Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Add Extra CAs (custom post-provision action) (#801)

* add cas: playbook adding new CAs created

* add CAs: README updated, bug fixes

* README: improvements

* README: minor fixes

* README: removed code snippet

* README: fix
Tlacenka 7 years ago
parent
d2ff422b28
commit
3823c72af1
2 changed files with 24 additions and 0 deletions
Split View Show Diff Stats
  1. 11 0
      playbooks/provisioning/openstack/README.md
  2. 13 0
      playbooks/provisioning/openstack/custom-actions/add-cas.yml

+ 11 - 0
playbooks/provisioning/openstack/README.md
View File 

@@ -629,6 +629,16 @@ Example usage:
 
 ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml  --extra-vars '{"registries": "reg1", "insecure_registries": ["ins_reg1","ins_reg2"]}'
 
 ```
 
 
+#### Adding extra CAs to the trust chain
 
+
 
+This playbook is also located in the [custom-actions](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions) directory.
 
+It copies passed CAs to the trust chain location and updates the trust chain on each selected host.
 
+
 
+Example usage:
 
+```
 
+ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-cas.yml --extra-vars '{"ca_files": [<absolute path to ca1 file>, <absolute path to ca2 file>]}'
 
+```
 
+
 
 Please consider contributing your custom playbook back to openshift-ansible-contrib!
 
 
 A library of custom post-provision actions exists in `openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions`. Playbooks include:
 
@@ -636,6 +646,7 @@ A library of custom post-provision actions exists in `openshift-ansible-contrib/
 
 * [add-yum-repos.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-yum-repos.yml): adds a list of custom yum repositories to every node in the cluster
 
 * [add-rhn-pools.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): attaches a list of additional RHN pools to every node in the cluster
 
 * [add-docker-registry.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml): adds a list of docker registries to the docker configuration on every node in the cluster
 
+* [add-cas.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): adds a list of CAs to the trust chain on every node in the cluster
 
 
 ### Install OpenShift

+ 13 - 0
playbooks/provisioning/openstack/custom-actions/add-cas.yml
View File 

@@ -0,0 +1,13 @@
 
+---
 
+- hosts: cluster_hosts
 
+  become: true
 
+  vars:
 
+    ca_files: []
 
+  tasks:
 
+  - name: Copy CAs to the trusted CAs location
 
+    with_items: "{{ ca_files }}"
 
+    copy:
 
+      src: "{{ item }}"
 
+      dest: /etc/pki/ca-trust/source/anchors/
 
+  - name: Update trusted CAs
 
+    shell: 'update-ca-trust enable && update-ca-trust extract'