blob: 934b8b805d60cf97dd6f76cd6328ca6d140f4e57 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
---
- name: Ensure generated_certs directory present
file:
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
with_items: "{{ etcd_needing_server_certs | default([]) }}"
- name: Create the server csr
command: >
openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key
-config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}server.csr
-reqexts {{ etcd_req_ext }} -batch -nodes
-subj /CN={{ item.etcd_hostname }}
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'server.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
with_items: "{{ etcd_needing_server_certs | default([]) }}"
- name: Sign and create the server crt
command: >
openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}server.crt
-in {{ item.etcd_cert_prefix }}server.csr
-extensions {{ etcd_ca_exts_server }} -batch
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'server.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
with_items: "{{ etcd_needing_server_certs | default([]) }}"
- name: Create the peer csr
command: >
openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key
-config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}peer.csr
-reqexts {{ etcd_req_ext }} -batch -nodes
-subj /CN={{ item.etcd_hostname }}
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'peer.csr' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
with_items: "{{ etcd_needing_server_certs | default([]) }}"
- name: Sign and create the peer crt
command: >
openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}peer.crt
-in {{ item.etcd_cert_prefix }}peer.csr
-extensions {{ etcd_ca_exts_peer }} -batch
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'peer.crt' }}"
environment:
SAN: "IP:{{ item.etcd_ip }}"
with_items: "{{ etcd_needing_server_certs | default([]) }}"
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
with_items: "{{ etcd_needing_server_certs | default([]) }}"
|