diff options
| author | Brenton Leanhardt <bleanhar@redhat.com> | 2016-03-03 08:30:14 -0500 |
|---|---|---|
| committer | Brenton Leanhardt <bleanhar@redhat.com> | 2016-03-03 08:30:14 -0500 |
| commit | 055366e7bfa789eae0dce5c638afb8cde143a0dc (patch) | |
| tree | 8f809bc91ab3812b22aeec40f6ddcaa412aa38d3 /roles/nuage_node/tasks/certificates.yml | |
| parent | 7874cd4a233669fa86f20f05bc3cd199d8b87935 (diff) | |
| parent | c16a92f804518fae19294280a9bd1d57976253ff (diff) | |
| download | openshift-055366e7bfa789eae0dce5c638afb8cde143a0dc.tar.gz openshift-055366e7bfa789eae0dce5c638afb8cde143a0dc.tar.bz2 openshift-055366e7bfa789eae0dce5c638afb8cde143a0dc.tar.xz openshift-055366e7bfa789eae0dce5c638afb8cde143a0dc.zip | |
Merge pull request #1528 from vishpat/nuage_rest_server_cert_changes
Changes required for Nuage monitor REST server
Diffstat (limited to 'roles/nuage_node/tasks/certificates.yml')
| -rw-r--r-- | roles/nuage_node/tasks/certificates.yml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/roles/nuage_node/tasks/certificates.yml b/roles/nuage_node/tasks/certificates.yml new file mode 100644 index 000000000..0fe6f7bac --- /dev/null +++ b/roles/nuage_node/tasks/certificates.yml @@ -0,0 +1,50 @@ +--- +- name: Create a directory to hold the certificates + file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=directory + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the key + command: > + openssl genrsa -out "{{ nuage_ca_master_plugin_key }}" 4096 + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the req file + command: > + openssl req -key "{{ nuage_ca_master_plugin_key }}" -new -out "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -subj "/CN=nuage-client" + delegate_to: "{{ nuage_ca_master }}" + +- name: Generate the crt file + command: > + openssl x509 -req -in "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_plugin_crt }}" -extensions clientauth -extfile "{{ nuage_ca_dir }}"/openssl.cnf + delegate_to: "{{ nuage_ca_master }}" + +- name: Remove the req file + file: path="{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Copy nuage CA crt + shell: cp "{{ nuage_ca_crt }}" "{{ nuage_plugin_rest_client_crt_dir }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Archive the certificate dir + shell: "cd {{ nuage_plugin_rest_client_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *" + delegate_to: "{{ nuage_ca_master }}" + +- name: Create a temp directory for the certificates + local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX" + register: mktemp + +- name: Download the certificates + fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes + delegate_to: "{{ nuage_ca_master }}" + +- name: Extract the certificates + unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_plugin_crt_dir }} + +- name: Delete the certificates after copy + file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Delete the temp directory + file: path="{{ mktemp.stdout }}" state=absent + delegate_to: "{{ nuage_ca_master }}" |