2 - name: Create certificates directory certs to current dir
4 path: "{{ certificates_local_dir }}"
7 # Some of task are delegated to Ansible container because unavailable
8 # version of python-pyOpenSSL
9 - name: Generate root CA private key
11 path: "{{ certificates_local_dir }}/rootCA.key"
14 - name: Generate an OpenSSL CSR.
16 path: "{{ certificates_local_dir }}/rootCA.csr"
17 privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
18 organization_name: "{{ certificates.organization_name }}"
19 state_or_province_name: "{{ certificates.state_or_province_name }}"
20 country_name: "{{ certificates.country_name }}"
21 locality_name: "{{ certificates.locality_name }}"
24 basic_constraints_critical: true
31 - name: Generate root CA certificate
34 path: "{{ certificates_local_dir }}/rootCA.crt"
35 csr_path: "{{ certificates_local_dir }}/rootCA.csr"
36 privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
43 notify: Restart Docker
45 - name: Generate private Nexus key
47 path: "{{ certificates_local_dir }}/nexus_server.key"
51 - name: Generate Nexus CSR (certificate signing request)
53 path: "{{ certificates_local_dir }}/nexus_server.csr"
54 privatekey_path: "{{ certificates_local_dir }}/nexus_server.key"
55 organization_name: "{{ certificates.organization_name }}"
56 state_or_province_name: "{{ certificates.state_or_province_name }}"
57 country_name: "{{ certificates.country_name }}"
58 locality_name: "{{ certificates.locality_name }}"
59 common_name: registry-1.docker.io
69 "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
71 - name: Sign Nexus certificate
74 path: "{{ certificates_local_dir }}/nexus_server.crt"
75 csr_path: "{{ certificates_local_dir }}/nexus_server.csr"
76 ownca_path: "{{ certificates_local_dir }}/rootCA.crt"
77 ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
84 "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"