File ardana-tls-8.0+git.1534267264.6b1e899.obscpio of Package ardana-tls

Overview Repositories Revisions Requests Users Attributes Meta

File ardana-tls-8.0+git.1534267264.6b1e899.obscpio of Package ardana-tls

07070100000000000081A40000000000000000000000015B730F8000000127000000000000000000000000000000000000003700000000ardana-tls-8.0+git.1534267264.6b1e899/.copyrightignore.copyrightignore
.rsync-filter
roles/tls-trust/files/openssl.cnf
roles/tls-trust/templates/ardana-openssl.cnf
roles/tls-trust/files/public/ardana-internal-cacert.crt
roles/tls-trust/files/public/frontend_cacert.pem
roles/tls-frontend/files/public/my-public-cert
roles/tls-trust/files/cacert.pem
07070100000001000081A40000000000000000000000015B730F800000007F000000000000000000000000000000000000003100000000ardana-tls-8.0+git.1534267264.6b1e899/.gitreview[gerrit]
host=gerrit.suse.provo.cloud
port=29418
project=ardana/tls-ansible.git
defaultremote=ardana
defaultbranch=stable/pike
07070100000002000081A40000000000000000000000015B730F800000000C000000000000000000000000000000000000003400000000ardana-tls-8.0+git.1534267264.6b1e899/.rsync-filter- ardana-ci
07070100000003000081A40000000000000000000000015B730F800000279F000000000000000000000000000000000000002E00000000ardana-tls-8.0+git.1534267264.6b1e899/LICENSE
                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions.

"License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

"Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

"Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.

"Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.

"Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

"Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).

"Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.

3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:

(a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and

(b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and

(c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and

(d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.

You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.

5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.

8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.

07070100000004000081A40000000000000000000000015B730F80000006CF000000000000000000000000000000000000003000000000ardana-tls-8.0+git.1534267264.6b1e899/README.md#
# (c) Copyright 2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
Generate a self-signed CA

Note: In a production setting you will not perform this step. You will use your
company CA or a valid public CA.

This section demonstrates to how you can create your own self-signed CA and
then use this CA to sign server certificates. This CA can be thought of as a
Company IT internal CA that is self-signed and whose CA certificates are
deployed on the company machines. This way the server certificate becomes
legitimate.

export EXAMPLE_CA_KEY_FILE='example-CA.key'
export EXAMPLE_CA_CERT_FILE='example-CA.crt'
openssl req -x509 -batch -newkey rsa:2048 -nodes -out "${EXAMPLE_CA_CERT_FILE}" \
-keyout "${EXAMPLE_CA_KEY_FILE}" \
-subj "/C=DE/O=Micro Focus International/CN=Autogenerated Ardana Certificate Authority" \
-days 365

You can tweak the subj and days above to your needs. For instance, if you want
to test what happens when a CA expires, you can keep 'days' to very low values.

Note that the issuer has to be unique. So if you already installed a CA for a
particular DN (subj), make sure it's different the next time. For example:

-subj "/C=DE/O=Micro Focus International/CN=Autogenerated Ardana Certificate Authority 2" \
07070100000005000081A40000000000000000000000015B730F80000007A0000000000000000000000000000000000000003C00000000ardana-tls-8.0+git.1534267264.6b1e899/_tls-deploy-certs.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Bootstrap CA
- hosts: TLS-CA
  roles:
    - tls-trust
  tasks:
    - include: roles/tls-trust/tasks/bootstrap.yml

# Generate internal certificate from one ardana CA
- hosts: TLS-CA--first-member[0]
  roles:
    - tls-trust
  tasks:
    - include: roles/tls-trust/tasks/create_certs.yml

# Copy user provided certificates to temp
- hosts: TLS-CA--first-member[0]
  roles:
    - tls-frontend
  tasks:
    - include: roles/tls-frontend/tasks/bootstrap_certs.yml

# Install trust chains on all nodes except HyperV
- hosts: OPS-LMTGT:!*-HYP
  roles:
    - tls-trust
  tasks:
    - include: roles/tls-trust/tasks/install.yml

# Install trust chains on HyperV
- hosts: OPS-LMTGT:&*-HYP
  roles:
    - tls-trust
    - win-install-package
  tasks:
    - include: roles/win-install-package/tasks/_setvars.yml
    - include: roles/tls-trust/tasks/win_install.yml

# Update trust chains on Java keystores on hosts that
# are known to require Java
- hosts: MON-API
  roles:
    - tls-trust
  tasks:
    - include: roles/tls-trust/tasks/install_java.yml

# deploy certificates for ip-cluster
- hosts: FND-CLU
  roles:
    - tls-trust
    - haproxy
  tasks:
    - include: roles/tls-trust/tasks/cert_deploy.yml

# Cleanup
- hosts: TLS-CA
  roles:
    - tls-trust
  tasks:
    - include: roles/tls-trust/tasks/cleanup.yml
07070100000006000081A40000000000000000000000015B730F8000000313000000000000000000000000000000000000004100000000ardana-tls-8.0+git.1534267264.6b1e899/_tls-terminator-config.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- hosts: FND-STN:&FND-CLU
  roles:
    - haproxy
    - tls-trust
  tasks:
    - include: roles/tls-trust/tasks/config_service_termination.yml

07070100000007000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000002D00000000ardana-tls-8.0+git.1534267264.6b1e899/config07070100000008000081A40000000000000000000000015B730F800000031A000000000000000000000000000000000000004700000000ardana-tls-8.0+git.1534267264.6b1e899/config/tls-frontend-symlinks.yml#
# (c) Copyright 2015,2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

# The following relative symlinks are created under the
# my_cloud/config directory.
---
symlinks:
  "tls/certs": "roles/tls-frontend/files/public"

07070100000009000081A40000000000000000000000015B730F8000000353000000000000000000000000000000000000004400000000ardana-tls-8.0+git.1534267264.6b1e899/config/tls-trust-symlinks.yml#
# (c) Copyright 2015,2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

# The following relative symlinks are created under the
# my_cloud/config directory.
---
symlinks:
  "tls/cacerts": "roles/tls-trust/files/public"
  "tls/trust-config": "roles/tls-trust/defaults/main.yml"

0707010000000A000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000003500000000ardana-tls-8.0+git.1534267264.6b1e899/filter_plugins0707010000000B000081A40000000000000000000000015B730F800000046C000000000000000000000000000000000000004400000000ardana-tls-8.0+git.1534267264.6b1e899/filter_plugins/tls_filters.py#
# (c) Copyright 2015 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Set of filters for TLS playbooks

# Get a list of certificate names and return a unique list

def get_cert_files(d):
    ret = list()
    for service in d.keys():
        if 'networks' in d[service].keys():
            for network in d[service]['networks']:
                if 'cert_file' in network.keys():
                    ret.append(network['cert_file'])
    return list(set(ret))

class FilterModule(object):

def filters(self):
        return {'get_cert_files': get_cert_files}

0707010000000C000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000002E00000000ardana-tls-8.0+git.1534267264.6b1e899/library0707010000000D000081A40000000000000000000000015B730F800000142B000000000000000000000000000000000000003B00000000ardana-tls-8.0+git.1534267264.6b1e899/library/ardana_ca.py#!/usr/bin/python -tt
# -*- coding: utf-8 -*-

# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
from subprocess import check_output, CalledProcessError
import os

def _ca(ca):
    create_ca =[ "/usr/bin/openssl", "req",
                 "-new",
                 "-x509",
                 "-batch",
                 "-nodes",
                 "-key", ca["key"],
                 "-out", ca["cert"],
                 "-days", ca["days"],
                 "-subj", ca["subj"],
               ]

check_output(create_ca, stderr=subprocess.STDOUT)

def _csr(req, key, csr):
    create_csr =[ "/usr/bin/openssl", "req",
                  "-newkey", "rsa:2048",
                  "-nodes",
                  "-keyout", key,
                  "-out", csr,
                  "-extensions", "v3_req",
                  "-config", req,
                ]

check_output(create_csr, stderr=subprocess.STDOUT)

def _sign(ca, csr, cert):
    check_output("touch index.txt".split(), stderr=subprocess.STDOUT)
    check_output("/usr/bin/openssl rand -hex -out serial 6".split(),
                    stderr=subprocess.STDOUT)

cert_sign =[ "/usr/bin/openssl", "ca",
                 "-batch",
                 "-notext",
                 "-in", csr,
                 "-out", cert,
                 "-config", ca["conf"],
                 "-extensions", "v3_req",
                 "-cert", ca["cert"],
                 "-keyfile", ca["key"],
                ]
    check_output(cert_sign, stderr=subprocess.STDOUT)
def main():

module = AnsibleModule(
        argument_spec = dict(
            cacert            = dict(required=True),
            cakey             = dict(required=True),
            conf              = dict(required=True),
            subj              = dict(required=True),
            cert              = dict(required=False, type='str'),
            ca_days           = dict(required=False, type='str'),
            req               = dict(required=False, type='str'),
            csr               = dict(required=False, type='str'),
            key               = dict(required=False, type='str'),
            chdir             = dict(required=False, type='str'),
            combined          = dict(required=False, type='bool'),
            generate_ca       = dict(required=False, type='bool'),
        ),
        add_file_common_args=True,
        supports_check_mode=True,
    )

# Initialize return values
    changed = False

# Change to the working directory
    chdir = module.params['chdir']
    if chdir:
        chdir = os.path.abspath(os.path.expanduser(chdir))
        os.chdir(chdir)

# Get CA credentials first
    cakey = module.params['cakey']
    if not os.path.exists(cakey) or not os.access(cakey, os.R_OK):
        module.fail_json(msg="CA key file %s not found or not readable" % (cakey))

generate_CA = module.params['generate_ca']

cacert = module.params['cacert']
    if not os.path.exists(cacert) or not os.access(cacert, os.R_OK):
        generate_CA = True

ca_days = module.params['ca_days']
    if not ca_days:
        ca_days = "3650" # Ten years

ca = {"key": cakey,
          "cert": cacert,
          "days": ca_days,
          "conf": module.params['conf'],
          "subj": module.params['subj'],
         }

# If CA is to be generated do it now
    if generate_CA:
        try:
            _ca(ca)
            changed = True
        except CalledProcessError as err:
            module.fail_json(msg=err.output, exit_status=err.returncode)

req = module.params['req']
    if req: # User wants a cert generated
        if not os.path.exists(req) or not os.access(req, os.R_OK):
            module.fail_json(msg="Request file %s not found or not readable" % (req))

csr = module.params['csr']
        if not csr:
            csr = req + ".csr"
        key = module.params['key']
        if not key:
            key = req + ".key"
        cert = module.params['cert']

# Create CSR and Sign the cert
        try:
            _csr(req, key, csr)
            _sign(ca, csr, cert)
            changed = True
        except CalledProcessError as err:
            module.fail_json(msg=err.output, exit_status=err.returncode)

combined = module.params['combined']
        if combined:
            with open(cert, "a") as certfile, open(key, "r") as keyfile:
                    certfile.write(keyfile.read())
        changed = True

module.exit_json(
        changed  = changed,
    )

