Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 1b48aab78f
Branches Tags
okd
/
roles
/
openshift_service_catalog
/
tasks
/
generate_certs.yml

generate_certs.yml 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. ---
    2. 

  2. - name: Create service catalog cert directory
    3. 

  3.   file:
    4. 

  4.     path: "{{ openshift.common.config_base }}/service-catalog"
    5. 

  5.     state: directory
    6. 

  6.     mode: 0755
    7. 

  7.   changed_when: False
    8. 

  8.   check_mode: no
    9. 

  9. 

  10. - set_fact:
    11. 

  11.     generated_certs_dir: "{{ openshift.common.config_base }}/service-catalog"
    12. 

  12. 

  13. - name: Generate signing cert
    14. 

  14.   command: >
    15. 

  15.     {{ openshift_client_binary }} adm --config=/etc/origin/master/admin.kubeconfig ca create-signer-cert
    16. 

  16.     --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt
    17. 

  17.     --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer
    18. 

  18. 

  19. - name: Delete old apiserver.crt
    20. 

  20.   file:
    21. 

  21.     path: "{{ generated_certs_dir }}/apiserver.crt"
    22. 

  22.     state: absent
    23. 

  23. 

  24. - name: Delete old apiserver.key
    25. 

  25.   file:
    26. 

  26.     path: "{{ generated_certs_dir }}/apiserver.key"
    27. 

  27.     state: absent
    28. 

  28. 

  29. - name: Generating API Server keys
    30. 

  30.   oc_adm_ca_server_cert:
    31. 

  31.     cert: "{{ generated_certs_dir }}/apiserver.crt"
    32. 

  32.     key: "{{ generated_certs_dir }}/apiserver.key"
    33. 

  33.     hostnames: "apiserver.kube-service-catalog.svc,apiserver.kube-service-catalog.svc.cluster.local,apiserver.kube-service-catalog"
    34. 

  34.     signer_cert: "{{ generated_certs_dir }}/ca.crt"
    35. 

  35.     signer_key: "{{ generated_certs_dir }}/ca.key"
    36. 

  36.     signer_serial: "{{ generated_certs_dir }}/apiserver.serial.txt"
    37. 

  37. 

  38. - name: Create apiserver-ssl secret
    39. 

  39.   oc_secret:
    40. 

  40.     state: present
    41. 

  41.     name: apiserver-ssl
    42. 

  42.     namespace: kube-service-catalog
    43. 

  43.     files:
    44. 

  44.     - name: tls.crt
    45. 

  45.       path: "{{ generated_certs_dir }}/apiserver.crt"
    46. 

  46.     - name: tls.key
    47. 

  47.       path: "{{ generated_certs_dir }}/apiserver.key"
    48. 

  48. 

  49. - slurp:
    50. 

  50.     src: "{{ generated_certs_dir }}/ca.crt"
    51. 

  51.   register: apiserver_ca
    52. 

  52. 

  53. - name: Create api service
    54. 

  54.   oc_obj:
    55. 

  55.     state: present
    56. 

  56.     name: v1beta1.servicecatalog.k8s.io
    57. 

  57.     kind: apiservices.apiregistration.k8s.io
    58. 

  58.     namespace: "kube-service-catalog"
    59. 

  59.     content:
    60. 

  60.       path: /tmp/apisvcout
    61. 

  61.       data:
    62. 

  62.         apiVersion: apiregistration.k8s.io/v1beta1
    63. 

  63.         kind: APIService
    64. 

  64.         metadata:
    65. 

  65.           name: v1beta1.servicecatalog.k8s.io
    66. 

  66.         spec:
    67. 

  67.           group: servicecatalog.k8s.io
    68. 

  68.           version: v1beta1
    69. 

  69.           service:
    70. 

  70.             namespace: "kube-service-catalog"
    71. 

  71.             name: apiserver
    72. 

  72.           caBundle: "{{ apiserver_ca.content }}"
    73. 

  73.           groupPriorityMinimum: 20
    74. 

  74.           versionPriority: 10
    75.