summaryrefslogtreecommitdiffstats
path: root/xci
diff options
context:
space:
mode:
Diffstat (limited to 'xci')
-rw-r--r--xci/installer/osa/playbooks/configure-opnfvhost.yml45
-rw-r--r--xci/playbooks/configure-localhost.yml36
2 files changed, 30 insertions, 51 deletions
diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml
index 6c2b1d35..0e6fdd16 100644
--- a/xci/installer/osa/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml
@@ -123,6 +123,7 @@
- pyyaml
- python-neutronclient
- python-openstackclient
+ - pyOpenSSL
- name: Install ARA callback plugin in OSA virtualenv
pip:
name: ara
@@ -148,30 +149,26 @@
args:
chdir: "{{openstack_osa_path}}/scripts"
changed_when: True
- - name: check if certificate directory /etc/ssl/certs exists already
- stat: path=/etc/ssl/certs
- register: check_etc_ssl_certs
- - name: create certificate directory /etc/ssl/certs
- file:
- path: "/etc/ssl/certs"
- state: directory
- when: check_etc_ssl_certs.stat.exists == false
- - name: create key directory /etc/ssl/private
- file:
- path: "/etc/ssl/private"
- state: directory
- - name: copy certificate to /etc/ssl/certs
- copy:
- src: "/etc/ssl/certs/xci.crt"
- dest: "/etc/ssl/certs/"
- - name: read remote key from /etc/ssl/private
- set_fact:
- xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}"
- - name: copy key to /etc/ssl/private
- copy:
- content: "{{ xci_ssl_key }}"
- dest: "/etc/ssl/private/xci.key"
- become: true
+
+ - name: Generate XCI private key
+ openssl_privatekey:
+ path: /etc/ssl/private/xci.key
+ size: 2048
+
+ - name: Generate XCI certificate request
+ openssl_csr:
+ privatekey_path: /etc/ssl/private/xci.key
+ path: /etc/ssl/private/xci.csr
+ common_name: "{{ xci_ssl_subject }}"
+
+ - name: Generate XCI self signed certificate
+ openssl_certificate:
+ path: /etc/ssl/certs/xci.crt
+ privatekey_path: /etc/ssl/private/xci.key
+ csr_path: /etc/ssl/private/xci.csr
+ provider: selfsigned
+ selfsigned_not_after: 20800101000000Z
+
- name: fetch xci environment
copy:
src: "{{ xci_path }}/.cache/xci.env"
diff --git a/xci/playbooks/configure-localhost.yml b/xci/playbooks/configure-localhost.yml
index 1f010528..5f091c92 100644
--- a/xci/playbooks/configure-localhost.yml
+++ b/xci/playbooks/configure-localhost.yml
@@ -69,34 +69,16 @@
path: "{{log_path}}"
state: directory
recurse: no
- - block:
- - name: check if certificate directory /etc/ssl/certs exists already
- stat: path=/etc/ssl/certs
- register: check_etc_ssl_certs
- - name: create certificate directory /etc/ssl/certs
- become: true
- file:
- path: "/etc/ssl/certs"
- state: directory
- when: check_etc_ssl_certs.stat.exists == false
- - name: create key directory /etc/ssl/private
- become: true
- file:
- path: "/etc/ssl/private"
- state: directory
- - name: generate self signed certificate
- command: openssl req -new -nodes -x509 -subj "{{ xci_ssl_subject }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca
- become: true
- - name: Synchronize local development OSA repository to XCI paths
- # command module is much faster than the copy module
- synchronize:
- src: "{{ openstack_osa_dev_path }}"
- dest: "{{ xci_cache }}/repos/openstack-ansible"
- recursive: yes
- delete: yes
- when:
- - openstack_osa_dev_path != ""
+
+ - name: Synchronize local development OSA repository to XCI paths
+ # command module is much faster than the copy module
+ synchronize:
+ src: "{{ openstack_osa_dev_path }}"
+ dest: "{{ xci_cache }}/repos/openstack-ansible"
+ recursive: yes
+ delete: yes
when:
+ - openstack_osa_dev_path != ""
- installer_type == "osa"
- name: Configure SSH key for local user