# import module snippets
from ansible.module_utils.basic import *
main()

0707010000000E000041ED0000000000000000000000055B730F8000000000000000000000000000000000000000000000002C00000000ardana-tls-8.0+git.1534267264.6b1e899/roles0707010000000F000041ED0000000000000000000000055B730F8000000000000000000000000000000000000000000000003900000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend07070100000010000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000004200000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/defaults07070100000011000081A40000000000000000000000015B730F800000039B000000000000000000000000000000000000004B00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/defaults/main.yml#
# (c) Copyright 2015,2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
frontend_server_cert_directory: "/etc/ssl/private/"
tls_temp_dir: "/tmp/ardana_tls/"
tls_req_dir: "/tmp/ardana_tls/"
tls_req_file: "ardana-internal-req"
tls_certs_dir: "/tmp/ardana_tls_certs/"
install_vip_certs_items: "{{ FND_CLU.has_proxy | default({}) | get_cert_files }}"
07070100000012000041ED0000000000000000000000035B730F8000000000000000000000000000000000000000000000003F00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/files07070100000013000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000004600000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/files/public07070100000014000081A40000000000000000000000015B730F800000113F000000000000000000000000000000000000005500000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/files/public/my-public-cert-----BEGIN CERTIFICATE-----
MIIHpTCCBY2gAwIBAgIFDLQjcF8wDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMC
REUxEDAOBgNVBAgMB0JhdmFyaWExEjAQBgNVBAcMCU51cmVtYmVyZzEiMCAGA1UE
CgwZTWljcm8gRm9jdXMgSW50ZXJuYXRpb25hbDENMAsGA1UECwwEU1VTRTEWMBQG
A1UEAwwNQ2xvdWQgVGVzdCBDQTAeFw0xODAyMTIwMTE4NDZaFw0xOTAyMTIwMTE4
NDZaMBUxEzARBgNVBAMMCmFyZGFuYS12aXAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDUHGV6BUpshf60t66MkOw1wFyx+q9lxwDm7JIQIskIVBr5Y6xj
bh+W/d7IbfzF0drR5j8oYivf72O+g9lyvId5mEQl3TF8AJF6pE9RIrjyNIb0ae1+
8rdFRM0LGwqNJSkuL4wS2D4xAkpU9e4uRiN5q8FpfYv5YUEIvUZvsw5dW9h+g9A+
S0sEtqmRL7Y649ynrVphu7X40/SzHK5zl/mDOe+diLt3XNpLSLPes+6bI3M/ieWo
QJf2n/sxizWOjHvcwTxy21AvSGdk4SI7+Y/KlpZc9PxgabsecgG2z3Fw25tXj3Mb
2eiuThcFtLcY0YhUzTVtv428wZoUgicbrA+nAgMBAAGjggORMIIDjTAJBgNVHRME
AjAAMB0GA1UdDgQWBBSg2qwiplV3SU/3RbQU9pERZleQPjALBgNVHQ8EBAMCBeAw
ggNSBgNVHREEggNJMIIDRYINbXlhcmRhbmEudGVzdIInYXJkYW5hLWNjcC12aXAt
cHVibGljLUtFWU1HUi1BUEktZXh0YXBpgiRhcmRhbmEtY2NwLXZpcC1wdWJsaWMt
TE9HLUFQSS1leHRhcGmCJGFyZGFuYS1jY3AtdmlwLXB1YmxpYy1OT1YtQVBJLWV4
dGFwaYIkYXJkYW5hLWNjcC12aXAtcHVibGljLUtFWS1BUEktZXh0YXBpgiRhcmRh
bmEtY2NwLXZpcC1wdWJsaWMtU1dGLVBSWC1leHRhcGmCJGFyZGFuYS1jY3Atdmlw
LXB1YmxpYy1ERVMtQVBJLWV4dGFwaYIkYXJkYW5hLWNjcC12aXAtcHVibGljLU5P
Vi1WTkMtZXh0YXBpgiRhcmRhbmEtY2NwLXZpcC1wdWJsaWMtRlJFLUFQSS1leHRh
cGmCJGFyZGFuYS1jY3AtdmlwLXB1YmxpYy1NQUctQVBJLWV4dGFwaYIkYXJkYW5h
LWNjcC12aXAtcHVibGljLU1PTi1BUEktZXh0YXBpgiRhcmRhbmEtY2NwLXZpcC1w
dWJsaWMtSEVBLUFDRi1leHRhcGmCJGFyZGFuYS1jY3AtdmlwLXB1YmxpYy1PUFMt
V0VCLWV4dGFwaYIkYXJkYW5hLWNjcC12aXAtcHVibGljLUhFQS1BUEktZXh0YXBp
giRhcmRhbmEtY2NwLXZpcC1wdWJsaWMtTkVVLVNWUi1leHRhcGmCJGFyZGFuYS1j
Y3AtdmlwLXB1YmxpYy1BUkQtU1ZDLWV4dGFwaYIkYXJkYW5hLWNjcC12aXAtcHVi
bGljLUhFQS1BQ1ctZXh0YXBpgiRhcmRhbmEtY2NwLXZpcC1wdWJsaWMtR0xBLUFQ
SS1leHRhcGmCJGFyZGFuYS1jY3AtdmlwLXB1YmxpYy1DTkQtQVBJLWV4dGFwaYIk
YXJkYW5hLWNjcC12aXAtcHVibGljLUNFSS1BUEktZXh0YXBpgiRhcmRhbmEtY2Nw
LXZpcC1wdWJsaWMtSFpOLVdFQi1leHRhcGmCJGFyZGFuYS1jY3AtdmlwLXB1Ymxp
Yy1OT1YtUExDLWV4dGFwaYINMTkyLjE2OC4xMTQuNIcEwKhyBDANBgkqhkiG9w0B
AQsFAAOCAgEAcBAWamX+wp8ln362mf838iLeBr+lPoFU5e7HPxrhLVGldBb+ihwq
g6qa50JnkkzzTCI8hikvJrQPuZ7FUZzN7quee217Fce7M+8HKE9jKuTYZ5xNwfTZ
8IAIpaCZGqRy/azPJgxhS19U+tpEx29XtGmnMiNaP4XPIwqCEfQNj0Nf9t3REJSm
sGuP3ukiEPkaITYMSvR2rMIfQcPpNF7/diZCa1/6ZKstR3gLfGH+VlnBELQgZMXm
y9wTV+bo+BVS6FedL5WwimQ1eeSB1tE/KQmC2X+ESnwDMsrmDjlxEart4tzXYP29
4SAuVg8ZvhC8Ehk2VOpWqIdDDx2H0FID+BJUq6nfe7P0NCLYZcF04goZj5WurYeA
9UMjS0KZMFAjM9/EKSuCEQuXM9vG7SQKcxUnA2xDKZ1on/gJTptc4vh+ymlp7EQl
CMcOabZ6qo1Iej+IoCYYheSIpJhBg2W7YJryRirDHe+yaWVut4AOJuW8uve/uoD/
twzHT5VE+R0JL/8UZG8e8o7GJJ7l9c1hPSVfg8VtE2qQ0WOCzjohc1Vt8oOI3l3h
bUxFmegat56w74M+FJO5co8s41VDAAZOJH7ClJJm9jwUh/8pODMhYqM7qAhlNU5N
Lgwiwy9I4J+1/cEvpbW59PDUPeR1kD9y/WAbQDupcQI26VFLU55WbRA=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUHGV6BUpshf60
t66MkOw1wFyx+q9lxwDm7JIQIskIVBr5Y6xjbh+W/d7IbfzF0drR5j8oYivf72O+
g9lyvId5mEQl3TF8AJF6pE9RIrjyNIb0ae1+8rdFRM0LGwqNJSkuL4wS2D4xAkpU
9e4uRiN5q8FpfYv5YUEIvUZvsw5dW9h+g9A+S0sEtqmRL7Y649ynrVphu7X40/Sz
HK5zl/mDOe+diLt3XNpLSLPes+6bI3M/ieWoQJf2n/sxizWOjHvcwTxy21AvSGdk
4SI7+Y/KlpZc9PxgabsecgG2z3Fw25tXj3Mb2eiuThcFtLcY0YhUzTVtv428wZoU
gicbrA+nAgMBAAECggEBALFdIVmcLPR8Q1S4N2PhFzOHK7vDpIEVm+J9NVH61GF7
eqbJOvBVuGKY3H56wiBkb3aO8ocBODDjy2MWe3DexuXddja3NFa9XujPlmeBAme9
lo+wN+CscqWgd1hu/y6xQTMWnSlw2ug+QwuyLb1R9v4Zqfxc9/vK4Ae/xbNHZZ6X
1LA+kdW9cxzFNT1zXjEC/bv4HbwCCJNfPDYa7o5tm7JY1B5m1V9l96Ia50qM6X0G
oiDE2YmVAFqtdcZab+D+lmbYoAXH7icXZ3xt5CqYZhFTZnrQYWPKFt8Wq20E3F7I
/RWYbPBiB1aP4VTpFNaS4boECHUroC7cFWZXevIJBnECgYEA+xHlnpKkPUkEWzSe
iWMdqdWMMHxtYDbZzEtkx76W2aPQ6qlrm/fOQntxkLDJyvWLbmHkqZJnBNOzAKvj
ogBnZUPCqB6imMM++QPaN0q2JAlMpUYioi4wPC7CkdEbqHMntucbYWpDHQRdQDw6
k4OFaQcyyxSAI6W9einHeKQCUy8CgYEA2EaoFBSC3oqL9UiJqkdfzmYd9d6GLe6G
ZYnubr4ahcfRJMw5eG6lEAIEwJO1jEOjPmglBoB37+dODJZjAMy54G9SAeVZgXUV
NIdRLn+mr6Mau6bF41D/czSXXz/rrVs8x8b3Wl0XkLiuzwAthhUQEJMVLvugeK+X
++94p2gOTQkCgYEA6XV+2rDo38PhtR18vavYjW/w57ULz4exhnIkyEfE5aOaRFo9
oc4PkWpP84cwXPVuLboBclycRrTDokAzbxSJEHStsL6r2vjSuaKHaxqhu2iaSKSq
17uzRoMEkaqr2TsbFsxXfYHd3kGMpIpcvYZyq3LyHDx32q3nPo1S2i9HqikCgYA8
ls7PkU94eOfst32ZrpUwhXsvPj/o7kHIgHPDoo5bnDcDUBNpodWsPmSGbtsViH1b
JmH5CFSRaQN8k0T5HGGWdplK3q3Mjrh6Fs6vcCOKYO9EUtxtamumIr2leYrU7hKB
BUSWlC3d5V9TroESZyQxAIOWvfee19KESfpLK+OVwQKBgCcU5nowEfMf8OALvuaM
E93+W1bHJUIx5Sy0faGgBYfiVY9qV5lJG0+8kF0C4JCy0XI8libr9rlSiIK5KAuY
80FgwYdQ8PdtmuwLGU/dXAmCvCLQzvKLVUfwRg7/I8eAKI4clyEnpivHkh8A8jeI
t3JBMfxPE2tG7ok5rJYeWY2q
-----END PRIVATE KEY-----
07070100000015000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000003F00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/tasks07070100000016000081A40000000000000000000000015B730F800000041F000000000000000000000000000000000000005300000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/tasks/bootstrap_certs.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- name: tls-frontend | bootstrap_certs | Create source cert directory
  file:
    path: "{{ tls_certs_dir }}"
    state: directory
    mode: 0755
  run_once: true
  delegate_to: localhost

- name: tls-frontend | bootstrap_certs | Bootstrap user supplied certs
  copy:
    src: "{{ item }}"
    dest: "{{ tls_certs_dir }}"
    mode: 0600
  with_fileglob:
    - public/*
  run_once: true
  delegate_to: localhost
07070100000017000081A40000000000000000000000015B730F80000002FB000000000000000000000000000000000000004B00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/tasks/cleanup.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- name: tls-frontend | cleanup | Delete temporary certs dir
  file:
    path: "{{ tls_certs_dir }}"
    state: absent

