ansible-role-cockroachdb/tasks/config.yml

- name: make sure directories exist
  become: yes
  file:
    path: "/etc/cockroach"
    state: directory
    mode: "u=rwx,g=rx,o=rx"
    owner: "{{ cockroachdb__uid }}"
    group: "{{ cockroachdb__gid }}"

- name: ensure systemd unit is present
  become: yes
  notify: restart cockroach
  template:
    src: default.env
    dest: /etc/default/cockroach

- name: Create node certs
  become: yes
  when: cockroachdb__create_ca
  command:
    argv:
      - cockroach
      - cert
      - create-ca
      - --certs-dir=/etc/cockroach
      - --ca-key=/etc/cockroach/ca.key
    creates: /etc/cockroach/ca.crt

- name: Create node certs
  become: yes
  command:
    argv:
      - cockroach
      - cert
      - create-node
      - localhost
      - "{{ inventory_hostname }}"
      - --certs-dir=/etc/cockroach
      - --ca-key=/etc/cockroach/ca.key
    creates: /etc/cockroach/node.key
    
- name: Create client.root certs
  become: yes
  command:
    argv:
      - cockroach
      - cert
      - create-client
      - root
      - --certs-dir=/etc/cockroach
      - --ca-key=/etc/cockroach/ca.key
    creates: /etc/cockroach/client.root.key
    
- name: check permission of ca cert
  become: yes
  file:
    path: "/etc/cockroach/ca.crt"
    state: file
    mode: "u=rw,g=r,o=r"
    owner: "{{ cockroachdb__uid }}"
    group: "{{ cockroachdb__gid }}"
    
- name: check permission of cert directory
  become: yes
  file:
    path: "/etc/cockroach/{{ item }}"
    state: file
    mode: "u=rw,g=,o="
    owner: "{{ cockroachdb__uid }}"
    group: "{{ cockroachdb__gid }}"
  loop:
  - ca.key
  - client.root.key
  - client.root.crt
  - node.key
  - node.crt
init 2020-11-13 14:30:17 +01:00			`- name: make sure directories exist`
			`become: yes`
			`file:`
			`path: "/etc/cockroach"`
			`state: directory`
			`mode: "u=rwx,g=rx,o=rx"`
			`owner: "{{ cockroachdb__uid }}"`
			`group: "{{ cockroachdb__gid }}"`

			`- name: ensure systemd unit is present`
			`become: yes`
			`notify: restart cockroach`
			`template:`
			`src: default.env`
			`dest: /etc/default/cockroach`

			`- name: Create node certs`
			`become: yes`
			`when: cockroachdb__create_ca`
			`command:`
			`argv:`
			`- cockroach`
			`- cert`
			`- create-ca`
			`- --certs-dir=/etc/cockroach`
			`- --ca-key=/etc/cockroach/ca.key`
			`creates: /etc/cockroach/ca.crt`

			`- name: Create node certs`
			`become: yes`
			`command:`
			`argv:`
			`- cockroach`
			`- cert`
			`- create-node`
			`- localhost`
			`- "{{ inventory_hostname }}"`
			`- --certs-dir=/etc/cockroach`
			`- --ca-key=/etc/cockroach/ca.key`
			`creates: /etc/cockroach/node.key`

			`- name: Create client.root certs`
			`become: yes`
			`command:`
			`argv:`
			`- cockroach`
			`- cert`
			`- create-client`
			`- root`
			`- --certs-dir=/etc/cockroach`
			`- --ca-key=/etc/cockroach/ca.key`
			`creates: /etc/cockroach/client.root.key`

			`- name: check permission of ca cert`
			`become: yes`
			`file:`
			`path: "/etc/cockroach/ca.crt"`
			`state: file`
			`mode: "u=rw,g=r,o=r"`
			`owner: "{{ cockroachdb__uid }}"`
			`group: "{{ cockroachdb__gid }}"`

			`- name: check permission of cert directory`
			`become: yes`
			`file:`
			`path: "/etc/cockroach/{{ item }}"`
			`state: file`
			`mode: "u=rw,g=,o="`
			`owner: "{{ cockroachdb__uid }}"`
			`group: "{{ cockroachdb__gid }}"`
			`loop:`
			`- ca.key`
			`- client.root.key`
			`- client.root.crt`
			`- node.key`
			`- node.crt`