Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 9fcdda9c1f
Branches Tags
okd
/
roles
/
etcd
/
tasks
/
certificates
/
deploy_ca.yml

deploy_ca.yml 2.0 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. ---
    2. 

  2. - name: Install openssl
    3. 

  3.   package:
    4. 

  4.     name: openssl
    5. 

  5.     state: present
    6. 

  6.   when: not etcd_is_atomic | bool
    7. 

  7.   delegate_to: "{{ etcd_ca_host }}"
    8. 

  8.   run_once: true
    9. 

  9.   register: result
    10. 

  10.   until: result is succeeded
    11. 

  11. 

  12. - file:
    13. 

  13.     path: "{{ item }}"
    14. 

  14.     state: directory
    15. 

  15.     mode: 0700
    16. 

  16.     owner: root
    17. 

  17.     group: root
    18. 

  18.   with_items:
    19. 

  19.   - "{{ etcd_ca_new_certs_dir }}"
    20. 

  20.   - "{{ etcd_ca_crl_dir }}"
    21. 

  21.   - "{{ etcd_ca_dir }}/fragments"
    22. 

  22.   delegate_to: "{{ etcd_ca_host }}"
    23. 

  23.   run_once: true
    24. 

  24. 

  25. - command: cp /etc/pki/tls/openssl.cnf ./
    26. 

  26.   args:
    27. 

  27.     chdir: "{{ etcd_ca_dir }}/fragments"
    28. 

  28.     creates: "{{ etcd_ca_dir }}/fragments/openssl.cnf"
    29. 

  29.   delegate_to: "{{ etcd_ca_host }}"
    30. 

  30.   run_once: true
    31. 

  31. 

  32. - template:
    33. 

  33.     dest: "{{ etcd_ca_dir }}/fragments/openssl_append.cnf"
    34. 

  34.     src: openssl_append.j2
    35. 

  35.     backup: true
    36. 

  36.   delegate_to: "{{ etcd_ca_host }}"
    37. 

  37.   run_once: true
    38. 

  38. 

  39. - assemble:
    40. 

  40.     src: "{{ etcd_ca_dir }}/fragments"
    41. 

  41.     dest: "{{ etcd_openssl_conf }}"
    42. 

  42.   delegate_to: "{{ etcd_ca_host }}"
    43. 

  43.   run_once: true
    44. 

  44. 

  45. - name: Check etcd_ca_db exist
    46. 

  46.   stat:
    47. 

  47.     path: "{{ etcd_ca_db }}"
    48. 

  48.     get_checksum: false
    49. 

  49.     get_mime: false
    50. 

  50.   register: etcd_ca_db_check
    51. 

  51.   changed_when: false
    52. 

  52.   delegate_to: "{{ etcd_ca_host }}"
    53. 

  53.   run_once: true
    54. 

  54. 

  55. - name: Touch etcd_ca_db file
    56. 

  56.   file:
    57. 

  57.     path: "{{ etcd_ca_db }}"
    58. 

  58.     state: touch
    59. 

  59.   when: etcd_ca_db_check.stat.isreg is not defined
    60. 

  60.   delegate_to: "{{ etcd_ca_host }}"
    61. 

  61.   run_once: true
    62. 

  62. 

  63. - copy:
    64. 

  64.     dest: "{{ etcd_ca_serial }}"
    65. 

  65.     content: "01"
    66. 

  66.     force: no
    67. 

  67.   delegate_to: "{{ etcd_ca_host }}"
    68. 

  68.   run_once: true
    69. 

  69. 

  70. - name: Create etcd CA certificate
    71. 

  71.   command: >
    72. 

  72.     openssl req -config {{ etcd_openssl_conf }} -newkey rsa:4096
    73. 

  73.     -keyout {{ etcd_ca_key }} -new -out {{ etcd_ca_cert }}
    74. 

  74.     -x509 -extensions {{ etcd_ca_exts_self }} -batch -nodes
    75. 

  75.     -days {{ etcd_ca_default_days }}
    76. 

  76.     -subj /CN=etcd-signer@{{ ansible_date_time.epoch }}
    77. 

  77.   args:
    78. 

  78.     chdir: "{{ etcd_ca_dir }}"
    79. 

  79.     creates: "{{ etcd_ca_cert }}"
    80. 

  80.   environment:
    81. 

  81.     SAN: 'etcd-signer'
    82. 

  82.   delegate_to: "{{ etcd_ca_host }}"
    83. 

  83.   run_once: true
    84.