Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
shixiong
/
okd
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Tree: 80fdf0d5a4
Branches Tags
okd
/
roles
/
ansible_service_broker
/
tasks
/
generate_certs.yml

generate_certs.yml 2.1 KB
Lịch sử Raw

1234567891011121314151617181920212223242526272829303132333435 
  1. ---
    2. 

  2. 

  3. - when: ansible_service_broker_certs_dir is undefined
    4. 

  4.   block:
    5. 

  5.   - name: Create ansible-service-broker cert directory
    6. 

  6.     file:
    7. 

  7.       path: "{{ openshift.common.config_base }}/ansible-service-broker"
    8. 

  8.       state: directory
    9. 

  9.       mode: 0755
    10. 

  10.     check_mode: no
    11. 

  11. 

  12.   - name: Create self signing ca cert
    13. 

  13.     command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"'
    14. 

  14.     args:
    15. 

  15.       creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem'
    16. 

  16. 

  17.   - name: Create self signed client cert
    18. 

  18.     command: '{{ item.cmd }}'
    19. 

  19.     args:
    20. 

  20.       creates: '{{ item.creates }}'
    21. 

  21.     with_items:
    22. 

  22.     - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048
    23. 

  23.       creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key'
    24. 

  24.     - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"'
    25. 

  25.       creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr'
    26. 

  26.     - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024
    27. 

  27.       creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem'
    28. 

  28. 

  29.   - set_fact:
    30. 

  30.       ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker"
    31. 

  31. 

  32. - set_fact:
    33. 

  33.     etcd_ca_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/cert.pem') }}"
    34. 

  34.     etcd_client_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/client.pem') }}"
    35. 

  35.     etcd_client_key: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/client.key') }}"
    36.