kolla-ansible/ansible/roles/certificates/tasks/generate.yml

---
- name: Ensuring config directories exist
  become: true
  file:
    path: "{{ certificates_dir }}/private"
    state: "directory"
    recurse: yes

- name: Creating SSL configuration file
  become: true
  template:
    src: "{{ item }}.j2"
    dest: "{{ certificates_dir }}/{{ item }}"
  with_items:
    - "openssl-kolla.cnf"

- name: Creating Key
  become: true
  command: creates="{{ item }}" openssl genrsa -out {{ item }}
  with_items:
    - "{{ certificates_dir }}/private/haproxy.key"

- name: Setting permissions on key
  become: true
  file:
    path: "{{ certificates_dir }}/private/haproxy.key"
    mode: 0600
    state: file

- name: Creating Server Certificate
  become: true
  command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
    -subj "/C=US/ST=NC/L=RTP/O=kolla/CN={{ kolla_external_fqdn }}" \
    -config {{ certificates_dir }}/openssl-kolla.cnf \
    -days 3650 \
    -extensions v3_req \
    -key {{ certificates_dir }}/private/haproxy.key \
    -out {{ item }}
  with_items:
    - "{{ certificates_dir }}/private/haproxy.crt"

- name: Creating CA Certificate File
  become: true
  copy:
    src: "{{ certificates_dir }}/private/haproxy.crt"
    dest: "{{ kolla_external_fqdn_cacert }}"

- name: Creating Server PEM File
  become: true
  assemble:
    src: "{{ certificates_dir }}/private"
    dest: "{{ kolla_external_fqdn_cert }}"
    mode: 0600