| | |
| | | quay_ssl_key_file: "{{ quay_ssl_key_file }}" |
| | | when: quay_ssl_enable|bool and (quay_ssl_key_file is defined and quay_ssl_key_file|trim != "" and quay_ssl_cert_file is defined and quay_ssl_cert_file|trim != "") |
| | | |
| | | - name: Create SSL Certificates |
| | | - name: Create Self Signed SSL Certificates |
| | | block: |
| | | - name: Create Temporary SSL Directory |
| | | command: mktemp -d /tmp/quay-ssl-XXXXXXX |
| | | register: quay_ssl_remote_tmp_dir_mktemp |
| | | delegate_to: "{{ groups['quay_enterprise'][0] }}" |
| | | when: quay_ssl_remote_tmp_dir is undefined and quay_ssl_remote_tmp_dir|trim == "" |
| | | - name: Create Temporary SSL Directory |
| | | command: mktemp -d /tmp/quay-ssl-XXXXXXX |
| | | register: quay_ssl_remote_tmp_dir_mktemp |
| | | delegate_to: "{{ groups['quay_enterprise'][0] }}" |
| | | when: quay_ssl_remote_tmp_dir is undefined and quay_ssl_remote_tmp_dir|trim == "" |
| | | |
| | | - name: Set Fact for Remote SSL Directory |
| | | set_fact: |
| | | quay_ssl_remote_tmp_dir: "{{ quay_ssl_remote_tmp_dir if quay_ssl_remote_tmp_dir is defined and quay_ssl_remote_tmp_dir|trim == '' else quay_ssl_remote_tmp_dir_mktemp.stdout }}" |
| | | when: quay_ssl_remote_tmp_dir is undefined and quay_ssl_remote_tmp_dir|trim == "" |
| | | - name: Set Fact for Remote SSL Directory |
| | | set_fact: |
| | | quay_ssl_remote_tmp_dir: "{{ quay_ssl_remote_tmp_dir if quay_ssl_remote_tmp_dir is defined and quay_ssl_remote_tmp_dir|trim == '' else quay_ssl_remote_tmp_dir_mktemp.stdout }}" |
| | | when: quay_ssl_remote_tmp_dir is undefined and quay_ssl_remote_tmp_dir|trim == "" |
| | | |
| | | - name: Create SSL Certificate |
| | | command: openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ quay_ssl_remote_tmp_dir }}/ssl.key -out {{ quay_ssl_remote_tmp_dir }}/ssl.cert -subj "/C={{ quay_ssl_generate_country }}/ST={{ quay_ssl_generate_state }}/L={{ quay_ssl_generate_city }}/O={{ quay_ssl_generate_organization }}/OU={{ quay_ssl_generate_organizational_unit }}/CN={{ quay_server_hostname }}" -days {{ quay_ssl_generate_days_validity }} |
| | | delegate_to: "{{ groups['quay_enterprise'][0] }}" |
| | | - name: Create SSL Certificate |
| | | command: openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ quay_ssl_remote_tmp_dir }}/ssl.key -out {{ quay_ssl_remote_tmp_dir }}/ssl.cert -subj "/C={{ quay_ssl_generate_country }}/ST={{ quay_ssl_generate_state }}/L={{ quay_ssl_generate_city }}/O={{ quay_ssl_generate_organization }}/OU={{ quay_ssl_generate_organizational_unit }}/CN={{ quay_server_hostname }}" -days {{ quay_ssl_generate_days_validity }} |
| | | delegate_to: "{{ groups['quay_enterprise'][0] }}" |
| | | |
| | | - name: Fetch SSL Certifictes |
| | | fetch: |
| | | src: "{{ item.src }}" |
| | | dest: "{{ item.dest }}" |
| | | flat: true |
| | | fail_on_missing: yes |
| | | delegate_to: "{{ groups['quay_enterprise'][0] }}" |
| | | run_once: true |
| | | with_items: |
| | | - { src: "{{ quay_ssl_remote_tmp_dir }}/ssl.key", dest: "{{ quay_ssl_local_tmp_dir }}/ssl.key" } |
| | | - { src: "{{ quay_ssl_remote_tmp_dir }}/ssl.cert", dest: "{{ quay_ssl_local_tmp_dir }}/ssl.cert" } |
| | | - name: Fetch SSL Certifictes |
| | | fetch: |
| | | src: "{{ item.src }}" |
| | | dest: "{{ item.dest }}" |
| | | flat: true |
| | | fail_on_missing: yes |
| | | delegate_to: "{{ groups['quay_enterprise'][0] }}" |
| | | run_once: true |
| | | with_items: |
| | | - { src: "{{ quay_ssl_remote_tmp_dir }}/ssl.key", dest: "{{ quay_ssl_local_tmp_dir }}/ssl.key" } |
| | | - { src: "{{ quay_ssl_remote_tmp_dir }}/ssl.cert", dest: "{{ quay_ssl_local_tmp_dir }}/ssl.cert" } |
| | | |
| | | - name: Delete Remote SSL Certificates |
| | | file: |
| | | state: absent |
| | | path: "{{ quay_ssl_remote_tmp_dir }}" |
| | | delegate_to: "{{ groups['quay_enterprise'][0] }}" |
| | | - name: Set Fact for Custom SSL Certificates |
| | | set_fact: |
| | | quay_ssl_cert_file: "{{ quay_ssl_local_tmp_dir }}/ssl.cert" |
| | | quay_ssl_key_file: "{{ quay_ssl_local_tmp_dir }}/ssl.key" |
| | | |
| | | - name: Set Fact for Custom SSL Certificates |
| | | set_fact: |
| | | quay_ssl_cert_file: "{{ quay_ssl_local_tmp_dir }}/ssl.cert" |
| | | quay_ssl_key_file: "{{ quay_ssl_local_tmp_dir }}/ssl.key" |
| | | - name: Delete Remote SSL Certificates |
| | | file: |
| | | state: absent |
| | | path: "{{ quay_ssl_remote_tmp_dir }}" |
| | | when: quay_ssl_delete_generated_cert|bool |
| | | delegate_to: "{{ groups['quay_enterprise'][0] }}" |
| | | when: quay_ssl_enable|bool and (quay_ssl_key_file is not defined or quay_ssl_key_file|trim == "" or quay_ssl_cert_file is not defined or quay_ssl_cert_file|trim == "") |
| | | |
| | | - name: Copy SSL Certificates |
| | |
| | | mode: g+rw |
| | | notify: Restart quay service |
| | | with_items: |
| | | - { src: "{{ quay_ssl_key_file }}", dest: "{{ quay_config_dir }}/ssl.key" } |
| | | - { src: "{{ quay_ssl_cert_file }}", dest: "{{ quay_config_dir }}/ssl.cert" } |
| | | - { src: "{{ quay_ssl_key_file }}", dest: "{{ quay_config_dir }}/ssl.key" } |
| | | when: quay_ssl_enable|bool |
| | | |
| | | - name: Check if Quay configuration exists |