From e2d0ebb3bf2cc37f44af53dfad9e1789713fd3b9 Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Mon, 3 Apr 2017 15:01:41 -0500
Subject: Creation of service_catalog and placeholder broker roles

---
 .../tasks/generate_certs.yml                       | 70 ++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 roles/openshift_service_catalog/tasks/generate_certs.yml

(limited to 'roles/openshift_service_catalog/tasks/generate_certs.yml')

diff --git a/roles/openshift_service_catalog/tasks/generate_certs.yml b/roles/openshift_service_catalog/tasks/generate_certs.yml
new file mode 100644
index 000000000..cc897b032
--- /dev/null
+++ b/roles/openshift_service_catalog/tasks/generate_certs.yml
@@ -0,0 +1,70 @@
+---
+- name: Create service catalog cert directory
+  file:
+    path: "{{ openshift.common.config_base }}/service-catalog"
+    state: directory
+    mode: 0755
+  changed_when: False
+  check_mode: no
+
+- set_fact:
+    generated_certs_dir: "{{ openshift.common.config_base }}/service-catalog"
+
+- name: Generate signing cert
+  command: >
+    {{ openshift.common.client_binary }} adm --config=/etc/origin/master/admin.kubeconfig ca create-signer-cert
+    --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt
+    --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer
+
+- name: Generating server keys
+  oc_adm_ca_server_cert:
+    cert: "{{ generated_certs_dir }}/apiserver.crt"
+    key: "{{ generated_certs_dir }}/apiserver.key"
+    hostnames: "apiserver.kube-service-catalog.svc,apiserver.kube-service-catalog.svc.cluster.local,apiserver.kube-service-catalog"
+    signer_cert: "{{ generated_certs_dir }}/ca.crt"
+    signer_key: "{{ generated_certs_dir }}/ca.key"
+    signer_serial: "{{ generated_certs_dir }}/apiserver.serial.txt"
+
+- name: Create apiserver-ssl secret
+  oc_secret:
+    state: present
+    name: apiserver-ssl
+    namespace: kube-service-catalog
+    files:
+    - name: tls.crt
+      path: "{{ generated_certs_dir }}/apiserver.crt"
+    - name: tls.key
+      path: "{{ generated_certs_dir }}/apiserver.key"
+
+- slurp:
+    src: "{{ generated_certs_dir }}/ca.crt"
+  register: apiserver_ca
+
+- shell: >
+    oc get apiservices.apiregistration.k8s.io/v1alpha1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found"
+  register: get_apiservices
+  changed_when: no
+
+- name: Create api service
+  oc_obj:
+    state: present
+    name: v1alpha1.servicecatalog.k8s.io
+    kind: apiservices.apiregistration.k8s.io
+    namespace: "kube-service-catalog"
+    content:
+      path: /tmp/apisvcout
+      data:
+        apiVersion: apiregistration.k8s.io/v1beta1
+        kind: APIService
+        metadata:
+          name: v1alpha1.servicecatalog.k8s.io
+        spec:
+          group: servicecatalog.k8s.io
+          version: v1alpha1
+          service:
+            namespace: "kube-service-catalog"
+            name: apiserver
+          caBundle: "{{ apiserver_ca.content }}"
+          groupPriorityMinimum: 20
+          versionPriority: 10
+  when: "'not found' in get_apiservices.stdout"
-- 
cgit v1.2.3