forked from ISTI-ansible-roles/ansible-roles
Use the Root letsencrypt CA certificate. See https://support.d4science.org/issues/12443#note-16
This commit is contained in:
parent
6cfef59871
commit
1f5f775ae2
|
@ -49,6 +49,7 @@ mongodb_storage_engine: wiredTiger
|
||||||
|
|
||||||
mongodb_ssl_enabled: False
|
mongodb_ssl_enabled: False
|
||||||
mongodb_ssl_letsencrypt_managed: True
|
mongodb_ssl_letsencrypt_managed: True
|
||||||
|
mongodb_letsencrypt_download_ca_file: False
|
||||||
mongodb_ssl_letsencrypt_ca_url: 'https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt'
|
mongodb_ssl_letsencrypt_ca_url: 'https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt'
|
||||||
mongodb_ssl_letsencrypt_ca_dir: '{{ mongodb_ssl_cert_dir }}'
|
mongodb_ssl_letsencrypt_ca_dir: '{{ mongodb_ssl_cert_dir }}'
|
||||||
mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
||||||
|
@ -56,7 +57,8 @@ mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
||||||
mongodb_ssl_mode: requireSSL
|
mongodb_ssl_mode: requireSSL
|
||||||
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
||||||
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
||||||
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
# mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
||||||
|
mongodb_ssl_CA_file: '/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt'
|
||||||
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
||||||
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,9 @@
|
||||||
- name: Create the mongodb certificate directory
|
- name: Create the mongodb certificate directory
|
||||||
file: dest={{ mongodb_ssl_cert_dir }} state=directory owner=root group=mongodb mode=0750
|
file: dest={{ mongodb_ssl_cert_dir }} state=directory owner=root group=mongodb mode=0750
|
||||||
|
|
||||||
- name: Get the Letsencrypt CA file
|
- name: Get the Letsencrypt CA file if there is no local copy yet
|
||||||
get_url: url={{ mongodb_ssl_letsencrypt_ca_url }} dest={{ mongodb_ssl_cert_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}
|
get_url: url={{ mongodb_ssl_letsencrypt_ca_url }} dest={{ mongodb_ssl_cert_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}
|
||||||
|
when: mongodb_letsencrypt_download_ca_file
|
||||||
|
|
||||||
- name: Verify if the mongodb pem file exists
|
- name: Verify if the mongodb pem file exists
|
||||||
stat: path={{ mongodb_ssl_certkey_file }}
|
stat: path={{ mongodb_ssl_certkey_file }}
|
||||||
|
|
|
@ -41,17 +41,13 @@
|
||||||
- block:
|
- block:
|
||||||
- name: Install/Update the mongodb configuration
|
- name: Install/Update the mongodb configuration
|
||||||
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes
|
template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes
|
||||||
when: mongodb_install_server or mongodb_install_conf or mongodb_update_conf
|
when: mongodb_install_conf or mongodb_update_conf
|
||||||
notify: Restart mongodb
|
notify: Restart mongodb
|
||||||
|
|
||||||
|
when: mongodb_install_server
|
||||||
tags: [ 'mongodb', 'mongodb_update_conf' ]
|
tags: [ 'mongodb', 'mongodb_update_conf' ]
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
# - name: Install the mongodb configuration
|
|
||||||
# template: src=mongod-{{ mongodb_version }}.conf.j2 dest=/etc/mongod.conf owner=root group=root mode=0444 backup=yes
|
|
||||||
# when: mongodb_install_conf
|
|
||||||
# notify: Restart mongodb
|
|
||||||
|
|
||||||
- name: We are upgrading, install the latest version of the mongodb packages
|
- name: We are upgrading, install the latest version of the mongodb packages
|
||||||
apt: pkg={{ item }} state=latest update_cache=yes cache_valid_time=1800
|
apt: pkg={{ item }} state=latest update_cache=yes cache_valid_time=1800
|
||||||
with_items: '{{ mongodb_server_pkgs }}'
|
with_items: '{{ mongodb_server_pkgs }}'
|
||||||
|
|
Loading…
Reference in New Issue