forked from ISTI-ansible-roles/ansible-roles
mongodb: Download and place the letsencrypt CA into the system. mongodb wants exactly one CA.
This commit is contained in:
parent
cef10792a0
commit
6a0878dd9a
|
@ -50,10 +50,13 @@ mongodb_storage_engine: wiredTiger
|
|||
|
||||
mongodb_ssl_enabled: False
|
||||
mongodb_ssl_letsencrypt_managed: True
|
||||
mongodb_ssl_letsencrypt_ca_url: 'https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt'
|
||||
mongodb_ssl_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
||||
# Options: disabled, requireSSL, allowSSL, preferSSL
|
||||
mongodb_ssl_mode: requireSSL
|
||||
mongodb_ssl_certkey_file: /etc/pki/mongodb/mongodb.pem
|
||||
mongodb_ssl_CA_file: /etc/ssl/certs/ca-certificates.crt
|
||||
mongodb_ssl_cert_dir: /etc/pki/mongodb
|
||||
mongodb_ssl_certkey_file: '{{ mongodb_ssl_cert_dir }}/mongodb.pem'
|
||||
mongodb_ssl_CA_file: '{{ mongodb_ssl_letsencrypt_ca_filename }}'
|
||||
mongodb_ssl_allowConnectionsWithoutCertificates: 'true'
|
||||
mongodb_ssl_disabled_protocols: 'TLS1_0,TLS1_1'
|
||||
|
||||
|
|
|
@ -6,6 +6,12 @@
|
|||
- name: Install a script that fix the letsencrypt certificate for mongodb and then reload the service
|
||||
template: src=mongodb-letsencrypt-acmetool.sh dest={{ letsencrypt_acme_services_scripts_dir }}/mongodb owner=root group=root mode=4555
|
||||
|
||||
- name: Create the mongodb certificate directory
|
||||
file: dest={{ mongodb_ssl_cert_dir }} state=directory owner=root group=mongodb mode=0750
|
||||
|
||||
- name: Get the Letsencrypt CA file
|
||||
get_url: url={{ mongodb_ssl_letsencrypt_ca_url }} dest={{ mongodb_ssl_cert_dir }}/{{ mongodb_ssl_letsencrypt_ca_filename }}
|
||||
|
||||
- name: Verify if the mongodb pem file exists
|
||||
stat: path={{ mongodb_ssl_certkey_file }}
|
||||
register: mongodb_pem
|
||||
|
|
Loading…
Reference in New Issue