Add cert generation tasks for ProxySQL

seunghun1ee · seunghun1ee · commit 54490a5f2189 · 2025-03-21T16:12:54.000Z
diff --git a/etc/kayobe/ansible/vault-generate-internal-tls.yml b/etc/kayobe/ansible/vault-generate-internal-tls.yml
@@ -54,3 +54,32 @@
         dest: "{{ kayobe_env_config_path }}/kolla/certificates/ca/vault.crt"
         mode: "0600"
       delegate_to: localhost
+
+    - name: Generate ProxySQL certificates
+      when: kolla_enable_proxysql | bool
+      block:
+        - name: Copy ProxySQL certificate
+          ansible.builtin.copy:
+            dest: "{{ kayobe_env_config_path }}/kolla/certificates/proxysql-cert.pem"
+            content: |
+              {{ internal_cert.data.certificate }}
+              {{ internal_cert.data.issuing_ca }}
+            mode: "0600"
+          delegate_to: localhost
+
+        - name: Copy ProxySQL certificate key
+          ansible.builtin.copy:
+            dest: "{{ kayobe_env_config_path }}/kolla/certificates/proxysql-key.pem"
+            content: |
+              {{ internal_cert.data.private_key }}
+            mode: "0600"
+          delegate_to: localhost
+
+        # NOTE(seunghunlee): Kolla-Ansible expects root CA explicitly named as
+        # root.crt for ProxySQL
+        - name: Copy ProxqlSQL root CA
+          ansible.builtin.copy:
+            src: "{{ kayobe_env_config_path }}/vault/OS-TLS-ROOT.pem"
+            dest: "{{ kayobe_env_config_path }}/kolla/certificates/ca/root.crt"
+            mode: "0600"
+          delegate_to: localhost
