From f51994f014b06b8be23c08f45311a2a96c8cc03a Mon Sep 17 00:00:00 2001 From: arvindpatel Date: Wed, 28 Oct 2020 17:48:34 +0530 Subject: [PATCH] eg_certs installation role added Signed-off-by: arvindpatel Change-Id: I75b0832f9de46f1614da660357ec2f53c0144830 --- .../playbooks/roles/eg_certs/tasks/install.yml | 88 ++++++++++++++++++++++ ocd/infra/playbooks/roles/eg_certs/tasks/main.yml | 22 ++++++ 2 files changed, 110 insertions(+) create mode 100644 ocd/infra/playbooks/roles/eg_certs/tasks/install.yml create mode 100644 ocd/infra/playbooks/roles/eg_certs/tasks/main.yml diff --git a/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml b/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml new file mode 100644 index 0000000..3dc7f8f --- /dev/null +++ b/ocd/infra/playbooks/roles/eg_certs/tasks/install.yml @@ -0,0 +1,88 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +- name: Remove old dir + command: rm -rf /tmp/.mep_tmp_cer + args: + chdir: /tmp/ + +- name: Make dir + command: mkdir -p /tmp/.mep_tmp_cer + args: + chdir: /tmp/ + +- name: Openssl genrsa + command: openssl genrsa -out ca.key 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Opnessl req + # yamllint disable rule:line-length + command: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=edgegallery/CN=edgegallery -out ca.csr + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Sing key with ca key and ca crt + command: openssl x509 -req -days 365 -in ca.csr -extensions v3_ca -signkey ca.key -out ca.crt + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl genrsa + command: openssl genrsa -out server_tls.key 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa mep tls + command: openssl rsa -in server_tls.key -aes256 -passout pass:{{ vardata.certspass.name}} -out server_encryptedtls.key + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl req new key mepserver tls key + # yamllint disable rule:line-length + command: openssl req -new -key server_tls.key -subj /C=CN/ST=Beijing/L=Beijing/O=edgegallery/CN=edgegallery -out server_tls.csr + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl mepserver tls csr + # yamllint disable rule:line-length + command: openssl x509 -req -in server_tls.csr -extensions v3_req -CA ca.crt -CAkey ca.key -CAcreateserial -out server_tls.crt + # yamllint disable rule:line-length + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl genrsa out + command: openssl genrsa -out jwt_privatekey 2048 + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa jwt privatekey + command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa jwt privatekey + command: openssl rsa -in jwt_privatekey -pubout -out jwt_publickey + args: + chdir: /tmp/.mep_tmp_cer/ + +- name: Openssl rsa in jwt + command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.certspass.name}} -out jwt_encrypted_privatekey + args: + chdir: /tmp/.mep_tmp_cer/ diff --git a/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml b/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml new file mode 100644 index 0000000..b635196 --- /dev/null +++ b/ocd/infra/playbooks/roles/eg_certs/tasks/main.yml @@ -0,0 +1,22 @@ +# +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +--- + +# tasks file for eg_certs +- include: "install.yml" + static: false + when: operation == 'install' -- 2.16.6