Merge pull request #29 from datphan/develop

@ #27 | add pkcs1_generated option
teracyhq-incubator · Jan 22, 2019 · 9f03065 · 9f03065
2 parents 9a4ebc4 + 176bff8
commit 9f03065
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 13 deletions.
diff --git a/config.yaml b/config.yaml
@@ -6,7 +6,9 @@ teracy-dev-certs:
     mode: guest # or host to run ansible from the host machine
     install_mode: pip
     version: # ansible guest version
-  ca_days: 2000 # valid days for the root CA cert
+  ca:
+    days: 2000 # valid days for the root CA cert
+    pkcs1_generated: false # to generate the PKCS#1 *-ca.key from the *-ca-key.pem file
   cert:
     days: 2000
     generated: true # enabled by default to generate a CA signed certificate

diff --git a/lib/teracy-dev-certs/processors/certs.rb b/lib/teracy-dev-certs/processors/certs.rb
@@ -54,7 +54,6 @@ def generate_node(certs_config)
         extra_vars = {
           "common_name" => certs_config['common_name'],
           "alt_names" => certs_config['alt_names'],
-          "ca_days" => certs_config['ca_days'],
           "certs_path" => '/vagrant/workspace/certs'
         }
 
@@ -64,15 +63,19 @@ def generate_node(certs_config)
           @logger.warn("cert_days is deprecated, please use cert.days instead")
         end
 
-        extra_vars['cert_days'] = certs_config['cert']['days']
+        if TeracyDev::Util.exist?(certs_config['ca_days'])
+          certs_config['ca']['days'] = certs_config['ca_days']
 
-        if TeracyDev::Util.exist? certs_config['cert']['generated'] and TeracyDev::Util.true? certs_config['cert']['generated']
-          certs_config['cert']['generated'] = true
-        else
-          certs_config['cert']['generated'] = false
+          @logger.warn("ca_days is deprecated, please use ca.days instead")
         end
 
-        extra_vars['cert_generated'] = certs_config['cert']['generated']
+        extra_vars['cert_days'] = certs_config['cert']['days']
+
+        extra_vars['ca_days'] = certs_config['ca']['days']
+
+        extra_vars['cert_generated'] = TeracyDev::Util.true? certs_config['cert']['generated']
+
+        extra_vars['pkcs1_generated'] = TeracyDev::Util.true? certs_config['ca']['pkcs1_generated']
 
         provisioner = {
           "_id" => "certs-ansible",

diff --git a/provisioners/ansible/certs.yaml b/provisioners/ansible/certs.yaml
@@ -3,7 +3,8 @@
   become: yes
   any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
   vars:
-    generated: "{{ cert_generated }}"
+    cert_generated: "{{ cert_generated }}"
+    pkcs1_generated: "{{ pkcs1_generated }}"
   tasks:
     - name: Check pip exists
       command: which pip
@@ -52,7 +53,7 @@
     - name: Generate the {{ common_name }} private key
       openssl_privatekey:
         path: "{{ certs_path }}/{{ common_name | replace('.', '-') }}-key.pem"
-      when: generated
+      when: cert_generated
 
     - name: Generate the {{ common_name }} certificate signing request (CSR)
       openssl_csr:
@@ -62,8 +63,7 @@
         subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
       with_dict:
         alt_names: "{{ alt_names }}"
-      when: generated
-
+      when: cert_generated
 
     - name: Generate the {{ common_name }} certificate signed by the self-signed CA
       openssl_certificate:
@@ -73,4 +73,10 @@
         ownca_privatekey_path: "{{ certs_path }}/{{ common_name | replace('.', '-') }}-ca-key.pem"
         valid_in: "{{ cert_days*24*60*60 }}"  # seconds
         provider: ownca
-      when: generated
+      when: cert_generated
+
+    - name: Generate the PKCS#1 file for {{ common_name }}
+      shell: openssl rsa -in {{ common_name | replace('.', '-') }}-ca-key.pem -out {{ common_name | replace('.', '-') }}-ca.key
+      args:
+        chdir: "{{ certs_path }}"
+      when: pkcs1_generated