Playbook #2
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml
Execution
Date 08 Dec 2025 13:27:39 +0000
Duration 00:05:33.94
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.3
Summary
2 Hosts
316 Tasks
313 Results
18 Plays
136 Files
0 Records
check:False tags:all

Task result details

  • Status
    CHANGED
  • Duration
    00:00:01.91
  • Play
    Create CA certificates
  • Task
    pki : Create the CA CSR for ExampleCorpRoot
  • Host
    localhost ( task delegated to localhost )

Field Value
basicConstraints 
[
    "CA:TRUE"
]
changed 
True
diff 
--- before

+++ after

@@ -1 +1,72 @@

-{}
+{
+    "authority_cert_issuer": null,
+    "authority_cert_serial_number": null,
+    "authority_key_identifier": null,
+    "basic_constraints": [
+        "CA:TRUE"
+    ],
+    "basic_constraints_critical": true,
+    "can_parse_csr": true,
+    "extended_key_usage": null,
+    "extended_key_usage_critical": false,
+    "extensions_by_oid": {
+        "2.5.29.15": {
+            "critical": false,
+            "value": "AwIBhg=="
+        },
+        "2.5.29.17": {
+            "critical": false,
+            "value": "MBaCFEV4YW1wbGUgQ29ycCBSb290IENB"
+        },
+        "2.5.29.19": {
+            "critical": true,
+            "value": "MAMBAf8="
+        }
+    },
+    "key_usage": [
+        "CRL Sign",
+        "Certificate Sign",
+        "Digital Signature"
+    ],
+    "key_usage_critical": false,
+    "name_constraints_critical": false,
+    "name_constraints_excluded": null,
+    "name_constraints_permitted": null,
+    "ocsp_must_staple": null,
+    "ocsp_must_staple_critical": false,
+    "public_key": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0IlU5XUnVG227GJHSsag\nt73ezzR4KrI744AVcxWEmYGBOmtlMDbBAXrgV0wO9yPX2jT2+JQLRZ6YbpcrqI7V\nWa4EoinQgRe1rplHgBw8k39A6w/lIi/dDh2FUj2Dhiez1w6ebBMc7GAD2x715275\n1ct2suSQnLpWAzmrksxMxv0JMKLKEMf8TnaSuFryhCvKnxNHGe2Ec73f+ychzJRN\ncpJCc315IcjqY0sFbYeu8BmA/39mPWQM+II+Fl5f8uX+5dBT9cNDrD2R05IMwXDE\nNxJ8agxhTvsBAeyJjRZHEl1F6RhtiVDxljZsQOG19wEiMkbhoZ7Jw79ikfahUs2v\n0Rw49r/eMlQCcG2Gw+424OJJEJdtnBoZjA3WJju1o3U6tzo7bNceEzZATBB9agcR\nrB0LGrZpbJoRQuv3CpO9J7Jw+dkdbg6nYXyqP0GPFCw/hj73QCB8D4Vo0Zwew/sm\no2FMzcr5RgaHCAEyHRNoD5r02ef2eMqkNzDeKy/vuEyWM5BTOobboFuT4s/HpY5v\ny6A7ldcAvagMyzI5wMGZY7Y+9QvEb9qa2lxi8+prnOl9jZ3O2C5yPnlznGS0lUKe\nUopGWJsKiDsAV5QbUPvSakyUK9ya6W5vIcLZb5/y8rSXsqks+0AfmukdNsN3wGxm\nk9LW+0v5DZXL/S7Jkj9V+xUCAwEAAQ==\n-----END PUBLIC KEY-----\n",
+    "public_key_data": {
+        "exponent": 65537,
+        "modulus": 850754498001172359470974979174361279439594637469224065679669857275916209118622916021974199116086051850181652126870775219556319600554600664717334594802971252245141322321395506636589275945776410736095264776769926910905033698938130337247492718243922252978239595743096105978305837408631366331104342178668465997759830804601469202289420471910937525005917915885044536015460905810792509445843510856194679095952885400753571386660610956632938718398759024104429849261303230483033536548358333221526209217369318360134512145215334664152533313541744187316309142823170952209187820746430975413775312951171068275118545559018317029146398196221739138827347980856438748627644483237171951044373432233496241740182141672150273499875183598676533491994477491563077062092755253223665712997302203883573111604613791764254268018061275816402555375236854089157120610060894323913543631070615774881737855893488770860854978669833880257595928659465601148083143607144522574411096236180082953038529211595706200074427460406346138801427182331775665172218292716719682696499458185942637204228303040812650127501280413487607004077407333333161204200390733017714134016234383836533739967707591321018252845699241594895082933833945694978176908002645863923384959942110992647719353109,
