Don't use ansible modules

2020-10-06 16:44:47 +02:00 · 2020-10-06 16:44:47 +02:00 · 3ab39540f8
parent 5ab1d35672
commit 3ab39540f8
2 changed files with 16 additions and 26 deletions
--- a/roles/generate_ca/defaults/main.yml
+++ b/roles/generate_ca/defaults/main.yml
@ -3,9 +3,7 @@ generate_ca_base_path: /etc/ssl/ca
 generate_ca_name: ca
 generate_ca_root_key_path: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.key"
 generate_ca_passphrase: "this is a secret!"
-generate_ca_root_csr: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.csr"
 generate_ca_root_certificate: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.crt"
 generate_ca_country_name: US
 generate_ca_organization_name: Aperture Science
-generate_ca_organizational_unit_name: GLaDOS
 generate_ca_state_or_province_name: Michigan
--- a/roles/generate_ca/tasks/main.yml
+++ b/roles/generate_ca/tasks/main.yml
@ -1,7 +1,9 @@
 ---
- name: install python3-openssl
+- name: install openssl and python3-pexpect
  apt:
-    name: python3-openssl
+    name:
+      - openssl
+      - python3-pexpect
    update_cache: true
    cache_valid_time: 3600

@ -13,27 +15,17 @@
    mode: 0700

 - name: generate the root private key
-  openssl_privatekey:
-    path: "{{ generate_ca_root_key_path }}"
-    passphrase: "{{ generate_ca_passphrase }}"
-    cipher: des3
-    size: 4096
-    type: RSA
-
- name: generate the root Certificate Signing Request
-  openssl_csr:
-    path: "{{ generate_ca_root_csr }}"
-    privatekey_path: "{{ generate_ca_root_key_path }}"
-    privatekey_passphrase: "{{ generate_ca_passphrase }}"
-    country_name: "{{ generate_ca_country_name }}"
-    organization_name: "{{ generate_ca_organization_name }}"
-    organizational_unit_name: "{{ generate_ca_organizational_unit_name }}"
-    state_or_province_name: "{{ generate_ca_state_or_province_name }}"
+  expect:
+    command: openssl genrsa -aes256 -out {{ generate_ca_root_key_path }} 4096
+    responses:
+      Enter pass phrase: "{{ generate_ca_passphrase }}"

 - name: generate and self sign the root certificate
-  openssl_certificate:
-    path: "{{ generate_ca_root_certificate }}"
-    privatekey_path: "{{ generate_ca_root_key_path }}"
-    privatekey_passphrase: "{{ generate_ca_passphrase }}"
-    csr_path: "{{ generate_ca_root_csr }}"
-    provider: selfsigned
+  expect:
+    command: >
+      openssl req -x509 -new -nodes -sha256 -days 1825 -extensions v3_ca
+      -key {{ generate_ca_root_key_path }}
+      -out {{ generate_ca_root_certificate }}
+      -subj "/C={{generate_ca_country_name}}/ST={{ generate_ca_state_or_province_name }}/O={{ generate_ca_organization_name }}"
+    responses:
+      Enter pass phrase: "{{ generate_ca_passphrase }}"