summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2017-02-15 17:28:40 -0500
committerKenny Woodson <kwoodson@redhat.com>2017-02-20 20:12:16 -0500
commitd517312b0b14c632d66edfe191269e732242a101 (patch)
treefbfaad1031a74aa914629750e6aedcf6c7f05b28
parent0460d54961753bc3bdab4038a1946de08d11097c (diff)
downloadopenshift-d517312b0b14c632d66edfe191269e732242a101.tar.gz
openshift-d517312b0b14c632d66edfe191269e732242a101.tar.bz2
openshift-d517312b0b14c632d66edfe191269e732242a101.tar.xz
openshift-d517312b0b14c632d66edfe191269e732242a101.zip
Fixing doc.
-rw-r--r--roles/lib_openshift/library/oadm_ca.py130
-rw-r--r--roles/lib_openshift/src/ansible/oadm_certificate_authority.py3
-rw-r--r--roles/lib_openshift/src/doc/certificate_authority127
3 files changed, 174 insertions, 86 deletions
diff --git a/roles/lib_openshift/library/oadm_ca.py b/roles/lib_openshift/library/oadm_ca.py
index 30490cc40..1482ab591 100644
--- a/roles/lib_openshift/library/oadm_ca.py
+++ b/roles/lib_openshift/library/oadm_ca.py
@@ -49,7 +49,7 @@ from ansible.module_utils.basic import AnsibleModule
DOCUMENTATION = '''
---
-module: oc_secret
+module: oadm_ca
short_description: Module to manage openshift certificate authority
description:
- Wrapper around the openshift `oc adm ca` command.
@@ -65,7 +65,8 @@ options:
- ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial']
required: false
default: present
- choices: ["present"]
+ choices:
+ - present
aliases: []
kubeconfig:
description:
@@ -91,54 +92,98 @@ options:
aliases: []
cert_dir:
description:
- - The directory to place the certificates.
+ - The certificate data directory.
+ required: false
+ default: None
+ aliases: []
+ cert:
+ description:
+ - The certificate file. Choose a name that indicates what the service is.
+ required: false
+ default: None
+ aliases: []
+ key:
+ description:
+ - The key file. Choose a name that indicates what the service is.
+ required: false
+ default: None
+ aliases: []
+ overwrite:
+ description:
+ - Overwrite existing cert files if found. If false, any existing file will be left as-is.
required: false
default: False
aliases: []
+ signer_cert:
+ description:
+ - The signer certificate file.
+ required: false
+ default: None
+ aliases: []
+ signer_key:
+ description:
+ - The signer key file.
+ required: false
+ default: None
+ aliases: []
+ signer_serial:
+ description:
+ - The signer serial file.
+ required: false
+ default: None
+ aliases: []
+ public_key:
+ description:
+ - The public key file used with create-key-pair
+ required: false
+ default: None
+ aliases: []
+ private_key:
+ description:
+ - The private key file used with create-key-pair
+ required: false
+ default: None
+ aliases: []
+
+ hostnames:
+ description:
+ - Every hostname or IP that server certs should be valid for (comma-delimited list)
+ required: false
+ default: None
+ aliases: []
+ master:
+ description:
+ - The API server's URL
+ required: false
+ default: None
+ aliases: []
+ public_master:
+ description:
+ - The API public facing server's URL (if applicable)
+ required: false
+ default: None
+ aliases: []
+ signer_name:
+ description:
+ - The name to use for the generated signer
+ required: false
+ default: None
+ aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
'''
EXAMPLES = '''
-- name: create secret
- oc_secret:
- state: present
- namespace: openshift-infra
- name: metrics-deployer
- files:
- - name: nothing
- path: /dev/null
- register: secretout
- run_once: true
-
-- name: get ca from hawkular
- oc_secret:
- state: list
- namespace: openshift-infra
- name: hawkular-metrics-certificate
- decode: True
- register: hawkout
- run_once: true
-
-- name: Create secrets
- oc_secret:
- namespace: mynamespace
- name: mysecrets
- contents:
- - path: data.yml
- data: "{{ data_content }}"
- - path: auth-keys
- data: "{{ auth_keys_content }}"
- - path: configdata.yml
- data: "{{ configdata_content }}"
- - path: cert.crt
- data: "{{ cert_content }}"
- - path: key.pem
- data: "{{ osso_site_key_content }}"
- - path: ca.cert.pem
- data: "{{ ca_cert_content }}"
- register: secretout
+- name: Create a self-signed cert
+ oadm_ca:
+ cmd: create-server-cert
+ signer_cert: /etc/origin/master/ca.crt
+ signer_key: /etc/origin/master/ca.key
+ signer_serial: /etc/origin/master/ca.serial.txt
+ hostnames: "registry.test.openshift.com,127.0.0.1,docker-registry.default.svc.cluster.local"
+ cert: /etc/origin/master/registry.crt
+ key: /etc/origin/master/registry.key
'''
# -*- -*- -*- End included fragment: doc/certificate_authority -*- -*- -*-
@@ -1402,8 +1447,7 @@ def main():
module = AnsibleModule(
argument_spec=dict(
