-
Notifications
You must be signed in to change notification settings - Fork 5
/
prepare_ssl.yml
62 lines (48 loc) · 2.2 KB
/
prepare_ssl.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
- name: create the necessary SSL certificates for servers
hosts: cmd
connection: local
sudo: false
tasks:
- name: create ldap server.cnf
template: src=ssl/ldap-server.cnf.j2 dest=ssl/ldap-server-{{ service_name }}.cnf
- name: generate LDAP CSR
command:
openssl req -new -config ldap-server-{{ service_name }}.cnf -keyout slapd-{{ service_name }}.key -out slapd-{{ service_name }}.csr
chdir=ssl
creates=slapd-{{ service_name }}.csr
- name: generate LDAP CRT
command:
openssl x509 -req -extfile ldap-server-{{ service_name }}.cnf -days 1000 -signkey slapd-{{ service_name }}.key -in slapd-{{ service_name }}.csr -extensions req_ext -out slapd-{{ service_name }}.crt
chdir=ssl
creates=slapd-{{ service_name }}.crt
- name: copy LDAP pem to LDAP role
copy:
src=ssl/slapd-{{ service_name }}.crt
dest=roles/ldap/files/etc/ssl/slapd-{{service_name }}.pem
- name: copy LDAP pem to owncloud role
copy:
src=ssl/slapd-{{ service_name }}.crt
dest=roles/owncloud/files/etc/ldap/ssl/slapd-{{service_name }}.pem
- name: copy LDAP key to LDAP role
copy:
src=ssl/slapd-{{ service_name }}.key
dest=roles/ldap/files/etc/ssl/slapd-{{service_name }}.key
- name: create lb server.cnf
template: src=ssl/lb-server.cnf.j2 dest=ssl/lb-server-{{ service_name }}.cnf
- name: generate LB CSR
command:
openssl req -new -config lb-server-{{ service_name }}.cnf -keyout lb-{{ service_name }}.key -out lb-{{ service_name }}.csr
chdir=ssl
creates=lb-{{ service_name }}.csr
- name: generate LB CRT
command:
openssl x509 -req -extfile lb-server-{{ service_name }}.cnf -days 1000 -signkey lb-{{ service_name }}.key -in lb-{{ service_name }}.csr -extensions req_ext -out lb-{{ service_name }}.crt
chdir=ssl
creates=lb-{{ service_name }}.crt
- name: contatenate PEM and KEY
shell: "chdir=ssl cat lb-{{ service_name }}.crt lb-{{ service_name }}.key > {{ service_name }}.crt"
- name: copy LB pem to HAPROXY role
copy:
src=ssl/{{ service_name }}.crt
dest=roles/haproxy/files/{{service_name }}.pem