Merge pull request #5609 from shanemcd/downstream-k8s-changes

Pull in downstream k8s installer changes
2026-01-10 15:32:07 -03:30 · 2020-01-10 13:56:49 -05:00 · 2020-01-10 13:56:49 -05:00 · 8ac8bc8df2
commit 8ac8bc8df2
parent ed474df744 d3b7829e69
2 changed files with 67 additions and 0 deletions
--- a/installer/roles/kubernetes/handlers/main.yml
+++ b/installer/roles/kubernetes/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: remove-rmq_cert_tempdir
+  file:
+    state: absent
+    path: "{{ rmq_cert_tempdir.path }}"
+
--- a/installer/roles/kubernetes/tasks/ssl_cert_gen.yml
+++ b/installer/roles/kubernetes/tasks/ssl_cert_gen.yml
@ -0,0 +1,61 @@
+---
+
+- name: Create temporary directory
+  tempfile:
+    state: directory
+    prefix: "tower-install-rmq-certs"
+  register: rmq_cert_tempdir
+  notify: remove-rmq_cert_tempdir
+
+- name: Generate CA private key
+  openssl_privatekey:
+    path: '{{ rmq_cert_tempdir.path }}/ca.key'
+    mode: "0600"
+
+- name: Generate CA CSR
+  openssl_csr:
+    path: '{{ rmq_cert_tempdir.path }}/ca.csr'
+    privatekey_path: '{{ rmq_cert_tempdir.path }}/ca.key'
+    common_name: 'rabbitmq-ca'
+    basic_constraints: 'CA:TRUE'
+    mode: "0600"
+
+- name: Generate CA certificate
+  openssl_certificate:
+    path: '{{ rmq_cert_tempdir.path }}/ca.crt'
+    csr_path: '{{ rmq_cert_tempdir.path }}/ca.csr'
+    privatekey_path: '{{ rmq_cert_tempdir.path }}/ca.key'
+    provider: selfsigned
+    selfsigned_not_after: "+36524d"
+    mode: "0600"
+
+- name: Generate server private key
+  openssl_privatekey:
+    path: '{{ rmq_cert_tempdir.path }}/server.key'
+    mode: "0600"
+
+- name: Generate server CSR
+  openssl_csr:
+    path: '{{ rmq_cert_tempdir.path }}/server.csr'
+    privatekey_path: '{{ rmq_cert_tempdir.path }}/server.key'
+    common_name: 'rabbitmq-server'
+    mode: "0600"
+
+- name: Generate server certificate
+  openssl_certificate:
+    path: "{{ rmq_cert_tempdir.path }}/server.crt"
+    csr_path: "{{ rmq_cert_tempdir.path }}/server.csr"
+    privatekey_path: "{{ rmq_cert_tempdir.path }}/server.key"
+    provider: ownca
+    ownca_path: "{{ rmq_cert_tempdir.path }}/ca.crt"
+    ownca_privatekey_path: "{{ rmq_cert_tempdir.path }}/ca.key"
+    ownca_not_after: "+36500d"
+    mode: "0600"
+
+- name: Create combined certificate
+  assemble:
+    src: "{{ rmq_cert_tempdir.path }}"
+    regexp: "server.crt|server.key"
+    dest: "{{ rmq_cert_tempdir.path }}/server-combined.pem"
+    mode: "0600"
+