diff options
| -rw-r--r-- | xci/installer/osa/playbooks/configure-opnfvhost.yml | 45 | ||||
| -rw-r--r-- | xci/playbooks/configure-localhost.yml | 36 |
2 files changed, 30 insertions, 51 deletions
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml index 6c2b1d35..0e6fdd16 100644 --- a/xci/installer/osa/playbooks/configure-opnfvhost.yml +++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml @@ -123,6 +123,7 @@ - pyyaml - python-neutronclient - python-openstackclient + - pyOpenSSL - name: Install ARA callback plugin in OSA virtualenv pip: name: ara @@ -148,30 +149,26 @@ args: chdir: "{{openstack_osa_path}}/scripts" changed_when: True - - name: check if certificate directory /etc/ssl/certs exists already - stat: path=/etc/ssl/certs - register: check_etc_ssl_certs - - name: create certificate directory /etc/ssl/certs - file: - path: "/etc/ssl/certs" - state: directory - when: check_etc_ssl_certs.stat.exists == false - - name: create key directory /etc/ssl/private - file: - path: "/etc/ssl/private" - state: directory - - name: copy certificate to /etc/ssl/certs - copy: - src: "/etc/ssl/certs/xci.crt" - dest: "/etc/ssl/certs/" - - name: read remote key from /etc/ssl/private - set_fact: - xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}" - - name: copy key to /etc/ssl/private - copy: - content: "{{ xci_ssl_key }}" - dest: "/etc/ssl/private/xci.key" - become: true + + - name: Generate XCI private key + openssl_privatekey: + path: /etc/ssl/private/xci.key + size: 2048 + + - name: Generate XCI certificate request + openssl_csr: + privatekey_path: /etc/ssl/private/xci.key + path: /etc/ssl/private/xci.csr + common_name: "{{ xci_ssl_subject }}" + + - name: Generate XCI self signed certificate + openssl_certificate: + path: /etc/ssl/certs/xci.crt + privatekey_path: /etc/ssl/private/xci.key + csr_path: /etc/ssl/private/xci.csr + provider: selfsigned + selfsigned_not_after: 20800101000000Z + - name: fetch xci environment copy: src: "{{ xci_path }}/.cache/xci.env" diff --git a/xci/playbooks/configure-localhost.yml b/xci/playbooks/configure-localhost.yml index 1f010528..5f091c92 100644 --- a/xci/playbooks/configure-localhost.yml +++ b/xci/playbooks/configure-localhost.yml @@ -69,34 +69,16 @@ path: "{{log_path}}" state: directory recurse: no - - block: - - name: check if certificate directory /etc/ssl/certs exists already - stat: path=/etc/ssl/certs - register: check_etc_ssl_certs - - name: create certificate directory /etc/ssl/certs - become: true - file: - path: "/etc/ssl/certs" - state: directory - when: check_etc_ssl_certs.stat.exists == false - - name: create key directory /etc/ssl/private - become: true - file: - path: "/etc/ssl/private" - state: directory - - name: generate self signed certificate - command: openssl req -new -nodes -x509 -subj "{{ xci_ssl_subject }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca - become: true - - name: Synchronize local development OSA repository to XCI paths - # command module is much faster than the copy module - synchronize: - src: "{{ openstack_osa_dev_path }}" - dest: "{{ xci_cache }}/repos/openstack-ansible" - recursive: yes - delete: yes - when: - - openstack_osa_dev_path != "" + + - name: Synchronize local development OSA repository to XCI paths + # command module is much faster than the copy module + synchronize: + src: "{{ openstack_osa_dev_path }}" + dest: "{{ xci_cache }}/repos/openstack-ansible" + recursive: yes + delete: yes when: + - openstack_osa_dev_path != "" - installer_type == "osa" - name: Configure SSH key for local user |