diff --git a/roles/generate_ca/defaults/main.yml b/roles/generate_ca/defaults/main.yml new file mode 100644 index 0000000..eef7b20 --- /dev/null +++ b/roles/generate_ca/defaults/main.yml @@ -0,0 +1,7 @@ +--- +generate_ca_base_path: /etc/ssl/ca +generate_ca_name: ca +generate_ca_root_key_path: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.key" +generate_ca_passphrase: "this is a secret!" +generate_ca_root_csr: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.csr" +generate_ca_root_certificate: "{{ generate_ca_base_path }}/{{ generate_ca_name }}.crt" diff --git a/roles/generate_ca/tasks/main.yml b/roles/generate_ca/tasks/main.yml new file mode 100644 index 0000000..14e989a --- /dev/null +++ b/roles/generate_ca/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: install python3-openssl + apt: + name: python3-openssl + update_cache: true + cache_valid_time: 3600 + +- name: ensure {{ generate_ca_base_path }} esists + file: + path: "{{ generate_ca_base_path }}" + state: directory + owner: root + mode: 0700 + +- name: generate the root private key + openssl_privatekey: + path: "{{ generate_ca_root_key_path }}" + passphrase: "{{ generate_ca_passphrase }}" + cipher: des3 + size: 4096 + type: RSA + +- name: generate the root Certificate Signing Request + openssl_csr: + path: "{{ generate_ca_root_csr }}" + privatekey_path: "{{ generate_ca_root_key_path }}" + privatekey_passphrase: "{{ generate_ca_passphrase }}" + +- name: generate and self sign the root certificate + openssl_certificate: + path: "{{ generate_ca_root_certificate }}" + privatekey_path: "{{ generate_ca_root_key_path }}" + privatekey_passphrase: "{{ generate_ca_passphrase }}" + csr_path: "{{ generate_ca_root_csr }}" + provider: selfsigned diff --git a/tests/test.yml b/tests/test.yml index ad86273..3d1cb2c 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -29,3 +29,4 @@ beehive_canonical_url: http://10.10.10.10:8181} # - {role: ../roles/homeassistant, become: true} # - {role: ../roles/mosquitto, become: true} + # - {role: ../roles/generate_ca, become: true}