diff options
| author |   Milan Verespej <m.verespej@partner.samsung.com> | 2019-03-06 12:32:24 +0100 |
|---|---|---|
| committer | Milan Verespej <m.verespej@partner.samsung.com> | 2019-03-14 10:10:24 +0100 |
| commit | 467c57ffcd6946c566046ab8042e14a2185e97fe (patch) | |
| tree | 40d8a72f2ce3aeefe4811c248fc34dfe592383ce | |
| parent | e9fca5ef39ebdc51d4d0f1af175960fb51cd903e (diff) | |
Change cert signing from command to module
With newer Ansible we are now able to sign nexus certificate
with own CA using openssl_certificate module.
Issue-ID: OOM-1700
Change-Id: Idc54955160caef4a57bd50fc86678923511b5bce
Signed-off-by: Milan Verespej <m.verespej@partner.samsung.com>
| -rw-r--r-- | ansible/roles/certificates/tasks/generate-certificates.yml | 34 | ||||
| -rw-r--r-- | ansible/roles/certificates/templates/v3.ext.j2 | 9 |
2 files changed, 14 insertions, 29 deletions
diff --git a/ansible/roles/certificates/tasks/generate-certificates.yml b/ansible/roles/certificates/tasks/generate-certificates.yml index ac8fe1e3..9bf75fff 100644 --- a/ansible/roles/certificates/tasks/generate-certificates.yml +++ b/ansible/roles/certificates/tasks/generate-certificates.yml @@ -66,25 +66,19 @@ extended_key_usage: - serverAuth subject_alt_name: - "{{ simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}" + "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}" -- name: Generate v3 extension config file - template: - src: v3.ext.j2 - dest: "{{ certificates_local_dir }}/v3.ext" - -# Signing certificate is added to Ansible in version 2.7 (release date 04.10.2018) -# Currently using 2.6.3 - name: Sign Nexus certificate - command: > - openssl - x509 - -req - -in "{{ certificates_local_dir }}/nexus_server.csr" - -extfile "{{ certificates_local_dir }}/v3.ext" - -CA "{{ certificates_local_dir }}/rootCA.crt" - -CAkey "{{ certificates_local_dir }}/rootCA.key" - -CAcreateserial - -out "{{ certificates_local_dir }}/nexus_server.crt" - -days 3650 - -sha256 + openssl_certificate: + provider: ownca + path: "{{ certificates_local_dir }}/nexus_server.crt" + csr_path: "{{ certificates_local_dir }}/nexus_server.csr" + ownca_path: "{{ certificates_local_dir }}/rootCA.crt" + ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key" + key_usage: + - digitalSignature + - nonRepudiation + - keyEncipherment + - dataEncipherment + subject_alt_name: + "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}" diff --git a/ansible/roles/certificates/templates/v3.ext.j2 b/ansible/roles/certificates/templates/v3.ext.j2 deleted file mode 100644 index 7be946fd..00000000 --- a/ansible/roles/certificates/templates/v3.ext.j2 +++ /dev/null @@ -1,9 +0,0 @@ -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -{% for name in all_simulated_hosts -%} - DNS.{{ loop.index }} = {{ name }} -{% endfor %} |