Merge "Add Ansible scripts to generate TLS certificates for testing"

2016-02-26 22:31:07 +00:00 · 2016-02-26 22:31:07 +00:00 · c972f83b8f
commit c972f83b8f
parent 35830a65ef fd28087229
5 changed files with 69 additions and 0 deletions
--- a/ansible/certificates.yml
+++ b/ansible/certificates.yml
@ -0,0 +1,4 @@
+---
+- hosts: all
+  roles:
+    - certificates
--- a/ansible/roles/certificates/tasks/generate.yml
+++ b/ansible/roles/certificates/tasks/generate.yml
@ -0,0 +1,41 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    state: "directory"
+    recurse: yes
+  with_items:
+    - "certificates/private"
+
+- name: Creating SSL configuration file
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ node_config_directory }}/certificates/{{ item }}"
+  with_items:
+    - "openssl-kolla.cnf"
+
+- name: Creating Key
+  command: creates="{{ item }}" openssl genrsa -out {{ item }}
+  with_items:
+    - "{{ node_config_directory }}/certificates/private/haproxy.key"
+
+- name: Creating Server Certificate
+  command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
+    -subj "/C=US/ST=NC/L=RTP/O=kolla/CN={{ kolla_external_address }}" \
+    -config {{ node_config_directory }}/certificates/openssl-kolla.cnf \
+    -days 3650 \
+    -extensions v3_req \
+    -key {{ node_config_directory }}/certificates/private/haproxy.key \
+    -out {{ item }}
+  with_items:
+    - "{{ node_config_directory }}/certificates/private/haproxy.crt"
+
+- name: Creating CA Certificate File
+  copy:
+    src: "{{ node_config_directory }}/certificates/private/haproxy.crt"
+    dest: "{{ node_config_directory }}/certificates/haproxy-ca.crt"
+
+- name: Creating Server PEM File
+  assemble:
+    src: "{{ node_config_directory }}/certificates/private"
+    dest: "{{ node_config_directory }}/certificates/haproxy.pem"
--- a/ansible/roles/certificates/tasks/main.yml
+++ b/ansible/roles/certificates/tasks/main.yml
@ -0,0 +1,2 @@
+---
+- include: generate.yml
--- a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
@ -0,0 +1,16 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+
+[req_distinguished_name]
+countryName = US
+stateOrProvinceName = NC
+localityName = RTP
+organizationalUnitName = kolla
+commonName = {{ kolla_external_address }}
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+IP.1 = {{ kolla_external_vip_address }}
--- a/tools/kolla-ansible
+++ b/tools/kolla-ansible
@ -41,6 +41,8 @@ Commands:
    deploy       Deploy and start all kolla containers
    post-deploy  Do post deploy on deploy node
    pull         Pull all images for containers (only pulls, no runnnig container changes)
+    reconfigure  Reconfigure OpenStack service
+    certificates Generate self-signed certificate for TLS *For Development Only*
 EOF
 }

@ -137,6 +139,10 @@ case "$1" in
        ACTION="Reconfigure OpenStack service"
        EXTRA_OPTS="$EXTRA_OPTS -e action=reconfigure"
        ;;
+(certificates)
+        ACTION="Generate TLS Certificates"
+        PLAYBOOK="${BASEDIR}/ansible/certificates.yml"
+        ;;
 (*)     usage
        exit 0
        ;;