blob: f832e8102ecd6d8162c4924a2efe648c6bd16bcf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
# Instance configuration for Baserock Trove server.
#
# This configuration can be easily done using the 'TROVE_' variables of trove.configure
# extension, but it's better to deploy the Trove as 'TROVE_GENERIC' and configure
# it later using this playbook. This is for:
#
# - Making upgrades easier. After initial deployment and post-deployment configuration,
# you will only need to deploy a generic Trove as an upgrade.
#
# - Not storing private data in images in OpenStack. We have shared our images with
# other tenants by mistake in the past, and I'd like to avoid this possibility.
---
- hosts: git
gather_facts: False
sudo: yes
tasks:
# To create the .pem file, simply concatenate
# certs/baserock.org-ssl-certificate-temporary-dsilverstone.full.cert with
# the private key for that certificate (which is not committed to Git, of
# course).
- name: Install SSL certificate
copy:
src: ../private/baserock.org-ssl-certificate-temporary-dsilverstone.pem
dest: /etc/trove/baserock.pem
mode: 400
- name: Install CA chain certificate
copy:
src: ../certs/startcom-class2-ca-chain-certificate.cert
dest: /etc/trove/startcom-ca.pem
- name: Install trove.conf configuration file
copy:
src: trove.conf
dest: /etc/trove/trove.conf
- name: Copy ssh keys
copy:
src: ../private/{{ item }}
dest: /etc/trove/{{ item }}
with_items:
- admin.key.pub
- lorry.key
- lorry.key.pub
- worker.key.pub
- name: Restart the trove-setup service to configure the trove
service:
name: trove-setup
state: restarted
|
