Skip to content

Commit dda7a02

Browse files
pallingerpallinger
authored
option to add custom certificate authorities (#299)
* option to add custom certificate authorities to e.g. access an S3 API with self-signed certificates * do not fail even if extra_certificates is not defined --------- Co-authored-by: Pallinger Péter <pallinger@sztaki.hu>
1 parent 78cbe20 commit dda7a02

3 files changed

Lines changed: 48 additions & 0 deletions

File tree

defaults/main.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -476,3 +476,11 @@ sshkeys:
476476
urls:
477477
user:
478478

479+
extra_certificates:
480+
# this should be a list of certificate files in x509 format put in your files/ ansible directory
481+
files: []
482+
java_keystores:
483+
- path: '{{ payara_dir }}/glassfish/domains/{{ dataverse.payara.domain }}/config/cacerts.jks'
484+
pass: changeit
485+
- path: '{{ java.home }}/lib/security/cacerts'
486+
pass: changeit

tasks/extra-certificate-authorities.yml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
---
2+
3+
- name: begin certificate authority update task
4+
debug:
5+
msg: '##### CERTIFICATE AUTHORITIES #####'
6+
7+
- name: create directory to copy certificates to
8+
file:
9+
path: /opt/certs
10+
state: directory
11+
12+
- name: copy extra certificate authorities
13+
copy:
14+
src: '{{ item }}'
15+
dest: /opt/certs/{{ item }}
16+
with_items: '{{ extra_certificates.files }}'
17+
register: certfiles
18+
19+
- name: add certificates to java keystores
20+
community.general.java_cert:
21+
cert_path: /opt/certs/{{ item.0 }}
22+
keystore_path: '{{ item.1.path }}'
23+
cert_alias: '{{ item.0 }}'
24+
keystore_pass: '{{ item.1.pass }}'
25+
state: present
26+
when: certfiles.changed
27+
loop: "{{ extra_certificates.files | product(extra_certificates.java_keystores) | list }}"
28+
notify: enable and restart payara
29+
30+
## TODO: we may want to add certificate to other keystores later
31+
## e.g.
32+
## * system keystore for debian (/etc/ssl/certs) or redhat (?)

tasks/main.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,14 @@
7171
tags:
7272
- payara
7373

74+
- ansible.builtin.import_tasks: tasks/extra-certificate-authorities.yml
75+
when:
76+
- extra_certificates is defined
77+
- extra_certificates.files is defined
78+
- extra_certificates.files
79+
tags:
80+
- extracerts
81+
7482
- ansible.builtin.import_tasks: solr.yml
7583
tags:
7684
- solr

0 commit comments

Comments
 (0)