danpawlik/generate-self-singed-cert-ansible.yaml

## generate-self-singed-cert-ansible.yaml
---

- name: Generate self signed certs
  hosts: localhost
  vars:
    ssl_path: /tmp/ssl
    org_name: SoftwareFactory
    organizational_unit_name: Test
    common_name: sftests.com
    common_name_alt: gerrit.sftests.com
    country_name: PL
    state_or_province_name: Dolnoslaskie
    locality_name: Wroclaw
  tasks:
    - name: Install required packages
      become: true
      package:
        name:
          - openssl
          - python3-cryptography
        state: present

    - name: Create required directories
      ansible.builtin.file:
        path: "{{ ssl_path }}"
        state: directory

    ### CA ###
    - name: Gen CA privkey
      openssl_privatekey:
        path: "{{ ssl_path }}/localCA.key"

    - name: Generate CA csr
      openssl_csr:
        path: "{{ ssl_path }}/localCA.csr"
        privatekey_path: "{{ ssl_path }}/localCA.key"
        country_name: "{{ country_name }}"
        organization_name: "{{ org_name }}"
        common_name: "{{ common_name }}"

    - name: Generate selfsigned CA certificate
      openssl_certificate:
        path: "{{ ssl_path }}/localCA.pem"
        csr_path: "{{ ssl_path }}/localCA.csr"
        privatekey_path: "{{ ssl_path }}/localCA.key"
        provider: selfsigned
        selfsigned_digest: sha256

    ### Client ###
    - name: Gen privkey - client
      openssl_privatekey:
        path: "{{ ssl_path }}/ssl.key"

    - name: Generate Openssl CSR - client
      openssl_csr:
        path: "{{ ssl_path }}/ssl.csr"
        privatekey_path: "{{ ssl_path }}/ssl.key"
        common_name: "{{ common_name }}"
        country_name: "{{ country_name }}"
        state_or_province_name: "{{ state_or_province_name }}"
        locality_name: "{{ locality_name }}"
        organization_name: "{{ org_name }}"
        organizational_unit_name: "{{ organizational_unit_name }}"
        subject_alt_name:
          - "DNS:{{ common_name_alt }}"
        subject_alt_name_critical: true

    - name: Generate a self signed cert - client
      openssl_certificate:
        path: "{{ ssl_path }}/ssl.crt"
        csr_path: "{{ ssl_path }}/ssl.csr"
        ownca_path: "{{ ssl_path }}/localCA.pem"
        ownca_privatekey_path: "{{ ssl_path }}/localCA.key"
        provider: ownca
	---

	- name: Generate self signed certs
	hosts: localhost
	vars:
	ssl_path: /tmp/ssl
	org_name: SoftwareFactory
	organizational_unit_name: Test
	common_name: sftests.com
	common_name_alt: gerrit.sftests.com
	country_name: PL
	state_or_province_name: Dolnoslaskie
	locality_name: Wroclaw
	tasks:
	- name: Install required packages
	become: true
	package:
	name:
	- openssl
	- python3-cryptography
	state: present

	- name: Create required directories
	ansible.builtin.file:
	path: "{{ ssl_path }}"
	state: directory

	### CA ###
	- name: Gen CA privkey
	openssl_privatekey:
	path: "{{ ssl_path }}/localCA.key"

	- name: Generate CA csr
	openssl_csr:
	path: "{{ ssl_path }}/localCA.csr"
	privatekey_path: "{{ ssl_path }}/localCA.key"
	country_name: "{{ country_name }}"
	organization_name: "{{ org_name }}"
	common_name: "{{ common_name }}"

	- name: Generate selfsigned CA certificate
	openssl_certificate:
	path: "{{ ssl_path }}/localCA.pem"
	csr_path: "{{ ssl_path }}/localCA.csr"
	privatekey_path: "{{ ssl_path }}/localCA.key"
	provider: selfsigned
	selfsigned_digest: sha256

	### Client ###
	- name: Gen privkey - client
	openssl_privatekey:
	path: "{{ ssl_path }}/ssl.key"

	- name: Generate Openssl CSR - client
	openssl_csr:
	path: "{{ ssl_path }}/ssl.csr"
	privatekey_path: "{{ ssl_path }}/ssl.key"
	common_name: "{{ common_name }}"
	country_name: "{{ country_name }}"
	state_or_province_name: "{{ state_or_province_name }}"
	locality_name: "{{ locality_name }}"
	organization_name: "{{ org_name }}"
	organizational_unit_name: "{{ organizational_unit_name }}"
	subject_alt_name:
	- "DNS:{{ common_name_alt }}"
	subject_alt_name_critical: true

	- name: Generate a self signed cert - client
	openssl_certificate:
	path: "{{ ssl_path }}/ssl.crt"
	csr_path: "{{ ssl_path }}/ssl.csr"
	ownca_path: "{{ ssl_path }}/localCA.pem"
	ownca_privatekey_path: "{{ ssl_path }}/localCA.key"
	provider: ownca