Página inicial Explorar Ajuda
Registrar Entrar
shixiong
/
okd
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: 2bf65cdab4
Branches Tags
okd
/
roles
/
ansible_service_broker
/
tasks
/
generate_certs.yml

generate_certs.yml 2.2 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344 
  1. ---
    2. 

  2. 

  3. - when: ansible_service_broker_certs_dir is undefined
    4. 

  4.   block:
    5. 

  5.   - name: Create ansible-service-broker cert directory
    6. 

  6.     file:
    7. 

  7.       path: "{{ openshift.common.config_base }}/ansible-service-broker"
    8. 

  8.       state: directory
    9. 

  9.       mode: 0755
    10. 

  10.     check_mode: no
    11. 

  11. 

  12.   - name: Create self signing ca cert
    13. 

  13.     command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"'
    14. 

  14.     args:
    15. 

  15.       creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem'
    16. 

  16. 

  17.   - name: Create self signed client cert
    18. 

  18.     command: '{{ item.cmd }}'
    19. 

  19.     args:
    20. 

  20.       creates: '{{ item.creates }}'
    21. 

  21.     with_items:
    22. 

  22.     - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048
    23. 

  23.       creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key'
    24. 

  24.     - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"'
    25. 

  25.       creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr'
    26. 

  26.     - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024
    27. 

  27.       creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem'
    28. 

  28. 

  29.   - set_fact:
    30. 

  30.       ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker"
    31. 

  31. 

  32. - name: Read in certs for etcd
    33. 

  33.   slurp:
    34. 

  34.     src: '{{ ansible_service_broker_certs_dir }}/{{ item }}'
    35. 

  35.   register: asb_etcd_certs
    36. 

  36.   with_items:
    37. 

  37.   - cert.pem
    38. 

  38.   - client.pem
    39. 

  39.   - client.key
    40. 

  40. 

  41. - set_fact:
    42. 

  42.     etcd_ca_cert: "{{ asb_etcd_certs.results.0.content | b64decode }}"
    43. 

  43.     etcd_client_cert: "{{ asb_etcd_certs.results.1.content | b64decode }}"
    44. 

  44.     etcd_client_key: "{{ asb_etcd_certs.results.2.content | b64decode }}"
    45.