From: Gaurav Agrawal Date: Mon, 2 Nov 2020 04:25:21 +0000 (+0000) Subject: Merge "eg_certs installation role added" X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=32b3d8699b040d34d64c3f5a6097eeb9b214234a;hp=e8dd6f7523a59c39eb9f573e5f44afb2dc327a6a;p=ealt-edge.git Merge "eg_certs installation role added" --- diff --git a/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml b/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml new file mode 100644 index 0000000..3dc7f8f --- /dev/null +++ b/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml @@ -0,0 +1,88 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Remove old dir + command: rm -rf /tmp/.mep_tmp_cer + args: + chdir: /tmp/ + +- name: Make dir + command: mkdir -p /tmp/.mep_tmp_cer + args: + chdir: /tmp/ + +- name: Openssl genrsa + command: openssl genrsa -out ca.key 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Opnessl req + # yamllint disable rule:line-length + command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Sing key with ca key and ca crt + command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl genrsa + command: openssl genrsa -out server_tls.key 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa mep tls + command: openssl rsa -in server_tls.key -aes256 -passout pass:{{ vardata.certspass.name}} -out server_encryptedtls.key + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl req new key mepserver tls key + # yamllint disable rule:line-length + command: openssl req -new -key server_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out server_tls.csr + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl mepserver tls csr + # yamllint disable rule:line-length + command: openssl x509 -req -in server_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out server_tls.crt + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl genrsa out + command: openssl genrsa -out jwt_privatekey 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa jwt privatekey + command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa jwt privatekey + command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa in jwt + command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.certspass.name}} -out jwt_encrypted_privatekey + args: + chdir: /tmp/.mep_tmp_cer/ diff --git a/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml b/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml new file mode 100644 index 0000000..b635196 --- /dev/null +++ b/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml @@ -0,0 +1,22 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_certs +- include: "install.yml" + static: false + when: operation == 'install'