CORD-1007 Generate certs and keys on the corddev VM
Change-Id: I18e9662f3efc7bf249ed319b1f7f7086f9424270
diff --git a/roles/pki-intermediate-ca/defaults/main.yml b/roles/pki-intermediate-ca/defaults/main.yml
index 24801d3..feecca8 100644
--- a/roles/pki-intermediate-ca/defaults/main.yml
+++ b/roles/pki-intermediate-ca/defaults/main.yml
@@ -1,7 +1,8 @@
---
# pki-intermediate-ca/defaults/main.yml
-pki_dir: "{{ playbook_dir }}/pki"
+pki_dir: "/opt/pki"
+credentials_dir: "/opt/credentials"
# crypto parameters
ca_digest: "sha256"
@@ -9,8 +10,7 @@
ca_im_days: 730
# passphrases for the certificate
-ca_im_phrase: "{{ lookup('password', 'credentials/ca_im_phrase length=64') }}"
+ca_im_phrase: "{{ lookup('password', credentials_dir+'/ca_im_phrase length=64') }}"
# noninteractive csr subject
ca_im_subj: "/C=US/ST=California/L=Menlo Park/O=ON.Lab/OU=Test Deployment/CN=CORD Test Deployment Intermediate CA"
-
diff --git a/roles/pki-intermediate-ca/tasks/main.yml b/roles/pki-intermediate-ca/tasks/main.yml
index ac066ac..fe8aeea 100644
--- a/roles/pki-intermediate-ca/tasks/main.yml
+++ b/roles/pki-intermediate-ca/tasks/main.yml
@@ -1,6 +1,14 @@
---
# pki-ca/tasks/main.yml
+- name: Create PKI directory
+ become: yes
+ file:
+ dest: "{{ pki_dir }}"
+ state: directory
+ owner: "{{ ansible_user_id }}"
+ mode: 0755
+
- name: Create intermediate CA directory
become: yes
file:
@@ -117,4 +125,3 @@
copy:
dest: "{{ pki_dir }}/intermediate_ca/certs/im_cert_chain.pem"
content: "{{ im_cert.stdout }}\n{{ ca_cert.stdout }}"
-