Merge "Add Ansible scripts to generate TLS certificates for testing"

c972f83b · Jenkins · Gerrit Code Review · 35830a65 · fd280872 · c972f83b
Commit c972f83b authored 9 years ago by Jenkins Committed by Gerrit Code Review 9 years ago
--- a/ansible/certificates.yml
+++ b/ansible/certificates.yml
+---
+- hosts: all
+  roles:
+    - certificates
--- a/ansible/roles/certificates/tasks/generate.yml
+++ b/ansible/roles/certificates/tasks/generate.yml
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item }}"
+    state: "directory"
+    recurse: yes
+  with_items:
+    - "certificates/private"
+- name: Creating SSL configuration file
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ node_config_directory }}/certificates/{{ item }}"
+  with_items:
+    - "openssl-kolla.cnf"
+- name: Creating Key
+  command: creates="{{ item }}" openssl genrsa -out {{ item }}
+  with_items:
+    - "{{ node_config_directory }}/certificates/private/haproxy.key"
+- name: Creating Server Certificate
+  command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
+    -subj "/C=US/ST=NC/L=RTP/O=kolla/CN={{ kolla_external_address }}" \
+    -config {{ node_config_directory }}/certificates/openssl-kolla.cnf \
+    -days 3650 \
+    -extensions v3_req \
+    -key {{ node_config_directory }}/certificates/private/haproxy.key \
+    -out {{ item }}
+  with_items:
+    - "{{ node_config_directory }}/certificates/private/haproxy.crt"
+- name: Creating CA Certificate File
+  copy:
+    src: "{{ node_config_directory }}/certificates/private/haproxy.crt"
+    dest: "{{ node_config_directory }}/certificates/haproxy-ca.crt"
+- name: Creating Server PEM File
+  assemble:
+    src: "{{ node_config_directory }}/certificates/private"
+    dest: "{{ node_config_directory }}/certificates/haproxy.pem"
--- a/ansible/roles/certificates/tasks/main.yml
+++ b/ansible/roles/certificates/tasks/main.yml
+---
+- include: generate.yml
--- a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+[req_distinguished_name]
+countryName = US
+stateOrProvinceName = NC
+localityName = RTP
+organizationalUnitName = kolla
+commonName = {{ kolla_external_address }}
+[v3_req]
+subjectAltName = @alt_names
+[alt_names]
+IP.1 = {{ kolla_external_vip_address }}
--- a/tools/kolla-ansible
+++ b/tools/kolla-ansible
@@ -41,6 +41,8 @@ Commands:
    deploy       Deploy and start all kolla containers
    post-deploy  Do post deploy on deploy node
    pull         Pull all images for containers (only pulls, no runnnig container changes)
+    reconfigure  Reconfigure OpenStack service
+    certificates Generate self-signed certificate for TLS *For Development Only*
 EOF
 }
@@ -137,6 +139,10 @@ case "$1" in
        ACTION="Reconfigure OpenStack service"
        EXTRA_OPTS="$EXTRA_OPTS -e action=reconfigure"
        ;;
+(certificates)
+        ACTION="Generate TLS Certificates"
+        PLAYBOOK="${BASEDIR}/ansible/certificates.yml"
+        ;;
 (*)     usage
        exit 0
        ;;