+        "size": 4096
+    },
+    "public_key_fingerprints": {
+        "sha256": "7a:8a:7d:e8:82:36:36:df:b8:57:27:05:43:b2:16:09:85:a3:98:12:8b:99:b7:69:c1:ee:91:cc:ca:7c:bb:d4"
+    },
+    "public_key_type": "RSA",
+    "signature_valid": true,
+    "subject": {
+        "commonName": "Example Corp Root CA",
+        "countryName": "GB",
+        "stateOrProvinceName": "England"
+    },
+    "subject_alt_name": [
+        "DNS:Example Corp Root CA"
+    ],
+    "subject_alt_name_critical": false,
+    "subject_key_identifier": null,
+    "subject_ordered": [
+        [
+            "countryName",
+            "GB"
+        ],
+        [
+            "stateOrProvinceName",
+            "England"
+        ],
+        [
+            "commonName",
+            "Example Corp Root CA"
+        ]
+    ]
+}
extendedKeyUsage None
filename 
/etc/openstack_deploy/pki/roots/ExampleCorpRoot/csr/ca_csr-1000.csr
invocation 
{
    "module_args": {
        "attributes": null,
        "authority_cert_issuer": null,
        "authority_cert_serial_number": null,
        "authority_key_identifier": null,
        "backup": true,
        "basic_constraints": [
            "CA:TRUE"
        ],
        "basic_constraints_critical": true,
        "common_name": "Example Corp Root CA",
        "country_name": "GB",
        "create_subject_key_identifier": false,
        "crl_distribution_points": null,
        "digest": "sha256",
        "email_address": null,
        "extended_key_usage": null,
        "extended_key_usage_critical": false,
        "force": false,
        "group": null,
        "key_usage": [
            "digitalSignature",
            "cRLSign",
            "keyCertSign"
        ],
        "key_usage_critical": false,
        "locality_name": null,
        "mode": null,
        "name_constraints_critical": false,
        "name_constraints_excluded": null,
        "name_constraints_permitted": null,
        "ocsp_must_staple": false,
        "ocsp_must_staple_critical": false,
        "organization_name": null,
        "organizational_unit_name": null,
        "owner": null,
        "path": "/etc/openstack_deploy/pki/roots/ExampleCorpRoot/csr/ca_csr-1000.csr",
        "privatekey_content": null,
        "privatekey_passphrase": null,
        "privatekey_path": "/etc/openstack_deploy/pki/roots/ExampleCorpRoot/private/ExampleCorpRoot.key.pem",
        "return_content": false,
        "select_crypto_backend": "auto",
        "selevel": null,
        "serole": null,
        "setype": null,
        "seuser": null,
        "state": "present",
        "state_or_province_name": "England",
        "subject": null,
        "subject_alt_name": null,
        "subject_alt_name_critical": false,
        "subject_key_identifier": null,
        "subject_ordered": null,
        "unsafe_writes": false,
        "use_common_name_for_san": true,
        "version": 1
    }
}
keyUsage 
[
    "digitalSignature",
    "cRLSign",
    "keyCertSign"
]
name_constraints_excluded 
[]
name_constraints_permitted 
[]
ocspMustStaple 
False
privatekey 
/etc/openstack_deploy/pki/roots/ExampleCorpRoot/private/ExampleCorpRoot.key.pem
subject 
[
    [
        "C",
        "GB"
    ],
    [
        "ST",
        "England"
    ],
    [
        "CN",
        "Example Corp Root CA"
    ]
]
subjectAltName 
[
    "DNS:Example Corp Root CA"
]