탐색 도움말
가입하기 로그인
shixiong
/
okd
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: b6ce046414
브랜치 태그
okd
/
roles
/
openshift_metrics
/
tasks
/
setup_certificate.yaml

setup_certificate.yaml 2.4 KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 
  1. ---
    2. 

  2. - name: generate {{ component }} keys
    3. 

  3.   command: >
    4. 

  4.     {{ openshift.common.admin_binary }} ca create-server-cert
    5. 

  5.     --key='{{ openshift_metrics_certs_dir }}/{{ component }}.key'
    6. 

  6.     --cert='{{ openshift_metrics_certs_dir }}/{{ component }}.crt'
    7. 

  7.     --hostnames='{{ hostnames }}'
    8. 

  8.     --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt'
    9. 

  9.     --signer-key='{{ openshift_metrics_certs_dir }}/ca.key'
    10. 

  10.     --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
    11. 

  11.   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.key'|exists
    12. 

  12. - name: generate {{ component }} certificate
    13. 

  13.   shell: >
    14. 

  14.     cat
    15. 

  15.     '{{ openshift_metrics_certs_dir }}/{{ component|quote }}.key'
    16. 

  16.     '{{ openshift_metrics_certs_dir }}/{{ component|quote }}.crt'
    17. 

  17.     > '{{ openshift_metrics_certs_dir }}/{{ component|quote }}.pem'
    18. 

  18.   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists
    19. 

  19. - name: generate random password for the {{ component }} keystore
    20. 

  20.   shell: >
    21. 

  21.     tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
    22. 

  22.     > '{{ openshift_metrics_certs_dir }}/{{ component|quote }}-keystore.pwd'
    23. 

  23.   when: >
    24. 

  24.     not '{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'|exists
    25. 

  25. - name: create the {{ component }} pkcs12 from the pem file
    26. 

  26.   command: >
    27. 

  27.     openssl pkcs12 -export
    28. 

  28.     -in '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'
    29. 

  29.     -out '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'
    30. 

  30.     -name '{{ component }}' -noiter -nomaciter
    31. 

  31.     -password
    32. 

  32.     'file:{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'
    33. 

  33.   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'|exists
    34. 

  34. - name: create the {{ component }} keystore from the pkcs12 file
    35. 

  35.   shell: >
    36. 

  36.     p=$(< {{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd)
    37. 

  37.     &&
    38. 

  38.     keytool -v -importkeystore
    39. 

  39.     -srckeystore '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'
    40. 

  40.     -srcstoretype PKCS12
    41. 

  41.     -destkeystore '{{ openshift_metrics_certs_dir }}/{{ component }}.keystore'
    42. 

  42.     -deststoretype JKS
    43. 

  43.     -deststorepass "$p"
    44. 

  44.     -srcstorepass "$p"
    45. 

  45.   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.keystore'|exists
    46. 

  46. - name: generate random password for the {{ component }} truststore
    47. 

  47.   shell: >
    48. 

  48.     tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
    49. 

  49.     > '{{ openshift_metrics_certs_dir }}/{{ component|quote }}-truststore.pwd'
    50. 

  50.   when: >
    51. 

  51.     not
    52. 

  52.     '{{ openshift_metrics_certs_dir }}/{{ component }}-truststore.pwd'|exists
    53.