07070100000018000081A40000000000000000000000015B730F80000003CF000000000000000000000000000000000000004B00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-frontend/tasks/install.yml#
# (c) Copyright 2015,2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- name: tls-frontend | install | install vip certificates
  copy:
    src: "{{ tls_certs_dir }}/{{ item }}"
    dest: "{{ frontend_server_cert_directory }}/{{ item }}"
    owner: root
    group: root
    mode: 0440
  with_items: "{{ install_vip_certs_items }}"
  become: yes
  register: ardana_notify_haproxy_restart_required
07070100000019000041ED0000000000000000000000075B730F8000000000000000000000000000000000000000000000003600000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust0707010000001A000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000003F00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/defaults0707010000001B000081A40000000000000000000000015B730F80000007A1000000000000000000000000000000000000004800000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/defaults/main.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# The variable below will be referred to by horizon
external_cacert_filename: "/etc/ssl/certs/ardana_frontend_cacert.pem"

node_cert_directory: "/etc/ssl/private/"

tls_temp_dir: "/tmp/ardana_tls/"
tls_req_dir: "/tmp/ardana_tls/"
tls_req_file: "ardana-internal-req"
tls_certs_dir: "/tmp/ardana_tls_certs/"
tls_cacerts_dir: "/tmp/ardana_tls_cacerts/"

tls_certs:
    cert_name: ardana-node-cert

haproxy_conf_dir: "/etc/haproxy/ardana-conf.d"

ip_cluster_certs: "{{ cert_data.services.FND_CLU | default([]) }}"

_internal_ca_info: "{{ TLS_CA.vars.ardana_internal_ca }}"

ardana_internal_ca:
  private: "{{ _internal_ca_info.private }}"
  public: "{{ _internal_ca_info.public }}"
  days: 3650
  key: "ardana-internal-ca.key"
  cert: "ardana-internal-{{ inventory_hostname }}-ca.crt"
  subj: "/CN={{ inventory_hostname }}"
  conf: "ardana-openssl.cnf"

tls_expiry_check: "2592000" #30 days
tls_force_cert_regeneration: False

tls_java_ca:
  keystore: /usr/lib/jvm/default-java/jre/lib/security/cacerts
  storepass: changeit

tls_mysql:
  certs: "{{ cert_data.services.FND_MDB | default([]) }}"

tls_rmq:
  certs: "{{ cert_data.services.FND_RMQ | default([]) }}"

tls_facts_dir: /etc/ansible/facts.d
tls_int_ca_fact: ardana_int_ca_first_crt
tls_fact_file: "{{ tls_facts_dir}}/{{ tls_int_ca_fact }}.fact"
0707010000001C000041ED0000000000000000000000035B730F8000000000000000000000000000000000000000000000003C00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/files0707010000001D000081A40000000000000000000000015B730F8000000567000000000000000000000000000000000000004700000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/files/cacert.pem-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgIJAOTDLJ8fbnGVMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxIjAg
BgNVBAoMGU1pY3JvIEZvY3VzIEludGVybmF0aW9uYWwxDTALBgNVBAsMBFNVU0Ux
FjAUBgNVBAMMDUNsb3VkIFRlc3QgQ0EwHhcNMTgwMjEyMDEzMTE2WhcNMjgwMjEw
MDEzMTE2WjB+MQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTESMBAGA1UE
BwwJTnVyZW1iZXJnMSIwIAYDVQQKDBlNaWNybyBGb2N1cyBJbnRlcm5hdGlvbmFs
MQ0wCwYDVQQLDARTVVNFMRYwFAYDVQQDDA1DbG91ZCBUZXN0IENBMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eNNniTSlUuRhsQLDTFG3rULa+UmzZ5v
pngtlqd2SQ4bmxBplHrWugRVxpNsNwMUt5ygw+tAdyTha/pSd8ZC4yK/mwahWrCh
wgd9RJsmNycKMtsn3m/oqmE/czpz6JiVqNehhH4l650GdrxVJub2HxGghl+LNRiG
2bXQXaBqdXA0tdvKRCFrTBdp0luprTs3mowUcYwVYihKjwfTpXyIMKgcVk0t9nDC
DTzUoTdQAJuJ6sNK7Sp0vKWUFUk8CqybsMvMph+IGBUUYgwHVcUVJubUhxDsd+3a
Youpb0pssKxxlkJThqpXgRPjS5fxZI9JwTCK92O8sjz+VhTiPk6DGwIDAQABo1Aw
TjAdBgNVHQ4EFgQU+eRtmMLOyzuPjUOywXE6tyYXa7YwHwYDVR0jBBgwFoAU+eRt
mMLOyzuPjUOywXE6tyYXa7YwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AQEAfD//xGe1R+SFWZq7mQMHsEait/kHVHt8FO48r5x1c0OtMAtuk531oA3P8CaL
aSS0noacyOV2NQvpp80XZ67qMixCnYz+5DX/mbEFaOK6kSUT9aNZkklazVrEbJP8
vIYeMwmcviYN4MUZT3N9FSKeuQq/lQCZStvOAkQ9D6FpgG2v/lc/P5ZknYhtqrpS
2uD4cx9gPk402AuF16ER8drC1NAwrAaiaj29wGNIzxNu8q4/6Ys9IR/TM1Cr3oqe
mAuMYBSxCbxzpCdYtv1R+EM1XILIVBEPIkLCEb9EJ+7zDrobxne1av0HoJET4MsA
2/N6udjz7+WrNsfoKLlTzRFqAA==
-----END CERTIFICATE-----
0707010000001E000081A40000000000000000000000015B730F80000006A8000000000000000000000000000000000000004600000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/files/cakey.pem-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDV402eJNKVS5GG
xAsNMUbetQtr5SbNnm+meC2Wp3ZJDhubEGmUeta6BFXGk2w3AxS3nKDD60B3JOFr
+lJ3xkLjIr+bBqFasKHCB31EmyY3Jwoy2yfeb+iqYT9zOnPomJWo16GEfiXrnQZ2
vFUm5vYfEaCGX4s1GIbZtdBdoGp1cDS128pEIWtMF2nSW6mtOzeajBRxjBViKEqP
B9OlfIgwqBxWTS32cMINPNShN1AAm4nqw0rtKnS8pZQVSTwKrJuwy8ymH4gYFRRi
DAdVxRUm5tSHEOx37dpii6lvSmywrHGWQlOGqleBE+NLl/Fkj0nBMIr3Y7yyPP5W
FOI+ToMbAgMBAAECggEABznEl4Ea9Bw3cFwTG4D8qe1n019MbknZ77/DmoFRx6oI
WLa3OmLj+ijHVQwJ7dnWy1UpQTUjWmMOkn1EZ/N0swOrgWs57DxnWoyyOK0dH2Pc
PleVAzi4nXjnkdb5r3PoKmoOdNFmKo2FeGFoZwYKboZD7AYyR7rqY1R3E5Klxg3S
hSSFjTbBQJQiPFzMeEneMOBaFFCeiWOMEkPRV+UzzOj6gjuyyY9Mt3Yosnf/S73s
PmjfUuDJX5HzdbXM+RESJY7UwqXafdrazQIQRQVmNTcp284cQ01OIcFAdBLBUgZN
8WjMv/RSkbU85zQGkd1oo6EI+pZ+hpNK420KO1wV0QKBgQD2d1j4QIpGnpgpqWRF
gbZFCAacWxtllMftA90opw7BnJWLNshYv5mvc0V9PL8/iiBasLygJYCaQaeS5N4I
AbWlFvvB08RvvYApVBwFW/+mEf/z/+9Qq6MbK63LzFITXzmLv6CRPvQWS1rNb+Y/
7b3ENdv5fOYTL4gPilha968pnwKBgQDeKVimzL9T7lHUkZsGJ4yGBwLuLqQohEo6
LuiS+fjLpy06fk9LeLzop/i150eHIItfwHzenCy3DpyG5OI4j1G02f0ZrqvnIU5P
NDncnjt2pFphdN2cj0pZkg169+60ziOUs2UmygQgmWqeerDLYJ7RgeLzkxCcqvdd
e/YmkJZtBQKBgQCgWXmK2gKce2YoBMr15bQ+KUCTzTp/1lJUQ6VJY5bYJBWvIw8p
nk5QtcBKAJG0txrhpgaycnO+6GQrz7cconAZXmCg9DPjNvkA6nXojrg+xYsuph5+
74wIi1xhMSdc7yEzaJMArGKFdrU230x/3x8NXrUlFjth1BTDd5CQboCJpQKBgGkK
raL4TkKV/VT/n4fybSv15rnNjcqmeh42jbrovG02V1k/3ag2p0NuIFeJyjUm+x9D
+QacWzwWiYXydM//W8eiBlz9TMRU6Bzk+bLJkh4PqbhItHvQ+HuPZhZNYi1VBlfJ
1rrXa8oqH9Jc+ni+73jp6+/1Cja5U4p9ES680JMtAoGAeEq5FdS4t3s9UVnLnwtM
A2nhEvT1fLTEFStBSArVDMTiCU+bI6E7dmVq2Z2ajZ6xajNQg79aSeKBmVIIYkpe
FUm6qfZeVLcaN6FKIIv5XvCyy3Ngy5qDQOZYp3S+d67O1CqsqqActwbdSKtJt1Yd
vObzdWseu+dvY6VQexeg4T8=
-----END PRIVATE KEY-----
0707010000001F000081A40000000000000000000000015B730F8000000C76000000000000000000000000000000000000004800000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/files/openssl.cnf# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

#
# OpenSSL configuration file.
#

# Establish working directory.

dir     = .

