X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ocd%2Finfra%2Fplaybooks%2Froles%2Feg_certs%2Ftasks%2Finstall.yml;h=1aa05cf208445d3a76404539e68f7a4cc45fa86a;hb=3c1bb1c727ca416486ab96384557ee3d12acf1e9;hp=3dc7f8f0d3c07f6585f3b4d95e4caaeeb00dc7c9;hpb=863866ef8fcf7104d01981dc79c4751af8a34d44;p=ealt-edge.git diff --git a/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml b/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml index 3dc7f8f..1aa05cf 100644 --- a/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml +++ b/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml @@ -16,73 +16,22 @@ --- -- name: Remove old dir - command: rm -rf /tmp/.mep_tmp_cer - args: - chdir: /tmp/ +- name: Import config file + include_vars: + file: ../../../config.yml + name: vardata -- name: Make dir - command: mkdir -p /tmp/.mep_tmp_cer +- name: Remove old ssl key dir + command: rm -rf /tmp/ssl-eg-keys-certs args: chdir: /tmp/ -- name: Openssl genrsa - command: openssl genrsa -out ca.key 2048 - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Opnessl req - # yamllint disable rule:line-length - command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr - # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Sing key with ca key and ca crt - command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl genrsa - command: openssl genrsa -out server_tls.key 2048 - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl rsa mep tls - command: openssl rsa -in server_tls.key -aes256 -passout pass:{{ vardata.certspass.name}} -out server_encryptedtls.key - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl req new key mepserver tls key - # yamllint disable rule:line-length - command: openssl req -new -key server_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out server_tls.csr - # yamllint disable rule:line-length +- name: Make new ssl key dir + command: mkdir -p /tmp/ssl-eg-keys-certs args: - chdir: /tmp/.mep_tmp_cer/ + chdir: /tmp/ -- name: Openssl mepserver tls csr +- name: generate cert # yamllint disable rule:line-length - command: openssl x509 -req -in server_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out server_tls.crt + command: docker run -e CERT_VALIDITY_IN_DAYS=365 -v /tmp/ssl-eg-keys-certs:/certs {{ vardata.private_repo_ip.name}}:{{ vardata.docker_registry_port.name}}/edgegallery/deploy-tool:latest # yamllint disable rule:line-length - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl genrsa out - command: openssl genrsa -out jwt_privatekey 2048 - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl rsa jwt privatekey - command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl rsa jwt privatekey - command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey - args: - chdir: /tmp/.mep_tmp_cer/ - -- name: Openssl rsa in jwt - command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.certspass.name}} -out jwt_encrypted_privatekey - args: - chdir: /tmp/.mep_tmp_cer/