From f5acec43ecd1ddf3da73c7f2d1b456554589f4fc Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <mineau.jean.marie@gmail.com>
Date: Tue, 26 Jan 2021 19:36:59 +0100
Subject: [PATCH] generate self signed certificate

---
 .../all/generate_self_signed_certificate.yml  |  3 +++
 hosts                                         |  1 +
 keycloak.yml                                  |  1 +
 .../tasks/main.yml                            | 27 +++++++++++++++++++
 4 files changed, 32 insertions(+)
 create mode 100644 group_vars/all/generate_self_signed_certificate.yml
 create mode 100644 roles/generate_self_signed_certificate/tasks/main.yml

diff --git a/group_vars/all/generate_self_signed_certificate.yml b/group_vars/all/generate_self_signed_certificate.yml
new file mode 100644
index 0000000..0ed0244
--- /dev/null
+++ b/group_vars/all/generate_self_signed_certificate.yml
@@ -0,0 +1,3 @@
+---
+country_name: FR
+organization_name: Pains-Perdus
diff --git a/hosts b/hosts
index 4f56397..09377d0 100644
--- a/hosts
+++ b/hosts
@@ -27,6 +27,7 @@ all:
     keycloak_host:
       hosts:
         vb2:
+          server_hostname: 10.0.2.9
     gitea_host:
       hosts:
         vb1:
diff --git a/keycloak.yml b/keycloak.yml
index 1f93a8a..5a895c1 100644
--- a/keycloak.yml
+++ b/keycloak.yml
@@ -4,4 +4,5 @@
 - hosts: keycloak_host
   roles:
     - install_docker
+    - generate_self_signed_certificate
     - install_keycloak
diff --git a/roles/generate_self_signed_certificate/tasks/main.yml b/roles/generate_self_signed_certificate/tasks/main.yml
new file mode 100644
index 0000000..896561d
--- /dev/null
+++ b/roles/generate_self_signed_certificate/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Ensure the cert directory exists
+  file:
+    path: /var/certificates
+    state: directory
+
+- name: Generate an OpenSSL private key
+  openssl_privatekey:
+    path: "/var/certificates/{{ server_hostname }}_privkey.pem"
+    size: 4096
+    type: RSA
+
+- name: Generate an OpenSSL Certificate Signing Request with Subject information
+  openssl_csr:
+    path: "/var/certificates/{{ server_hostname }}.csr"
+    privatekey_path: "/var/certificates/{{ server_hostname }}_privkey.pem"
+    country_name: "{{ country_name }}"
+    organization_name: "{{ organization_name }}"
+    email_address: "{{ vault_email }}"
+    common_name: "{{ server_hostname }}"
+
+- name: Generate a Self Signed OpenSSL certificate
+  openssl_certificate:
+    path: "/var/certificates/{{ server_hostname }}_cert.pem"
+    privatekey_path: "/var/certificates/{{ server_hostname }}_privkey.pem"
+    csr_path: "/var/certificates/{{ server_hostname }}.csr"
+    provider: selfsigned