blob: 14ffdc51fe744234b6e4127139673d5390fcfda9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
---
- debug: msg="certs are {{chain_certs}} and oid is {{oid}}"
when: chain_certs is defined and oid is defined
- debug: msg="certs are {{chain_certs}}"
when: chain_certs is defined and oid is undefined
- name: Build extensions with certs
shell: echo "{{chain_certs}}{{ (oid) | ternary(',oid:1.2.3.4.5.5','') }}"
register: cert_ext
when: chain_certs is defined and oid is defined
check_mode: no
- debug: msg="extensions are {{cert_ext.stdout}}"
when: cert_ext.stdout is defined
- shell: >
echo {{ (cert_ext.stdout is defined) | ternary( '-ext san=dns:localhost,ip:127.0.0.1','') }}{{ (cert_ext.stdout is defined) | ternary( cert_ext.stdout, '') }}
register: extensions
check_mode: no
- name: Checking for {{component}}.jks ...
stat: path="{{generated_certs_dir}}/{{component}}.jks"
register: jks_file
check_mode: no
- name: Checking for truststore...
stat: path="{{generated_certs_dir}}/truststore.jks"
register: jks_truststore
check_mode: no
- block:
- shell: >
keytool -genkey -alias {{component}} -keystore {{generated_certs_dir}}/{{component}}.jks -keypass kspass -storepass kspass
-keyalg RSA -keysize 2048 -validity 712 -dname "CN={{component}}, OU=OpenShift, O=Logging" {{extensions.stdout}}
- shell: >
keytool -certreq -alias {{component}} -keystore {{generated_certs_dir}}/{{component}}.jks -storepass kspass
-file {{generated_certs_dir}}/{{component}}-jks.csr -keyalg RSA -dname "CN={{component}}, OU=OpenShift, O=Logging" {{extensions.stdout}}
- shell: >
openssl ca -in {{generated_certs_dir}}/{{component}}-jks.csr -notext -out {{generated_certs_dir}}/{{component}}-jks.crt
-config {{generated_certs_dir}}/signing.conf -extensions v3_req -batch -extensions server_ext
- shell: >
keytool -import -file {{generated_certs_dir}}/ca.crt -keystore {{generated_certs_dir}}/{{component}}.jks
-storepass kspass -noprompt -alias sig-ca
- shell: >
keytool -import -file {{generated_certs_dir}}/{{component}}-jks.crt -keystore {{generated_certs_dir}}/{{component}}.jks
-storepass kspass -noprompt -alias {{component}}
when: not jks_file.stat.exists
check_mode: no
- block:
- shell: >
keytool -import -file {{generated_certs_dir}}/ca.crt -keystore {{generated_certs_dir}}/truststore.jks -storepass tspass -noprompt -alias sig-ca
when: not jks_truststore.stat.exists
check_mode: no
|