ansible/roles/certificates/tasks/generate-certificates.yml - onap/oom/offline-installer - Gitiles

 ---
 - name: Create certificates directory certs to current dir
   file:
     path: "{{ certificates_local_dir }}"
     state: directory

 # Some of task are delegated to Ansible container because unavailable
 # version of python-pyOpenSSL
 - name: Generate root CA private key
   openssl_privatekey:
     path: "{{ certificates_local_dir }}/rootCA.key"
     size: 4096

 - name: Generate an OpenSSL CSR.
   openssl_csr:
     path: "{{ certificates_local_dir }}/rootCA.csr"
     privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
     organization_name: "{{ certificates.organization_name }}"
     state_or_province_name: "{{ certificates.state_or_province_name }}"
     country_name: "{{ certificates.country_name }}"
     locality_name: "{{ certificates.locality_name }}"
     basic_constraints:
       - CA:true
     basic_constraints_critical: true
     key_usage:
       - critical
       - digitalSignature
       - cRLSign
       - keyCertSign

 - name: Generate root CA certificate
   openssl_certificate:
     provider: selfsigned
     path: "{{ certificates_local_dir }}/rootCA.crt"
     csr_path: "{{ certificates_local_dir }}/rootCA.csr"
     privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
     key_usage:
       - critical
       - digitalSignature
       - cRLSign
       - keyCertSign
     force: true
   notify: Restart Docker

 - name: Generate private Nexus key
   openssl_privatekey:
     path: "{{ certificates_local_dir }}/nexus_server.key"
     size: 4096
     force: false

 - name: Generate Nexus CSR (certificate signing request)
   openssl_csr:
     path: "{{ certificates_local_dir }}/nexus_server.csr"
     privatekey_path: "{{ certificates_local_dir }}/nexus_server.key"
     organization_name: "{{ certificates.organization_name }}"
     state_or_province_name: "{{ certificates.state_or_province_name }}"
     country_name: "{{ certificates.country_name }}"
     locality_name: "{{ certificates.locality_name }}"
     common_name: registry-1.docker.io
     key_usage:
       - keyAgreement
       - nonRepudiation
       - digitalSignature
       - keyEncipherment
       - dataEncipherment
     extended_key_usage:
       - serverAuth
     subject_alt_name:
       "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"

 - name: Sign Nexus certificate
   openssl_certificate:
     provider: ownca
     path: "{{ certificates_local_dir }}/nexus_server.crt"
     csr_path: "{{ certificates_local_dir }}/nexus_server.csr"
     ownca_path: "{{ certificates_local_dir }}/rootCA.crt"
     ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
     key_usage:
       - digitalSignature
       - nonRepudiation
       - keyEncipherment
       - dataEncipherment
     subject_alt_name:
       "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
	---
	- name: Create certificates directory certs to current dir
	file:
	path: "{{ certificates_local_dir }}"
	state: directory

	# Some of task are delegated to Ansible container because unavailable
	# version of python-pyOpenSSL
	- name: Generate root CA private key
	openssl_privatekey:
	path: "{{ certificates_local_dir }}/rootCA.key"
	size: 4096

	- name: Generate an OpenSSL CSR.
	openssl_csr:
	path: "{{ certificates_local_dir }}/rootCA.csr"
	privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
	organization_name: "{{ certificates.organization_name }}"
	state_or_province_name: "{{ certificates.state_or_province_name }}"
	country_name: "{{ certificates.country_name }}"
	locality_name: "{{ certificates.locality_name }}"
	basic_constraints:
	- CA:true
	basic_constraints_critical: true
	key_usage:
	- critical
	- digitalSignature
	- cRLSign
	- keyCertSign

	- name: Generate root CA certificate
	openssl_certificate:
	provider: selfsigned
	path: "{{ certificates_local_dir }}/rootCA.crt"
	csr_path: "{{ certificates_local_dir }}/rootCA.csr"
	privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
	key_usage:
	- critical
	- digitalSignature
	- cRLSign
	- keyCertSign
	force: true
	notify: Restart Docker

	- name: Generate private Nexus key
	openssl_privatekey:
	path: "{{ certificates_local_dir }}/nexus_server.key"
	size: 4096
	force: false

	- name: Generate Nexus CSR (certificate signing request)
	openssl_csr:
	path: "{{ certificates_local_dir }}/nexus_server.csr"
	privatekey_path: "{{ certificates_local_dir }}/nexus_server.key"
	organization_name: "{{ certificates.organization_name }}"
	state_or_province_name: "{{ certificates.state_or_province_name }}"
	country_name: "{{ certificates.country_name }}"
	locality_name: "{{ certificates.locality_name }}"
	common_name: registry-1.docker.io
	key_usage:
	- keyAgreement
	- nonRepudiation
	- digitalSignature
	- keyEncipherment
	- dataEncipherment
	extended_key_usage:
	- serverAuth
	subject_alt_name:
	"{{ all_simulated_hosts \| map('regex_replace', '(.*)', 'DNS:\\1') \| list }}"

	- name: Sign Nexus certificate
	openssl_certificate:
	provider: ownca
	path: "{{ certificates_local_dir }}/nexus_server.crt"
	csr_path: "{{ certificates_local_dir }}/nexus_server.csr"
	ownca_path: "{{ certificates_local_dir }}/rootCA.crt"
	ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
	key_usage:
	- digitalSignature
	- nonRepudiation
	- keyEncipherment
	- dataEncipherment
	subject_alt_name:
	"{{ all_simulated_hosts \| map('regex_replace', '(.*)', 'DNS:\\1') \| list }}"