1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
# flake8: noqa
# pylint: skip-file
DOCUMENTATION = '''
---
module: oadm_ca
short_description: Module to manage openshift certificate authority
description:
- Wrapper around the openshift `oc adm ca` command.
options:
state:
description:
- Present is the only supported state. The state present means that `oc adm ca` will generate a certificate
- When create-master-certs is desired then the following parameters are passed.
- ['cert_dir', 'hostnames', 'master', 'public_master', 'overwrite', 'signer_name']
- When create-key-pair is desired then the following parameters are passed.
- ['private_key', 'public_key']
- When create-server-cert is desired then the following parameters are passed.
- ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial']
required: false
default: present
choices:
- present
aliases: []
kubeconfig:
description:
- The path for the kubeconfig file to use for authentication
required: false
default: /etc/origin/master/admin.kubeconfig
aliases: []
debug:
description:
- Turn on debug output.
required: false
default: False
aliases: []
cmd:
description:
- The sub command given for `oc adm ca`
required: false
default: None
choices:
- create-master-certs
- create-key-pair
- create-server-cert
aliases: []
cert_dir:
description:
- The certificate data directory.
required: false
default: None
aliases: []
cert:
description:
- The certificate file. Choose a name that indicates what the service is.
required: false
default: None
aliases: []
key:
description:
- The key file. Choose a name that indicates what the service is.
required: false
default: None
aliases: []
overwrite:
description:
- Overwrite existing cert files if found. If false, any existing file will be left as-is.
required: false
default: False
aliases: []
signer_cert:
description:
- The signer certificate file.
required: false
default: None
aliases: []
signer_key:
description:
- The signer key file.
required: false
default: None
aliases: []
signer_serial:
description:
- The signer serial file.
required: false
default: None
aliases: []
public_key:
description:
- The public key file used with create-key-pair
required: false
default: None
aliases: []
private_key:
description:
- The private key file used with create-key-pair
required: false
default: None
aliases: []
hostnames:
description:
- Every hostname or IP that server certs should be valid for (comma-delimited list)
required: false
default: None
aliases: []
master:
description:
- The API server's URL
required: false
default: None
aliases: []
public_master:
description:
- The API public facing server's URL (if applicable)
required: false
default: None
aliases: []
signer_name:
description:
- The name to use for the generated signer
required: false
default: None
aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
'''
EXAMPLES = '''
- name: Create a self-signed cert
oadm_ca:
cmd: create-server-cert
signer_cert: /etc/origin/master/ca.crt
signer_key: /etc/origin/master/ca.key
signer_serial: /etc/origin/master/ca.serial.txt
hostnames: "registry.test.openshift.com,127.0.0.1,docker-registry.default.svc.cluster.local"
cert: /etc/origin/master/registry.crt
key: /etc/origin/master/registry.key
'''
|
