kolla-ansible/ansible/roles/certificates/tasks/generate.yml

---
- name: Ensuring config directories exist
  become: true
  file:
    path: "{{ node_config_directory }}/{{ item }}"
    state: "directory"
    recurse: yes
  with_items:
    - "certificates/private"

- name: Creating SSL configuration file
  become: true
  template:
    src: "{{ item }}.j2"
    dest: "{{ node_config_directory }}/certificates/{{ item }}"
  with_items:
    - "openssl-kolla.cnf"

- name: Creating Key
  become: true
  command: creates="{{ item }}" openssl genrsa -out {{ item }}
  with_items:
    - "{{ node_config_directory }}/certificates/private/haproxy.key"

- name: Setting permissions on key
  become: true
  file:
    path: "{{ node_config_directory }}/certificates/private/haproxy.key"
    mode: 0600
    state: file

- name: Creating Server Certificate
  become: true
  command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
    -subj "/C=US/ST=NC/L=RTP/O=kolla/CN={{ kolla_external_fqdn }}" \
    -config {{ node_config_directory }}/certificates/openssl-kolla.cnf \
    -days 3650 \
    -extensions v3_req \
    -key {{ node_config_directory }}/certificates/private/haproxy.key \
    -out {{ item }}
  with_items:
    - "{{ node_config_directory }}/certificates/private/haproxy.crt"

- name: Creating CA Certificate File
  become: true
  copy:
    src: "{{ node_config_directory }}/certificates/private/haproxy.crt"
    dest: "{{ node_config_directory }}/certificates/haproxy-ca.crt"

- name: Creating Server PEM File
  become: true
  assemble:
    src: "{{ node_config_directory }}/certificates/private"
    dest: "{{ node_config_directory }}/certificates/haproxy.pem"
    mode: 0600