aac03ceffc
Provide the option to verify the SSL certificate when accessing an external server from Tacker. Several parameters have been added to config to allow verification of SSL certificates when accessing external NFVO servers, heat servers, and notification endpoints from Tacker. Implements: blueprint enhance-http-client Change-Id: I55b2b53cfe0dc794040d0e46ac13a20524b1d9f0
37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
- block:
|
|
- name: Generate directory for SSL certificate
|
|
file:
|
|
path: "{{ ssl_dir }}"
|
|
state: directory
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
become: yes
|
|
|
|
- name: Generate CA key and csr for fake https server
|
|
shell: openssl req -newkey rsa:2048 -nodes -subj "/CN=rootca" -keyout {{ ca_key }} -out {{ ca_csr }}
|
|
become: yes
|
|
|
|
- name: Generate CA certificate for fake https server
|
|
shell: openssl x509 -req -signkey {{ ca_key }} -days 10000 -in {{ ca_csr }} -out {{ ca_crt }}
|
|
become: yes
|
|
|
|
- name: Generate server key and csr for fake https server
|
|
shell: openssl req -newkey rsa:2048 -nodes -subj "/CN=localhost" -keyout {{ serv_key }} -out {{ serv_csr }}
|
|
become: yes
|
|
|
|
- name: Generate server certificate for fake https server
|
|
shell: openssl x509 -req -CA {{ ca_crt }} -CAkey {{ ca_key }} -CAcreateserial -days 10000 -in {{ serv_csr }} -out {{ serv_crt }}
|
|
become: yes
|
|
|
|
- name: Generate server pem file for fake https server
|
|
shell: cat {{ serv_key }} {{ serv_crt }} > {{ serv_pem }}
|
|
become: yes
|
|
|
|
- name: Update server pem file permission
|
|
shell: chmod 755 {{ serv_pem }}
|
|
become: yes
|
|
|
|
when:
|
|
- inventory_hostname == 'controller-tacker'
|