mariadb: Add TLS support for server

2021-08-25 18:48:25 +00:00 · 2021-08-25 18:48:25 +00:00 · 45ed2678e7
commit 45ed2678e7
parent 606ea7285e
2 changed files with 21 additions and 0 deletions
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@ -34,6 +34,23 @@
    line: datadir=/srv/mariadb
  notify: restart mariadb

+- name: create additional config directory
+  file:
+    path: /etc/mysql
+    state: directory
+    mode: 0750
+    owner: root
+    group: mysql
+
+- name: create tls configuration
+  template:
+    dest: /etc/my.cnf.d/tls.cnf
+    src: tls.cnf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart mariadb
+
 - name: enable service
  service:
    name: mariadb
--- a/roles/mariadb/templates/tls.cnf.j2
+++ b/roles/mariadb/templates/tls.cnf.j2
@ -0,0 +1,4 @@
+[mariadb]
+ssl-cert = {{ tls_certs }}/{{ inventory_hostname }}.crt
+ssl-key = {{ tls_private }}/{{ inventory_hostname }}.key
+ssl-ca = {{ tls_certs }}/ca.crt