Gitiles
Code Review Sign In
gerrit.opencord.org / platform-install / 1cac00113e45722f0abb2f8107c1f9e67aa7d4d2^! / . / roles / pki-install
commit1cac00113e45722f0abb2f8107c1f9e67aa7d4d2[log] [tgz]
authorAndy Bavier <andy@onlab.us>Mon Mar 13 10:06:18 2017 -0400
committerAndy Bavier <andy@onlab.us>Tue Mar 14 16:04:45 2017 -0400
treee01d3a50ff9fa9cd28f038e27b35b9b51a86025f
parent032facdc5e0fcf13098190c8088b66af26df16ea [diff]
CORD-1007 Generate certs and keys on the corddev VM

Change-Id: I18e9662f3efc7bf249ed319b1f7f7086f9424270

diff --git a/roles/pki-install/defaults/main.yml b/roles/pki-install/defaults/main.yml
new file mode 100644
index 0000000..86c15ae
--- /dev/null
+++ b/roles/pki-install/defaults/main.yml

@@ -0,0 +1,4 @@
+# pki-install/defaults/main.yml
+
+pki_dir: "/opt/pki"
+use_openstack: True

diff --git a/roles/pki-install/handlers/main.yml b/roles/pki-install/handlers/main.yml
index 409ab0f..70b0e2c 100644
--- a/roles/pki-install/handlers/main.yml
+++ b/roles/pki-install/handlers/main.yml

@@ -4,13 +4,3 @@
 - name: Run update-ca-certificates on head node
   become: yes
   command: update-ca-certificates
-
-- name: Copy root CA cert to all service VMs
-  command: ansible services -b -u ubuntu -m copy -a "src=/usr/local/share/ca-certificates/cord_root_ca.crt dest=/usr/local/share/ca-certificates/cord_root_ca.crt owner=root group=root mode=0644"
-
-- name: Copy intermediate CA cert to all service VMs
-  command: ansible services -b -u ubuntu -m copy -a "src=/usr/local/share/ca-certificates/cord_intermediate_ca.crt dest=/usr/local/share/ca-certificates/cord_intermediate_ca.crt owner=root group=root mode=0644"
-
-- name: update-ca-certificates in service VMs
-  command: ansible services -b -u ubuntu -m command -a "update-ca-certificates"
-

diff --git a/roles/pki-install/tasks/main.yml b/roles/pki-install/tasks/main.yml
index 136b8c7..72cd0f8 100644
--- a/roles/pki-install/tasks/main.yml
+++ b/roles/pki-install/tasks/main.yml

@@ -4,7 +4,7 @@
 - name: Copy CA certificates to head node
   become: yes
   copy:
-    src: "{{ playbook_dir }}/pki/{{ item.src }}"
+    src: "{{ pki_dir }}/{{ item.src }}"
     dest: "/usr/local/share/ca-certificates/{{ item.dest }}"
   with_items:
     - src: "root_ca/certs/ca_cert.pem"
@@ -13,6 +13,30 @@
       dest: "cord_intermediate_ca.crt"
   notify:
     - Run update-ca-certificates on head node
-    - Copy root CA cert to all service VMs
-    - Copy intermediate CA cert to all service VMs
-    - update-ca-certificates in service VMs
+
+- name: Ensure PKI directory
+  become: yes
+  file:
+    path: "{{ pki_dir }}"
+    state: directory
+
+- name: Copy certs needed by XOS
+  become: yes
+  copy:
+    src: "{{ pki_dir }}/{{ item.src }}"
+    dest: "{{ pki_dir }}/{{ item.dest }}"
+  with_items:
+    - src: "intermediate_ca/certs/im_cert_chain.pem"
+      dest: "im_cert_chain.pem"
+
+- name: Copy certs needed by OpenStack
+  become: yes
+  when: use_openstack
+  copy:
+    src: "{{ pki_dir }}/{{ item.src }}"
+    dest: "{{ pki_dir }}/{{ item.dest }}"
+  with_items:
+    - src: "intermediate_ca/private/keystone.{{ site_suffix }}_key.pem"
+      dest: "keystone.{{ site_suffix }}_key.pem"
+    - src: "intermediate_ca/certs/keystone.{{ site_suffix }}_cert.pem"
+      dest: "keystone.{{ site_suffix }}_cert.pem"