ansible-seaweed/roles/seaweed/tasks/certificates.yaml

- name: Ensure certs directory exists
  file:
    path: "{{ seaweed_config_dir }}/certs"
    state: directory
    mode: '0700'
    owner: "{{ seaweed_user }}"
    group: "{{ seaweed_group }}"

# Use OpenSSL here because the crypto library isn't working properly
- name: Generate CA private key as seaweedfs user
  command: openssl genrsa -out {{ seaweed_ca_key }} 4096
  args:
    creates: "{{ seaweed_ca_key }}"

- name: Generate self-signed CA certificate as seaweedfs user
  command: >
    openssl req -x509 -new -nodes -key {{ seaweed_ca_key }}
    -sha256 -days 3650 -out {{ seaweed_ca_cert }}
    -subj "/CN=SeaweedFS CA"
  args:
    creates: "{{ seaweed_ca_cert }}"

- name: Change ownership of CA files
  file:
    path: "{{ item }}"
    owner: "{{ seaweed_user }}"
    group: "{{ seaweed_user }}"
    mode: '0644'
  loop:
    - "{{ seaweed_ca_key }}"
    - "{{ seaweed_ca_cert }}"

- name: Generate server private keys and certificates for domains
  include_tasks: generate_cert.yaml
  loop: "{{ seaweed_cert_domains }}"
  loop_control:
    loop_var: domain