1 files changed, 42 insertions, 0 deletions

diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml
new file mode 100644
index 000000000..28f33f442
--- /dev/null
+++ b/roles/etcd_certificates/tasks/client.yml
@@ -0,0 +1,42 @@
+---
+- name: Ensure generated_certs directory present
+  file:
+    path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
+    state: directory
+    mode: 0700
+  with_items: etcd_needing_client_certs
+
+- name: Create the client csr
+  command: >
+    openssl req -new -keyout {{ item.etcd_cert_prefix }}client.key
+    -config {{ etcd_openssl_conf }}
+    -out {{ item.etcd_cert_prefix }}client.csr
+    -reqexts {{ etcd_req_ext }} -batch -nodes
+    -subj /CN={{ item.openshift.common.hostname }}
+  args:
+    chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
+    creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
+                 ~ item.etcd_cert_prefix ~ 'client.csr' }}"
+  environment:
+    SAN: "IP:{{ item.openshift.common.ip }}"
+  with_items: etcd_needing_client_certs
+
+- name: Sign and create the client crt
+  command: >
+    openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
+    -out {{ item.etcd_cert_prefix }}client.crt
+    -in {{ item.etcd_cert_prefix }}client.csr
+    -batch
+  args:
+    chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
+    creates: "{{ etcd_generated_certs_dir ~ '/' ~  item.etcd_cert_subdir ~ '/'
+                 ~ item.etcd_cert_prefix ~ 'client.crt' }}"
+  environment:
+    SAN: ''
+  with_items: etcd_needing_client_certs
+
+- file:
+    src: "{{ etcd_ca_cert }}"
+    dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
+    state: hard
+  with_items: etcd_needing_client_certs