diff --git a/ansible/certificates.yml b/ansible/certificates.yml
new file mode 100644
index 0000000000000000000000000000000000000000..410c698e995705dc15e38d0f6de9cb435c1a5b37
--- /dev/null
+++ b/ansible/certificates.yml
@@ -0,0 +1,4 @@
+---
+- hosts: all
+ roles:
+ - certificates
diff --git a/ansible/roles/certificates/tasks/generate.yml b/ansible/roles/certificates/tasks/generate.yml
new file mode 100644
index 0000000000000000000000000000000000000000..dd82bbdd13cf7d1eaf5996c93e6fb9f43525ba9b
--- /dev/null
+++ b/ansible/roles/certificates/tasks/generate.yml
@@ -0,0 +1,41 @@
+---
+- name: Ensuring config directories exist
+ file:
+ path: "{{ node_config_directory }}/{{ item }}"
+ state: "directory"
+ recurse: yes
+ with_items:
+ - "certificates/private"
+
+- name: Creating SSL configuration file
+ template:
+ src: "{{ item }}.j2"
+ dest: "{{ node_config_directory }}/certificates/{{ item }}"
+ with_items:
+ - "openssl-kolla.cnf"
+
+- name: Creating Key
+ command: creates="{{ item }}" openssl genrsa -out {{ item }}
+ with_items:
+ - "{{ node_config_directory }}/certificates/private/haproxy.key"
+
+- name: Creating Server Certificate
+ command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
+ -subj "/C=US/ST=NC/L=RTP/O=kolla/CN={{ kolla_external_address }}" \
+ -config {{ node_config_directory }}/certificates/openssl-kolla.cnf \
+ -days 3650 \
+ -extensions v3_req \
+ -key {{ node_config_directory }}/certificates/private/haproxy.key \
+ -out {{ item }}
+ with_items:
+ - "{{ node_config_directory }}/certificates/private/haproxy.crt"
+
+- name: Creating CA Certificate File
+ copy:
+ src: "{{ node_config_directory }}/certificates/private/haproxy.crt"
+ dest: "{{ node_config_directory }}/certificates/haproxy-ca.crt"
+
+- name: Creating Server PEM File
+ assemble:
+ src: "{{ node_config_directory }}/certificates/private"
+ dest: "{{ node_config_directory }}/certificates/haproxy.pem"
diff --git a/ansible/roles/certificates/tasks/main.yml b/ansible/roles/certificates/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2403646bcf03cfb63c26bc5513b344962bf734d6
--- /dev/null
+++ b/ansible/roles/certificates/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- include: generate.yml
diff --git a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2 b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..8ebf22caa2bc2d17cb508483d173c07ff349a1c8
--- /dev/null
+++ b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
@@ -0,0 +1,16 @@
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+
+[req_distinguished_name]
+countryName = US
+stateOrProvinceName = NC
+localityName = RTP
+organizationalUnitName = kolla
+commonName = {{ kolla_external_address }}
+
+[v3_req]
+subjectAltName = @alt_names
+
+[alt_names]
+IP.1 = {{ kolla_external_vip_address }}
diff --git a/tools/kolla-ansible b/tools/kolla-ansible
index 14c88dfe3763850491650a7d92a63ed7b91bf0ca..0a1965cdbbfe6ce5151c501cb195cf55b7e4012c 100755
--- a/tools/kolla-ansible
+++ b/tools/kolla-ansible
@@ -41,6 +41,8 @@ Commands:
deploy Deploy and start all kolla containers
post-deploy Do post deploy on deploy node
pull Pull all images for containers (only pulls, no runnnig container changes)
+ reconfigure Reconfigure OpenStack service
+ certificates Generate self-signed certificate for TLS *For Development Only*
EOF
}
@@ -137,6 +139,10 @@ case "$1" in
ACTION="Reconfigure OpenStack service"
EXTRA_OPTS="$EXTRA_OPTS -e action=reconfigure"
;;
+(certificates)
+ ACTION="Generate TLS Certificates"
+ PLAYBOOK="${BASEDIR}/ansible/certificates.yml"
+ ;;
(*) usage
exit 0
;;