[ ca ]
default_ca    = CA_default

[ CA_default ]
serial      = $dir/serial
database    = $dir/index.txt
new_certs_dir   = $dir/
certificate   = $dir/cacert.pem
private_key   = $dir/cakey.pem
unique_subject    = no
default_crl_days  = 365
default_days    = 365
default_md    = md5
preserve    = no
email_in_dn   = no
nameopt     = default_ca
certopt     = default_ca
policy      = policy_match
copy_extensions         = copy

# NOTE(dprince): stateOrProvinceName must be 'supplied' or 'optional' to
# work around a stateOrProvince printable string UTF8 mismatch on
# RHEL 6 and Fedora 14 (using openssl-1.0.0-4.el6.x86_64 or
# openssl-1.0.0d-1.fc14.x86_64)
[ policy_match ]
countryName   = optional
stateOrProvinceName = optional
organizationName  = optional
organizationalUnitName  = optional
commonName    = supplied
emailAddress    = optional

[ req ]
default_bits    = 1024      # Size of keys
default_keyfile   = key.pem   # name of generated keys
default_md    = md5     # message digest algorithm
string_mask   = nombstr   # permitted characters
distinguished_name  = req_distinguished_name
req_extensions          = v3_req
x509_extensions         = v3_ca

[ req_distinguished_name ]
# Variable name     Prompt string
#----------------------   ----------------------------------
0.organizationName  = Organization Name (company)
organizationalUnitName  = Organizational Unit Name (department, division)
emailAddress    = Email Address
emailAddress_max  = 40
localityName    = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName   = Country Name (2 letter code)
countryName_min   = 2
countryName_max   = 2
commonName    = Common Name (hostname, IP, or your name)
commonName_max    = 64

# Default values for the above, for consistency and less typing.
# Variable name       Value
#------------------------------   ------------------------------
0.organizationName_default  = Micro Focus International
organizationalUnitName_default  = SUSE
localityName_default    = Nuremberg
stateOrProvinceName_default = Bavaria
countryName_default   = DE
commonName_default    = Cloud Test CA

[ v3_ca ]
basicConstraints  = CA:TRUE
subjectKeyIdentifier  = hash
authorityKeyIdentifier  = keyid:always,issuer:always
subjectAltName          = @alt_names

[ v3_req ]
basicConstraints  = CA:FALSE
subjectKeyIdentifier  = hash

[ alt_names ]

07070100000020000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000004300000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/files/public07070100000021000081A40000000000000000000000015B730F8000000567000000000000000000000000000000000000005E00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/files/public/ardana-internal-cacert.crt-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgIJAOTDLJ8fbnGVMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxIjAg
BgNVBAoMGU1pY3JvIEZvY3VzIEludGVybmF0aW9uYWwxDTALBgNVBAsMBFNVU0Ux
FjAUBgNVBAMMDUNsb3VkIFRlc3QgQ0EwHhcNMTgwMjEyMDEzMTE2WhcNMjgwMjEw
MDEzMTE2WjB+MQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTESMBAGA1UE
BwwJTnVyZW1iZXJnMSIwIAYDVQQKDBlNaWNybyBGb2N1cyBJbnRlcm5hdGlvbmFs
MQ0wCwYDVQQLDARTVVNFMRYwFAYDVQQDDA1DbG91ZCBUZXN0IENBMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eNNniTSlUuRhsQLDTFG3rULa+UmzZ5v
pngtlqd2SQ4bmxBplHrWugRVxpNsNwMUt5ygw+tAdyTha/pSd8ZC4yK/mwahWrCh
wgd9RJsmNycKMtsn3m/oqmE/czpz6JiVqNehhH4l650GdrxVJub2HxGghl+LNRiG
2bXQXaBqdXA0tdvKRCFrTBdp0luprTs3mowUcYwVYihKjwfTpXyIMKgcVk0t9nDC
DTzUoTdQAJuJ6sNK7Sp0vKWUFUk8CqybsMvMph+IGBUUYgwHVcUVJubUhxDsd+3a
Youpb0pssKxxlkJThqpXgRPjS5fxZI9JwTCK92O8sjz+VhTiPk6DGwIDAQABo1Aw
TjAdBgNVHQ4EFgQU+eRtmMLOyzuPjUOywXE6tyYXa7YwHwYDVR0jBBgwFoAU+eRt
mMLOyzuPjUOywXE6tyYXa7YwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AQEAfD//xGe1R+SFWZq7mQMHsEait/kHVHt8FO48r5x1c0OtMAtuk531oA3P8CaL
aSS0noacyOV2NQvpp80XZ67qMixCnYz+5DX/mbEFaOK6kSUT9aNZkklazVrEbJP8
vIYeMwmcviYN4MUZT3N9FSKeuQq/lQCZStvOAkQ9D6FpgG2v/lc/P5ZknYhtqrpS
2uD4cx9gPk402AuF16ER8drC1NAwrAaiaj29wGNIzxNu8q4/6Ys9IR/TM1Cr3oqe
mAuMYBSxCbxzpCdYtv1R+EM1XILIVBEPIkLCEb9EJ+7zDrobxne1av0HoJET4MsA
2/N6udjz7+WrNsfoKLlTzRFqAA==
-----END CERTIFICATE-----
07070100000022000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000003C00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks07070100000023000081A40000000000000000000000015B730F8000000D57000000000000000000000000000000000000004A00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/bootstrap.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# Clean directories (TODO: secure delete)
- name: tls-trust | bootstrap | Clean working directory
  file:
    path: "{{ item }}"
    state: absent
  with_items:
    - "{{ tls_temp_dir }}"

# Create directories
- name: tls-trust | bootstrap | Create working directory
  file:
    path: "{{ item }}"
    state: directory
    mode: 0755
  with_items:
    - "{{ tls_temp_dir }}"

# Create directories on deployer
- name: tls-trust | bootstrap | Create cert source directory
  file:
    path: "{{ item }}"
    state: directory
    mode: 0755
  with_items:
    - "{{ tls_certs_dir }}"
    - "{{ tls_cacerts_dir }}"
  run_once: true
  delegate_to: localhost

- name: tls-trust | bootstrap | Get CA private key from CP
  template:
    src: "{{ ardana_internal_ca.key }}"
    dest: "{{ tls_temp_dir }}"
    mode: 0600

- name: tls-trust | bootstrap | Check modulus of the CA key
  command: >
    /usr/bin/openssl rsa -in {{ ardana_internal_ca.key }} -noout -modulus
  args:
    chdir: "{{ tls_temp_dir }}"
  register: _tls_ca_modulus_result

- name: tls-trust | bootstrap | Check for existing internal CA on deployer
  stat:
    path: "{{ tls_cacerts_dir }}/{{ ardana_internal_ca.cert }}"
  register: _tls_deployer_cacert_stat_result
  delegate_to: localhost

