1+ # ##############################################################################
2+ # © Copyright IBM Corporation 2024
3+ # ##############################################################################
4+
5+ - hosts : all
6+ collections :
7+ - ibm.ibm_zos_core
8+ gather_facts : false
9+ environment : " {{ environment_vars }}"
10+ vars :
11+ owner_id : ' STCUSR'
12+ cert_label : ' concertCertificateTest'
13+ sign_label : ' IBM CA'
14+ cn : ' share.centers.ihost.com:19999'
15+ altname : ' IP(192.148.8.225)'
16+ ou : ' Concert for Z'
17+ country : ' US'
18+ expiry_date : ' 2024-11-08'
19+ expiry_time : ' 10:06:00' # UTC time
20+ keyring : ' Keyring.CONCERT'
21+ check_name : ' IBMRACF,RACF_CERTIFICATE_EXPIRATION'
22+
23+ tasks :
24+ - block :
25+ - name : Clean up certs and keyring
26+ ibm.ibm_zos_core.zos_tso_command :
27+ commands :
28+ - RACDCERT ADDRING({{keyring}}) ID({{owner_id}})
29+ - RACDCERT LISTRING({{keyring}}) ID({{ owner_id}})
30+ register : tso_cmd_output
31+ ignore_errors : true
32+
33+ - name : Create new self-signed USER cert and connect to keyring
34+ ibm.ibm_zos_core.zos_tso_command :
35+ commands :
36+ - RACDCERT GENCERT ID({{owner_id}}) SUBJECTSDN(CN('{{cn}}') OU('{{ou}}') C('{{country}}')) WITHLABEL('{{cert_label}}') NOTAFTER(DATE({{expiry_date}}) TIME({{expiry_time}}) ) ALTNAME({{altname}})
37+ - RACDCERT ID({{owner_id}}) CONNECT(LABEL('{{cert_label}}') RING({{keyring}}) DEFAULT)
38+ - RACDCERT LISTRING({{keyring}}) ID({{owner_id}})
39+ - RACDCERT ID({{owner_id}}) ALTER(LABEL('{{cert_label}}')) TRUST
40+ - RACDCERT LISTCHAIN(LABEL('{{cert_label}}')) ID({{owner_id}})
41+ when : sign_label == ' ' and not expiry_date == ''
42+ register : tso_cmd_output
43+
44+ - name : Create new local-CA-signed USER cert and connect to keyring
45+ ibm.ibm_zos_core.zos_tso_command :
46+ commands :
47+ - RACDCERT GENCERT ID({{owner_id}}) SUBJECTSDN(CN('{{cn}}') OU('{{ou}}') C('{{country}}')) WITHLABEL('{{cert_label}}') SIGNWITH(CERTAUTH LABEL('{{sign_label}}')) NOTAFTER(DATE({{expiry_date}}) TIME({{expiry_time}}) ) ALTNAME({{altname}})
48+ - RACDCERT ID({{owner_id}}) CONNECT(LABEL('{{cert_label}}') RING({{keyring}}) DEFAULT)
49+ - RACDCERT LISTRING({{keyring}}) ID({{owner_id}})
50+ - RACDCERT ID({{owner_id}}) ALTER(LABEL('{{cert_label}}')) TRUST
51+ - RACDCERT LISTCHAIN(LABEL('{{cert_label}}')) ID({{owner_id}})
52+ when : not sign_label == ' ' and not expiry_date == ''
53+ register : tso_cmd_output
54+
55+ - name : Create new self-signed USER cert and connect to keyring
56+ ibm.ibm_zos_core.zos_tso_command :
57+ commands :
58+ - RACDCERT GENCERT ID({{owner_id}}) SUBJECTSDN(CN('{{cn}}') OU('{{ou}}') C('{{country}}')) WITHLABEL('{{cert_label}}') ALTNAME({{altname}})
59+ - RACDCERT ID({{owner_id}}) CONNECT(LABEL('{{cert_label}}') RING({{keyring}}) DEFAULT)
60+ - RACDCERT LISTRING({{keyring}}) ID({{owner_id}})
61+ - RACDCERT ID({{owner_id}}) ALTER(LABEL('{{cert_label}}')) TRUST
62+ - RACDCERT LISTCHAIN(LABEL('{{cert_label}}')) ID({{owner_id}})
63+ when : sign_label == ' ' and expiry_date == ''
64+ register : tso_cmd_output
65+
66+ - name : Create new local-CA-signed USER cert and connect to keyring
67+ ibm.ibm_zos_core.zos_tso_command :
68+ commands :
69+ - RACDCERT GENCERT ID({{owner_id}}) SUBJECTSDN(CN('{{cn}}') OU('{{ou}}') C('{{country}}')) WITHLABEL('{{cert_label}}') SIGNWITH(CERTAUTH LABEL('{{sign_label}}')) ALTNAME({{altname}})
70+ - RACDCERT ID({{owner_id}}) CONNECT(LABEL('{{cert_label}}') RING({{keyring}}) DEFAULT)
71+ - RACDCERT LISTRING({{keyring}}) ID({{owner_id}})
72+ - RACDCERT ID({{owner_id}}) ALTER(LABEL('{{cert_label}}')) TRUST
73+ - RACDCERT LISTCHAIN (LABEL('{{cert_label}}')) ID({{owner_id}})
74+ when : not sign_label == ' ' and expiry_date == ''
75+ register : tso_cmd_output
76+
77+ - name : List keyring
78+ ibm.ibm_zos_core.zos_tso_command :
79+ commands :
80+ - RACDCERT LISTRING({{keyring}}) ID({{ owner_id}})
81+ ignore_errors : true
82+ register : tso_cmd_output
0 commit comments