Code Review / oom / offline-installer.git / blob
? search:


9bf75fff75c079af09bf23175bfe97f5976fe24d
[oom/offline-installer.git] / ansible / roles / certificates / tasks / generate-certificates.yml
1 ---
2 - name: Create certificates directory certs to current dir
3   file:
4     path: "{{ certificates_local_dir }}"
5     state: directory
6
7 # Some of task are delegated to Ansible container because unavailable
8 # version of python-pyOpenSSL
9 - name: Generate root CA private key
10   openssl_privatekey:
11     path: "{{ certificates_local_dir }}/rootCA.key"
12     size: 4096
13
14 - name: Generate an OpenSSL CSR.
15   openssl_csr:
16     path: "{{ certificates_local_dir }}/rootCA.csr"
17     privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
18     organization_name: "{{ certificates.organization_name }}"
19     state_or_province_name: "{{ certificates.state_or_province_name }}"
20     country_name: "{{ certificates.country_name }}"
21     locality_name: "{{ certificates.locality_name }}"
22     basic_constraints:
23       - CA:true
24     basic_constraints_critical: true
25     key_usage:
26       - critical
27       - digitalSignature
28       - cRLSign
29       - keyCertSign
30
31 - name: Generate root CA certificate
32   openssl_certificate:
33     provider: selfsigned
34     path: "{{ certificates_local_dir }}/rootCA.crt"
35     csr_path: "{{ certificates_local_dir }}/rootCA.csr"
36     privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
37     key_usage:
38       - critical
39       - digitalSignature
40       - cRLSign
41       - keyCertSign
42     force: true
43   notify: Restart Docker
44
45 - name: Generate private Nexus key
46   openssl_privatekey:
47     path: "{{ certificates_local_dir }}/nexus_server.key"
48     size: 4096
49     force: false
50
51 - name: Generate Nexus CSR (certificate signing request)
52   openssl_csr:
53     path: "{{ certificates_local_dir }}/nexus_server.csr"
54     privatekey_path: "{{ certificates_local_dir }}/nexus_server.key"
55     organization_name: "{{ certificates.organization_name }}"
56     state_or_province_name: "{{ certificates.state_or_province_name }}"
57     country_name: "{{ certificates.country_name }}"
58     locality_name: "{{ certificates.locality_name }}"
59     common_name: registry-1.docker.io
60     key_usage:
61       - keyAgreement
62       - nonRepudiation
63       - digitalSignature
64       - keyEncipherment
65       - dataEncipherment
66     extended_key_usage:
67       - serverAuth
68     subject_alt_name:
69       "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
70
71 - name: Sign Nexus certificate
72   openssl_certificate:
73     provider: ownca
74     path: "{{ certificates_local_dir }}/nexus_server.crt"
75     csr_path: "{{ certificates_local_dir }}/nexus_server.csr"
76     ownca_path: "{{ certificates_local_dir }}/rootCA.crt"
77     ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
78     key_usage:
79       - digitalSignature
80       - nonRepudiation
81       - keyEncipherment
82       - dataEncipherment
83     subject_alt_name:
84       "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
This repo contains SRC code for offline installer solution. It can be primarily used for ONAP offline deployments using OOM charts however it can be used for other offline deployments as well as it's concept is quite generic.