| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
- ---
- - name: Create local temp directory for syncing certs
- hosts: localhost
- connection: local
- become: no
- gather_facts: no
- tasks:
- - name: Create local temp directory for syncing certs
- local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
- register: local_cert_sync_tmpdir
- changed_when: false
- - name: Create service signer certificate
- hosts: oo_first_master
- tasks:
- - name: Create remote temp directory for creating certs
- command: mktemp -d /tmp/openshift-ansible-XXXXXXX
- register: remote_cert_create_tmpdir
- changed_when: false
- - name: Create service signer certificate
- command: >
- {{ openshift.common.admin_binary }} ca create-signer-cert
- --cert=service-signer.crt
- --key=service-signer.key
- --name=openshift-service-serving-signer
- --serial=service-signer.serial.txt
- args:
- chdir: "{{ remote_cert_create_tmpdir.stdout }}/"
- - name: Retrieve service signer certificate
- fetch:
- src: "{{ remote_cert_create_tmpdir.stdout }}/{{ item }}"
- dest: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/"
- flat: yes
- fail_on_missing: yes
- validate_checksum: yes
- with_items:
- - "service-signer.crt"
- - "service-signer.key"
- - name: Delete remote temp directory
- file:
- name: "{{ remote_cert_create_tmpdir.stdout }}"
- state: absent
- changed_when: false
- - name: Deploy service signer certificate
- hosts: oo_masters_to_config
- tasks:
- - name: Deploy service signer certificate
- copy:
- src: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/{{ item }}"
- dest: "{{ openshift.common.config_base }}/master/"
- with_items:
- - "service-signer.crt"
- - "service-signer.key"
- - name: Delete local temp directory
- hosts: localhost
- connection: local
- become: no
- gather_facts: no
- tasks:
- - name: Delete local temp directory
- file:
- name: "{{ local_cert_sync_tmpdir.stdout }}"
- state: absent
- changed_when: false
|
