From 99745a04223f2ed8111b5eb4b49d2bcfec9e678f Mon Sep 17 00:00:00 2001
From: Jan Chaloupka <jchaloup@redhat.com>
Date: Thu, 14 Sep 2017 12:10:15 +0200
Subject: Consolidate etcd certs roles

This is a part of the etcd_ like role consolidationi into an action-based role.
As part of the consilidation some roles have been removed and some replaced by
include_role module. Resulting in reorder and shift of role dependencies
from a role into a play.
---
 roles/etcd_server_certificates/tasks/main.yml | 232 --------------------------
 1 file changed, 232 deletions(-)
 delete mode 100644 roles/etcd_server_certificates/tasks/main.yml

(limited to 'roles/etcd_server_certificates/tasks/main.yml')

diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml
deleted file mode 100644
index 4795188a6..000000000
--- a/roles/etcd_server_certificates/tasks/main.yml
+++ /dev/null
@@ -1,232 +0,0 @@
----
-- name: Install etcd
-  package: name=etcd{{ '-' + etcd_version if etcd_version is defined else '' }} state=present
-  when: not etcd_is_containerized | bool
-
-- name: Check status of etcd certificates
-  stat:
-    path: "{{ item }}"
-  with_items:
-  - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}server.crt"
-  - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}peer.crt"
-  - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}ca.crt"
-  - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}server.crt"
-  - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}peer.crt"
-  - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}ca.crt"
-  register: g_etcd_server_cert_stat_result
-  when: not etcd_certificates_redeploy | default(false) | bool
-
-- set_fact:
-    etcd_server_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool
-                                   else (False in (g_etcd_server_cert_stat_result.results
-                                                   | default({})
-                                                   | oo_collect(attribute='stat.exists')
-                                                   | list)) }}"
-
-- name: Ensure generated_certs directory present
-  file:
-    path: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
-    state: directory
-    mode: 0700
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-- name: Create the server csr
-  command: >
-    openssl req -new -keyout {{ etcd_cert_prefix }}server.key
-    -config {{ etcd_openssl_conf }}
-    -out {{ etcd_cert_prefix }}server.csr
-    -reqexts {{ etcd_req_ext }} -batch -nodes
-    -subj /CN={{ etcd_hostname }}
-  args:
-    chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
-    creates: "{{ etcd_generated_certs_dir ~ '/' ~  etcd_cert_subdir ~ '/'
-                 ~ etcd_cert_prefix ~ 'server.csr' }}"
-  environment:
-    SAN: "IP:{{ etcd_ip }},DNS:{{ etcd_hostname }}"
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-# Certificates must be signed serially in order to avoid competing
-# for the serial file.
-- name: Sign and create the server crt
-  delegated_serial_command:
-    command: >
-      openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
-      -out {{ etcd_cert_prefix }}server.crt
-      -in {{ etcd_cert_prefix }}server.csr
-      -extensions {{ etcd_ca_exts_server }} -batch
-    chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
-    creates: "{{ etcd_generated_certs_dir ~ '/' ~  etcd_cert_subdir ~ '/'
-                 ~ etcd_cert_prefix ~ 'server.crt' }}"
-  environment:
-    SAN: "IP:{{ etcd_ip }}"
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-- name: Create the peer csr
-  command: >
-    openssl req -new -keyout {{ etcd_cert_prefix }}peer.key
-    -config {{ etcd_openssl_conf }}
-    -out {{ etcd_cert_prefix }}peer.csr
-    -reqexts {{ etcd_req_ext }} -batch -nodes
-    -subj /CN={{ etcd_hostname }}
-  args:
-    chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
-    creates: "{{ etcd_generated_certs_dir ~ '/' ~  etcd_cert_subdir ~ '/'
-                 ~ etcd_cert_prefix ~ 'peer.csr' }}"
-  environment:
-    SAN: "IP:{{ etcd_ip }},DNS:{{ etcd_hostname }}"
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-# Certificates must be signed serially in order to avoid competing
-# for the serial file.
-- name: Sign and create the peer crt
-  delegated_serial_command:
-    command: >
-      openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
-      -out {{ etcd_cert_prefix }}peer.crt
-      -in {{ etcd_cert_prefix }}peer.csr
-      -extensions {{ etcd_ca_exts_peer }} -batch
