foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mongodb: Better way to create combined cert/key

Browse source
This commit is contained in:
Timo Makinen 2022-09-28 20:46:07 +00:00
parent 4177cc3cf3
commit 5abdba0e9b
1 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
roles/mongodb/tasks/main.yml
View file

@ -55,23 +55,23 @@
state: link state: link
follow: false follow: false
- name: create combined certificate/private key file - name: generate combined certificate/private key file contents
ansible.builtin.shell: ansible.builtin.command:
cmd: >- argv:
umask 077 && - /bin/cat
/bin/cat \ - "{{ tls_certs }}/{{ inventory_hostname }}.crt"
{{ tls_certs }}/{{ inventory_hostname }}.crt \ - "{{ tls_private }}/{{ inventory_hostname }}.key"
{{ tls_private }}/{{ inventory_hostname }}.key > \ failed_when: false
{{ tls_private }}/mongodb.pem register: mongodb_cert_key
creates: "{{ tls_private }}/mongodb.pem"
notify: restart mongod
- name: fix certificate/key file permissions - name: create combined certificate/private key file
ansible.builtin.file: ansible.builtin.copy:
path: "{{ tls_private }}/mongodb.pem" dest: "{{ tls_private }}/mongodb.pem"
content: "{{ mongodb_cert_key.stdout }}"
mode: 0640 mode: 0640
owner: root owner: root
group: mongod group: mongod
notify: restart mongod
- name: configure logrotate - name: configure logrotate
ansible.builtin.copy: ansible.builtin.copy: