first commit

2025-05-26 23:02:42 -04:00
commit 084e9ab432
14 changed files with 511 additions and 0 deletions
--- a/roles/seaweed/tasks/certificates.yaml
+++ b/roles/seaweed/tasks/certificates.yaml
@ -0,0 +1,37 @@
+- name: Ensure certs directory exists
+  file:
+    path: "{{ seaweed_config_dir }}/certs"
+    state: directory
+    mode: '0700'
+    owner: "{{ seaweed_user }}"
+    group: "{{ seaweed_group }}"
+
+# Use OpenSSL here because the crypto library isn't working properly
+- name: Generate CA private key as seaweedfs user
+  command: openssl genrsa -out {{ seaweed_ca_key }} 4096
+  args:
+    creates: "{{ seaweed_ca_key }}"
+
+- name: Generate self-signed CA certificate as seaweedfs user
+  command: >
+    openssl req -x509 -new -nodes -key {{ seaweed_ca_key }}
+    -sha256 -days 3650 -out {{ seaweed_ca_cert }}
+    -subj "/CN=SeaweedFS CA"
+  args:
+    creates: "{{ seaweed_ca_cert }}"
+
+- name: Change ownership of CA files
+  file:
+    path: "{{ item }}"
+    owner: "{{ seaweed_user }}"
+    group: "{{ seaweed_user }}"
+    mode: '0644'
+  loop:
+    - "{{ seaweed_ca_key }}"
+    - "{{ seaweed_ca_cert }}"
+
+- name: Generate server private keys and certificates for domains
+  include_tasks: generate_cert.yaml
+  loop: "{{ seaweed_cert_domains }}"
+  loop_control:
+    loop_var: domain