- name: tls-trust | bootstrap | Check modulus of the CA cert on deployer
  command: >
    /usr/bin/openssl x509 -in {{ ardana_internal_ca.cert }} -noout -modulus
  args:
    chdir: "{{ tls_cacerts_dir }}"
  register: _tls_cacert_modulus_result
  delegate_to: localhost
  when: _tls_deployer_cacert_stat_result.stat.exists

- name: tls-trust | bootstrap | Create Internal CA cert if modules differ
  ardana_ca:
    chdir: "{{ tls_temp_dir }}"
    cakey: "{{ ardana_internal_ca.key }}"
    cacert: "{{ ardana_internal_ca.cert }}"
    conf: "{{ ardana_internal_ca.conf }}"
    ca_days: "{{ ardana_internal_ca.days }}"
    subj: "{{ ardana_internal_ca.subj }}"
    combined: False
    generate_ca: True
  register: _tls_cacert_result
  when: >
        not _tls_deployer_cacert_stat_result.stat.exists or
        _tls_cacert_modulus_result.stdout != _tls_ca_modulus_result.stdout

- name: tls-trust | bootstrap | Fetch new Internal CA to deployer
  fetch:
    src: "{{ tls_temp_dir }}/{{ ardana_internal_ca.cert }}"
    dest: "{{ tls_cacerts_dir }}"
    flat: yes
    validate_checksum: no
  when: _tls_cacert_result.changed

- name: tls-trust | bootstrap | Copy user CA
  copy:
    src: "{{ item }}"
    dest: "{{ tls_cacerts_dir }}"
    mode: 0644
  with_fileglob:
    - "public/*.crt"
  run_once: true
  delegate_to: localhost

- name: tls-trust | bootstrap | Copy openssl config
  template:
    src: "{{ item }}"
    dest: "{{ tls_temp_dir }}/{{ item }}"
    mode: 0644
  with_items:
    - "{{ ardana_internal_ca.conf }}"
07070100000024000081A40000000000000000000000015B730F8000000415000000000000000000000000000000000000004900000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/cert_csr.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- name: tls-trust | cert_csr | search for the req file fetched from server
  shell: find {{ tls_req_dir }} -name {{ tls_req_file }}
  register: req_file_result

- name: tls-trust | cert_csr | create the csr
  command:  /usr/bin/openssl req -newkey rsa:2048 -nodes -keyout key.pem -out
            csr.pem -extensions v3_req -config {{ req_file_result.stdout }}
  args:
    chdir: "{{ tls_temp_dir }}"
07070100000025000081A40000000000000000000000015B730F8000000FC7000000000000000000000000000000000000004C00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/cert_deploy.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
# First check if cert directories exist on the deployer
# and fail if not
- name: tls-trust | cert_deploy | Check cert source directory
  stat:
    path: "{{ tls_certs_dir }}"
  delegate_to: localhost
  register: _tls_certs_dir_result

- name: tls-trust | cert_deploy | Fail if certs not available
  fail:
    msg: "TLS certs missing on deployer. Run with TLS-CA in the hosts list"
  when: not _tls_certs_dir_result.stat.exists | bool

- name: tls-trust | cert_deploy | Check CA source directory
  stat:
    path: "{{ tls_cacerts_dir }}"
  delegate_to: localhost
  register: _tls_cacerts_dir_result

- name: tls-trust | cert_deploy | Fail if certs not available
  fail:
    msg: "TLS CA certs missing on deployer. Run with TLS-CA in the hosts list"
  when: not _tls_cacerts_dir_result.stat.exists | bool

- name: tls-trust | cert_deploy | install vip cert requests
  copy:
    src: "{{ tls_certs_dir }}/{{ item }}.req"
    dest: "{{ frontend_server_cert_directory }}/{{ item }}.req"
    owner: root
    group: root
    mode: 0440
  with_items:
    - "{{ install_vip_certs_items }}"
    - "ardana-node-cert"
  become: yes
  register: cert_request_copy_result

- name: tls-trust | cert_deploy | install vip certificates
  copy:
    src: "{{ tls_certs_dir }}/{{ item }}"
    dest: "{{ frontend_server_cert_directory }}/{{ item }}"
    owner: root
    group: root
    mode: 0440
  with_items:
    - "{{ install_vip_certs_items }}"
    - "ardana-node-cert"
  become: yes
  register: ardana_notify_haproxy_restart_required

# Find out if there are certs about to expire
- name: tls-trust | cert_deploy | check expiry
  command: "openssl x509 -in {{ item }} -checkend {{ tls_expiry_check }}"
  args:
    chdir: "{{ frontend_server_cert_directory }}"
  with_items:
    - "{{ install_vip_certs_items }}"
    - "ardana-node-cert"
  register: _expiry_checks_result
  become: yes
  ignore_errors: yes

- name: tls-trust | cert_deploy | replace expiring certificates
  copy:
    src: "{{ tls_certs_dir }}/{{ item.item }}"
    dest: "{{ frontend_server_cert_directory }}/{{ item.item }}"
    owner: root
    group: root
    mode: 0440
  with_items:
    - "{{ _expiry_checks_result.results }}"
  when: item.rc == 1
  become: yes
  register: ardana_notify_haproxy_restart_required

# Finally, if we are told to regenerate all certs
- name: tls-trust | cert_deploy | install vip cert requests
  file:
    path: "{{ frontend_server_cert_directory }}/{{ item }}.req"
    state: absent
  with_items:
    - "{{ install_vip_certs_items }}"
    - "ardana-node-cert"
  become: yes
  when: tls_force_cert_regeneration

- name: tls-trust | cert_deploy | install vip certificates
  copy:
    src: "{{ tls_certs_dir }}/{{ item.item }}"
    dest: "{{ frontend_server_cert_directory }}/{{ item.item }}"
    owner: root
    group: root
    mode: 0440
  with_items:
    - "{{ _cert_request_copy_result.results }}"
  when: item.changed and tls_force_cert_regeneration
  become: yes
  register: ardana_notify_haproxy_restart_required
07070100000026000081A40000000000000000000000015B730F800000037D000000000000000000000000000000000000004A00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/cert_sign.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- name: tls-trust | cert_sign | Sign the server certificate
  command:  /usr/bin/openssl ca -batch -notext -md sha256 -in
            csr.pem -out cert.pem -config openssl.cnf -extensions
            v3_req
  args:
    chdir: "{{ tls_temp_dir }}"

07070100000027000081A40000000000000000000000015B730F800000032A000000000000000000000000000000000000004800000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/cleanup.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- name: tls-trust | cleanup | Delete certs working dir
  file:
    path: "{{ item }}"
    state: absent
  with_items:
    - "{{ tls_temp_dir }}"
  ignore_errors: yes
07070100000028000081A40000000000000000000000015B730F800000041D000000000000000000000000000000000000005B00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/config_service_termination.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- name: tls-trust | config_service_termination | Make sure conf.d exists
  become: yes
  file:
    path: "{{ haproxy_conf_dir }}"
    state: directory
    mode: 0755

- name: tls-trust | config_service_termination | Add config snippet
  become: yes
  template:
    src: tls-terminator
    dest: "{{ haproxy_conf_dir }}/20-TLS-terminator.cfg"
    mode: 0644
  register: ardana_notify_haproxy_restart_required

07070100000029000081A40000000000000000000000015B730F8000000C1B000000000000000000000000000000000000004D00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/create_certs.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: tls-trust | create_certs | Create vip cert requests
  template:
    src: "ardana-vip-temp.req"
    dest: "{{ tls_temp_dir }}/{{ item.cert_name }}.req"
    mode: 0644
  with_items:
    - "{{ ip_cluster_certs }}"

- name: tls-trust | create_certs | Create node cert requests
  template:
    src: "{{ item.cert_name }}.req"
    dest: "{{ tls_temp_dir }}/{{ item.cert_name }}.req"
    mode: 0644
  with_items:
    - "{{ tls_certs }}"

