diff options
author | Jan Chaloupka <jchaloup@redhat.com> | 2017-09-14 12:10:15 +0200 |
---|---|---|
committer | Jan Chaloupka <jchaloup@redhat.com> | 2017-09-18 20:16:24 +0200 |
commit | 99745a04223f2ed8111b5eb4b49d2bcfec9e678f (patch) | |
tree | 978e10f97d6e223866523e507ece55b6ff796df9 /roles/etcd_client_certificates | |
parent | 74d245fbab25d91a989fc7263ae3e8827267510c (diff) | |
download | openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.gz openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.bz2 openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.tar.xz openshift-99745a04223f2ed8111b5eb4b49d2bcfec9e678f.zip |
Consolidate etcd certs roles
This is a part of the etcd_ like role consolidationi into an action-based role.
As part of the consilidation some roles have been removed and some replaced by
include_role module. Resulting in reorder and shift of role dependencies
from a role into a play.
Diffstat (limited to 'roles/etcd_client_certificates')
-rw-r--r-- | roles/etcd_client_certificates/README.md | 34 | ||||
-rw-r--r-- | roles/etcd_client_certificates/meta/main.yml | 16 | ||||
-rw-r--r-- | roles/etcd_client_certificates/tasks/main.yml | 138 |
3 files changed, 0 insertions, 188 deletions
diff --git a/roles/etcd_client_certificates/README.md b/roles/etcd_client_certificates/README.md deleted file mode 100644 index 269d5296d..000000000 --- a/roles/etcd_client_certificates/README.md +++ /dev/null @@ -1,34 +0,0 @@ -OpenShift Etcd Certificates -=========================== - -TODO - -Requirements ------------- - -TODO - -Role Variables --------------- - -TODO - -Dependencies ------------- - -TODO - -Example Playbook ----------------- - -TODO - -License -------- - -Apache License Version 2.0 - -Author Information ------------------- - -Scott Dodson (sdodson@redhat.com) diff --git a/roles/etcd_client_certificates/meta/main.yml b/roles/etcd_client_certificates/meta/main.yml deleted file mode 100644 index efebdb599..000000000 --- a/roles/etcd_client_certificates/meta/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -galaxy_info: - author: Jason DeTiberus - description: Etcd Client Certificates - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.1 - platforms: - - name: EL - versions: - - 7 - categories: - - cloud - - system -dependencies: -- role: etcd_common diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml deleted file mode 100644 index bbd29ece1..000000000 --- a/roles/etcd_client_certificates/tasks/main.yml +++ /dev/null @@ -1,138 +0,0 @@ ---- -- name: Ensure CA certificate exists on etcd_ca_host - stat: - path: "{{ etcd_ca_cert }}" - register: g_ca_cert_stat_result - delegate_to: "{{ etcd_ca_host }}" - run_once: true - -- fail: - msg: > - CA certificate {{ etcd_ca_cert }} doesn't exist on CA host - {{ etcd_ca_host }}. Apply 'etcd_ca' role to - {{ etcd_ca_host }}. - when: not g_ca_cert_stat_result.stat.exists | bool - run_once: true - -- name: Check status of external etcd certificatees - stat: - path: "{{ etcd_cert_config_dir }}/{{ item }}" - with_items: - - "{{ etcd_cert_prefix }}client.crt" - - "{{ etcd_cert_prefix }}client.key" - - "{{ etcd_cert_prefix }}ca.crt" - register: g_external_etcd_cert_stat_result - when: not etcd_certificates_redeploy | default(false) | bool - -- set_fact: - etcd_client_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool - else (False in (g_external_etcd_cert_stat_result.results - | default({}) - | oo_collect(attribute='stat.exists') - | list)) }}" - -- name: Ensure generated_certs directory present - file: - path: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" - state: directory - mode: 0700 - when: etcd_client_certs_missing | bool - delegate_to: "{{ etcd_ca_host }}" - -- name: Create the client csr - command: > - openssl req -new -keyout {{ etcd_cert_prefix }}client.key - -config {{ etcd_openssl_conf }} - -out {{ etcd_cert_prefix }}client.csr - -reqexts {{ etcd_req_ext }} -batch -nodes - -subj /CN={{ etcd_hostname }} - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' - ~ etcd_cert_prefix ~ 'client.csr' }}" - environment: - SAN: "IP:{{ etcd_ip }},DNS:{{ etcd_hostname }}" - when: etcd_client_certs_missing | bool - delegate_to: "{{ etcd_ca_host }}" - -# Certificates must be signed serially in order to avoid competing -# for the serial file. -- name: Sign and create the client crt - delegated_serial_command: - command: > - openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} - -out {{ etcd_cert_prefix }}client.crt - -in {{ etcd_cert_prefix }}client.csr - -batch - chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' - ~ etcd_cert_prefix ~ 'client.crt' }}" - environment: - SAN: "IP:{{ etcd_ip }}" - when: etcd_client_certs_missing | bool - delegate_to: "{{ etcd_ca_host }}" - -- file: - src: "{{ etcd_ca_cert }}" - dest: "{{ etcd_generated_certs_dir}}/{{ etcd_cert_subdir }}/{{ etcd_cert_prefix }}ca.crt" - state: hard - when: etcd_client_certs_missing | bool - delegate_to: "{{ etcd_ca_host }}" - -- name: Create local temp directory for syncing certs - local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX - register: g_etcd_client_mktemp - changed_when: False - when: etcd_client_certs_missing | bool - become: no - -- name: Create a tarball of the etcd certs - command: > - tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz - -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} . - args: - creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" - # Disables the following warning: - # Consider using unarchive module rather than running tar - warn: no - when: etcd_client_certs_missing | bool - delegate_to: "{{ etcd_ca_host }}" - -- name: Retrieve the etcd cert tarballs - fetch: - src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" - dest: "{{ g_etcd_client_mktemp.stdout }}/" - flat: yes - fail_on_missing: yes - validate_checksum: yes - when: etcd_client_certs_missing | bool - delegate_to: "{{ etcd_ca_host }}" - -- name: Ensure certificate directory exists - file: - path: "{{ etcd_cert_config_dir }}" - state: directory - when: etcd_client_certs_missing | bool - -- name: Unarchive etcd cert tarballs - unarchive: - src: "{{ g_etcd_client_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz" - dest: "{{ etcd_cert_config_dir }}" - when: etcd_client_certs_missing | bool - -- file: - path: "{{ etcd_cert_config_dir }}/{{ item }}" - owner: root - group: root - mode: 0600 - with_items: - - "{{ etcd_cert_prefix }}client.crt" - - "{{ etcd_cert_prefix }}client.key" - - "{{ etcd_cert_prefix }}ca.crt" - when: etcd_client_certs_missing | bool - -- name: Delete temporary directory - local_action: file path="{{ g_etcd_client_mktemp.stdout }}" state=absent - changed_when: False - when: etcd_client_certs_missing | bool - become: no |