--- - name: Checking for {{component}}.key stat: path="{{generated_certs_dir}}/{{component}}.key" register: key_file check_mode: no - name: Checking for {{component}}.crt stat: path="{{generated_certs_dir}}/{{component}}.crt" register: cert_file check_mode: no - name: Creating cert req for {{component}} command: > openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key -subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes when: - not key_file.stat.exists - cert_ext is defined - cert_ext.stdout is defined check_mode: no - name: Creating cert req for {{component}} command: > openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key -subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes when: - not key_file.stat.exists - cert_ext is undefined or cert_ext is defined and cert_ext.stdout is undefined check_mode: no - name: Sign cert request with CA for {{component}} command: > openssl ca -in {{generated_certs_dir}}/{{component}}.csr -notext -out {{generated_certs_dir}}/{{component}}.crt -config {{generated_certs_dir}}/signing.conf -extensions v3_req -batch -extensions server_ext when: - not cert_file.stat.exists check_mode: no