diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-09-26 21:02:41 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-26 21:02:41 -0700 |
commit | e470434850316b7c12758957aaaf3e917e60ac74 (patch) | |
tree | 5b8e907c128e504b6ad151ec9a73845989f7f554 /roles/etcd/tasks/certificates/deploy_ca.yml | |
parent | 944e91554d0de4dccbf82cb799a016c320e97245 (diff) | |
parent | 18306e3401818cfd9723b6813987308f584c6ea3 (diff) | |
download | openshift-e470434850316b7c12758957aaaf3e917e60ac74.tar.gz openshift-e470434850316b7c12758957aaaf3e917e60ac74.tar.bz2 openshift-e470434850316b7c12758957aaaf3e917e60ac74.tar.xz openshift-e470434850316b7c12758957aaaf3e917e60ac74.zip |
Merge pull request #5470 from ingvagabund/consolidate-etcd-common-role
Automatic merge from submit-queue
Consolidate etcd common role
The last PR toward a single etcd role
Diffstat (limited to 'roles/etcd/tasks/certificates/deploy_ca.yml')
-rw-r--r-- | roles/etcd/tasks/certificates/deploy_ca.yml | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/roles/etcd/tasks/certificates/deploy_ca.yml b/roles/etcd/tasks/certificates/deploy_ca.yml new file mode 100644 index 000000000..3d32290a2 --- /dev/null +++ b/roles/etcd/tasks/certificates/deploy_ca.yml @@ -0,0 +1,78 @@ +--- +- name: Install openssl + package: + name: openssl + state: present + when: not etcd_is_atomic | bool + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- file: + path: "{{ item }}" + state: directory + mode: 0700 + owner: root + group: root + with_items: + - "{{ etcd_ca_new_certs_dir }}" + - "{{ etcd_ca_crl_dir }}" + - "{{ etcd_ca_dir }}/fragments" + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- command: cp /etc/pki/tls/openssl.cnf ./ + args: + chdir: "{{ etcd_ca_dir }}/fragments" + creates: "{{ etcd_ca_dir }}/fragments/openssl.cnf" + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- template: + dest: "{{ etcd_ca_dir }}/fragments/openssl_append.cnf" + src: openssl_append.j2 + backup: true + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- assemble: + src: "{{ etcd_ca_dir }}/fragments" + dest: "{{ etcd_openssl_conf }}" + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- name: Check etcd_ca_db exist + stat: path="{{ etcd_ca_db }}" + register: etcd_ca_db_check + changed_when: false + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- name: Touch etcd_ca_db file + file: + path: "{{ etcd_ca_db }}" + state: touch + when: etcd_ca_db_check.stat.isreg is not defined + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- copy: + dest: "{{ etcd_ca_serial }}" + content: "01" + force: no + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- name: Create etcd CA certificate + command: > + openssl req -config {{ etcd_openssl_conf }} -newkey rsa:4096 + -keyout {{ etcd_ca_key }} -new -out {{ etcd_ca_cert }} + -x509 -extensions {{ etcd_ca_exts_self }} -batch -nodes + -days {{ etcd_ca_default_days }} + -subj /CN=etcd-signer@{{ ansible_date_time.epoch }} + args: + chdir: "{{ etcd_ca_dir }}" + creates: "{{ etcd_ca_cert }}" + environment: + SAN: 'etcd-signer' + delegate_to: "{{ etcd_ca_host }}" + run_once: true |