From bae55b8a8d7ecbbc8da20b728951ebc290245cf9 Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Fri, 6 Apr 2018 10:29:02 +0100 Subject: xci: osa: Move SSL certification tasks to a new file The tasks for creating and managing the XCI SSL certificates can be shared between installers so move them to a common file. Change-Id: I9df82517e737681420429a992aa8d68e78528fd4 Signed-off-by: Markos Chandras --- .../osa/playbooks/configure-opnfvhost.yml | 23 +++------------- xci/playbooks/manage-ssl-certs.yml | 32 ++++++++++++++++++++++ 2 files changed, 36 insertions(+), 19 deletions(-) create mode 100644 xci/playbooks/manage-ssl-certs.yml diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml index 35b17e55..3dcdaa60 100644 --- a/xci/installer/osa/playbooks/configure-opnfvhost.yml +++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml @@ -127,7 +127,6 @@ - pyyaml - python-neutronclient - python-openstackclient - - pyOpenSSL - name: Install ARA callback plugin in OSA virtualenv pip: name: ara @@ -154,24 +153,10 @@ chdir: "{{openstack_osa_path}}/scripts" changed_when: True - - name: Generate XCI private key - openssl_privatekey: - path: /etc/ssl/private/xci.key - size: 2048 - - - name: Generate XCI certificate request - openssl_csr: - privatekey_path: /etc/ssl/private/xci.key - path: /etc/ssl/private/xci.csr - common_name: "{{ xci_ssl_subject }}" - - - name: Generate XCI self signed certificate - openssl_certificate: - path: /etc/ssl/certs/xci.crt - privatekey_path: /etc/ssl/private/xci.key - csr_path: /etc/ssl/private/xci.csr - provider: selfsigned - selfsigned_not_after: 20800101000000Z + - name: Configure SSL certificates + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml" + vars: + extra_args: "-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt" - name: fetch xci environment copy: diff --git a/xci/playbooks/manage-ssl-certs.yml b/xci/playbooks/manage-ssl-certs.yml new file mode 100644 index 00000000..d0c5c518 --- /dev/null +++ b/xci/playbooks/manage-ssl-certs.yml @@ -0,0 +1,32 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 SUSE Linux GmbH and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- name: Install required pip packages for SSL + pip: + name: pyOpenSSL + state: present + extra_args: "{{ extra_args | default(omit) }}" + +- name: Generate XCI private key + openssl_privatekey: + path: /etc/ssl/private/xci.key + size: 2048 + +- name: Generate XCI certificate request + openssl_csr: + privatekey_path: /etc/ssl/private/xci.key + path: /etc/ssl/private/xci.csr + common_name: "{{ xci_ssl_subject }}" + +- name: Generate XCI self signed certificate + openssl_certificate: + path: /etc/ssl/certs/xci.crt + privatekey_path: /etc/ssl/private/xci.key + csr_path: /etc/ssl/private/xci.csr + provider: selfsigned + selfsigned_not_after: 20800101000000Z -- cgit 1.2.3-korg