From 2d74c25ebeacf0c693b473bd84c7b9326fa1e96a Mon Sep 17 00:00:00 2001 From: Bartek Grzybowski Date: Fri, 9 Apr 2021 13:31:47 +0200 Subject: [ANSIBLE 3.2.0] Upgrade 'certificates' role tasks to be ansible 3.2.0 compliant Change-Id: Id1d8da0a1dabdbe79cdb24179ddeff5564b00f17 Issue-ID: OOM-2722 Signed-off-by: Bartek Grzybowski --- .../roles/certificates/tasks/generate-certificates.yml | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/ansible/roles/certificates/tasks/generate-certificates.yml b/ansible/roles/certificates/tasks/generate-certificates.yml index 9bf75fff..43b774bc 100644 --- a/ansible/roles/certificates/tasks/generate-certificates.yml +++ b/ansible/roles/certificates/tasks/generate-certificates.yml @@ -20,13 +20,13 @@ country_name: "{{ certificates.country_name }}" locality_name: "{{ certificates.locality_name }}" basic_constraints: - - CA:true + - CA:TRUE basic_constraints_critical: true key_usage: - - critical - digitalSignature - cRLSign - keyCertSign + key_usage_critical: true - name: Generate root CA certificate openssl_certificate: @@ -34,19 +34,12 @@ path: "{{ certificates_local_dir }}/rootCA.crt" csr_path: "{{ certificates_local_dir }}/rootCA.csr" privatekey_path: "{{ certificates_local_dir }}/rootCA.key" - key_usage: - - critical - - digitalSignature - - cRLSign - - keyCertSign - force: true notify: Restart Docker - name: Generate private Nexus key openssl_privatekey: path: "{{ certificates_local_dir }}/nexus_server.key" size: 4096 - force: false - name: Generate Nexus CSR (certificate signing request) openssl_csr: @@ -75,10 +68,3 @@ csr_path: "{{ certificates_local_dir }}/nexus_server.csr" ownca_path: "{{ certificates_local_dir }}/rootCA.crt" ownca_privatekey_path: "{{ certificates_local_dir }}/rootCA.key" - key_usage: - - digitalSignature - - nonRepudiation - - keyEncipherment - - dataEncipherment - subject_alt_name: - "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}" -- cgit 1.2.3-korg