summaryrefslogtreecommitdiffstats
path: root/ansible/roles/certificates
diff options
context:
space:
mode:
authorBartek Grzybowski <b.grzybowski@partner.samsung.com>2021-04-09 13:31:47 +0200
committerBartek Grzybowski <b.grzybowski@partner.samsung.com>2021-04-09 13:31:47 +0200
commit2d74c25ebeacf0c693b473bd84c7b9326fa1e96a (patch)
tree972c3e4f66ec8b3d37aaa821f87a3619587462e5 /ansible/roles/certificates
parent31990268811b0fc80a5332f93248131163fb511d (diff)
[ANSIBLE 3.2.0] Upgrade 'certificates' role tasks to be ansible 3.2.0 compliant
Change-Id: Id1d8da0a1dabdbe79cdb24179ddeff5564b00f17 Issue-ID: OOM-2722 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Diffstat (limited to 'ansible/roles/certificates')
-rw-r--r--ansible/roles/certificates/tasks/generate-certificates.yml18
1 files changed, 2 insertions, 16 deletions
diff --git a/ansible/roles/certificates/tasks/generate-certificates.yml b/ansible/roles/certificates/tasks/generate-certificates.yml
index 9bf75fff..43b774bc 100644
--- a/ansible/roles/certificates/tasks/generate-certificates.yml
+++ b/ansible/roles/certificates/tasks/generate-certificates.yml
@@ -20,13 +20,13 @@
country_name: "{{ certificates.country_name }}"
locality_name: "{{ certificates.locality_name }}"
basic_constraints:
- - CA:true
+ - CA:TRUE
basic_constraints_critical: true
key_usage:
- - critical
- digitalSignature
- cRLSign
- keyCertSign
+ key_usage_critical: true
- name: Generate root CA certificate
openssl_certificate:
@@ -34,19 +34,12 @@
path: "{{ certificates_local_dir }}/rootCA.crt"
csr_path: "{{ certificates_local_dir }}/rootCA.csr"
privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
- key_usage:
- - critical
- - digitalSignature
- - cRLSign
- - keyCertSign
- force: true
notify: Restart Docker
- name: Generate private Nexus key
openssl_privatekey:
path: "{{ certificates_local_dir }}/nexus_server.key"
size: 4096
- force: false
- name: Generate Nexus CSR (certificate signing request)
openssl_csr:
@@ -75,10 +68,3 @@
csr_path: "{{ certificates_local_dir }}/nexus_server.csr"
ownca_path: "{{ certificates_local_dir }}/rootCA.crt"
ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
- key_usage:
- - digitalSignature
- - nonRepudiation
- - keyEncipherment
- - dataEncipherment
- subject_alt_name:
- "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"