894f4912ac
implemented as a separate command (kolla-ansible octavia-certificates) Implements: blueprint implement-automatic-deploy-of-octavia Co-Authored-By: wu.chunyang <wuchunyang@yovole.com> Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com> Change-Id: I2c5b26ce9e363f35c523865904a582f7960aa682
30 lines
1.0 KiB
YAML
30 lines
1.0 KiB
YAML
---
|
|
|
|
- name: Generate server_ca private key
|
|
command: >
|
|
openssl genrsa -aes256 -out server_ca.key.pem
|
|
-passout pass:{{ octavia_ca_password }} 4096
|
|
args:
|
|
chdir: "{{ octavia_certs_work_dir }}/server_ca"
|
|
creates: "{{ octavia_certs_work_dir }}/server_ca/server_ca.key.pem"
|
|
|
|
- name: Create server_ca certificate
|
|
vars:
|
|
server_ca_subject:
|
|
C: "{{ octavia_certs_server_ca_country }}"
|
|
ST: "{{ octavia_certs_server_ca_state }}"
|
|
O: "{{ octavia_certs_server_ca_organization }}"
|
|
OU: "{{ octavia_certs_server_ca_organizational_unit }}"
|
|
CN: "{{ octavia_certs_server_ca_common_name }}"
|
|
command: >
|
|
openssl req -new -x509 -config ../openssl.cnf
|
|
-key server_ca.key.pem
|
|
-days {{ octavia_certs_server_ca_expiry }}
|
|
-out server_ca.cert.pem
|
|
-subj "/{{ server_ca_subject.items() | map('join', '=') | join('/') }}"
|
|
-passin pass:{{ octavia_ca_password }}
|
|
-batch
|
|
args:
|
|
chdir: "{{ octavia_certs_work_dir }}/server_ca"
|
|
creates: "{{ octavia_certs_work_dir }}/server_ca/server_ca.cert.pem"
|