Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
shixiong
/
okd
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Tree: e2d0ebb3bf
Branches Tags
okd
/
roles
/
openshift_service_catalog
/
tasks
/
generate_certs.yml

generate_certs.yml 2.3 KB
Lịch sử Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. ---
    2. 

  2. - name: Create service catalog cert directory
    3. 

  3.   file:
    4. 

  4.     path: "{{ openshift.common.config_base }}/service-catalog"
    5. 

  5.     state: directory
    6. 

  6.     mode: 0755
    7. 

  7.   changed_when: False
    8. 

  8.   check_mode: no
    9. 

  9. 

  10. - set_fact:
    11. 

  11.     generated_certs_dir: "{{ openshift.common.config_base }}/service-catalog"
    12. 

  12. 

  13. - name: Generate signing cert
    14. 

  14.   command: >
    15. 

  15.     {{ openshift.common.client_binary }} adm --config=/etc/origin/master/admin.kubeconfig ca create-signer-cert
    16. 

  16.     --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt
    17. 

  17.     --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer
    18. 

  18. 

  19. - name: Generating server keys
    20. 

  20.   oc_adm_ca_server_cert:
    21. 

  21.     cert: "{{ generated_certs_dir }}/apiserver.crt"
    22. 

  22.     key: "{{ generated_certs_dir }}/apiserver.key"
    23. 

  23.     hostnames: "apiserver.kube-service-catalog.svc,apiserver.kube-service-catalog.svc.cluster.local,apiserver.kube-service-catalog"
    24. 

  24.     signer_cert: "{{ generated_certs_dir }}/ca.crt"
    25. 

  25.     signer_key: "{{ generated_certs_dir }}/ca.key"
    26. 

  26.     signer_serial: "{{ generated_certs_dir }}/apiserver.serial.txt"
    27. 

  27. 

  28. - name: Create apiserver-ssl secret
    29. 

  29.   oc_secret:
    30. 

  30.     state: present
    31. 

  31.     name: apiserver-ssl
    32. 

  32.     namespace: kube-service-catalog
    33. 

  33.     files:
    34. 

  34.     - name: tls.crt
    35. 

  35.       path: "{{ generated_certs_dir }}/apiserver.crt"
    36. 

  36.     - name: tls.key
    37. 

  37.       path: "{{ generated_certs_dir }}/apiserver.key"
    38. 

  38. 

  39. - slurp:
    40. 

  40.     src: "{{ generated_certs_dir }}/ca.crt"
    41. 

  41.   register: apiserver_ca
    42. 

  42. 

  43. - shell: >
    44. 

  44.     oc get apiservices.apiregistration.k8s.io/v1alpha1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found"
    45. 

  45.   register: get_apiservices
    46. 

  46.   changed_when: no
    47. 

  47. 

  48. - name: Create api service
    49. 

  49.   oc_obj:
    50. 

  50.     state: present
    51. 

  51.     name: v1alpha1.servicecatalog.k8s.io
    52. 

  52.     kind: apiservices.apiregistration.k8s.io
    53. 

  53.     namespace: "kube-service-catalog"
    54. 

  54.     content:
    55. 

  55.       path: /tmp/apisvcout
    56. 

  56.       data:
    57. 

  57.         apiVersion: apiregistration.k8s.io/v1beta1
    58. 

  58.         kind: APIService
    59. 

  59.         metadata:
    60. 

  60.           name: v1alpha1.servicecatalog.k8s.io
    61. 

  61.         spec:
    62. 

  62.           group: servicecatalog.k8s.io
    63. 

  63.           version: v1alpha1
    64. 

  64.           service:
    65. 

  65.             namespace: "kube-service-catalog"
    66. 

  66.             name: apiserver
    67. 

  67.           caBundle: "{{ apiserver_ca.content }}"
    68. 

  68.           groupPriorityMinimum: 20
    69. 

  69.           versionPriority: 10
    70. 

  70.   when: "'not found' in get_apiservices.stdout"
    71.