Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 08 Dec 2025 13:40:18 +0000
Duration 00:10:06.79
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.11
Summary
15 Hosts
608 Tasks
2412 Results
18 Plays
158 Files
0 Records
check:False tags:all

Task result details

  • Status
    CHANGED
  • Duration
    00:00:00.70
  • Play
    Create CA certificates
  • Task
    pki : Create the CA CSR for ExampleCorpRoot
  • Host
    localhost ( task delegated to localhost )

Field Value
basicConstraints 
[
    "CA:TRUE"
]
changed 
True
diff 
--- before

+++ after

@@ -1 +1,72 @@

-{}
+{
+    "authority_cert_issuer": null,
+    "authority_cert_serial_number": null,
+    "authority_key_identifier": null,
+    "basic_constraints": [
+        "CA:TRUE"
+    ],
+    "basic_constraints_critical": true,
+    "can_parse_csr": true,
+    "extended_key_usage": null,
+    "extended_key_usage_critical": false,
+    "extensions_by_oid": {
+        "2.5.29.15": {
+            "critical": false,
+            "value": "AwIBhg=="
+        },
+        "2.5.29.17": {
+            "critical": false,
+            "value": "MBaCFEV4YW1wbGUgQ29ycCBSb290IENB"
+        },
+        "2.5.29.19": {
+            "critical": true,
+            "value": "MAMBAf8="
+        }
+    },
+    "key_usage": [
+        "CRL Sign",
+        "Certificate Sign",
+        "Digital Signature"
+    ],
+    "key_usage_critical": false,
+    "name_constraints_critical": false,
+    "name_constraints_excluded": null,
+    "name_constraints_permitted": null,
+    "ocsp_must_staple": null,
+    "ocsp_must_staple_critical": false,
+    "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnXc5/2vwGtzIGy2K8xxD\nu3m0BGePMOJKncUOe+3IHbrLHBuKFcSf1+EYxEIVrfnrzeCc+YEpemb99YpbvmRA\nXEaxknbiY1ZgLdsu87Z+qpVUR9hAIzcWJpCyU3gmS+rFJapmR8z5scy0SIMPJzmc\nbJwrK2aiipp1VyIMgoAL78zacKVtD7cfUpXC7U87GshdHJKf14d9oY4zAzYa5Sru\nsSou5omUYlprX+vx0STeCaIkOvIFC1X81zc4MuD78aJNjq4qET4nC6XEzxcvopfp\nWRWz4q3aVpKZfPrYoIHv/A9pU9yuCVcYkA/16zkXzmGfVMtoHhJSEiVSrK7vI4S2\nYkv6d/6kfgOKRIyPySb2wiWm+ZcSVsI3VSgxvbfymeudzJVDTPkEORXRbCRRkezV\n/3AyUg295zofTWo9zjPEKhUJGCwnAQAlB2ZtvjzKD0bXpykOiVSLZRPOPlR3tDaE\njFsT1t11a2+svBlNaCn6z9r6r1ZSmOK0x6xlzdRKJ3mP3bX2v6tHlC4P7t8WyCFN\nyLmv5KNbQxocg4dT9UMct7yU00pvf2Ty6wGPTv8lJWHlkSf4YTLOmqbRC9benzl4\nMF+b/mNDgSRtn7pV9FZKzBuB9mq+4EvvbQojycdr4KZ7gEZpHXmJvLhPHSYYJOt4\nxvmRIvTOavu9dLD1wpOUZH8CAwEAAQ==\n-----END PUBLIC KEY-----\n",
+    "public_key_data": {
+        "exponent": 65537,
+        "modulus": 642404126110604970436524149581995244466888338370571029097115028497617204796444350622614624713042580234958995094427762600341220018892260724748494511418180483013568727396715894360256771003436681595167825402795473806295857256574010369106654290128322508774828159489788862675643046103521459672665091786073777201733463653110315207214316583430600256127710776407276828518586379840839311262049414140974048467698513172715158317002566391415995221269282410814943581730753673246334641205245844939677586578584914464825770117396592930655509667338988802252262825392442593764066886348430574676855948363479279684013340574775370813858803545945358138761779883554429570365577703985338601988776561173008942365017760570307808381407144851206694436274337735425274602943713069349521745735288122017550299893104267655966641620189182120790397141059103857758051130027614749802137296812460974460300794081632413547268277313125553070236625802995719185810296438819126833384309485658228286373027679517827469115562778096240917260228753339273950722122001375950643280343356421390952998208113744192531869588938482626718499238794940642640059299180433752121649935187388071877766926224037931043501523588198728342537875571155265185521320074177233598517585598188148453356627071,
