deploy/plays/keys.yml
- hosts: machines
tasks:
- name: Create the required directories
file:
path: "{{ install_dir }}/{{ item }}"
state: directory
owner: "{{ ansible_user }}"
mode: 0755
with_items:
- "deploy/RootCA/certs"
- "deploy/keys/main_server"
- "deploy/keys/load_balancer"
- "deploy/keys/execution_nodes"
- "deploy/keys/gitlab/ssl"
- "deploy/keys/gitlab/load_balancer"
- "deploy/keys/gitlab/execution_nodes"
- name: Create a self signed root certificate
# Create a random noise of 8192 bytes
command: "openssl rand -out {{ install_dir }}/deploy/RootCA/randRootCA 8192"
# Generate a private RSA key
- command: "openssl genrsa \
-passout pass:{{ password }} \
-out {{ install_dir }}/deploy/RootCA/rootca_key.pem \
-aes256 \
2048 \
-rand {{ install_dir }}/deploy/RootCA/randRootCA"
# Remove passphrase from key
- command: "openssl rsa \
-in {{ install_dir }}/deploy/RootCA/rootca_key.pem \
-passin pass:{{ password }} \
-out {{ install_dir }}/deploy/RootCA/rootca_key.pem"
#Generate Self Signed root Certificate
- command: "openssl req -new \
-passout pass:{{ password }} \
-x509 \
-days 365 \
-key {{ install_dir }}/deploy/RootCA/rootca_key.pem \
-out {{ install_dir }}/deploy/RootCA/rootca_cert.pem \
-subj '/C={{ country }}\
/ST={{ state }}\
/L={{ locality }}\
/O={{ organization }}\
/OU={{ organizational_unit }}\
/CN={{ app_name }}\
/emailAddress={{ email }}'"
- name: Create additional files for key generation
file:
path: "{{ install_dir }}/deploy/RootCA/certindex.txt"
state: touch
- copy:
content: "1000"
dest: "{{ install_dir }}/deploy/RootCA/serial"
force: True
- file:
path: "{{ install_dir }}/deploy/RootCA/randRootCA"
state: absent
# Gitlab uses the same keys as that of main server and hence this step is brought here
- name: Generate certificate for main server and gitlab
include_tasks: tasks/createCert.yml
vars:
domain: "deploy/keys/main_server"
common_name: "{{ organization }}"
- name: Copy the certificates at the required locations
copy:
src: "{{ install_dir }}/deploy/keys/main_server/{{ item.src_name }}"
dest: "{{ install_dir }}/deploy/keys/gitlab/ssl/{{ item.dest_name }}"
mode: 0755
with_items:
- { src_name: key.pem, dest_name: localhost.key }
- { src_name: cert.pem, dest_name: localhost.crt }
- { src_name: csr.pem, dest_name: localhost.csr }
- copy:
src: "{{ install_dir }}/deploy/keys/main_server/"
dest: "{{ install_dir }}/main_server/ssl/"
mode: 0755