summaryrefslogtreecommitdiffstats
path: root/roles/etcd_certificates/tasks
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2016-04-20 12:20:12 -0400
committerAndrew Butcher <abutcher@redhat.com>2016-04-20 12:42:48 -0400
commit43fa4eff62f2497e3ac4dc589e657fbf15dd40ab (patch)
tree243f7d83aa92508a2212830133ff1af6c49ae6b4 /roles/etcd_certificates/tasks
parent1f490c2374038669df3d2bfcb01af54361f8907e (diff)
downloadopenshift-43fa4eff62f2497e3ac4dc589e657fbf15dd40ab.tar.gz
openshift-43fa4eff62f2497e3ac4dc589e657fbf15dd40ab.tar.bz2
openshift-43fa4eff62f2497e3ac4dc589e657fbf15dd40ab.tar.xz
openshift-43fa4eff62f2497e3ac4dc589e657fbf15dd40ab.zip
Use openshift_hostname/openshift_ip values for etcd configuration and certificates.
Diffstat (limited to 'roles/etcd_certificates/tasks')
-rw-r--r--roles/etcd_certificates/tasks/client.yml6
-rw-r--r--roles/etcd_certificates/tasks/server.yml12
2 files changed, 9 insertions, 9 deletions
diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml
index 6aa4883e0..7bf95809f 100644
--- a/roles/etcd_certificates/tasks/client.yml
+++ b/roles/etcd_certificates/tasks/client.yml
@@ -12,13 +12,13 @@
-config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}client.csr
-reqexts {{ etcd_req_ext }} -batch -nodes
- -subj /CN={{ item.openshift.common.hostname }}
+ -subj /CN={{ item.etcd_hostname }}
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'client.csr' }}"
environment:
- SAN: "IP:{{ item.openshift.common.ip }}"
+ SAN: "IP:{{ item.etcd_ip }}"
with_items: etcd_needing_client_certs
- name: Sign and create the client crt
@@ -32,7 +32,7 @@
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'client.crt' }}"
environment:
- SAN: "IP:{{ item.openshift.common.ip }}"
+ SAN: "IP:{{ item.etcd_ip }}"
with_items: etcd_needing_client_certs
- file:
diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml
index 3499dcbef..2589c5192 100644
--- a/roles/etcd_certificates/tasks/server.yml
+++ b/roles/etcd_certificates/tasks/server.yml
@@ -12,13 +12,13 @@
-config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}server.csr
-reqexts {{ etcd_req_ext }} -batch -nodes
- -subj /CN={{ item.openshift.common.hostname }}
+ -subj /CN={{ item.etcd_hostname }}
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'server.csr' }}"
environment:
- SAN: "IP:{{ etcd_host_int_map[item.inventory_hostname].interface.ipv4.address }}"
+ SAN: "IP:{{ item.etcd_ip }}"
with_items: etcd_needing_server_certs
- name: Sign and create the server crt
@@ -32,7 +32,7 @@
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'server.crt' }}"
environment:
- SAN: "IP:{{ etcd_host_int_map[item.inventory_hostname].interface.ipv4.address }}"
+ SAN: "IP:{{ item.etcd_ip }}"
with_items: etcd_needing_server_certs
- name: Create the peer csr
@@ -41,13 +41,13 @@
-config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}peer.csr
-reqexts {{ etcd_req_ext }} -batch -nodes
- -subj /CN={{ item.openshift.common.hostname }}
+ -subj /CN={{ item.etcd_hostname }}
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'peer.csr' }}"
environment:
- SAN: "IP:{{ etcd_host_int_map[item.inventory_hostname].interface.ipv4.address }}"
+ SAN: "IP:{{ item.etcd_ip }}"
with_items: etcd_needing_server_certs
- name: Sign and create the peer crt
@@ -61,7 +61,7 @@
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'peer.crt' }}"
environment:
- SAN: "IP:{{ etcd_host_int_map[item.inventory_hostname].interface.ipv4.address }}"
+ SAN: "IP:{{ item.etcd_ip }}"
with_items: etcd_needing_server_certs
- file: