create_certs.yml

# Author Remo Mattei
# Email: rm@rm.ht
---
- hosts: localhost
  gather_facts: false
  connection: local
  tasks:
    - name: Generate Private key.
      openssl_privatekey:
        path: "{{ cert_path }}/{{ cert_key }}"
    - name: Generate an OpenSSL Certificate Signing Request with Subject information
      openssl_csr:
        path: "{{ cert_path }}/{{ cert_csr }}"
        privatekey_path: "{{ cert_path }}/{{ cert_key }}"
        country_name: "{{ country }}"
        organization_name: "{{ organization }}"
        email_address: "{{ email }}"
        common_name: "{{ common_name }}"
      tags:
        - create_csr
    - name: Generate a Self Signed OpenSSL certificate.
      openssl_certificate:
        path: "{{ cert_path }}/{{ cert_fullchain }}"
        privatekey_path: "{{ cert_path }}/{{ cert_key }}"
        csr_path: "{{ cert_path }}/{{ cert_csr }}"
        provider: selfsigned
    - name: Configure SE Group
      no_log: false
      import_role:
        name: avinetworks.aviconfig
      vars:
        avi_config:
          sslprofile:
            - name: "{{ ssl_profile_name }}"
              tenant: "{{ username }}"
              cipher_enums: [
                       "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
                       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
                       "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
                       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
                       "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
                       "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
                       "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
                       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
                       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
                       "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
                       "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
                       "TLS_RSA_WITH_AES_128_GCM_SHA256",
                       "TLS_RSA_WITH_AES_256_GCM_SHA384",
                       "TLS_RSA_WITH_AES_128_CBC_SHA256",
                       "TLS_RSA_WITH_AES_256_CBC_SHA256",
                       "TLS_RSA_WITH_AES_256_CBC_SHA",
                       "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
                        ]
              accepted_versions:
                - type: SSL_VERSION_TLS1
                - type: SSL_VERSION_TLS1_1
                - type: SSL_VERSION_TLS1_2
          sslkeyandcertificate:
            - name: "{{ sslkeycert }}"
              tenant: "{{ username }}"
              certificate:
                self_signed: true
                certificate: "{{ lookup('file', '{{ cert_path }}/{{ cert_fullchain }}' )}}"
              key: "{{ lookup('file', '{{ cert_path }}/{{ cert_key }}' )}}"