Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 14 Dec 2025 10:04:43 +0000
Duration 00:10:10.66
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.13.5
Summary
15 Hosts
603 Tasks
2357 Results
18 Plays
157 Files
0 Records
check:False tags:all

Task result details

  • Status
    CHANGED
  • Duration
    00:00:00.76
  • Play
    Create CA certificates
  • Task
    pki : Create the CA CSR for ExampleCorpRoot
  • Host
    localhost ( task delegated to localhost )

Field Value
basicConstraints 
[
    "CA:TRUE"
]
changed 
True
diff 
--- before

+++ after

@@ -1 +1,72 @@

-{}
+{
+    "authority_cert_issuer": null,
+    "authority_cert_serial_number": null,
+    "authority_key_identifier": null,
+    "basic_constraints": [
+        "CA:TRUE"
+    ],
+    "basic_constraints_critical": true,
+    "can_parse_csr": true,
+    "extended_key_usage": null,
+    "extended_key_usage_critical": false,
+    "extensions_by_oid": {
+        "2.5.29.15": {
+            "critical": false,
+            "value": "AwIBhg=="
+        },
+        "2.5.29.17": {
+            "critical": false,
+            "value": "MBaCFEV4YW1wbGUgQ29ycCBSb290IENB"
+        },
+        "2.5.29.19": {
+            "critical": true,
+            "value": "MAMBAf8="
+        }
+    },
+    "key_usage": [
+        "CRL Sign",
+        "Certificate Sign",
+        "Digital Signature"
+    ],
+    "key_usage_critical": false,
+    "name_constraints_critical": false,
+    "name_constraints_excluded": null,
+    "name_constraints_permitted": null,
+    "ocsp_must_staple": null,
+    "ocsp_must_staple_critical": false,
+    "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl4X/B48fA/nnYnO0aRXW\nVz0lh3urQRiN0BmdfwTSWOKg+03SQOlIA82wPZ9sw7YE58Qz4l0i/0z5HR1IwoUZ\neVbTeVoXuFzGCJJDSHEThQpABZESJ6wa8Qo79zsUaSt+HVvLjU7bPAB1V6z98+w5\nqcFkwmf1PP/BAsMErexJ1mKO0cOOF4PC2CRmuobNNylG9iNCb8MtITQPfqMitXIE\nY0Bz+HL2iu+kM42J+yuLdzD4o+kbFgI8yOAO48qk8t0FBoJ45d6WVowa6X3d7IyE\nACA0VuRjSDMV6/VnBRQ4ppD9IKdik7Q6fG+f0DbnDDnEPqi3guSPoWAVOqzyEYpX\noPUZ5tVlzJzfkDqPy44L573IkdBwWxGcSQMcFDZvE8LGJFhCfx+F4QuOPjjJKLb2\naONIQ8y8W5ql+/Ah4zFUIVxI+y66O43Cy2+IwmrwH4XfEzfZg+hykaotrpbaLmwj\nY3rEcFCsSLHQW/myZGdOuy99+EN/7BR1MnnbN8eDeP7GkiODOtn4zvQTh894/nEc\nZieHksjPyc4dQQD3PDZwYmOSseYfXLjFpo6Lp1/f1W1VJ5WnwFjlwIVKOKx5OBjl\nc4pz8Bf5TWsd4zMyO53C3Ihtv6o1xb8R5nRCtDNsF/ngviBwBwS0ahC8oobKHLLM\nKq7zeEFGsauWJqkXl9caiisCAwEAAQ==\n-----END PUBLIC KEY-----\n",
+    "public_key_data": {
+        "exponent": 65537,
+        "modulus": 618161632550571264017160293426376770642688927253712915304040653203112621450378474832840376826047136108541356552471702400197160269021065930130402449470119931292799221992991411873503733851991385317337129793314061880551541295792429653270687910185838270691982867602921022946013843981344205290090672127473354823185346655802498151587893657439101679158709071953625342124064076531994211874617849782310030252189598267030856464467031221077041539993909005546813923336155635402006327505015561567689450209865224721268393410579817269378533393153350681734760645268530582868355989632997110957121940185418942262473743870044619638118332150263575977248413436358944557668710771292026970604460702701654138515591197964410797555103888380209093514241897446672471173329567734453575025508164681930421323659913323784950002605915416128286010722830311055566376637246072218202171424517715838828001988894906782309143160535900926646932305762343920351322170303611297352337073510830311109679509322943243296429603313494472885106495224310921994276629183835868187092738098952227015778330380594157450478207791708952427906484974674238256876137446168551891753527912119962376037875477952783771628119193997498446138919185421408586971208220299392846239086801461982626592754219,
+        "size": 4096
+    },
+    "public_key_fingerprints": {
+        "sha256": "b7:91:74:f2:bb:3b:0e:e3:a7:05:ee:39:95:ea:0f:bd:c4:9f:50:0d:cf:88:fc:f5:0b:16:71:d4:c8:1d:02:7e"
+    },
+    "public_key_type": "RSA",
+    "signature_valid": true,
+    "subject": {
+        "commonName": "Example Corp Root CA",
+        "countryName": "GB",
+        "stateOrProvinceName": "England"
+    },
+    "subject_alt_name": [
+        "DNS:Example Corp Root CA"
+    ],
+    "subject_alt_name_critical": false,
+    "subject_key_identifier": null,
+    "subject_ordered": [
+        [
+            "countryName",
+            "GB"
+        ],
+        [
+            "stateOrProvinceName",
+            "England"
+        ],
+        [
+            "commonName",
+            "Example Corp Root CA"
+        ]
+    ]
+}
extendedKeyUsage None
filename 
/etc/openstack_deploy/pki/roots/ExampleCorpRoot/csr/ca_csr-1000.csr
invocation 
{
    "module_args": {
        "attributes": null,
        "authority_cert_issuer": null,
        "authority_cert_serial_number": null,
        "authority_key_identifier": null,
        "backup": true,
        "basic_constraints": [
            "CA:TRUE"
        ],
        "basic_constraints_critical": true,
        "common_name": "Example Corp Root CA",
        "country_name": "GB",
        "create_subject_key_identifier": false,
        "crl_distribution_points": null,
        "digest": "sha256",
        "email_address": null,
        "extended_key_usage": null,
        "extended_key_usage_critical": false,
        "force": false,
        "group": null,
        "key_usage": [
            "digitalSignature",
            "cRLSign",
            "keyCertSign"
        ],
        "key_usage_critical": false,
        "locality_name": null,
        "mode": null,
        "name_constraints_critical": false,
        "name_constraints_excluded": null,
        "name_constraints_permitted": null,
        "ocsp_must_staple": false,
        "ocsp_must_staple_critical": false,
        "organization_name": null,
        "organizational_unit_name": null,
        "owner": null,
        "path": "/etc/openstack_deploy/pki/roots/ExampleCorpRoot/csr/ca_csr-1000.csr",
        "privatekey_content": null,
        "privatekey_passphrase": null,
        "privatekey_path": "/etc/openstack_deploy/pki/roots/ExampleCorpRoot/private/ExampleCorpRoot.key.pem",
        "return_content": false,
        "select_crypto_backend": "auto",
        "selevel": null,
        "serole": null,
        "setype": null,
        "seuser": null,
        "state": "present",
        "state_or_province_name": "England",
        "subject": null,
        "subject_alt_name": null,
        "subject_alt_name_critical": false,
        "subject_key_identifier": null,
        "subject_ordered": null,
        "unsafe_writes": false,
        "use_common_name_for_san": true,
        "version": 1
    }
}
keyUsage 
[
    "digitalSignature",
    "cRLSign",
    "keyCertSign"
]
name_constraints_excluded 
[]
name_constraints_permitted 
[]
ocspMustStaple 
False
privatekey 
/etc/openstack_deploy/pki/roots/ExampleCorpRoot/private/ExampleCorpRoot.key.pem
subject 
[
    [
        "C",
        "GB"
    ],
    [
        "ST",
        "England"
    ],
    [
        "CN",
        "Example Corp Root CA"
    ]
]
subjectAltName 
[
    "DNS:Example Corp Root CA"
]