summaryrefslogtreecommitdiffstats
path: root/ansible
diff options
context:
space:
mode:
authorMichal Ptacek <m.ptacek@partner.samsung.com>2019-03-19 09:54:50 +0000
committerGerrit Code Review <gerrit@onap.org>2019-03-19 09:54:50 +0000
commit644d03aeb7e5e68187ab952c752b7d5e818864f7 (patch)
treee7972e1ac4012b67074c625c83ddd578a9977b2d /ansible
parentc3bdc3210bbaf715805059bfef9b182051b3aa0c (diff)
parent467c57ffcd6946c566046ab8042e14a2185e97fe (diff)
Merge "Change cert signing from command to module"
Diffstat (limited to 'ansible')
-rw-r--r--ansible/roles/certificates/tasks/generate-certificates.yml34
-rw-r--r--ansible/roles/certificates/templates/v3.ext.j29
2 files changed, 14 insertions, 29 deletions
diff --git a/ansible/roles/certificates/tasks/generate-certificates.yml b/ansible/roles/certificates/tasks/generate-certificates.yml
index ac8fe1e3..9bf75fff 100644
--- a/ansible/roles/certificates/tasks/generate-certificates.yml
+++ b/ansible/roles/certificates/tasks/generate-certificates.yml
@@ -66,25 +66,19 @@
extended_key_usage:
- serverAuth
subject_alt_name:
- "{{ simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
+ "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
-- name: Generate v3 extension config file
- template:
- src: v3.ext.j2
- dest: "{{ certificates_local_dir }}/v3.ext"
-
-# Signing certificate is added to Ansible in version 2.7 (release date 04.10.2018)
-# Currently using 2.6.3
- name: Sign Nexus certificate
- command: >
- openssl
- x509
- -req
- -in "{{ certificates_local_dir }}/nexus_server.csr"
- -extfile "{{ certificates_local_dir }}/v3.ext"
- -CA "{{ certificates_local_dir }}/rootCA.crt"
- -CAkey "{{ certificates_local_dir }}/rootCA.key"
- -CAcreateserial
- -out "{{ certificates_local_dir }}/nexus_server.crt"
- -days 3650
- -sha256
+ openssl_certificate:
+ provider: ownca
+ path: "{{ certificates_local_dir }}/nexus_server.crt"
+ csr_path: "{{ certificates_local_dir }}/nexus_server.csr"
+ ownca_path: "{{ certificates_local_dir }}/rootCA.crt"
+ ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key"
+ key_usage:
+ - digitalSignature
+ - nonRepudiation
+ - keyEncipherment
+ - dataEncipherment
+ subject_alt_name:
+ "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
diff --git a/ansible/roles/certificates/templates/v3.ext.j2 b/ansible/roles/certificates/templates/v3.ext.j2
deleted file mode 100644
index 7be946fd..00000000
--- a/ansible/roles/certificates/templates/v3.ext.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-authorityKeyIdentifier=keyid,issuer
-basicConstraints=CA:FALSE
-keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
-subjectAltName = @alt_names
-
-[alt_names]
-{% for name in all_simulated_hosts -%}
- DNS.{{ loop.index }} = {{ name }}
-{% endfor %}