Move cert-generation outside

2022-10-17 22:46:20 +02:00 · 2022-10-17 22:46:20 +02:00 · dd87d5e724
commit dd87d5e724
parent 86e6317e28
2 changed files with 34 additions and 36 deletions
--- a/netmaker_server/tasks/certs.yml
+++ b/netmaker_server/tasks/certs.yml
@ -0,0 +1,34 @@
+- name: Generate PrivateKey
+  community.crypto.openssl_privatekey:
+    path: /opt/netmaker_server/certs/node.key
+
+- name: Generate Certificate-Signing-Request from privateKey
+  community.crypto.openssl_csr:
+    path: /opt/netmaker_server/certs/node.csr
+    privatekey_path: /opt/netmaker_server/certs/node.key
+    common_name: "{{ ansible_facts.nodename }}"
+    subject_alt_name: "DNS:*.{{ ansible_facts.nodename }},DNS:*.{{ netmaker.base_domain }}"
+
+- name: Fetch CSR
+  ansible.builtin.fetch:
+    src: /opt/netmaker_server/certs/node.csr
+    dest: tmp_files/
+
+- name: Sign CSR locally with CA
+  local_action: community.crypto.x509_certificate
+  args:
+    path: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/certs/node.crt
+    csr_path: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/certs/node.csr
+    ownca_path: secret_files/netmaker_server/ca/ca.crt
+    ownca_privatekey_path: secret_files/netmaker_server/ca/ca.key
+    provider: ownca
+  
+- name: Copy Signed Certificate
+  ansible.builtin.copy:
+    src: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/certs/node.crt
+    dest: /opt/netmaker_server/certs/node.crt
+
+- name: Copy CA Certificate
+  ansible.builtin.copy:
+    src: secret_files/netmaker_server/ca/ca.crt
+    dest: /opt/netmaker_server/certs/ca.crt
--- a/netmaker_server/tasks/rqlite.yml
+++ b/netmaker_server/tasks/rqlite.yml
@ -3,42 +3,6 @@
    src: rqlite-config.json.template
    dest: /opt/netmaker_server/rqlite/config.json

-# CERTIFICATE
- name: Generate PrivateKey
-  community.crypto.openssl_privatekey:
-    path: /opt/netmaker/rqlite/certs/node.key
-
- name: Generate Certificate-Signing-Request from privateKey
-  community.crypto.openssl_csr:
-    path: /opt/netmaker/rqlite/certs/node.csr
-    privatekey_path: /opt/netmaker/rqlite/certs/node.key
-    common_name: "{{ ansible_facts.nodename }}"
-
- name: Fetch CSR
-  ansible.builtin.fetch:
-    src: /opt/netmaker/rqlite/certs/node.csr
-    dest: tmp_files/
-
- name: Sign CSR locally with CA
-  local_action: community.crypto.x509_certificate
-  args:
-    path: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/rqlite/certs/node.crt
-    csr_path: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/rqlite/certs/node.csr
-    ownca_path: secret_files/netmaker_server/ca/ca.crt
-    ownca_privatekey_path: secret_files/netmaker_server/ca/ca.key
-    provider: ownca
-  
- name: Copy Signed Certificate
-  ansible.builtin.copy:
-    src: tmp_files/{{ inventory_hostname }}/opt/netmaker_server/rqlite/certs/node.crt
-    dest: /opt/netmaker_server/rqlite/certs/node.crt
-
- name: Copy CA Certificate
-  ansible.builtin.copy:
-    src: secret_files/netmaker_server/ca/ca.crt
-    dest: /opt/netmaker_server/rqlite/certs/ca.crt
-# CERTIFICATE
-
 - name: Start rqlite service for 1st-node
  command: "docker-compose --project-directory /opt/netmaker_server/ up -d rqlite"
  register: command