Sign upLogin

AutolabJS/AutolabJS

View on GitHub
Star
deploy/plays/keys.yml

Summary

Maintainability
Test Coverage
- hosts: machines
  tasks:

    - name: Create the required directories
      file:
        path: "{{ install_dir }}/{{ item }}"
        state: directory
        owner: "{{ ansible_user }}"
        mode: 0755
      with_items:
        - "deploy/RootCA/certs"
        - "deploy/keys/main_server"
        - "deploy/keys/load_balancer"
        - "deploy/keys/execution_nodes"
        - "deploy/keys/gitlab/ssl"
        - "deploy/keys/gitlab/load_balancer"
        - "deploy/keys/gitlab/execution_nodes"

    - name: Create a self signed root certificate
      # Create a random noise of 8192 bytes
      command: "openssl rand -out {{ install_dir }}/deploy/RootCA/randRootCA 8192"
      # Generate a private RSA key
    - command: "openssl genrsa \
                  -passout pass:{{ password }} \
                  -out {{ install_dir }}/deploy/RootCA/rootca_key.pem \
                  -aes256 \
                  2048 \
                  -rand {{ install_dir }}/deploy/RootCA/randRootCA"
    # Remove passphrase from key
    - command: "openssl rsa \
                  -in {{ install_dir }}/deploy/RootCA/rootca_key.pem \
                  -passin pass:{{ password }} \
                  -out {{ install_dir }}/deploy/RootCA/rootca_key.pem"

    #Generate Self Signed root Certificate
    - command: "openssl req -new \
                  -passout pass:{{ password }} \
                  -x509 \
                  -days 365 \
                  -key {{ install_dir }}/deploy/RootCA/rootca_key.pem \
                  -out {{ install_dir }}/deploy/RootCA/rootca_cert.pem \
                  -subj '/C={{ country }}\
                    /ST={{ state }}\
                    /L={{ locality }}\
                    /O={{ organization }}\
                    /OU={{ organizational_unit }}\
                    /CN={{ app_name }}\
                    /emailAddress={{ email }}'"

    - name: Create additional files for key generation
      file:
        path: "{{ install_dir }}/deploy/RootCA/certindex.txt"
        state: touch

    - copy:
        content: "1000"
        dest: "{{ install_dir }}/deploy/RootCA/serial"
        force: True

    - file:
        path: "{{ install_dir }}/deploy/RootCA/randRootCA"
        state: absent

    # Gitlab uses the same keys as that of main server and hence this step is brought here
    - name: Generate certificate for main server and gitlab
      include_tasks: tasks/createCert.yml
      vars:
        domain: "deploy/keys/main_server"
        common_name: "{{ organization }}"

    - name: Copy the certificates at the required locations
      copy:
        src: "{{ install_dir }}/deploy/keys/main_server/{{ item.src_name }}"
        dest: "{{ install_dir }}/deploy/keys/gitlab/ssl/{{ item.dest_name }}"
        mode: 0755
      with_items:
        - { src_name: key.pem, dest_name: localhost.key }
        - { src_name: cert.pem, dest_name: localhost.crt }
        - { src_name: csr.pem, dest_name: localhost.csr }

    - copy:
        src: "{{ install_dir }}/deploy/keys/main_server/"
        dest: "{{ install_dir }}/main_server/ssl/"
        mode: 0755