From c16a92f804518fae19294280a9bd1d57976253ff Mon Sep 17 00:00:00 2001
From: Vishal Patil <vishal.patil@nuagenetworks.net>
Date: Tue, 1 Mar 2016 13:07:33 -0500
Subject: Changes required for Nuage monitor REST server

---
 roles/nuage_ca/files/openssl.cnf |  3 +++
 roles/nuage_ca/files/serial.txt  |  1 +
 roles/nuage_ca/meta/main.yml     | 16 ++++++++++++++
 roles/nuage_ca/tasks/main.yaml   | 46 ++++++++++++++++++++++++++++++++++++++++
 roles/nuage_ca/vars/main.yaml    |  0
 5 files changed, 66 insertions(+)
 create mode 100644 roles/nuage_ca/files/openssl.cnf
 create mode 100644 roles/nuage_ca/files/serial.txt
 create mode 100644 roles/nuage_ca/meta/main.yml
 create mode 100644 roles/nuage_ca/tasks/main.yaml
 create mode 100644 roles/nuage_ca/vars/main.yaml

(limited to 'roles/nuage_ca')

diff --git a/roles/nuage_ca/files/openssl.cnf b/roles/nuage_ca/files/openssl.cnf
new file mode 100644
index 000000000..7d1a29a79
--- /dev/null
+++ b/roles/nuage_ca/files/openssl.cnf
@@ -0,0 +1,3 @@
+[ clientauth ]
+basicConstraints=CA:FALSE
+extendedKeyUsage=critical,clientAuth
diff --git a/roles/nuage_ca/files/serial.txt b/roles/nuage_ca/files/serial.txt
new file mode 100644
index 000000000..4daddb72f
--- /dev/null
+++ b/roles/nuage_ca/files/serial.txt
@@ -0,0 +1 @@
+00
diff --git a/roles/nuage_ca/meta/main.yml b/roles/nuage_ca/meta/main.yml
new file mode 100644
index 000000000..2b06613f3
--- /dev/null
+++ b/roles/nuage_ca/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+  author: Vishal Patil 
+  description:
+  company: Nuage Networks
+  license: Apache License, Version 2.0
+  min_ansible_version: 1.8
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+  - system
+dependencies:
+- { role: nuage_common }
diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml
new file mode 100644
index 000000000..9cfa40b8a
--- /dev/null
+++ b/roles/nuage_ca/tasks/main.yaml
@@ -0,0 +1,46 @@
+---
+- name: Install openssl
+  action: "{{ ansible_pkg_mgr }} name=openssl state=present"
+  when: not openshift.common.is_atomic | bool
+
+- name: Create CA directory
+  file: path="{{ nuage_ca_dir }}" state=directory
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create certificate directory
+  file: path="{{ nuage_ca_master_crt_dir }}" state=directory
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Check if the CA key already exists
+  stat: path="{{ nuage_ca_key }}"
+  register: nuage_ca_key_check
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create CA key
+  command: openssl genrsa -out "{{ nuage_ca_key }}" 4096
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+  when: nuage_ca_key_check.stat.exists is defined and nuage_ca_key_check.stat.exists == False
+
+- name: Check if the CA crt already exists
+  stat: path="{{ nuage_ca_crt }}"
+  register: nuage_ca_crt_check
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create CA crt
+  command: openssl req -new -x509 -key "{{ nuage_ca_key }}" -out "{{ nuage_ca_crt }}" -subj "/CN=nuage-signer"
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+  when: nuage_ca_crt_check.stat.exists is defined and nuage_ca_crt_check.stat.exists == False
+
+- name: Create the serial file
+  copy: src=serial.txt dest="{{ nuage_ca_serial }}"
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy SSL config file
+  copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf" 
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_ca/vars/main.yaml b/roles/nuage_ca/vars/main.yaml
new file mode 100644
index 000000000..e69de29bb
-- 
cgit v1.2.3