From 99745a04223f2ed8111b5eb4b49d2bcfec9e678f Mon Sep 17 00:00:00 2001
From: Jan Chaloupka <jchaloup@redhat.com>
Date: Thu, 14 Sep 2017 12:10:15 +0200
Subject: Consolidate etcd certs roles

This is a part of the etcd_ like role consolidationi into an action-based role.
As part of the consilidation some roles have been removed and some replaced by
include_role module. Resulting in reorder and shift of role dependencies
from a role into a play.
---
 roles/etcd/tasks/ca/deploy.yml | 78 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 roles/etcd/tasks/ca/deploy.yml

(limited to 'roles/etcd/tasks/ca')

diff --git a/roles/etcd/tasks/ca/deploy.yml b/roles/etcd/tasks/ca/deploy.yml
new file mode 100644
index 000000000..3d32290a2
--- /dev/null
+++ b/roles/etcd/tasks/ca/deploy.yml
@@ -0,0 +1,78 @@
+---
+- name: Install openssl
+  package:
+    name: openssl
+    state: present
+  when: not etcd_is_atomic | bool
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0700
+    owner: root
+    group: root
+  with_items:
+  - "{{ etcd_ca_new_certs_dir }}"
+  - "{{ etcd_ca_crl_dir }}"
+  - "{{ etcd_ca_dir }}/fragments"
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- command: cp /etc/pki/tls/openssl.cnf ./
+  args:
+    chdir: "{{ etcd_ca_dir }}/fragments"
+    creates: "{{ etcd_ca_dir }}/fragments/openssl.cnf"
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- template:
+    dest: "{{ etcd_ca_dir }}/fragments/openssl_append.cnf"
+    src: openssl_append.j2
+    backup: true
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- assemble:
+    src: "{{ etcd_ca_dir }}/fragments"
+    dest: "{{ etcd_openssl_conf }}"
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- name: Check etcd_ca_db exist
+  stat: path="{{ etcd_ca_db }}"
+  register: etcd_ca_db_check
+  changed_when: false
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- name: Touch etcd_ca_db file
+  file:
+    path: "{{ etcd_ca_db }}"
+    state: touch
+  when: etcd_ca_db_check.stat.isreg is not defined
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- copy:
+    dest: "{{ etcd_ca_serial }}"
+    content: "01"
+    force: no
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
+
+- name: Create etcd CA certificate
+  command: >
+    openssl req -config {{ etcd_openssl_conf }} -newkey rsa:4096
+    -keyout {{ etcd_ca_key }} -new -out {{ etcd_ca_cert }}
+    -x509 -extensions {{ etcd_ca_exts_self }} -batch -nodes
+    -days {{ etcd_ca_default_days }}
+    -subj /CN=etcd-signer@{{ ansible_date_time.epoch }}
+  args:
+    chdir: "{{ etcd_ca_dir }}"
+    creates: "{{ etcd_ca_cert }}"
+  environment:
+    SAN: 'etcd-signer'
+  delegate_to: "{{ etcd_ca_host }}"
+  run_once: true
-- 
cgit v1.2.3