diff options
Diffstat (limited to 'roles/openshift_etcd_certs')
| -rw-r--r-- | roles/openshift_etcd_certs/README.md | 34 | ||||
| -rw-r--r-- | roles/openshift_etcd_certs/meta/main.yml | 16 | ||||
| -rw-r--r-- | roles/openshift_etcd_certs/tasks/main.yml | 33 | ||||
| -rw-r--r-- | roles/openshift_etcd_certs/vars/main.yml | 8 |
4 files changed, 91 insertions, 0 deletions
diff --git a/roles/openshift_etcd_certs/README.md b/roles/openshift_etcd_certs/README.md new file mode 100644 index 000000000..efac6d9fe --- /dev/null +++ b/roles/openshift_etcd_certs/README.md @@ -0,0 +1,34 @@ +OpenShift etcd certs +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Scott Dodson (sdodson@redhat.com) diff --git a/roles/openshift_etcd_certs/meta/main.yml b/roles/openshift_etcd_certs/meta/main.yml new file mode 100644 index 000000000..4847ba94b --- /dev/null +++ b/roles/openshift_etcd_certs/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Scott Dodson + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_facts } diff --git a/roles/openshift_etcd_certs/tasks/main.yml b/roles/openshift_etcd_certs/tasks/main.yml new file mode 100644 index 000000000..04b411117 --- /dev/null +++ b/roles/openshift_etcd_certs/tasks/main.yml @@ -0,0 +1,33 @@ +--- +- name: Create openshift_generated_configs_dir if it doesn't exist + file: + path: "{{ openshift_generated_configs_dir }}" + state: directory + +- name: Create openshift_generated_configs_dir for each etcd host + file: + path: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname}}" + state: directory + with_items: etcd_hosts_needing_certs + +- name: Generate the etcd client side certs + delegate_to: "{{ openshift_first_master }}" + command: > + {{ openshift.common.admin_binary }} create-server-cert + --cert=client.crt --key=client.key --overwrite=true + --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname, item.openshift.common.ip]|unique|join(",") }} + --signer-cert={{ openshift_master_ca_cert }} + --signer-key={{ openshift_master_ca_key }} + --signer-serial={{ openshift_master_ca_serial }} + args: + chdir: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname }}" + creates: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname }}/client.crt" + with_items: etcd_hosts_needing_certs + +- name: Copy CA cert + delegate_to: "{{ openshift_first_master }}" + command: "cp {{ openshift_master_ca_cert }} ." + args: + chdir: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname }}" + creates: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname }}/ca.crt" + with_items: etcd_hosts_needing_certs diff --git a/roles/openshift_etcd_certs/vars/main.yml b/roles/openshift_etcd_certs/vars/main.yml new file mode 100644 index 000000000..3801b8427 --- /dev/null +++ b/roles/openshift_etcd_certs/vars/main.yml @@ -0,0 +1,8 @@ +--- +openshift_node_config_dir: /etc/openshift/node +openshift_master_config_dir: /etc/openshift/master +openshift_generated_configs_dir: /etc/openshift/generated-configs +openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" +openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" +openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" +openshift_kube_api_version: v1beta3 |