Google Git
Sign in
edge / private-cloud-ansible-playbooks / apigee-opdk-setup-edge-sso-config / d14e9d8d451422cdf3c6982cca1d86e652ac348e / . / tasks / create-private-key-and-self-signed-cert.yml
blob: 538bee1d345ce4eae7f276b3d606d40481148089 [file] [log] [blame]
---
- name: Set SAML folder path
set_fact:
saml_folder: "{{ apigee_home }}/customer/application/apigee-sso/saml"
- block:
- name: Create SAML folder
file:
path: "{{ saml_folder }}"
state: directory
owner: "{{ opdk_user_name }}"
group: "{{ opdk_group_name }}"
- name: Generate a passphrase
command: "openssl rand -base64 48 > passphrase.txt"
args:
chdir: "{{ saml_folder }}"
- name: Generate your private key with a passphrase
command: "openssl genrsa -{{ saml_private_encryption_type }} -passout pass:xxxx -out {{ saml_private_server_key }} {{ saml_private_key_size }}"
args:
chdir: "{{ saml_folder }}"
- name: Prep to remove Passphrase from Key
copy:
dest: "{{ saml_folder }}/remove-passphrase-{{ saml_private_server_key }}"
src: "{{ saml_folder }}/{{ saml_private_server_key }}"
remote_src: yes
- name: Remove the passphrase from the key
shell: "openssl rsa -in remove-passphrase-{{ saml_private_server_key }} -passin pass:xxxx -out {{ saml_private_server_key }}"
args:
chdir: "{{ saml_folder }}"
- name: Generate certificate signing request for CA
shell: "openssl req -x509 -sha256 -new -passin file:passphrase.txt -key {{ saml_private_server_key }} -out {{ saml_cert_signing_request }}"
args:
chdir: "{{ saml_folder }}"
- name: Generate self-signed certificate with 365 days expiry-time
shell: "openssl x509 -{{ saml_cert_encryption_type }} -days {{ saml_cert_expiry_days }} -in {{ saml_cert_signing_request }} -signkey {{ saml_private_server_key }} -out {{ saml_cert_self_signed }}"
args:
chdir: "{{ saml_folder }}"
become: yes
#- name: Collect certificate files
# find:
# paths: "{{ saml_folder }}"
# patterns: '*.crt,*.key'
# register: certs
#- name: Set ownship of certs
# become: yes
# file:
# path: "{{ item.1.path }}"
# state: touch
# owner: "{{ opdk_user_name }}"
# group: "{{ opdk_group_name }}"
# with_subelements:
# - "{{ certs.results }}"
# - files