---
-- name: Remove old dir
- command: rm -rf /tmp/.mep_tmp_cer
- args:
- chdir: /tmp/
+- name: Import config file
+ include_vars:
+ file: ../../../config.yml
+ name: vardata
-- name: Make dir
- command: mkdir -p /tmp/.mep_tmp_cer
+- name: Remove old ssl key dir
+ command: rm -rf /tmp/ssl-eg-keys-certs
args:
chdir: /tmp/
-- name: Openssl genrsa
- command: openssl genrsa -out ca.key 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Opnessl req
- # yamllint disable rule:line-length
- command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr
- # yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Sing key with ca key and ca crt
- command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl genrsa
- command: openssl genrsa -out server_tls.key 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa mep tls
- command: openssl rsa -in server_tls.key -aes256 -passout pass:{{ vardata.certspass.name}} -out server_encryptedtls.key
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl req new key mepserver tls key
- # yamllint disable rule:line-length
- command: openssl req -new -key server_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out server_tls.csr
- # yamllint disable rule:line-length
+- name: Make new ssl key dir
+ command: mkdir -p /tmp/ssl-eg-keys-certs
args:
- chdir: /tmp/.mep_tmp_cer/
+ chdir: /tmp/
-- name: Openssl mepserver tls csr
+- name: generate cert
# yamllint disable rule:line-length
- command: openssl x509 -req -in server_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out server_tls.crt
+ command: docker run -e CERT_VALIDITY_IN_DAYS={{ vardata.cert_validity_in_days.name}} -v /tmp/ssl-eg-keys-certs:/certs swr.ap-southeast-1.myhuaweicloud.com/edgegallery/deploy-tool:latest
# yamllint disable rule:line-length
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl genrsa out
- command: openssl genrsa -out jwt_privatekey 2048
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa jwt privatekey
- command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa jwt privatekey
- command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey
- args:
- chdir: /tmp/.mep_tmp_cer/
-
-- name: Openssl rsa in jwt
- command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.certspass.name}} -out jwt_encrypted_privatekey
- args:
- chdir: /tmp/.mep_tmp_cer/
Code Review / ealt-edge.git / blobdiff