+        "size": 4096
+    },
+    "public_key_fingerprints": {
+        "sha256": "a3:e6:3c:6f:1f:c0:1f:54:ae:90:16:85:be:fc:6d:91:bb:63:43:12:fe:b1:07:0f:cb:9c:b9:70:d1:e1:54:c4"
+    },
+    "public_key_type": "RSA",
+    "signature_valid": true,
+    "subject": {
+        "commonName": "Example Corp Root CA",
+        "countryName": "GB",
+        "stateOrProvinceName": "England"
+    },
+    "subject_alt_name": [
+        "DNS:Example Corp Root CA"
+    ],
+    "subject_alt_name_critical": false,
+    "subject_key_identifier": null,
+    "subject_ordered": [
+        [
+            "countryName",
+            "GB"
+        ],
+        [
+            "stateOrProvinceName",
+            "England"
+        ],
+        [
+            "commonName",
+            "Example Corp Root CA"
+        ]
+    ]
+}
extendedKeyUsage None
filename 
/etc/openstack_deploy/pki/roots/ExampleCorpRoot/csr/ca_csr-1000.csr
invocation 
{
    "module_args": {
        "attributes": null,
        "authority_cert_issuer": null,
        "authority_cert_serial_number": null,
        "authority_key_identifier": null,
        "backup": true,
        "basic_constraints": [
            "CA:TRUE"
        ],
        "basic_constraints_critical": true,
        "common_name": "Example Corp Root CA",
        "country_name": "GB",
        "create_subject_key_identifier": false,
        "crl_distribution_points": null,
        "digest": "sha256",
        "email_address": null,
        "extended_key_usage": null,
        "extended_key_usage_critical": false,
        "force": false,
        "group": null,
        "key_usage": [
            "digitalSignature",
            "cRLSign",
            "keyCertSign"
        ],
        "key_usage_critical": false,
        "locality_name": null,
        "mode": null,
        "name_constraints_critical": false,
        "name_constraints_excluded": null,
        "name_constraints_permitted": null,
        "ocsp_must_staple": false,
        "ocsp_must_staple_critical": false,
        "organization_name": null,
        "organizational_unit_name": null,
        "owner": null,
        "path": "/etc/openstack_deploy/pki/roots/ExampleCorpRoot/csr/ca_csr-1000.csr",
        "privatekey_content": null,
        "privatekey_passphrase": null,
        "privatekey_path": "/etc/openstack_deploy/pki/roots/ExampleCorpRoot/private/ExampleCorpRoot.key.pem",
        "return_content": false,
        "select_crypto_backend": "auto",
        "selevel": null,
        "serole": null,
        "setype": null,
        "seuser": null,
        "state": "present",
        "state_or_province_name": "England",
        "subject": null,
        "subject_alt_name": null,
        "subject_alt_name_critical": false,
        "subject_key_identifier": null,
        "subject_ordered": null,
        "unsafe_writes": false,
        "use_common_name_for_san": true,
        "version": 1
    }
}
keyUsage 
[
    "digitalSignature",
    "cRLSign",
    "keyCertSign"
]
name_constraints_excluded 
[]
name_constraints_permitted 
[]
ocspMustStaple 
False
privatekey 
/etc/openstack_deploy/pki/roots/ExampleCorpRoot/private/ExampleCorpRoot.key.pem
subject 
[
    [
        "C",
        "GB"
    ],
    [
        "ST",
        "England"
    ],
    [
        "CN",
        "Example Corp Root CA"
    ]
]
subjectAltName 
[
    "DNS:Example Corp Root CA"
]