diff options
Diffstat (limited to 'roles/ansible_service_broker/tasks/generate_certs.yml')
-rw-r--r-- | roles/ansible_service_broker/tasks/generate_certs.yml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/roles/ansible_service_broker/tasks/generate_certs.yml b/roles/ansible_service_broker/tasks/generate_certs.yml new file mode 100644 index 000000000..3da896548 --- /dev/null +++ b/roles/ansible_service_broker/tasks/generate_certs.yml @@ -0,0 +1,44 @@ +--- + +- when: ansible_service_broker_certs_dir is undefined + block: + - name: Create ansible-service-broker cert directory + file: + path: "{{ openshift.common.config_base }}/ansible-service-broker" + state: directory + mode: 0755 + check_mode: no + + - name: Create self signing ca cert + command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"' + args: + creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem' + + - name: Create self signed client cert + command: '{{ item.cmd }}' + args: + creates: '{{ item.creates }}' + with_items: + - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key' + - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"' + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr' + - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem' + + - set_fact: + ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker" + +- name: Read in certs for etcd + slurp: + src: '{{ ansible_service_broker_certs_dir }}/{{ item }}' + register: asb_etcd_certs + with_items: + - cert.pem + - client.pem + - client.key + +- set_fact: + etcd_ca_cert: "{{ asb_etcd_certs.results.0.content | b64decode }}" + etcd_client_cert: "{{ asb_etcd_certs.results.1.content | b64decode }}" + etcd_client_key: "{{ asb_etcd_certs.results.2.content | b64decode }}" |