Get the CA certificate after self-signed install

[travisdowns]

Describe the issue

When using auto-generated (by cp-anisble) self-signed certificates, i.e., setting ssl_enabled: True without any other SSL properties, one would naturally want to get ahold of the generated CA certificate, so that it can be added to the truststore for clients, for example.

However, I can't see portable way to do this. The CA cert does get copied back to generated_ssl_files somewhere on the ansible controller, which seems to be relative to the location of the cp-ansible playbook install location, but this location is unpredicable since it depends on how the user installed the collection, how they have configured ansible galaxy, etc.

I tried to modify ssl_self_signed_ca_cert_filepath to put it in a location of my choosing the but the install fails if this is set to anything other than generated_ssl_files/<filename> (there are places that assume the path to the CA will still be the default location, it is only possible to change the filename, not any other path elements).

Is there a recommended approach to getting the CA certificate after a self-signed install?

Environment (please complete the following information):

• CP-Ansible Branch: 7.6

[bleuchtang]

Same problem here.

I think there is two issues:

• When the ansible collection is used, the certificate_authority.yml task put the self signed certificate on ~/.ansible/collections/ansible_collections/confluent/platform/playbooks/generated_ssl_files/. This is not the best location since we want to share ssl files on our main ansible repository.
• We cannot specify the full directory location since there is some hardcoded variables (generated_ssl_files in certificate_authority.yml)

My environment: confluent platform 7.6.2.