-    chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}"
-    creates: "{{ etcd_generated_certs_dir ~ '/' ~  etcd_cert_subdir ~ '/'
-                 ~ etcd_cert_prefix ~ 'peer.crt' }}"
-  environment:
-    SAN: "IP:{{ etcd_ip }}"
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-- file:
-    src: "{{ etcd_ca_cert }}"
-    dest: "{{ etcd_generated_certs_dir}}/{{ etcd_cert_subdir }}/{{ etcd_cert_prefix }}ca.crt"
-    state: hard
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-- name: Create local temp directory for syncing certs
-  local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX
-  become: no
-  register: g_etcd_server_mktemp
-  changed_when: False
-  when: etcd_server_certs_missing | bool
-
-- name: Create a tarball of the etcd certs
-  command: >
-    tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz
-      -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} .
-  args:
-    creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
-    # Disables the following warning:
-    # Consider using unarchive module rather than running tar
-    warn: no
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-- name: Retrieve etcd cert tarball
-  fetch:
-    src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz"
-    dest: "{{ g_etcd_server_mktemp.stdout }}/"
-    flat: yes
-    fail_on_missing: yes
-    validate_checksum: yes
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-- name: Ensure certificate directory exists
-  file:
-    path: "{{ item }}"
-    state: directory
-  with_items:
-  - "{{ etcd_cert_config_dir }}"
-  - "{{ etcd_system_container_cert_config_dir }}"
-  when: etcd_server_certs_missing | bool
-
-- name: Unarchive cert tarball
-  unarchive:
-    src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz"
-    dest: "{{ etcd_cert_config_dir }}"
-  when: etcd_server_certs_missing | bool
-
-- name: Create a tarball of the etcd ca certs
-  command: >
-    tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_ca_name }}.tgz
-      -C {{ etcd_ca_dir }} .
-  args:
-    creates: "{{ etcd_generated_certs_dir }}/{{ etcd_ca_name }}.tgz"
-    warn: no
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-- name: Retrieve etcd ca cert tarball
-  fetch:
-    src: "{{ etcd_generated_certs_dir }}/{{ etcd_ca_name }}.tgz"
-    dest: "{{ g_etcd_server_mktemp.stdout }}/"
-    flat: yes
-    fail_on_missing: yes
-    validate_checksum: yes
-  when: etcd_server_certs_missing | bool
-  delegate_to: "{{ etcd_ca_host }}"
-
-- name: Ensure ca directory exists
-  file:
-    path: "{{ item }}"
-    state: directory
-  with_items:
-  - "{{ etcd_ca_dir }}"
-  - "{{ etcd_system_container_cert_config_dir }}/ca"
-  when: etcd_server_certs_missing | bool
-
-- name: Unarchive cert tarball for the system container
-  unarchive:
-    src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz"
-    dest: "{{ etcd_system_container_cert_config_dir }}"
-  when:
-  - etcd_server_certs_missing | bool
-  - r_etcd_common_etcd_runtime == 'runc'
-
-- name: Unarchive etcd ca cert tarballs for the system container
-  unarchive:
-    src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_ca_name }}.tgz"
-    dest: "{{ etcd_system_container_cert_config_dir }}/ca"
-  when:
-  - etcd_server_certs_missing | bool
-  - r_etcd_common_etcd_runtime == 'runc'
-
-- name: Delete temporary directory
-  local_action: file path="{{ g_etcd_server_mktemp.stdout }}" state=absent
-  become: no
-  changed_when: False
-  when: etcd_server_certs_missing | bool
-
-- name: Validate permissions on certificate files
-  file:
-    path: "{{ item }}"
-    mode: 0600
-    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
-    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
-  when: etcd_url_scheme == 'https'
-  with_items:
-  - "{{ etcd_ca_file }}"
-  - "{{ etcd_cert_file }}"
-  - "{{ etcd_key_file }}"
-
-- name: Validate permissions on peer certificate files
-  file:
-    path: "{{ item }}"
-    mode: 0600
-    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
-    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
-  when: etcd_peer_url_scheme == 'https'
-  with_items:
-  - "{{ etcd_peer_ca_file }}"
-  - "{{ etcd_peer_cert_file }}"
-  - "{{ etcd_peer_key_file }}"
-
-- name: Validate permissions on the config dir
-  file:
-    path: "{{ etcd_conf_dir }}"
-    state: directory
-    owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
-    group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}"
-    mode: 0700
-- 
cgit v1.2.3