Add support for setting extended key usage

This will be useful when you need to create a client certificate
for use with TLS live migration in NOva for example.
Also includes some linting fixes.

Change-Id: I1cc9f1938082a1dfe4b9ac55fd776b0ce7915efd

defaults/main.yml

@@ -142,4 +142,4 @@ pki_install_certificates: []
 #     mode: "0644"
 
 # method used to create the certificates
-pki_method: standalone
+pki_method: standalone

tasks/main_ca_install.yml

@@ -19,4 +19,4 @@
 
 - name: Install certificate authorities
   include_tasks: "{{ pki_method }}/install_ca.yml"
-  when: pki_install_ca | length > 0
+  when: pki_install_ca | length > 0

tasks/standalone/create_ca.yml

@@ -123,4 +123,4 @@
       copy:
         content: "{{ ca_cert_info | to_nice_yaml }}"
         dest: "{{ (ca_selfsigned_crt.filename | default(ca_ownca_crt.filename)) ~ '.info' }}"
-      when: ca_ownca_crt is changed or ca_selfsigned_crt is changed
+      when: ca_ownca_crt is changed or ca_selfsigned_crt is changed

tasks/standalone/create_cert.yml

@@ -35,6 +35,7 @@
         basic_constraints_critical: yes
         basic_constraints: "{{ cert.basic_constraints | default(omit) }}"
         key_usage: "{{ cert.key_usage | default(omit) }}"
+        extended_key_usage: "{{ cert.extended_key_usage | default(omit) }}"
         subject_alt_name: "{{ cert.san | default(omit) }}"
         country_name: "{{ ca.country_name | default(omit) }}"
         state_or_province_name: "{{ ca.state_or_province_name | default(omit) }}"
@@ -74,4 +75,4 @@
     - name: Create certificate chain for {{ cert.name }}
       shell:
         cmd: "cat {{ _cert_file }} {{ _ca_file }} > {{ _cert_chain_file }}"
-        creates: "{{ _cert_chain_file }}"
+        creates: "{{ _cert_chain_file }}"

tasks/standalone/install_ca.yml

@@ -35,4 +35,3 @@
   command: "{{ pki_ca_install_command[ansible_facts['pkg_mgr']] }}"
   when:
     - ca_copy is changed
-