Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
shixiong
/
okd
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: a5f6e3f684
Atzari Tagi
okd
/
roles
/
openshift_metrics
/
tasks
/
setup_certificate.yaml

setup_certificate.yaml 2.5 KB
Vēsture Neapstrādāts

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. ---
    2. 

  2. - name: generate {{ component }} keys
    3. 

  3.   command: >
    4. 

  4.     {{ openshift.common.admin_binary }} ca create-server-cert
    5. 

  5.     --config={{ mktemp.stdout }}/admin.kubeconfig
    6. 

  6.     --key='{{ openshift_metrics_certs_dir }}/{{ component }}.key'
    7. 

  7.     --cert='{{ openshift_metrics_certs_dir }}/{{ component }}.crt'
    8. 

  8.     --hostnames='{{ hostnames }}'
    9. 

  9.     --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt'
    10. 

  10.     --signer-key='{{ openshift_metrics_certs_dir }}/ca.key'
    11. 

  11.     --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
    12. 

  12.   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.key'|exists
    13. 

  13. 

  14. - name: generate {{ component }} certificate
    15. 

  15.   shell: >
    16. 

  16.     cat
    17. 

  17.     '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.key'
    18. 

  18.     '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.crt'
    19. 

  19.     > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.pem'
    20. 

  20.   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists
    21. 

  21. 

  22. - name: generate random password for the {{ component }} keystore
    23. 

  23.   shell: >
    24. 

  24.     tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
    25. 

  25.     > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd'
    26. 

  26.   when: >
    27. 

  27.     not '{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'|exists
    28. 

  28. 

  29. - name: create the {{ component }} pkcs12 from the pem file
    30. 

  30.   command: >
    31. 

  31.     openssl pkcs12 -export
    32. 

  32.     -in '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'
    33. 

  33.     -out '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'
    34. 

  34.     -name '{{ component }}' -noiter -nomaciter
    35. 

  35.     -password
    36. 

  36.     'file:{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'
    37. 

  37.   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'|exists
    38. 

  38. 

  39. - name: create the {{ component }} keystore from the pkcs12 file
    40. 

  40.   shell: >
    41. 

  41.     p=$(< {{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd)
    42. 

  42.     &&
    43. 

  43.     keytool -v -importkeystore
    44. 

  44.     -srckeystore '{{ openshift_metrics_certs_dir | quote }}/{{ component | quote }}.pkcs12'
    45. 

  45.     -srcstoretype PKCS12
    46. 

  46.     -destkeystore '{{ openshift_metrics_certs_dir | quote }}/{{ component | quote}}.keystore'
    47. 

  47.     -deststoretype JKS
    48. 

  48.     -deststorepass "$p"
    49. 

  49.     -srcstorepass "$p"
    50. 

  50.   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.keystore'|exists
    51. 

  51. 

  52. - name: generate random password for the {{ component }} truststore
    53. 

  53.   shell: >
    54. 

  54.     tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
    55. 

  55.     > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-truststore.pwd'
    56. 

  56.   when: >
    57. 

  57.     not
    58. 

  58.     '{{ openshift_metrics_certs_dir | quote }}/{{ component| quote  }}-truststore.pwd'|exists
    59.