Add role and playbook to generate a certs tarball

Signed-off-by: Eric D. Helms <ericdhelms@gmail.com>

Author: ehelms

src/playbooks/certificate-bundle/certificate-bundle.yaml

@@ -0,0 +1,23 @@
+---
+- name: Generate a certificate bundle for a hostname
+  hosts:
+    - quadlet
+  become: true
+  vars:
+    certificates_ca: false
+    certificates_hostnames:
+      - "{{ hostname }}"
+    certificate_source: default
+  roles:
+    - role: certificates
+      when: "certificate_source == 'default'"
+    - role: foreman_installer_certs
+      when: "certificate_source == 'installer'"
+    - role: certificate_bundle
+      vars:
+        certificate_bundle_hostname: "{{ hostname }}"
+        certificate_bundle_ca_certificate: "{{ certificates_ca_directory }}/certs/ca.crt"
+        certificate_bundle_server_certificate: "{{ certificates_ca_directory }}/certs/{{ hostname }}.crt"
+        certificate_bundle_server_key: "{{ certificates_ca_directory }}/private/{{ hostname }}.key"
+        certificate_bundle_client_certificate: "{{ certificates_ca_directory }}/certs/{{ hostname }}-client.crt"
+        certificate_bundle_client_key: "{{ certificates_ca_directory }}/private/{{ hostname }}-client.key"

src/playbooks/certificate-bundle/metadata.obsah.yaml

@@ -0,0 +1,10 @@
+---
+help: |
+  Generate a certificate bundle
+
+variables:
+  hostname:
+    parameter: hostname
+    help: Hostname to generate a certificate bundle for that will be the common name.
+  certificate_source:
+    help: What certificate source is being used.

src/roles/certificate_bundle/tasks/main.yml

@@ -0,0 +1,68 @@
+---
+- name: Create temporary directory
+  ansible.builtin.tempfile:
+    state: directory
+    suffix: certificate-build
+  register: build_directory
+
+- name: Create directory structure
+  ansible.builtin.file:
+    state: directory
+    path: "{{ build_directory.path }}/ssl-build/{{ certificate_bundle_hostname }}"
+    mode: '0755'
+
+- name: Copy CA certificate
+  ansible.builtin.copy:
+    src: "{{ certificate_bundle_ca_certificate }}"
+    dest: "{{ build_directory.path }}/ssl-build/{{ item }}"
+    remote_src: true
+    mode: '0444'
+  loop:
+    - katello-server-ca.crt
+    - katello-default-ca.crt
+
+- name: Copy server certificate
+  ansible.builtin.copy:
+    src: "{{ certificate_bundle_server_certificate }}"
+    dest: "{{ build_directory.path }}/ssl-build/{{ certificate_bundle_hostname }}/{{ certificate_bundle_hostname }}-{{ item }}"
+    remote_src: true
+    mode: '0444'
+  loop:
+    - apache.crt
+    - foreman-proxy.crt
+
+- name: Copy server key
+  ansible.builtin.copy:
+    src: "{{ certificate_bundle_server_key }}"
+    dest: "{{ build_directory.path }}/ssl-build/{{ certificate_bundle_hostname }}/{{ certificate_bundle_hostname }}-{{ item }}"
+    remote_src: true
+    mode: '0440'
+  loop:
+    - apache.key
+    - foreman-proxy.key
+
+- name: Copy client certificate
+  ansible.builtin.copy:
+    src: "{{ certificate_bundle_client_certificate }}"
+    dest: "{{ build_directory.path }}/ssl-build/{{ certificate_bundle_hostname }}/{{ certificate_bundle_hostname }}-{{ item }}"
+    remote_src: true
+    mode: '0444'
+  loop:
+    - foreman-proxy-client.crt
+    - puppet-client.crt
+
+- name: Copy client key
+  ansible.builtin.copy:
+    src: "{{ certificate_bundle_client_key }}"
+    dest: "{{ build_directory.path }}/ssl-build/{{ certificate_bundle_hostname }}/{{ certificate_bundle_hostname }}-{{ item }}"
+    remote_src: true
+    mode: '0440'
+  loop:
+    - foreman-proxy-client.key
+    - puppet-client.key
+
+- name: Create tarball
+  community.general.archive:
+    path: "{{ build_directory.path }}/ssl-build"
+    dest: "/root/{{ certificate_bundle_hostname }}.tar.gz"
+    mode: '0640'