kolla-ansible/ansible/roles/certificates/tasks/generate-backend.yml

---
- name: Ensuring private backend directory exist
  file:
    path: "{{ backend_dir }}"
    state: "directory"
    mode: "0770"

- name: Creating backend SSL configuration file
  template:
    src: "{{ item }}.j2"
    dest: "{{ kolla_certificates_dir }}/{{ item }}"
    mode: "0660"
  with_items:
    - "openssl-kolla-backend.cnf"

- name: Creating backend Server Certificate key
  command: >
    openssl genrsa
    -out "{{ backend_dir }}/backend.key" 2048    
  args:
    creates: "{{ kolla_tls_backend_key }}"

- name: Creating backend Server Certificate signing request
  command: >
    openssl req
    -new
    -key "{{ backend_dir }}/backend.key"
    -out "{{ backend_dir }}/backend.csr"
    -config "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
    -sha256    
  args:
    creates: "{{ backend_dir }}/backend.csr"

- name: Creating backend Server Certificate
  command: >
    openssl x509
    -req
    -in "{{ backend_dir }}/backend.csr"
    -CA "{{ root_dir }}/root.crt"
    -CAkey "{{ root_dir }}/root.key"
    -CAcreateserial
    -extensions v3_req
    -extfile "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
    -out "{{ backend_dir }}/backend.crt"
    -days 500
    -sha256    
  args:
    creates: "{{ backend_dir }}/backend.crt"

- name: Setting permissions on backend key
  file:
    path: "{{ backend_dir }}/backend.key"
    mode: "0660"
    state: file

- name: Copy backend cert to default configuration location
  copy:
    src: "{{ backend_dir }}/backend.crt"
    dest: "{{ kolla_certificates_dir }}/backend-cert.pem"
    mode: "0660"

- name: Copy backend key to default configuration location
  copy:
    src: "{{ backend_dir }}/backend.key"
    dest: "{{ kolla_certificates_dir }}/backend-key.pem"
    mode: "0660"

- name: Copy backend TLS certificate and key for RabbitMQ
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    remote_src: true
  with_items:
    - src: "{{ kolla_tls_backend_cert }}"
      dest: "{{ kolla_certificates_dir }}/rabbitmq-cert.pem"
    - src: "{{ kolla_tls_backend_key }}"
      dest: "{{ kolla_certificates_dir }}/rabbitmq-key.pem"
  when:
    - rabbitmq_enable_tls | bool