--- - name: Ensuring private internal directory exist file: path: "{{ internal_dir }}" state: "directory" mode: "0770" - name: Ensuring private external directory exist file: path: "{{ external_dir }}" state: "directory" mode: "0770" - block: - name: Creating external SSL configuration file template: src: "{{ item }}.j2" dest: "{{ kolla_certificates_dir }}/{{ item }}" mode: "0660" with_items: - "openssl-kolla.cnf" - name: Creating external Server Certificate key command: > openssl genrsa -out "{{ external_dir }}/external.key" 2048 args: creates: "{{ external_dir }}/external.key" - name: Creating external Server Certificate signing request command: > openssl req -new -key "{{ external_dir }}/external.key" -out "{{ external_dir }}/external.csr" -config "{{ kolla_certificates_dir }}/openssl-kolla.cnf" -sha256 args: creates: "{{ external_dir }}/external.csr" - name: Creating external Server Certificate command: > openssl x509 -req -in "{{ external_dir }}/external.csr" -CA "{{ root_dir }}/root.crt" -CAkey "{{ root_dir }}/root.key" -CAcreateserial -out "{{ external_dir }}/external.crt" -days 365 -sha256 args: creates: "{{ external_dir }}/external.crt" - name: Setting permissions on external key file: path: "{{ external_dir }}/external.key" mode: "0660" state: file - name: Creating external Server PEM File assemble: regexp: \.(crt|key)$ src: "{{ external_dir }}" dest: "{{ kolla_external_fqdn_cert }}" mode: "0660" when: - kolla_enable_tls_external | bool - block: - name: Copy the external PEM file to be the internal when internal + external are same network copy: src: "{{ kolla_external_fqdn_cert }}" dest: "{{ kolla_internal_fqdn_cert }}" remote_src: yes mode: "0660" when: - kolla_enable_tls_external | bool - kolla_enable_tls_internal | bool - kolla_same_external_internal_vip | bool - block: - name: Creating internal SSL configuration file template: src: "{{ item }}.j2" dest: "{{ kolla_certificates_dir }}/{{ item }}" mode: "0660" with_items: - "openssl-kolla-internal.cnf" - name: Creating internal Server Certificate key command: > openssl genrsa -out "{{ internal_dir }}/internal.key" 2048 args: creates: "{{ internal_dir }}/internal.key" - name: Creating internal Server Certificate signing request command: > openssl req -new -key "{{ internal_dir }}/internal.key" -out "{{ internal_dir }}/internal.csr" -config "{{ kolla_certificates_dir }}/openssl-kolla-internal.cnf" -sha256 args: creates: "{{ internal_dir }}/internal.csr" - name: Creating internal Server Certificate command: > openssl x509 -req -in "{{ internal_dir }}/internal.csr" -CA "{{ root_dir }}/root.crt" -CAkey "{{ root_dir }}/root.key" -CAcreateserial -out "{{ internal_dir }}/internal.crt" -days 365 -sha256 args: creates: "{{ internal_dir }}/internal.crt" - name: Setting permissions on internal key file: path: "{{ internal_dir }}/internal.key" mode: "0660" state: file - name: Creating internal Server PEM File assemble: regexp: \.(crt|key)$ src: "{{ internal_dir }}" dest: "{{ kolla_internal_fqdn_cert }}" mode: "0660" when: - kolla_enable_tls_internal | bool - not kolla_same_external_internal_vip | bool