From d32fc7ea91dcb7071db53670a74e059b7eeb0b2b Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Tue, 6 Oct 2020 17:35:32 +0200 Subject: [PATCH] Don't use ansible modules --- roles/generate_certificate/defaults/main.yml | 2 - roles/generate_certificate/tasks/main.yml | 41 ++++++++++---------- 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/roles/generate_certificate/defaults/main.yml b/roles/generate_certificate/defaults/main.yml index aada6f1..dd68961 100644 --- a/roles/generate_certificate/defaults/main.yml +++ b/roles/generate_certificate/defaults/main.yml @@ -7,5 +7,3 @@ generate_certificate_ca_path: /etc/ssl/ca/ca.crt generate_certificate_ca_privatekey_path: /etc/ssl/ca/ca.key generate_certificate_ca_privatekey_passphrase: "this is a secret!" generate_certificate_domain: example.org -generate_certificate_organization_name: Example -generate_certificate_email_address: email@example.org diff --git a/roles/generate_certificate/tasks/main.yml b/roles/generate_certificate/tasks/main.yml index 803b16d..b2b2dba 100644 --- a/roles/generate_certificate/tasks/main.yml +++ b/roles/generate_certificate/tasks/main.yml @@ -1,7 +1,9 @@ --- -- name: install python3-openssl +- name: install openssl and python3-pexpect apt: - name: python3-openssl + name: + - openssl + - python3-pexpect update_cache: true cache_valid_time: 3600 @@ -13,25 +15,24 @@ mode: 0700 - name: generate certificate private key - openssl_privatekey: - path: "{{ generate_certificate_key_path }}" - size: 2048 - type: RSA + command: + cmd: openssl genrsa -out {{ generate_certificate_key_path }} 2048 - name: generate Certificate Signing Request - openssl_csr: - path: "{{ generate_certificate_csr_path }}" - privatekey_path: "{{ generate_certificate_key_path }}" - organization_name: "{{ generate_certificate_organization_name }}" - email_address: "{{ generate_certificate_email_address }}" - common_name: "{{ generate_certificate_domain }}" + command: + cmd: > + openssl req -new -sha256 -key {{ generate_certificate_key_path }} + -out {{ generate_certificate_csr_path }} + -subj "/CN={{ generate_certificate_domain }}" - name: generate a certificate for {{ generate_certificate_domain }} - openssl_certificate: - path: "{{ generate_certificate_crt_path }}" - csr_path: "{{ generate_certificate_csr_path }}" - ownca_path: "{{ generate_certificate_ca_path }}" - ownca_privatekey_path: "{{ generate_certificate_ca_privatekey_path }}" - ownca_privatekey_passphrase: "{{ generate_certificate_ca_privatekey_passphrase }}" - ownca_not_after: "+365d" - provider: ownca + expect: + command: > + openssl x509 -req -days 365 -sha256 + -in {{ generate_certificate_csr_path }} + -CA {{ generate_certificate_ca_path }} + -CAkey {{ generate_certificate_ca_privatekey_path }} + -CAcreateserial + -out {{ generate_certificate_crt_path }} + responses: + Enter pass phrase: "{{ generate_ca_passphrase }}"