_ssl_cert_dir }}'
|
||||||
mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
||||||
|
@ -57,8 +56,8 @@ mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
||||||
mongodb_ssl_mode: requireSSL
|
mongodb_ssl_mode: requireSSL
|
||||||
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
||||||
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
||||||
# mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
||||||
mongodb_ssl_CA_file: '/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt'
|
mongodb_ssl_root_CA_file: '/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt'
|
||||||
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
||||||
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,11 @@
|
||||||
|
|
||||||
- name: Get the Letsencrypt CA file if there is no local copy yet
|
- name: Get the Letsencrypt CA file if there is no local copy yet
|
||||||
get_url: url={{ mongodb_ssl_letsencrypt_ca_url }} dest={{ mongodb_ssl_cert_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}
|
get_url: url={{ mongodb_ssl_letsencrypt_ca_url }} dest={{ mongodb_ssl_cert_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}
|
||||||
when: mongodb_letsencrypt_download_ca_file
|
register: build_mongo_ca_file
|
||||||
|
|
||||||
|
- name: Add the Root CA certificate to the mongodb CA file
|
||||||
|
command: cat {{ mongodb_ssl_root_CA_file }} >> {{ mongodb_ssl_cert_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}
|
||||||
|
when: build_mongo_ca_file is changed
|
||||||
|
|
||||||
- name: Verify if the mongodb pem file exists
|
- name: Verify if the mongodb pem file exists
|
||||||
stat: path={{ mongodb_ssl_certkey_file }}
|
stat: path={{ mongodb_ssl_certkey_file }}
|
||||||
|
|
Loading…
Reference in New Issue