summaryrefslogtreecommitdiffstats
path: root/roles/etcd_certificates/tasks/server.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/etcd_certificates/tasks/server.yml')
-rw-r--r--roles/etcd_certificates/tasks/server.yml73
1 files changed, 73 insertions, 0 deletions
diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml
new file mode 100644
index 000000000..727b7fa2c
--- /dev/null
+++ b/roles/etcd_certificates/tasks/server.yml
@@ -0,0 +1,73 @@
+---
+- name: Ensure generated_certs directory present
+ file:
+ path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
+ state: directory
+ mode: 0700
+ with_items: etcd_needing_server_certs
+
+- name: Create the server csr
+ command: >
+ openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key
+ -config {{ etcd_openssl_conf }}
+ -out {{ item.etcd_cert_prefix }}server.csr
+ -reqexts {{ etcd_req_ext }} -batch -nodes
+ -subj /CN={{ item.openshift.common.hostname }}
+ args:
+ chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
+ ~ item.etcd_cert_prefix ~ 'server.csr' }}"
+ environment:
+ SAN: "IP:{{ item.openshift.common.ip }}"
+ with_items: etcd_needing_server_certs
+
+- name: Sign and create the server crt
+ command: >
+ openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
+ -out {{ item.etcd_cert_prefix }}server.crt
+ -in {{ item.etcd_cert_prefix }}server.csr
+ -extensions {{ etcd_ca_exts_server }} -batch
+ args:
+ chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
+ ~ item.etcd_cert_prefix ~ 'server.crt' }}"
+ environment:
+ SAN: ''
+ with_items: etcd_needing_server_certs
+
+- name: Create the peer csr
+ command: >
+ openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key
+ -config {{ etcd_openssl_conf }}
+ -out {{ item.etcd_cert_prefix }}peer.csr
+ -reqexts {{ etcd_req_ext }} -batch -nodes
+ -subj /CN={{ item.openshift.common.hostname }}
+ args:
+ chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
+ ~ item.etcd_cert_prefix ~ 'peer.csr' }}"
+ environment:
+ SAN: "IP:{{ item.openshift.common.ip }}"
+ with_items: etcd_needing_server_certs
+
+- name: Sign and create the peer crt
+ command: >
+ openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
+ -out {{ item.etcd_cert_prefix }}peer.crt
+ -in {{ item.etcd_cert_prefix }}peer.csr
+ -extensions {{ etcd_ca_exts_peer }} -batch
+ args:
+ chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
+ creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
+ ~ item.etcd_cert_prefix ~ 'peer.crt' }}"
+ environment:
+ SAN: ''
+ with_items: etcd_needing_server_certs
+
+- file:
+ src: "{{ etcd_ca_cert }}"
+ dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
+ state: hard
+ with_items: etcd_needing_server_certs
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 18:40:09 +0000