- state=dict(default='present', type='str',
- choices=['present']),
+ state=dict(default='present', type='str', choices=['present']),
debug=dict(default=False, type='bool'),
kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
cmd=dict(default=None, require=True, type='str'),
diff --git a/roles/lib_openshift/src/ansible/oadm_certificate_authority.py b/roles/lib_openshift/src/ansible/oadm_certificate_authority.py
index 856b06290..ad00b25b4 100644
--- a/roles/lib_openshift/src/ansible/oadm_certificate_authority.py
+++ b/roles/lib_openshift/src/ansible/oadm_certificate_authority.py
@@ -8,8 +8,7 @@ def main():
module = AnsibleModule(
argument_spec=dict(
- state=dict(default='present', type='str',
- choices=['present']),
+ state=dict(default='present', type='str', choices=['present']),
debug=dict(default=False, type='bool'),
kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
cmd=dict(default=None, require=True, type='str'),
diff --git a/roles/lib_openshift/src/doc/certificate_authority b/roles/lib_openshift/src/doc/certificate_authority
index be6861444..bf299f0cb 100644
--- a/roles/lib_openshift/src/doc/certificate_authority
+++ b/roles/lib_openshift/src/doc/certificate_authority
@@ -3,7 +3,7 @@
DOCUMENTATION = '''
---
-module: oc_secret
+module: oadm_ca
short_description: Module to manage openshift certificate authority
description:
- Wrapper around the openshift `oc adm ca` command.
@@ -19,7 +19,8 @@ options:
- ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial']
required: false
default: present
- choices: ["present"]
+ choices:
+ - present
aliases: []
kubeconfig:
description:
@@ -45,52 +46,96 @@ options:
aliases: []
cert_dir:
description:
- - The directory to place the certificates.
+ - The certificate data directory.
+ required: false
+ default: None
+ aliases: []
+ cert:
+ description:
+ - The certificate file. Choose a name that indicates what the service is.
+ required: false
+ default: None
+ aliases: []
+ key:
+ description:
+ - The key file. Choose a name that indicates what the service is.
+ required: false
+ default: None
+ aliases: []
+ overwrite:
+ description:
+ - Overwrite existing cert files if found. If false, any existing file will be left as-is.
required: false
default: False
aliases: []
+ signer_cert:
+ description:
+ - The signer certificate file.
+ required: false
+ default: None
+ aliases: []
+ signer_key:
+ description:
+ - The signer key file.
+ required: false
+ default: None
+ aliases: []
+ signer_serial:
+ description:
+ - The signer serial file.
+ required: false
+ default: None
+ aliases: []
+ public_key:
+ description:
+ - The public key file used with create-key-pair
+ required: false
+ default: None
+ aliases: []
+ private_key:
+ description:
+ - The private key file used with create-key-pair
+ required: false
+ default: None
+ aliases: []
+
+ hostnames:
+ description:
+ - Every hostname or IP that server certs should be valid for (comma-delimited list)
+ required: false
+ default: None
+ aliases: []
+ master:
+ description:
+ - The API server's URL
+ required: false
+ default: None
+ aliases: []
+ public_master:
+ description:
+ - The API public facing server's URL (if applicable)
+ required: false
+ default: None
+ aliases: []
+ signer_name:
+ description:
+ - The name to use for the generated signer
+ required: false
+ default: None
+ aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
'''
EXAMPLES = '''
-- name: create secret
- oc_secret:
- state: present
- namespace: openshift-infra
- name: metrics-deployer
- files:
- - name: nothing
- path: /dev/null
- register: secretout
- run_once: true
-
-- name: get ca from hawkular
- oc_secret:
- state: list
- namespace: openshift-infra
- name: hawkular-metrics-certificate
- decode: True
- register: hawkout
- run_once: true
-
-- name: Create secrets
- oc_secret:
- namespace: mynamespace
- name: mysecrets
- contents:
- - path: data.yml
- data: "{{ data_content }}"
- - path: auth-keys
- data: "{{ auth_keys_content }}"
- - path: configdata.yml
- data: "{{ configdata_content }}"
- - path: cert.crt
- data: "{{ cert_content }}"
- - path: key.pem
- data: "{{ osso_site_key_content }}"
- - path: ca.cert.pem
- data: "{{ ca_cert_content }}"
- register: secretout
+- name: Create a self-signed cert
+ oadm_ca:
+ cmd: create-server-cert
+ signer_cert: /etc/origin/master/ca.crt
+ signer_key: /etc/origin/master/ca.key
+ signer_serial: /etc/origin/master/ca.serial.txt
+ hostnames: "registry.test.openshift.com,127.0.0.1,docker-registry.default.svc.cluster.local"
+ cert: /etc/origin/master/registry.crt
+ key: /etc/origin/master/registry.key
'''