diff options
author | Jason DeTiberus <detiber@gmail.com> | 2016-05-26 13:06:56 -0400 |
---|---|---|
committer | Jason DeTiberus <detiber@gmail.com> | 2016-05-26 13:06:56 -0400 |
commit | b5cdb506d814723aa53c1389037d6b641dadb445 (patch) | |
tree | e7e1120e19b947a95132770a2b8530ff2f566eba /roles/openshift_ca | |
parent | 00eba039c9312fbd04cc05a8a890ef48f2311769 (diff) | |
parent | c9cd222f8eab56a31c6ff237739653672c7010af (diff) | |
download | openshift-b5cdb506d814723aa53c1389037d6b641dadb445.tar.gz openshift-b5cdb506d814723aa53c1389037d6b641dadb445.tar.bz2 openshift-b5cdb506d814723aa53c1389037d6b641dadb445.tar.xz openshift-b5cdb506d814723aa53c1389037d6b641dadb445.zip |
Merge pull request #1908 from abutcher/openshift-certificates
Refactor openshift certificate roles
Diffstat (limited to 'roles/openshift_ca')
-rw-r--r-- | roles/openshift_ca/README.md | 48 | ||||
-rw-r--r-- | roles/openshift_ca/meta/main.yml | 17 | ||||
-rw-r--r-- | roles/openshift_ca/tasks/main.yml | 56 | ||||
-rw-r--r-- | roles/openshift_ca/vars/main.yml | 6 |
4 files changed, 127 insertions, 0 deletions
diff --git a/roles/openshift_ca/README.md b/roles/openshift_ca/README.md new file mode 100644 index 000000000..96c9cd5f2 --- /dev/null +++ b/roles/openshift_ca/README.md @@ -0,0 +1,48 @@ +OpenShift CA +============ + +This role delegates all tasks to the `openshift_ca_host` such that this role can be depended on by other OpenShift certificate roles. + +Requirements +------------ + +Role Variables +-------------- + +From this role: + +| Name | Default value | Description | +|-------------------------|-----------------------------------------------|-----------------------------------------------------------------------------| +| openshift_ca_host | None (Required) | The hostname of the system where the OpenShift CA will be created. | +| openshift_ca_config_dir | `{{ openshift.common.config_base }}/master` | CA certificate directory. | +| openshift_ca_cert | `{{ openshift_ca_config_dir }}/ca.crt` | CA certificate path including CA certificate filename. | +| openshift_ca_key | `{{ openshift_ca_config_dir }}/ca.key` | CA key path including CA key filename. | +| openshift_ca_serial | `{{ openshift_ca_config_dir }}/ca.serial.txt` | CA serial path including CA serial filename. | +| openshift_version | `{{ openshift_pkg_version }}` | OpenShift package version. | + +Dependencies +------------ + +* openshift_repos +* openshift_cli + +Example Playbook +---------------- + +``` +- name: Create OpenShift CA + hosts: localhost + roles: + - role: openshift_ca + openshift_ca_host: master1.example.com +``` + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml new file mode 100644 index 000000000..0089f4209 --- /dev/null +++ b/roles/openshift_ca/meta/main.yml @@ -0,0 +1,17 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift CA + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9.4 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- role: openshift_repos +- role: openshift_cli diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml new file mode 100644 index 000000000..497473f22 --- /dev/null +++ b/roles/openshift_ca/tasks/main.yml @@ -0,0 +1,56 @@ +--- +- fail: + msg: "openshift_ca_host variable must be defined for this role" + when: openshift_ca_host is not defined + +- name: Install the base package for admin tooling + action: > + {{ ansible_pkg_mgr }} + name={{ openshift.common.service_type }}{{ openshift_version }} + state=present + when: not openshift.common.is_containerized | bool + register: install_result + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Reload generated facts + openshift_facts: + when: install_result | changed + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Create openshift_ca_config_dir if it does not exist + file: + path: "{{ openshift_ca_config_dir }}" + state: directory + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Determine if CA must be created + stat: + path: "{{ openshift_ca_config_dir }}/{{ item }}" + register: g_master_ca_stat_result + with_items: + - ca.crt + - ca.key + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- set_fact: + master_ca_missing: "{{ False in (g_master_ca_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Create the master certificates if they do not already exist + command: > + {{ openshift.common.admin_binary }} create-master-certs + --hostnames={{ openshift_master_hostnames | join(',') }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_ca_config_dir }} + --overwrite=false + when: hostvars[openshift_ca_host].master_ca_missing | bool + delegate_to: "{{ openshift_ca_host }}" + run_once: true diff --git a/roles/openshift_ca/vars/main.yml b/roles/openshift_ca/vars/main.yml new file mode 100644 index 000000000..a32e385ec --- /dev/null +++ b/roles/openshift_ca/vars/main.yml @@ -0,0 +1,6 @@ +--- +openshift_ca_config_dir: "{{ openshift.common.config_base }}/master" +openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt" +openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key" +openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt" +openshift_version: "{{ openshift_pkg_version | default('') }}" |