- name: tls-trust | create_certs | Create mysql cert requests
  template:
    src: "mysql-admin.req"
    dest: "{{ tls_temp_dir }}/{{ item.cert_name }}.req"
    mode: 0644
  with_items:
    - "{{ tls_mysql.certs }}"

- name: tls-trust | create_certs | Create mysql cert requests
  template:
    src: "rmq-internal.req"
    dest: "{{ tls_temp_dir }}/{{ item.cert_name }}.req"
    mode: 0644
  with_items:
    - "{{ tls_rmq.certs }}"

- name: tls-trust | create_certs | create vip certs
  ardana_ca:
    req: "{{ item.cert_name }}.req"
    cert: "{{ item.cert_name }}"
    chdir: "{{ tls_temp_dir }}"
    cakey: "{{ ardana_internal_ca.key }}"
    cacert: "{{ ardana_internal_ca.cert }}"
    conf: "{{ ardana_internal_ca.conf }}"
    subj: "{{ ardana_internal_ca.subj }}"
    combined: True
  with_items:
    - "{{ ip_cluster_certs }}"
    - "{{ tls_certs }}"
    - "{{ tls_mysql.certs }}"
    - "{{ tls_rmq.certs }}"

- name: tls-trust | create_certs | Create ansible facts directory on deployer
  file:
    path: "{{ tls_facts_dir }}"
    owner: root
    group: root
    mode: 0755
    state: directory
  delegate_to: localhost
  become: yes

- name: tls-trust | create_certs | Create internal certificate fact on deployer
  copy:
    content: "{{ ardana_internal_ca.cert | to_json }}"
    dest: "{{ tls_fact_file }}"
    mode: 0644
  delegate_to: localhost
  become: yes

- name: tls-trust | create_certs | fetch certs to deployer
  fetch:
    src: "{{ tls_temp_dir }}/{{ item.cert_name }}"
    dest: "{{ tls_certs_dir }}"
    flat: yes
    validate_checksum: no
  with_items:
    - "{{ ip_cluster_certs }}"
    - "{{ tls_certs }}"
    - "{{ tls_mysql.certs }}"
    - "{{ tls_rmq.certs }}"

- name: tls-trust | create_certs | fetch reqs to deployer
  fetch:
    src: "{{ tls_temp_dir }}/{{ item.cert_name }}.req"
    dest: "{{ tls_certs_dir }}"
    flat: yes
    validate_checksum: no
  with_items:
    - "{{ ip_cluster_certs }}"
    - "{{ tls_certs }}"
    - "{{ tls_mysql.certs }}"
    - "{{ tls_rmq.certs }}"
0707010000002A000081A40000000000000000000000015B730F8000000A11000000000000000000000000000000000000004800000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/install.yml#
# (c) Copyright 2015-2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: tls-trust | install | Set os-specific variables
  include_vars: "{{ ansible_os_family | lower }}.yml"

- name: tls-trust | install | Install ca-certificates
  become: yes
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - ca-certificates

- name: tls-trust | install | Create local cert directory
  become: yes
  file:
    path: "{{ local_cert_directory }}"
    state: directory
    mode: 0755

- name: tls-trust | install | Install ca certificates
  become: yes
  copy:
    src: "{{ item }}"
    dest: "{{ local_cert_directory }}/{{ item | basename }}"
    owner: root
    group: root
    mode: 0644
  with_fileglob:
    - "{{ tls_cacerts_dir }}/*.crt"
  register: _tls_cacerts_copy_result

- name: tls-trust | install | Update cacert store on RedHat
  become: yes
  shell: |
    set -eu
    update-ca-trust force-enable
    update-ca-trust extract
  when: _tls_cacerts_copy_result.changed and ansible_os_family == "RedHat"
  register: ardana_notify_certs_updated

- name: tls-trust | install | Update cacert store
  become: yes
  shell: /usr/sbin/update-ca-certificates --fresh
  when: _tls_cacerts_copy_result.changed and ansible_os_family != "RedHat"
  register: ardana_notify_certs_updated

- name: tls-trust | install | Make RedHat compatible with the certifi package
  become: yes
  file:
    src: /etc/ssl/certs/ca-bundle.trust.crt
    dest: /etc/ssl/ca-bundle.pem
    state: link
  when: ansible_os_family == "RedHat"

- name: tls-trust | install | Create ansible facts directory
  file:
    path: "{{ tls_facts_dir }}"
    owner: root
    group: root
    mode: 0755
    state: directory
  become: yes

- name: tls-trust | install | Copy internal cert fact from deployer to nodes
  copy:
    src: "{{ tls_fact_file }}"
    dest: "{{ tls_fact_file }}"
    mode: 0644
  become: yes

- name: tls-trust | install | Reread local facts to pick up internal cert
  setup: filter=ansible_local
0707010000002B000081A40000000000000000000000015B730F8000000695000000000000000000000000000000000000004D00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/install_java.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

# Re-import into java keystore since update-ca-certificates doesn't
# detect modulus change. Note that we don't care if there's no java
# since a service that installs it later will get the java hook
# of update-ca-certificates triggered. We handle the updating of
# CA here.

- name: tls-trust | install_java | Remove CA from Java keystore
  become: yes
  command: >
    keytool -keystore {{ tls_java_ca.keystore }} -storepass
    {{ tls_java_ca.storepass }} -delete -alias
    debian:{{ item | basename | regex_replace('^(.*).crt$', '\\1.pem') }}
  ignore_errors: yes
  with_fileglob:
    - "{{ tls_cacerts_dir }}/*.crt"

- name: tls-trust | install_java | Import CA to Java keystore
  become: yes
  command: >
    keytool -keystore {{ tls_java_ca.keystore }} -storepass
    {{ tls_java_ca.storepass }} -alias
    debian:{{ item | basename | regex_replace('^(.*).crt$', '\\1.pem') }} -file
    {{ local_cert_directory }}/{{ item | basename }} -importcert -noprompt
  ignore_errors: yes
  with_fileglob:
    - "{{ tls_cacerts_dir }}/*.crt"
0707010000002C000081A40000000000000000000000015B730F8000000447000000000000000000000000000000000000004C00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/tasks/win_install.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- name: tls-trust | win_install | Delete old cert file on Windows
  win_file:
    path: "{{ win_certs_path }}"
    state: absent

- name: tls-trust | win_install | Create new cert file on Windows
  raw: powershell New-Item '{{ win_certs_path }}' -t file

- name: tls-trust | win_install | Install ca certificate on windows
  win_lineinfile:
    dest: "{{ win_certs_path }}"
    line: "{{ lookup('file', item ) }}"
  with_fileglob:
    - "public/*.crt"
0707010000002D000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000004000000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates0707010000002E000081A40000000000000000000000015B730F8000000021000000000000000000000000000000000000005700000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates/ardana-internal-ca.key{{ ardana_internal_ca.private }}
0707010000002F000081A40000000000000000000000015B730F800000036D000000000000000000000000000000000000005500000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates/ardana-node-cert.req#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[ req_distinguished_name ]
CN = "ardana-node"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

07070100000030000081A40000000000000000000000015B730F8000000CA1000000000000000000000000000000000000005300000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates/ardana-openssl.cnf# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

#
# OpenSSL configuration file.
#

# Establish working directory.

dir     = .

