Skip to content

Commit

Permalink
add trillian DB TLS to molecule tests
Browse files Browse the repository at this point in the history
  • Loading branch information
fghanmi committed Nov 19, 2024
1 parent d2e64b0 commit 510b6a3
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
4 changes: 4 additions & 0 deletions molecule/default/converge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@
msg: "Password for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_PASSWORD env variable"
when: tas_single_node_registry_password == ""

- name: Setting tas_single_node_trillian_trusted_ca
ansible.builtin.set_fact:
tas_single_node_trillian_trusted_ca: "{{ lookup('ansible.builtin.file', '/etc/mysql/ssl/ca-cert.pem') }}"

- name: Apply tas_single_node role
ansible.builtin.include_role:
name: tas_single_node
28 changes: 28 additions & 0 deletions molecule/user_provided/prepare.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,3 +60,31 @@
GRANT ALL ON trillian.* to 'mysql'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
- name: Generate TLS certificates
shell: |
mkdir -p /etc/mysql/ssl
openssl genrsa 2048 > /etc/mysql/ssl/server-key.pem
openssl req -new -key /etc/mysql/ssl/server-key.pem -subj "/CN=$(hostname)" > /etc/mysql/ssl/server-req.pem
openssl x509 -req -in /etc/mysql/ssl/server-req.pem -signkey /etc/mysql/ssl/server-key.pem -out /etc/mysql/ssl/server-cert.pem
openssl genrsa 2048 > /etc/mysql/ssl/ca-key.pem
openssl req -new -x509 -nodes -days 3650 -key /etc/mysql/ssl/ca-key.pem -subj "/CN=MySQL_CA" -out /etc/mysql/ssl/ca-cert.pem
args:
creates: /etc/mysql/ssl/server-cert.pem

- name: Configure TLS for MariaDB
blockinfile:
path: /etc/my.cnf.d/mariadb-server.cnf
block: |
[mysqld]
ssl-ca=/etc/mysql/ssl/ca-cert.pem
ssl-cert=/etc/mysql/ssl/server-cert.pem
ssl-key=/etc/mysql/ssl/server-key.pem
require_secure_transport=ON
notify:
- Restart MariaDB

- name: Restart MariaDB
ansible.builtin.service:
name: mariadb
state: restarted

0 comments on commit 510b6a3

Please sign in to comment.