shixiong
/
okd


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
							---
- name: Create service catalog cert directory
  file:
    path: "{{ openshift.common.config_base }}/service-catalog"
    state: directory
    mode: 0755
  changed_when: False
  check_mode: no

- set_fact:
    generated_certs_dir: "{{ openshift.common.config_base }}/service-catalog"

- name: Generate signing cert
  command: >
    {{ openshift.common.client_binary }} adm --config=/etc/origin/master/admin.kubeconfig ca create-signer-cert
    --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt
    --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer

- name: Delete old apiserver.crt
  file:
    path: "{{ generated_certs_dir }}/apiserver.crt"
    state: absent

- name: Delete old apiserver.key
  file:
    path: "{{ generated_certs_dir }}/apiserver.key"
    state: absent

- name: Generating server keys
  oc_adm_ca_server_cert:
    cert: "{{ generated_certs_dir }}/apiserver.crt"
    key: "{{ generated_certs_dir }}/apiserver.key"
    hostnames: "apiserver.kube-service-catalog.svc,apiserver.kube-service-catalog.svc.cluster.local,apiserver.kube-service-catalog"
    signer_cert: "{{ generated_certs_dir }}/ca.crt"
    signer_key: "{{ generated_certs_dir }}/ca.key"
    signer_serial: "{{ generated_certs_dir }}/apiserver.serial.txt"

- name: Create apiserver-ssl secret
  oc_secret:
    state: present
    name: apiserver-ssl
    namespace: kube-service-catalog
    files:
    - name: tls.crt
      path: "{{ generated_certs_dir }}/apiserver.crt"
    - name: tls.key
      path: "{{ generated_certs_dir }}/apiserver.key"

- name: Create service-catalog-ssl secret
  oc_secret:
    state: present
    name: service-catalog-ssl
    namespace: kube-service-catalog
    files:
    - name: tls.crt
      path: "{{ generated_certs_dir }}/apiserver.crt"

- slurp:
    src: "{{ generated_certs_dir }}/ca.crt"
  register: apiserver_ca

- shell: >
    {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig get apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found"
  register: get_apiservices
  changed_when: no

- name: Create api service
  oc_obj:
    state: present
    name: v1beta1.servicecatalog.k8s.io
    kind: apiservices.apiregistration.k8s.io
    namespace: "kube-service-catalog"
    content:
      path: /tmp/apisvcout
      data:
        apiVersion: apiregistration.k8s.io/v1beta1
        kind: APIService
        metadata:
          name: v1beta1.servicecatalog.k8s.io
        spec:
          group: servicecatalog.k8s.io
          version: v1beta1
          service:
            namespace: "kube-service-catalog"
            name: apiserver
          caBundle: "{{ apiserver_ca.content }}"
          groupPriorityMinimum: 20
          versionPriority: 10
  when: "'not found' in get_apiservices.stdout"