nils/ansible-role-docker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
78965c8994906ac83dd596bf2ec17d100d9f6d5c
ansible-role-docker/tasks/tls.yml
Nils Cant 78965c8994 Initial commit of role files and readme.
2019-08-20 15:04:06 +02:00

41 lines
1.6 KiB
YAML
Raw Blame History

---
- name: Docker TLS directory
file:
path: /etc/docker/tls
state: directory
- name: Openssl docker ext config file
copy:
content: "subjectAltName = DNS:{{ ansible_fqdn}},IP:127.0.0.1"
dest: "/etc/docker/tls/extfile.cnf"
- name: Generate server CA and server TLS certificates
shell: |
openssl req -new -days 7300 -batch -newkey rsa:4096 -keyout ca.key -nodes -subj "/commonName={{ ansible_fqdn }} docker CA/" -x509 -out ca.pem
openssl genrsa -out server.key 4096
openssl req -subj "/CN={{ ansible_fqdn }}" -sha256 -new -key server.key -out server.csr
openssl x509 -req -days 3650 -sha256 -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -extfile extfile.cnf
args:
chdir: /etc/docker/tls
creates: /etc/docker/tls/*.pem
- name: TLS client extfile
copy:
content: "extendedKeyUsage = clientAuth"
dest: /etc/docker/tls/client-extfile.cnf
- name: Docker client certificate directory
file:
path: "/root/.docker/{{ ansible_fqdn }}"
state: directory
- name: Generate and sign client TLS certificate
shell: |
openssl genrsa -out "/root/.docker/{{ ansible_fqdn }}/key.pem" 4096
openssl req -subj '/CN=client' -new -key "/root/.docker/{{ ansible_fqdn }}/key.pem" -out "/root/.docker/{{ ansible_fqdn }}/client.csr"
openssl x509 -req -days 3650 -sha256 -in "/root/.docker/{{ ansible_fqdn }}/client.csr" -CA ca.pem -CAkey ca.key -CAcreateserial -out "/root/.docker/{{ ansible_fqdn }}/cert.pem" -extfile client-extfile.cnf
cp /etc/docker/tls/ca.pem "/root/.docker/{{ ansible_fqdn }}"
args:
chdir: /etc/docker/tls
creates: "/root/.docker/{{ ansible_fqdn }}/cert.pem"
Reference in New Issue View Git Blame Copy Permalink