xci: osa: Move SSL certification tasks to a new file

The tasks for creating and managing the XCI SSL certificates
can be shared between installers so move them to a common file.

Change-Id: I9df82517e737681420429a992aa8d68e78528fd4
Signed-off-by: Markos Chandras <mchandras@suse.de>

diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml
index 35b17e5..3dcdaa6 100644 (file)
--- a/xci/installer/osa/playbooks/configure-opnfvhost.yml
+++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml
@@ -127,7 +127,6 @@
         - pyyaml
         - python-neutronclient
         - python-openstackclient
-        - pyOpenSSL
     - name: Install ARA callback plugin in OSA virtualenv
       pip:
         name: ara
@@ -154,24 +153,10 @@
         chdir: "{{openstack_osa_path}}/scripts"
       changed_when: True
 
-    - name: Generate XCI private key
-      openssl_privatekey:
-        path: /etc/ssl/private/xci.key
-        size: 2048
-
-    - name: Generate XCI certificate request
-      openssl_csr:
-        privatekey_path: /etc/ssl/private/xci.key
-        path: /etc/ssl/private/xci.csr
-        common_name: "{{ xci_ssl_subject }}"
-
-    - name: Generate XCI self signed certificate
-      openssl_certificate:
-        path: /etc/ssl/certs/xci.crt
-        privatekey_path: /etc/ssl/private/xci.key
-        csr_path: /etc/ssl/private/xci.csr
-        provider: selfsigned
-        selfsigned_not_after: 20800101000000Z
+    - name: Configure SSL certificates
+      include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml"
+      vars:
+        extra_args: "-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt"
 
     - name: fetch xci environment
       copy:

diff --git a/xci/playbooks/manage-ssl-certs.yml b/xci/playbooks/manage-ssl-certs.yml
new file mode 100644 (file)
index 0000000..d0c5c51
--- /dev/null
+++ b/xci/playbooks/manage-ssl-certs.yml
@@ -0,0 +1,32 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018 SUSE Linux GmbH and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- name: Install required pip packages for SSL
+  pip:
+    name: pyOpenSSL
+    state: present
+    extra_args: "{{ extra_args | default(omit) }}"
+
+- name: Generate XCI private key
+  openssl_privatekey:
+    path: /etc/ssl/private/xci.key
+    size: 2048
+
+- name: Generate XCI certificate request
+  openssl_csr:
+    privatekey_path: /etc/ssl/private/xci.key
+    path: /etc/ssl/private/xci.csr
+    common_name: "{{ xci_ssl_subject }}"
+
+- name: Generate XCI self signed certificate
+  openssl_certificate:
+    path: /etc/ssl/certs/xci.crt
+    privatekey_path: /etc/ssl/private/xci.key
+    csr_path: /etc/ssl/private/xci.csr
+    provider: selfsigned
+    selfsigned_not_after: 20800101000000Z