diff options
author | Tlacenka <tlacencin@gmail.com> | 2017-10-18 12:55:58 +0200 |
---|---|---|
committer | Tomas Sedovic <tomas@sedovic.cz> | 2017-10-18 12:55:58 +0200 |
commit | 3823c72af11f77b9639176921b398fbab2ac04fd (patch) | |
tree | 7ae3f886bfc98fa23376f2450aad5c886ecb66eb | |
parent | d2ff422b284f04b8a19ad4c6aa388ba397d915e1 (diff) | |
download | openshift-3823c72af11f77b9639176921b398fbab2ac04fd.tar.gz openshift-3823c72af11f77b9639176921b398fbab2ac04fd.tar.bz2 openshift-3823c72af11f77b9639176921b398fbab2ac04fd.tar.xz openshift-3823c72af11f77b9639176921b398fbab2ac04fd.zip |
Add Extra CAs (custom post-provision action) (#801)
* add cas: playbook adding new CAs created
* add CAs: README updated, bug fixes
* README: improvements
* README: minor fixes
* README: removed code snippet
* README: fix
-rw-r--r-- | playbooks/provisioning/openstack/README.md | 11 | ||||
-rw-r--r-- | playbooks/provisioning/openstack/custom-actions/add-cas.yml | 13 |
2 files changed, 24 insertions, 0 deletions
diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index a277047e1..f11a9bd73 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -629,6 +629,16 @@ Example usage: ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml --extra-vars '{"registries": "reg1", "insecure_registries": ["ins_reg1","ins_reg2"]}' ``` +#### Adding extra CAs to the trust chain + +This playbook is also located in the [custom-actions](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions) directory. +It copies passed CAs to the trust chain location and updates the trust chain on each selected host. + +Example usage: +``` +ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-cas.yml --extra-vars '{"ca_files": [<absolute path to ca1 file>, <absolute path to ca2 file>]}' +``` + Please consider contributing your custom playbook back to openshift-ansible-contrib! A library of custom post-provision actions exists in `openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions`. Playbooks include: @@ -636,6 +646,7 @@ A library of custom post-provision actions exists in `openshift-ansible-contrib/ * [add-yum-repos.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-yum-repos.yml): adds a list of custom yum repositories to every node in the cluster * [add-rhn-pools.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): attaches a list of additional RHN pools to every node in the cluster * [add-docker-registry.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml): adds a list of docker registries to the docker configuration on every node in the cluster +* [add-cas.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): adds a list of CAs to the trust chain on every node in the cluster ### Install OpenShift diff --git a/playbooks/provisioning/openstack/custom-actions/add-cas.yml b/playbooks/provisioning/openstack/custom-actions/add-cas.yml new file mode 100644 index 000000000..b2c195f91 --- /dev/null +++ b/playbooks/provisioning/openstack/custom-actions/add-cas.yml @@ -0,0 +1,13 @@ +--- +- hosts: cluster_hosts + become: true + vars: + ca_files: [] + tasks: + - name: Copy CAs to the trusted CAs location + with_items: "{{ ca_files }}" + copy: + src: "{{ item }}" + dest: /etc/pki/ca-trust/source/anchors/ + - name: Update trusted CAs + shell: 'update-ca-trust enable && update-ca-trust extract' |