Merge pull request #1528 from vishpat/nuage_rest_server_cert_changes

Changes required for Nuage monitor REST server

1 files changed, 46 insertions, 0 deletions

diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml
new file mode 100644
index 000000000..9cfa40b8a
--- /dev/null
+++ b/roles/nuage_ca/tasks/main.yaml
@@ -0,0 +1,46 @@
+---
+- name: Install openssl
+  action: "{{ ansible_pkg_mgr }} name=openssl state=present"
+  when: not openshift.common.is_atomic | bool
+
+- name: Create CA directory
+  file: path="{{ nuage_ca_dir }}" state=directory
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create certificate directory
+  file: path="{{ nuage_ca_master_crt_dir }}" state=directory
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Check if the CA key already exists
+  stat: path="{{ nuage_ca_key }}"
+  register: nuage_ca_key_check
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create CA key
+  command: openssl genrsa -out "{{ nuage_ca_key }}" 4096
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+  when: nuage_ca_key_check.stat.exists is defined and nuage_ca_key_check.stat.exists == False
+
+- name: Check if the CA crt already exists
+  stat: path="{{ nuage_ca_crt }}"
+  register: nuage_ca_crt_check
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create CA crt
+  command: openssl req -new -x509 -key "{{ nuage_ca_key }}" -out "{{ nuage_ca_crt }}" -subj "/CN=nuage-signer"
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+  when: nuage_ca_crt_check.stat.exists is defined and nuage_ca_crt_check.stat.exists == False
+
+- name: Create the serial file
+  copy: src=serial.txt dest="{{ nuage_ca_serial }}"
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy SSL config file
+  copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf" 
+  run_once: true
+  delegate_to: "{{ nuage_ca_master }}"