Add ansible certificates role

This role is used to generate and install certificates on instances, incl. root ca. Those certificates are used mainly to allow secure access to internal docker registry with proper certificate verification. Issue-ID: OOM-1551 Change-Id: I74782dd2938cb51da293f88483d5362981269196 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
author: Michal Zegan <m.zegan@samsung.com> 2018-12-19 11:20:51 +0100
committer: Michal Zegan <m.zegan@samsung.com> 2018-12-19 11:45:22 +0100
commit: 6c83964660f76400f02efa4de5b7775d122cf2ea (patch)
tree: d8ddf70bea788398e3f5d0168f6cc999c940e390 /ansible/roles/certificates/templates
parent: 6d14adbfcc125d3a17dd64ef1da0e3c2df27853f (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ansible/roles/certificates/templates/v3.ext.j2 b/ansible/roles/certificates/templates/v3.ext.j2
new file mode 100644
index 00000000..7be946fd
--- /dev/null
+++ b/ansible/roles/certificates/templates/v3.ext.j2
@@ -0,0 +1,9 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+{% for name in all_simulated_hosts -%}
+    DNS.{{ loop.index }} = {{ name }}
+{% endfor %}
author	Michal Zegan <m.zegan@samsung.com>	2018-12-19 11:20:51 +0100
committer	Michal Zegan <m.zegan@samsung.com>	2018-12-19 11:45:22 +0100
commit	6c83964660f76400f02efa4de5b7775d122cf2ea (patch)
tree	d8ddf70bea788398e3f5d0168f6cc999c940e390 /ansible/roles/certificates/templates
parent	6d14adbfcc125d3a17dd64ef1da0e3c2df27853f (diff)