diff options
Diffstat (limited to 'roles/ansible_service_broker/tasks')
-rw-r--r-- | roles/ansible_service_broker/tasks/generate_certs.yml | 22 | ||||
-rw-r--r-- | roles/ansible_service_broker/tasks/install.yml | 14 | ||||
-rw-r--r-- | roles/ansible_service_broker/tasks/remove.yml | 6 |
3 files changed, 29 insertions, 13 deletions
diff --git a/roles/ansible_service_broker/tasks/generate_certs.yml b/roles/ansible_service_broker/tasks/generate_certs.yml index 50156a35c..85e67e00c 100644 --- a/roles/ansible_service_broker/tasks/generate_certs.yml +++ b/roles/ansible_service_broker/tasks/generate_certs.yml @@ -9,25 +9,25 @@ mode: 0755 check_mode: no - - set_fact: - ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker" - - name: Create self signing ca cert - command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ ansible_service_broker_certs_dir }}/key.pem -out {{ ansible_service_broker_certs_dir }}/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"' + command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"' args: - creates: '{{ ansible_service_broker_certs_dir }}/cert.pem' + creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem' - name: Create self signed client cert command: '{{ item.cmd }}' args: creates: '{{ item.creates }}' with_items: - - cmd: openssl genrsa -out {{ ansible_service_broker_certs_dir }}/client.key 2048 - creates: '{{ ansible_service_broker_certs_dir }}/client.key' - - cmd: 'openssl req -new -key {{ ansible_service_broker_certs_dir }}/client.key -out {{ ansible_service_broker_certs_dir }}/client.csr -subj "/CN=client"' - creates: '{{ ansible_service_broker_certs_dir }}/client.csr' - - cmd: openssl x509 -req -in {{ ansible_service_broker_certs_dir }}/client.csr -CA {{ ansible_service_broker_certs_dir }}/cert.pem -CAkey {{ ansible_service_broker_certs_dir }}/key.pem -CAcreateserial -out {{ ansible_service_broker_certs_dir }}/client.pem -days 1024 - creates: '{{ ansible_service_broker_certs_dir }}/client.pem' + - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key' + - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"' + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr' + - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem' + + - set_fact: + ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker" - set_fact: etcd_ca_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/cert.pem') }}" diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index 926ed344e..90a4418fb 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -69,6 +69,9 @@ - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] verbs: ["create"] + - apiGroups: ["image.openshift.io", ""] + resources: ["images"] + verbs: ["get", "list"] - name: Create asb-access cluster role oc_clusterrole: @@ -404,8 +407,6 @@ - type: {{ ansible_service_broker_registry_type }} name: {{ ansible_service_broker_registry_name }} url: {{ ansible_service_broker_registry_url }} - user: {{ ansible_service_broker_registry_user }} - pass: {{ ansible_service_broker_registry_password }} org: {{ ansible_service_broker_registry_organization }} tag: {{ ansible_service_broker_registry_tag }} white_list: {{ ansible_service_broker_registry_whitelist }} @@ -442,6 +443,15 @@ - type: basic enabled: false +- oc_secret: + name: asb-registry-auth + namespace: openshift-ansible-service-broker + state: present + contents: + - path: username + data: "{{ ansible_service_broker_registry_user }}" + - path: password + data: "{{ ansible_service_broker_registry_password }}" - name: Create the Broker resource in the catalog oc_obj: diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml index 28dc967a0..a1ac740e0 100644 --- a/roles/ansible_service_broker/tasks/remove.yml +++ b/roles/ansible_service_broker/tasks/remove.yml @@ -46,6 +46,12 @@ resource_name: asb-access user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" +- name: remove asb-registry auth secret + oc_secret: + state: absent + name: asb-registry-auth + namespace: openshift-ansible-service-broker + - name: remove asb-client token secret oc_secret: state: absent |