kolla-ansible/ansible/roles/certificates/tasks/generate-libvirt.yml

---
- name: Ensuring private libvirt directory exist
  file:
    path: "{{ libvirt_dir }}"
    state: "directory"
    mode: "0770"

- name: Creating libvirt SSL configuration file
  template:
    src: "{{ item }}.j2"
    dest: "{{ kolla_certificates_dir }}/{{ item }}"
    mode: "0660"
  with_items:
    - "openssl-kolla-libvirt.cnf"

- name: Creating libvirt certificate key
  command: >
    openssl genrsa
    -out "{{ libvirt_dir }}/libvirt.key" 2048    
  args:
    creates: "{{ libvirt_dir }}/libvirt.key"

- name: Creating libvirt certificate signing request
  command: >
    openssl req
    -new
    -key "{{ libvirt_dir }}/libvirt.key"
    -out "{{ libvirt_dir }}/libvirt.csr"
    -config "{{ kolla_certificates_dir }}/openssl-kolla-libvirt.cnf"
    -sha256    
  args:
    creates: "{{ libvirt_dir }}/libvirt.csr"

- name: Creating libvirt certificate
  command: >
    openssl x509
    -req
    -in "{{ libvirt_dir }}/libvirt.csr"
    -CA "{{ root_dir }}/root.crt"
    -CAkey "{{ root_dir }}/root.key"
    -CAcreateserial
    -extensions v3_req
    -extfile "{{ kolla_certificates_dir }}/openssl-kolla-libvirt.cnf"
    -out "{{ libvirt_dir }}/libvirt.crt"
    -days 500
    -sha256    
  args:
    creates: "{{ libvirt_dir }}/libvirt.crt"

- name: Setting permissions on libvirt key
  file:
    path: "{{ libvirt_dir }}/libvirt.key"
    mode: "0660"
    state: file

- name: Ensure libvirt output directory exists
  file:
    path: "{{ certificates_libvirt_output_dir }}"
    state: directory
    mode: "0770"

- name: Copy libvirt root CA to default configuration location
  copy:
    src: "{{ root_dir }}/root.crt"
    dest: "{{ certificates_libvirt_output_dir }}/cacert.pem"
    mode: "0660"

- name: Copy libvirt cert to default configuration locations
  copy:
    src: "{{ libvirt_dir }}/libvirt.crt"
    dest: "{{ certificates_libvirt_output_dir }}/{{ item }}cert.pem"
    mode: "0660"
  loop:
    - server
    - client

- name: Copy libvirt key to default configuration locations
  copy:
    src: "{{ libvirt_dir }}/libvirt.key"
    dest: "{{ certificates_libvirt_output_dir }}/{{ item }}key.pem"
    mode: "0660"
  loop:
    - server
    - client