feat: generate csrs

closes #14
weareinteractive · Aug 18, 2017 · 0abb9d4 · 0abb9d4
1 parent 507a6b1
commit 0abb9d4
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -101,7 +101,10 @@ openssl_self_signed: []
 openssl_config: {}
 # config template to install, relative to the ansible repository root
 openssl_config_template:
-
+# generate a CSR for each self signed certificate
+openssl_generate_csr: no
+# path to certificate signing requests
+openssl_csrs_path: /etc/ssl/csrs
 # should CAcert certificates be downloaded and added to the keyring?
 openssl_cacert_import: no
 # overrides for the file checksum when the CACert root certificates are downloaded.
@@ -146,6 +149,8 @@ This is an example playbook:
       organizationName_default: 'My Organization'
       organizationalUnitName_default: 'My Organization Unit'
       commonName_default: 'foobar.com'
+    openssl_cacert_import: yes
+    openssl_generate_csr: yes
 
 ```
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -57,7 +57,10 @@ openssl_self_signed: []
 openssl_config: {}
 # config template to install, relative to the ansible repository root
 openssl_config_template:
-
+# generate a CSR for each self signed certificate
+openssl_generate_csr: no
+# path to certificate signing requests
+openssl_csrs_path: /etc/ssl/csrs
 # should CAcert certificates be downloaded and added to the keyring?
 openssl_cacert_import: no
 # overrides for the file checksum when the CACert root certificates are downloaded.

diff --git a/tasks/install.yml b/tasks/install.yml
@@ -16,3 +16,11 @@
   vars:
     item: "{{ openssl_keys_path }}"
     mode: "0700"
+
+- name: Creating csrs dir
+  when: openssl_generate_csr
+  include: create_dir.yml
+  vars:
+    item: "{{ openssl_csrs_path }}"
+    mode: "0750"
+
diff --git a/tasks/manage.yml b/tasks/manage.yml
@@ -31,3 +31,15 @@
   args:
     creates: "{{ openssl_certs_path }}/{{ item.name }}.crt"
   with_items: "{{ openssl_self_signed }}"
+
+- name: Generating CSR from Certificate
+  when: openssl_generate_csr
+  command: >
+    openssl req -new
+      -subj "/C={{ item.country | default('') }}/ST={{ item.state | default('') }}/L={{ item.city | default('') }}/O={{ item.organization | default('') }}/OU={{ item.unit | default('') }}{% if item.domains is defined %}{% for domain in item.domains %}/CN={{ domain }}{% endfor %}{% else %}/CN={{ item.name }}{% endif %}/emailAddress={{ item.email | default('') }}"
+      -key {{ openssl_keys_path }}/{{ item.name }}.key
+      -out {{ openssl_csrs_path }}/{{ item.name }}.csr
+  args:
+    creates: "{{ openssl_csrs_path }}/{{ item.name }}.csr"
+  with_items: "{{ openssl_self_signed }}"
+
diff --git a/tests/main.yml b/tests/main.yml
@@ -27,3 +27,5 @@
       organizationName_default: 'My Organization'
       organizationalUnitName_default: 'My Organization Unit'
       commonName_default: 'foobar.com'
+    openssl_cacert_import: yes
+    openssl_generate_csr: yes