61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
---
|
|
- name: Setup Agent TLS (Private Key)
|
|
become: yes
|
|
become_user: jingrow
|
|
copy:
|
|
content: "{{ certificate_private_key }}"
|
|
dest: /home/jingrow/agent/tls/privkey.pem
|
|
|
|
- name: Setup Agent TLS (Full Chain)
|
|
become: yes
|
|
become_user: jingrow
|
|
copy:
|
|
content: "{{ certificate_full_chain }}"
|
|
dest: /home/jingrow/agent/tls/fullchain.pem
|
|
|
|
- name: Setup Agent TLS (Intermediate Chain)
|
|
become: yes
|
|
become_user: jingrow
|
|
copy:
|
|
content: "{{ certificate_intermediate_chain }}"
|
|
dest: /home/jingrow/agent/tls/chain.pem
|
|
|
|
- name: Restart NGINX
|
|
service:
|
|
name: nginx
|
|
state: restarted
|
|
|
|
- name: Copy ProxySQL TLS (Private Key)
|
|
copy:
|
|
src: /home/jingrow/agent/tls/privkey.pem
|
|
dest: /home/jingrow/proxysql/proxysql-key.pem
|
|
mode: 0600
|
|
remote_src: yes
|
|
when: is_proxy_server | bool
|
|
|
|
- name: Copy ProxySQL TLS (CA Certificate)
|
|
copy:
|
|
src: /home/jingrow/agent/tls/chain.pem
|
|
dest: /home/jingrow/proxysql/proxysql-ca.pem
|
|
mode: 0600
|
|
remote_src: yes
|
|
when: is_proxy_server | bool
|
|
|
|
- name: Copy ProxySQL TLS (Server Certificate)
|
|
copy:
|
|
src: /home/jingrow/agent/tls/fullchain.pem
|
|
dest: /home/jingrow/proxysql/proxysql-cert.pem
|
|
mode: 0600
|
|
remote_src: yes
|
|
when: is_proxy_server | bool
|
|
|
|
- name: Enable ProxySQL Auditing
|
|
mysql_query:
|
|
login_user: jingrow
|
|
login_password: "{{ proxysql_admin_password }}"
|
|
login_host: 127.0.0.1
|
|
login_port: 6032
|
|
query:
|
|
- PROXYSQL RELOAD TLS
|
|
when: is_proxy_server | bool
|