From 060faea2bf256ff913f22cd47ee74099c8ede09a Mon Sep 17 00:00:00 2001
From: sujeet <sujeetk1@in.ibm.com>
Date: Thu, 20 Feb 2025 05:39:55 +0100
Subject: [PATCH] Signed-off-by: sujeet <sujeetk1@in.ibm.com> node certificate
 role

---
 roles/ssl_certificate/tasks/.main.yml.swp | Bin 0 -> 4096 bytes
 roles/ssl_certificate/tasks/main.yml      |  47 ++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 roles/ssl_certificate/tasks/.main.yml.swp
 create mode 100644 roles/ssl_certificate/tasks/main.yml

diff --git a/roles/ssl_certificate/tasks/.main.yml.swp b/roles/ssl_certificate/tasks/.main.yml.swp
new file mode 100644
index 0000000000000000000000000000000000000000..2416779ec69a3c01df89d5c2ad137a4cb02fd0ce
GIT binary patch
literal 4096
zcmYc?2=nw+u+TGN00IF92HUmU(yy^IF>vKFG8E<Kmw<!`ft1v=)Z`LfQ$qp@>p%wT
z7Z>NmC#M#bWTs^%Czhn@mn0Tv7whLHX6ETt=H?JEVpMuG1V%%E>=58(Fg7wY0BKiN
qQdAHY3MJd5QH`S^Fd71*Aut*OqaiRF0;3@?8UmvsFd70wF9ZM!mKulv

literal 0
HcmV?d00001

diff --git a/roles/ssl_certificate/tasks/main.yml b/roles/ssl_certificate/tasks/main.yml
new file mode 100644
index 00000000..d2494f74
--- /dev/null
+++ b/roles/ssl_certificate/tasks/main.yml
@@ -0,0 +1,47 @@
+- name: Create TLS directory
+  file:
+    path: "{{ tls_dir }}"
+    state: directory
+    mode: '0755'
+
+- name: Generate CA private key
+  command: openssl ecparam -name prime256v1 -genkey -noout -out {{ tls_dir }}/ca.key
+  args:
+    creates: "{{ tls_dir }}/ca.key"
+
+- name: Generate self-signed CA certificate
+  command: >
+    openssl req -new -x509 -sha256 -key {{ tls_dir }}/ca.key -out {{ tls_dir }}/ca.crt
+    -subj "/C={{ country }}/ST={{ state }}/L={{ city }}/O={{ organization }}/CN={{ dafault_hostname }}"
+    -days {{ cert_days }}
+  args:
+    creates: "{{ tls_dir }}/ca.crt"
+
+- name: Generate server private key
+  command: openssl ecparam -name prime256v1 -genkey -noout -out {{ tls_dir }}/server.key
+  args:
+    creates: "{{ tls_dir }}/server.key"
+
+- name: Generate certificate signing request
+  command: >
+    openssl req -new -sha256 -key {{ tls_dir }}/server.key -out {{ tls_dir }}/server.csr
+    -subj "/C={{ country }}/ST={{ state }}/L={{ city }}/O={{ organization }}/CN={{ dafault_hostname }}"
+  args:
+    creates: "{{ tls_dir }}/server.csr"
+
+- name: Create SAN configuration file
+  copy:
+    content: "subjectAltName=DNS:{{ hostvars[inventory_hostname] }}"
+    dest: "{{ tls_dir }}/nodeid.cnf"
+
+- name: Sign server certificate with self-signed CA
+  command: >
+    openssl x509 -req -in {{ tls_dir }}/server.csr -CA {{ tls_dir }}/ca.crt
+    -CAkey {{ tls_dir }}/ca.key -CAcreateserial -out {{ tls_dir }}/server.pem
+    -days {{ cert_days }} -sha256 -extfile {{ tls_dir }}/nodeid.cnf
+  args:
+    creates: "{{ tls_dir }}/server.pem"
+
+- name: Verify the server certificate
+  command: openssl verify -CAfile {{ tls_dir }}/ca.crt {{ tls_dir }}/server.pem
+