summaryrefslogtreecommitdiffstats
path: root/roles/nuage_ca
diff options
context:
space:
mode:
Diffstat (limited to 'roles/nuage_ca')
-rw-r--r--roles/nuage_ca/files/openssl.cnf3
-rw-r--r--roles/nuage_ca/files/serial.txt1
-rw-r--r--roles/nuage_ca/meta/main.yml16
-rw-r--r--roles/nuage_ca/tasks/main.yaml46
-rw-r--r--roles/nuage_ca/vars/main.yaml0
5 files changed, 66 insertions, 0 deletions
diff --git a/roles/nuage_ca/files/openssl.cnf b/roles/nuage_ca/files/openssl.cnf
new file mode 100644
index 000000000..7d1a29a79
--- /dev/null
+++ b/roles/nuage_ca/files/openssl.cnf
@@ -0,0 +1,3 @@
+[ clientauth ]
+basicConstraints=CA:FALSE
+extendedKeyUsage=critical,clientAuth
diff --git a/roles/nuage_ca/files/serial.txt b/roles/nuage_ca/files/serial.txt
new file mode 100644
index 000000000..4daddb72f
--- /dev/null
+++ b/roles/nuage_ca/files/serial.txt
@@ -0,0 +1 @@
+00
diff --git a/roles/nuage_ca/meta/main.yml b/roles/nuage_ca/meta/main.yml
new file mode 100644
index 000000000..2b06613f3
--- /dev/null
+++ b/roles/nuage_ca/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Vishal Patil
+ description:
+ company: Nuage Networks
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: nuage_common }
diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml
new file mode 100644
index 000000000..9cfa40b8a
--- /dev/null
+++ b/roles/nuage_ca/tasks/main.yaml
@@ -0,0 +1,46 @@
+---
+- name: Install openssl
+ action: "{{ ansible_pkg_mgr }} name=openssl state=present"
+ when: not openshift.common.is_atomic | bool
+
+- name: Create CA directory
+ file: path="{{ nuage_ca_dir }}" state=directory
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create certificate directory
+ file: path="{{ nuage_ca_master_crt_dir }}" state=directory
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Check if the CA key already exists
+ stat: path="{{ nuage_ca_key }}"
+ register: nuage_ca_key_check
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create CA key
+ command: openssl genrsa -out "{{ nuage_ca_key }}" 4096
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+ when: nuage_ca_key_check.stat.exists is defined and nuage_ca_key_check.stat.exists == False
+
+- name: Check if the CA crt already exists
+ stat: path="{{ nuage_ca_crt }}"
+ register: nuage_ca_crt_check
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create CA crt
+ command: openssl req -new -x509 -key "{{ nuage_ca_key }}" -out "{{ nuage_ca_crt }}" -subj "/CN=nuage-signer"
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+ when: nuage_ca_crt_check.stat.exists is defined and nuage_ca_crt_check.stat.exists == False
+
+- name: Create the serial file
+ copy: src=serial.txt dest="{{ nuage_ca_serial }}"
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy SSL config file
+ copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf"
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_ca/vars/main.yaml b/roles/nuage_ca/vars/main.yaml
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/roles/nuage_ca/vars/main.yaml
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-29 11:06:54 +0000