blob: e8cececfbaec1185a17a721d752ffb9a8e2727b7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
---
- name: Checking for {{component}}.key
stat: path="{{generated_certs_dir}}/{{component}}.key"
register: key_file
check_mode: no
- name: Checking for {{component}}.crt
stat: path="{{generated_certs_dir}}/{{component}}.crt"
register: cert_file
check_mode: no
- name: Creating cert req for {{component}}
command: >
openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key
-subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes
when:
- not key_file.stat.exists
- cert_ext is defined
- cert_ext.stdout is defined
check_mode: no
- name: Creating cert req for {{component}}
command: >
openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key
-subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes
when:
- not key_file.stat.exists
- cert_ext is undefined or cert_ext is defined and cert_ext.stdout is undefined
check_mode: no
- name: Sign cert request with CA for {{component}}
command: >
openssl ca -in {{generated_certs_dir}}/{{component}}.csr -notext -out {{generated_certs_dir}}/{{component}}.crt
-config {{generated_certs_dir}}/signing.conf -extensions v3_req -batch -extensions server_ext
when:
- not cert_file.stat.exists
check_mode: no
|
