diff options
| author |   Fatih Degirmenci <fatih.degirmenci@ericsson.com> | 2017-09-15 04:22:56 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@opnfv.org> | 2017-09-15 04:22:56 +0000 |
| commit | 0c63da903cc5eefbdc7b796fa91b5887090f1f70 (patch) | |
| tree | e4a050c5510ad314a60b85b8fe4a8ff21cea1874 /xci/playbooks | |
| parent | 2357c9d195173cb7cdf57ffcbc7e92cea73e0ff1 (diff) | |
| parent | d08ce6dfd4df2574be8f69419f5e5c027cae6d2a (diff) | |
Merge "Generate and use certificates for OSA"
Diffstat (limited to 'xci/playbooks')
| -rw-r--r-- | xci/playbooks/configure-localhost.yml | 20 | ||||
| -rw-r--r-- | xci/playbooks/configure-opnfvhost.yml | 45 |
2 files changed, 64 insertions, 1 deletions
diff --git a/xci/playbooks/configure-localhost.yml b/xci/playbooks/configure-localhost.yml index 40147d31..2dfa0530 100644 --- a/xci/playbooks/configure-localhost.yml +++ b/xci/playbooks/configure-localhost.yml @@ -15,7 +15,7 @@ roles: - role: remove-folders - { role: clone-repository, project: "opnfv/releng-xci", repo: "{{ OPNFV_RELENG_GIT_URL }}", dest: "{{ OPNFV_RELENG_PATH }}", version: "{{ OPNFV_RELENG_VERSION }}" } - + - { role: clone-repository, project: "openstack/openstack-ansible-openstack_openrc", repo: "{{ OPENSTACK_OSA_OPENRC_GIT_URL }}", dest: "{{ OPENSTACK_OSA_OPENRC_PATH }}", version: "master" } - hosts: localhost connection: local gather_facts: false @@ -57,3 +57,21 @@ copy: src: "{{XCI_FLAVOR_ANSIBLE_FILE_PATH}}/flavor-vars.yml" dest: "{{OPNFV_RELENG_PATH}}/xci/var" +- hosts: localhost + connection: local + gather_facts: false + vars_files: + - ../var/{{ ansible_os_family }}.yml + - ../var/opnfv.yml + tasks: + - name: create certificate directory /etc/ssl/certs + file: + path: "/etc/ssl/certs" + state: directory + - name: create key directory /etc/ssl/private + file: + path: "/etc/ssl/private" + state: directory + - name: generate self signed certificate + command: openssl req -new -nodes -x509 -subj "{{ XCI_SSL_SUBJECT }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca + become: true diff --git a/xci/playbooks/configure-opnfvhost.yml b/xci/playbooks/configure-opnfvhost.yml index 7bc434d7..5beddcd7 100644 --- a/xci/playbooks/configure-opnfvhost.yml +++ b/xci/playbooks/configure-opnfvhost.yml @@ -97,6 +97,28 @@ command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml" args: chdir: "{{OPENSTACK_OSA_PATH}}/scripts" + - name: create certificate directory /etc/ssl/certs + file: + path: "/etc/ssl/certs" + state: directory + - name: create key directory /etc/ssl/private + file: + path: "/etc/ssl/private" + state: directory + - name: copy certificate to /etc/ssl/certs + copy: + src: "/etc/ssl/certs/xci.crt" + dest: "/etc/ssl/certs/" + become: true + - name: read remote key from /etc/ssl/private + set_fact: + xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}" + - name: copy key to /etc/ssl/private + copy: + content: "{{ xci_ssl_key }}" + dest: "/etc/ssl/private/xci.key" + become: true + - hosts: localhost remote_user: root vars_files: @@ -106,3 +128,26 @@ shell: "/bin/cat {{ OPNFV_SSH_HOST_KEYS_PATH }}/opnfv/root/.ssh/id_rsa.pub >> ../file/authorized_keys" - name: Append public keys to authorized_keys shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> ../file/authorized_keys" + +- hosts: opnfv + gather_facts: no + remote_user: root + vars_files: + - ../var/{{ ansible_os_family }}.yml + - ../var/flavor-vars.yml + - ../var/opnfv.yml + - "{{ XCI_FLAVOR_ANSIBLE_FILE_PATH }}/user_variables.yml" + roles: + - role: "openstack-ansible-openstack_openrc" + tasks: + - name: add extra insecure flag to generated openrc + blockinfile: + dest: "{{ ansible_env.HOME }}/openrc" + block: | + export OS_INSECURE=true + + - name: fetch generated openrc + fetch: + src: "{{ ansible_env.HOME }}/openrc" + dest: "{{ XCI_DEVEL_ROOT }}/" + flat: true |