summaryrefslogtreecommitdiff
path: root/roles/monitoring/prometheus/ca/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/monitoring/prometheus/ca/tasks/main.yml')
-rw-r--r--roles/monitoring/prometheus/ca/tasks/main.yml52
1 files changed, 0 insertions, 52 deletions
diff --git a/roles/monitoring/prometheus/ca/tasks/main.yml b/roles/monitoring/prometheus/ca/tasks/main.yml
deleted file mode 100644
index 064cb6e8..00000000
--- a/roles/monitoring/prometheus/ca/tasks/main.yml
+++ /dev/null
@@ -1,52 +0,0 @@
----
-- name: install python-cryptoraphy
- apt:
- name: "{{ python_basename }}-cryptography"
- state: present
-
-- name: create base directory
- file:
- path: /etc/ssl/prometheus
- state: directory
-
-- name: create CA directory
- file:
- path: /etc/ssl/prometheus/ca
- state: directory
- owner: root
- group: root
- mode: 0700
-
-- name: create CA private key
- openssl_privatekey:
- path: /etc/ssl/prometheus/ca/key.pem
- type: RSA
- size: 4096
- owner: root
- group: root
- mode: 0600
-
-- name: create signing request for CA certificate
- openssl_csr:
- path: /etc/ssl/prometheus/ca/csr.pem
- privatekey_path: /etc/ssl/prometheus/ca/key.pem
- CN: "CA for prometheus zone {{ prometheus_zone_name }}"
- useCommonNameForSAN: no
- key_usage:
- - cRLSign
- - keyCertSign
- key_usage_critical: yes
- basic_constraints:
- - 'CA:TRUE'
- - 'pathlen:0'
- basic_constraints_critical: yes
-
-- name: create self-signed CA certificate
- openssl_certificate:
- path: /etc/ssl/prometheus/ca-crt.pem
- csr_path: /etc/ssl/prometheus/ca/csr.pem
- privatekey_path: /etc/ssl/prometheus/ca/key.pem
- provider: selfsigned
- selfsigned_digest: sha256
- selfsigned_not_after: "+18250d" ## 50 years
- selfsigned_create_subject_key_identifier: always_create
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 02:38:51 +0000