37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
- block:
|
|
- name: Generate directory for SSL certificate
|
|
file:
|
|
path: "{{ ssl_dir }}"
|
|
state: directory
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
become: yes
|
|
|
|
- name: Generate CA key and csr for fake https server
|
|
shell: openssl req -newkey rsa:2048 -nodes -subj "/CN=rootca" -keyout {{ ca_key }} -out {{ ca_csr }}
|
|
become: yes
|
|
|
|
- name: Generate CA certificate for fake https server
|
|
shell: openssl x509 -req -signkey {{ ca_key }} -days 10000 -in {{ ca_csr }} -out {{ ca_crt }}
|
|
become: yes
|
|
|
|
- name: Generate server key and csr for fake https server
|
|
shell: openssl req -newkey rsa:2048 -nodes -subj "/CN=localhost" -keyout {{ serv_key }} -out {{ serv_csr }}
|
|
become: yes
|
|
|
|
- name: Generate server certificate for fake https server
|
|
shell: openssl x509 -req -CA {{ ca_crt }} -CAkey {{ ca_key }} -CAcreateserial -days 10000 -in {{ serv_csr }} -out {{ serv_crt }}
|
|
become: yes
|
|
|
|
- name: Generate server pem file for fake https server
|
|
shell: cat {{ serv_key }} {{ serv_crt }} > {{ serv_pem }}
|
|
become: yes
|
|
|
|
- name: Update server pem file permission
|
|
shell: chmod 755 {{ serv_pem }}
|
|
become: yes
|
|
|
|
when:
|
|
- inventory_hostname == 'controller-tacker'
|