infra/configure_openvpn_client/playbooks/roles/vpn-client-certs/tasks/main.yml

   1 ---
   2 - name: Generate random password for User
   3   set_fact:
   4     random_password: "{{ lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=12')  }}"
   5
   6 - name: Generate User Private Key
   7   openssl_privatekey:
   8     path: "/root/CA/private/{{ user_name }}.key"
   9     passphrase: "{{ random_password }}"
  10     cipher: aes256
  11     type: RSA
  12     size: 4096
  13     force: true
  14
  15 - name: Generate CSR for user {{ user_name }}
  16   openssl_csr:
  17     path: "/root/CA/requests/{{ user_name }}.csr"
  18     privatekey_path: "/root/CA/private/{{ user_name }}.key"
  19     privatekey_passphrase: "{{ random_password }}"
  20     digest: sha256
  21     country_name: "{{ country }}"
  22     state_or_province_name: "{{ province }}"
  23     organization_name: "{{ org }}"
  24     organizational_unit_name: "{{ orgunit }}"
  25     common_name: "{{ email }}"
  26     force: true
  27
  28 - name: Sign the CSR request for user {{ user_name }}
  29   openssl_certificate:
  30     path: "/root/CA/newcerts/{{ user_name }}.crt"
  31     csr_path: "/root/CA/requests/{{ user_name }}.csr"
  32     ownca_path: /root/CA/certs/ca.crt
  33     ownca_privatekey_path: /root/CA/private/ca.key
  34     provider: ownca
  35     force: true
  36
  37 - name: Fetch the CA, user {{ user_name }} cert and key
  38   fetch:
  39     src: "{{ item }}"
  40     dest: "{{ hostvars['localhost']['vpn_user_files_location'] }}/"
  41     flat: true
  42     remote_src: true
  43     force: true
  44   with_items:
  45     - "/root/CA/newcerts/{{ user_name }}.crt"
  46     - "/root/CA/private/{{ user_name }}.key"
  47
  48 - name: Keep User random password for temporary use
  49   copy:
  50     content: "{{ random_password }}"
  51     dest: "{{ hostvars['localhost']['vpn_user_files_location'] }}/{{ user_name }}.pwd"
  52     force: true
  53   delegate_to: localhost