roles/etcd_certificates/tasks/server.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

---
- name: Ensure generated_certs directory present
  file:
    path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
    state: directory
    mode: 0700
  with_items: "{{ etcd_needing_server_certs | default([]) }}"

- name: Create the server csr
  command: >
    openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key
    -config {{ etcd_openssl_conf }}
    -out {{ item.etcd_cert_prefix }}server.csr
    -reqexts {{ etcd_req_ext }} -batch -nodes
    -subj /CN={{ item.etcd_hostname }}
  args:
    chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
    creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                 ~ item.etcd_cert_prefix ~ 'server.csr' }}"
  environment:
    SAN: "IP:{{ item.etcd_ip }}"
  with_items: "{{ etcd_needing_server_certs  | default([]) }}"

- name: Sign and create the server crt
  command: >
    openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
    -out {{ item.etcd_cert_prefix }}server.crt
    -in {{ item.etcd_cert_prefix }}server.csr
    -extensions {{ etcd_ca_exts_server }} -batch
  args:
    chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
    creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                 ~ item.etcd_cert_prefix ~ 'server.crt' }}"
  environment:
    SAN: "IP:{{ item.etcd_ip }}"
  with_items: "{{ etcd_needing_server_certs  | default([]) }}"

- name: Create the peer csr
  command: >
    openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key
    -config {{ etcd_openssl_conf }}
    -out {{ item.etcd_cert_prefix }}peer.csr
    -reqexts {{ etcd_req_ext }} -batch -nodes
    -subj /CN={{ item.etcd_hostname }}
  args:
    chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
    creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                 ~ item.etcd_cert_prefix ~ 'peer.csr' }}"
  environment:
    SAN: "IP:{{ item.etcd_ip }}"
  with_items: "{{ etcd_needing_server_certs | default([]) }}"

- name: Sign and create the peer crt
  command: >
    openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
    -out {{ item.etcd_cert_prefix }}peer.crt
    -in {{ item.etcd_cert_prefix }}peer.csr
    -extensions {{ etcd_ca_exts_peer }} -batch
  args:
    chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
    creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
                 ~ item.etcd_cert_prefix ~ 'peer.crt' }}"
  environment:
    SAN: "IP:{{ item.etcd_ip }}"
  with_items: "{{ etcd_needing_server_certs | default([]) }}"

- file:
    src: "{{ etcd_ca_cert }}"
    dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
    state: hard
  with_items: "{{ etcd_needing_server_certs | default([]) }}"