[ ca ]
default_ca    = CA_default

[ CA_default ]
serial      = $dir/serial
database    = $dir/index.txt
new_certs_dir   = $dir/
certificate   = $dir/{{ ardana_internal_ca.cert }}
private_key   = $dir/{{ ardana_internal_ca.key }}
unique_subject    = no
default_crl_days  = 366
default_days    = 365
default_md    = sha256
preserve    = no
email_in_dn   = no
nameopt     = default_ca
certopt     = default_ca
policy      = policy_match
copy_extensions         = copy

[ req ]
default_bits    = 2048     # Size of keys
default_keyfile   = key.pem   # name of generated keys
default_md    = sha256     # message digest algorithm
string_mask   = nombstr   # permitted characters
distinguished_name  = req_distinguished_name
req_extensions          = v3_req
x509_extensions         = v3_ca

[ v3_ca ]
basicConstraints  = CA:TRUE
subjectKeyIdentifier  = hash
authorityKeyIdentifier  = keyid:always,issuer:always
subjectAltName          = @alt_names

[ v3_req ]
basicConstraints  = CA:FALSE
subjectKeyIdentifier  = hash

[ alt_names ]

07070100000031000081A40000000000000000000000015B730F80000004FB000000000000000000000000000000000000004F00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates/ardana-vip-req#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[ req_distinguished_name ]
CN = "ardana-vip"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

{% if item.names or item.ips %}

subjectAltName = @alt_names

[ alt_names ]
{% set service = item %}

{% for name in service.names %}
DNS.{{ loop.index }} = "{{ name }}"
{% endfor %}

{% set offset = service.names | length %}

{% for ip in service.ips %}
DNS.{{ loop.index + offset }} = "{{ ip }}"
{% endfor %}

{% for ip in service.ips %}
IP.{{ loop.index }} = "{{ ip }}"
{% endfor %}

{% endif %}
07070100000032000081A40000000000000000000000015B730F800000062A000000000000000000000000000000000000005400000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates/ardana-vip-temp.req#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[ req_distinguished_name ]
CN = "ardana-vip"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

{% if item.names or item.ips %}

subjectAltName = @alt_names

[ alt_names ]
{% set dns_offset = 0 %}
{% set ip_offset = 0 %}

{% for server in cert_data.services.FND_CLU %}

{% if server.cert_name == item.cert_name %}

{% for name in server.names %}
DNS.{{ loop.index + dns_offset }} = "{{ name }}"
{% endfor %}

{% set dns_offset = dns_offset + (server.names | length) %}

{% for ip in server.ips %}
DNS.{{ loop.index + dns_offset }} = "{{ ip }}"
{% endfor %}

{% set dns_offset = dns_offset + (server.ips | length) %}

{% for ip in server.ips %}
IP.{{ loop.index + ip_offset }} = "{{ ip }}"
{% endfor %}

{% set ip_offset = ip_offset + (server.ips | length) %}

{% endif %}
{% endfor %}

{% endif %}
07070100000033000081A40000000000000000000000015B730F800000062C000000000000000000000000000000000000005000000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates/mysql-admin.req#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[ req_distinguished_name ]
CN = "ardana-mysql"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

{% if item.names or item.ips %}

subjectAltName = @alt_names

[ alt_names ]
{% set dns_offset = 0 %}
{% set ip_offset = 0 %}

{% for server in cert_data.services.FND_MDB %}

{% if server.cert_name == item.cert_name %}

{% for name in server.names %}
DNS.{{ loop.index + dns_offset }} = "{{ name }}"
{% endfor %}

{% set dns_offset = dns_offset + (server.names | length) %}

{% for ip in server.ips %}
DNS.{{ loop.index + dns_offset }} = "{{ ip }}"
{% endfor %}

{% set dns_offset = dns_offset + (server.ips | length) %}

{% for ip in server.ips %}
IP.{{ loop.index + ip_offset }} = "{{ ip }}"
{% endfor %}

{% set ip_offset = ip_offset + (server.ips | length) %}

{% endif %}
{% endfor %}

{% endif %}
07070100000034000081A40000000000000000000000015B730F800000062F000000000000000000000000000000000000005100000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates/rmq-internal.req#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[ req_distinguished_name ]
CN = "ardana-rabbitmq"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

{% if item.names or item.ips %}

subjectAltName = @alt_names

[ alt_names ]
{% set dns_offset = 0 %}
{% set ip_offset = 0 %}

{% for server in cert_data.services.FND_RMQ %}

{% if server.cert_name == item.cert_name %}

{% for name in server.names %}
DNS.{{ loop.index + dns_offset }} = "{{ name }}"
{% endfor %}

{% set dns_offset = dns_offset + (server.names | length) %}

{% for ip in server.ips %}
DNS.{{ loop.index + dns_offset }} = "{{ ip }}"
{% endfor %}

{% set dns_offset = dns_offset + (server.ips | length) %}

{% for ip in server.ips %}
IP.{{ loop.index + ip_offset }} = "{{ ip }}"
{% endfor %}

{% set ip_offset = ip_offset + (server.ips | length) %}

{% endif %}
{% endfor %}

{% endif %}
07070100000035000081A40000000000000000000000015B730F800000015D000000000000000000000000000000000000004F00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/templates/tls-terminator{% for service in host.tls_in %}
{% if loop.first %}
listen {{ service.name }}
    mode http
    bind {{ service.accept.ip_address }}:{{ service.accept.port }} ssl crt /etc/ssl/private/ardana-node-cert
    server {{ service.name }} {{ service.connect.ip_address }}:{{ service.connect.port }} check inter 2000 rise 2 fall 5
{% endif %}
{% endfor %}

07070100000036000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000003B00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/vars07070100000037000081A40000000000000000000000015B730F80000002BC000000000000000000000000000000000000004600000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/vars/debian.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
local_cert_directory: "/usr/local/share/ca-certificates"
07070100000038000081A40000000000000000000000015B730F80000002BC000000000000000000000000000000000000004600000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/vars/redhat.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
local_cert_directory: "/etc/pki/ca-trust/source/anchors"
07070100000039000081A40000000000000000000000015B730F80000002B2000000000000000000000000000000000000004400000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-trust/vars/suse.yml#
# (c) Copyright 2017 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

local_cert_directory: /etc/pki/trust/anchors
0707010000003A000041ED0000000000000000000000035B730F8000000000000000000000000000000000000000000000003500000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-vars0707010000003B000041ED0000000000000000000000025B730F8000000000000000000000000000000000000000000000003E00000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-vars/defaults0707010000003C000081A40000000000000000000000015B730F80000002B9000000000000000000000000000000000000004700000000ardana-tls-8.0+git.1534267264.6b1e899/roles/tls-vars/defaults/main.yml#
# (c) Copyright 2015-2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017-2018 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
trusted_ca_bundle: "/etc/ssl/ca-bundle.pem"
0707010000003D000081A40000000000000000000000015B730F80000002D0000000000000000000000000000000000000003500000000ardana-tls-8.0+git.1534267264.6b1e899/tls-deploy.yml#
# (c) Copyright 2015,2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- include: _tls-deploy-certs.yml
- include: _tls-terminator-config.yml
0707010000003E000081A40000000000000000000000015B730F800000029E000000000000000000000000000000000000003A00000000ardana-tls-8.0+git.1534267264.6b1e899/tls-pre-upgrade.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---
- include: tls-upgrade.yml
0707010000003F000081A40000000000000000000000015B730F80000002CB000000000000000000000000000000000000003A00000000ardana-tls-8.0+git.1534267264.6b1e899/tls-reconfigure.yml#
# (c) Copyright 2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- include: _tls-deploy-certs.yml
- include: _tls-terminator-config.yml
07070100000040000081A40000000000000000000000015B730F800000032A000000000000000000000000000000000000003B00000000ardana-tls-8.0+git.1534267264.6b1e899/tls-trust-deploy.yml#
# (c) Copyright 2015,2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#

# Installs CA certs on the local host
---
- hosts: localhost
  connection: local
  roles:
    - tls-trust
  tasks:
    - include: roles/tls-trust/tasks/install.yml

07070100000041000081A40000000000000000000000015B730F80000002D0000000000000000000000000000000000000003600000000ardana-tls-8.0+git.1534267264.6b1e899/tls-upgrade.yml#
# (c) Copyright 2015,2016 Hewlett Packard Enterprise Development LP
# (c) Copyright 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
---

- include: _tls-deploy-certs.yml
- include: _tls-terminator-config.yml
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!175 blocks

Places

File ardana-tls-8.0+git.1534267264.6b1e899.obscpio of Package ardana-tls

Places