46 lines
1022 B
YAML
46 lines
1022 B
YAML
|
---
|
||
|
|
- name: Root CA | create the work directory
|
||
|
|
file:
|
||
|
|
path: "{{ playbook_dir }}/pki/root-ca"
|
||
|
|
state: directory
|
||
|
|
recurse: yes
|
||
|
|
|
||
|
|
- name: Root CA | build the CSR (Certificate Signing Request) for the root CA
|
||
|
|
copy:
|
||
|
|
dest: "{{ playbook_dir }}/pki/root-ca/root-ca-csr.json"
|
||
|
|
content: |
|
||
|
|
{
|
||
|
|
"CN": "Kubernetes",
|
||
|
|
"key": {
|
||
|
|
"algo": "rsa",
|
||
|
|
"size": 2048
|
||
|
|
},
|
||
|
|
"names": [
|
||
|
|
{
|
||
|
|
"C": "US",
|
||
|
|
"L": "Portland",
|
||
|
|
"O": "Kubernetes",
|
||
|
|
"OU": "CA",
|
||
|
|
"ST": "Oregon"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
mode: 0600
|
||
|
|
|
||
|
|
- name: Root CA | generate
|
||
|
|
shell: |
|
||
|
|
pushd {{ playbook_dir }}/pki/root-ca ;
|
||
|
|
cfssl gencert -initca root-ca-csr.json | cfssljson -bare ca ;
|
||
|
|
popd ;
|
||
|
|
args:
|
||
|
|
executable: bash
|
||
|
|
creates: "{{ playbook_dir }}/pki/root-ca/ca-key.pem"
|
||
|
|
|
||
|
|
|
||
|
|
- name: Root CA | cleanup
|
||
|
|
file:
|
||
|
|
path: "{{ playbook_dir }}/pki/root-ca/{{ item }}"
|
||
|
|
state: absent
|
||
|
|
with_items:
|
||
|
|
- root-ca-csr.json
|
||
|
|
- ca.csr
|