Browse Source

current state

master
parent
commit
d4c2edf02a
5 changed files with 46 additions and 44 deletions
  1. +0
    -0
      meta/main.yml
  2. +41
    -0
      tasks/certificate.yml
  3. +4
    -5
      tasks/directory.yml
  4. +1
    -39
      tasks/main.yml
  5. +0
    -0
      templates/ca.cnf.j2

+ 0
- 0
meta/main.yml View File


+ 41
- 0
tasks/certificate.yml View File

@@ -0,0 +1,41 @@
---

- include_role:
name: certificate
vars:
certificate_name: ca
certificate_provider: manual
certificate_authority: true
certificate_key_usage:
- digitalSignature
- cRLSign
- keyCertSign
certificate_directory: "{{ certificate_authority_directory }}"
certificate_file: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
certificate_signing_request_file: "{{ certificate_authority_directory }}/csr/ca.csr.pem"
certificate_signing_request_config_file: "{{ certificate_authority_directory }}/csr/ca.csr.cnf"
certificate_private_key_file: "{{ certificate_authority_directory }}/private/ca.key.pem"
certificate_private_key_password: "{{ certificate_authority_private_key_password }}"

- name: self sign certificate
command: openssl ca -selfsign -batch -notext
-config cnf/ca.cnf
-in csr/ca.csr.pem
-out certs/ca.cert.pem
{{ certificate_authority_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }}
args:
chdir: "{{ certificate_authority_directory }}"
creates: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
environment:
PRIVATE_KEY_PASSWORD: "{{ certificate_authority_private_key_password | default('') }}"
when: certificate_authority_type == "root"

# - name: certificate stat
# stat:
# path: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
# register: _certificate_authority_stat
# changed_when: not _certificate_authority_stat.stat.exists
# notify: self sign certificate

# - debug:
# msg: "{{ _certificate_authority_stat }}"

+ 4
- 5
tasks/directory.yml View File

@@ -5,18 +5,17 @@
- name: directory
file:
path: "{{ certificate_authority_directory }}"
#mode: 0700
state: directory

- name: subdirectories
file:
path: "{{ certificate_authority_directory }}/{{ item }}"
#mode: 0700
state: directory
with_items:
- certs
- crl
- csr
- cnf
- newcerts

- name: private directory
@@ -42,7 +41,7 @@
dest: "{{ certificate_authority_directory }}/serial"
force: no

- name: openssl config
- name: config
template:
src: openssl.cnf.j2
dest: "{{ certificate_authority_directory }}/openssl.cnf"
src: ca.cnf.j2
dest: "{{ certificate_authority_directory }}/cnf/ca.cnf"

+ 1
- 39
tasks/main.yml View File

@@ -4,42 +4,4 @@

- include: directory.yml

- include_role:
name: certificate
vars:
certificate_name: ca
certificate_provider: manual
certificate_authority: true
certificate_key_usage:
- digitalSignature
- cRLSign
- keyCertSign
certificate_directory: "{{ certificate_authority_directory }}"
certificate_file: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
certificate_signing_request_file: "{{ certificate_authority_directory }}/csr/ca.csr.pem"
certificate_signing_request_config_file: "{{ certificate_authority_directory }}/csr/ca.csr.cnf"
certificate_private_key_file: "{{ certificate_authority_directory }}/private/ca.key.pem"

- name: self sign certificate
command: openssl ca -selfsign -batch -notext
-config openssl.cnf
-in csr/ca.csr.pem
-out certs/ca.cert.pem
{{ certificate_private_key_password is defined | ternary('-passin env:PRIVATE_KEY_PASSWORD','') }}
args:
chdir: "{{ certificate_authority_directory }}"
creates: "{{ certificate_authority_directory }}/certs/ca.cert.pem"
environment:
PRIVATE_KEY_PASSWORD: "{{ certificate_private_key_password | default('') }}"
when: certificate_authority_type == "root"

- name: certificate info
command: openssl x509 -text -noout -in certs/ca.cert.pem
args:
chdir: "{{ certificate_authority_directory }}"
changed_when: false
register: _certificate_authority_info

- name: certificate debug
debug:
msg: "{{ _certificate_authority_info.stdout_lines }}"
- include: certificate.yml

templates/openssl.cnf.j2 → templates/ca.cnf.j2 View File


Loading…
Cancel
Save