summaryrefslogtreecommitdiffstats
path: root/roles/openshift_ca
diff options
context:
space:
mode:
authorJason DeTiberus <detiber@gmail.com>2016-05-26 13:06:56 -0400
committerJason DeTiberus <detiber@gmail.com>2016-05-26 13:06:56 -0400
commitb5cdb506d814723aa53c1389037d6b641dadb445 (patch)
treee7e1120e19b947a95132770a2b8530ff2f566eba /roles/openshift_ca
parent00eba039c9312fbd04cc05a8a890ef48f2311769 (diff)
parentc9cd222f8eab56a31c6ff237739653672c7010af (diff)
downloadopenshift-b5cdb506d814723aa53c1389037d6b641dadb445.tar.gz
openshift-b5cdb506d814723aa53c1389037d6b641dadb445.tar.bz2
openshift-b5cdb506d814723aa53c1389037d6b641dadb445.tar.xz
openshift-b5cdb506d814723aa53c1389037d6b641dadb445.zip
Merge pull request #1908 from abutcher/openshift-certificates
Refactor openshift certificate roles
Diffstat (limited to 'roles/openshift_ca')
-rw-r--r--roles/openshift_ca/README.md48
-rw-r--r--roles/openshift_ca/meta/main.yml17
-rw-r--r--roles/openshift_ca/tasks/main.yml56
-rw-r--r--roles/openshift_ca/vars/main.yml6
4 files changed, 127 insertions, 0 deletions
diff --git a/roles/openshift_ca/README.md b/roles/openshift_ca/README.md
new file mode 100644
index 000000000..96c9cd5f2
--- /dev/null
+++ b/roles/openshift_ca/README.md
@@ -0,0 +1,48 @@
+OpenShift CA
+============
+
+This role delegates all tasks to the `openshift_ca_host` such that this role can be depended on by other OpenShift certificate roles.
+
+Requirements
+------------
+
+Role Variables
+--------------
+
+From this role:
+
+| Name | Default value | Description |
+|-------------------------|-----------------------------------------------|-----------------------------------------------------------------------------|
+| openshift_ca_host | None (Required) | The hostname of the system where the OpenShift CA will be created. |
+| openshift_ca_config_dir | `{{ openshift.common.config_base }}/master` | CA certificate directory. |
+| openshift_ca_cert | `{{ openshift_ca_config_dir }}/ca.crt` | CA certificate path including CA certificate filename. |
+| openshift_ca_key | `{{ openshift_ca_config_dir }}/ca.key` | CA key path including CA key filename. |
+| openshift_ca_serial | `{{ openshift_ca_config_dir }}/ca.serial.txt` | CA serial path including CA serial filename. |
+| openshift_version | `{{ openshift_pkg_version }}` | OpenShift package version. |
+
+Dependencies
+------------
+
+* openshift_repos
+* openshift_cli
+
+Example Playbook
+----------------
+
+```
+- name: Create OpenShift CA
+ hosts: localhost
+ roles:
+ - role: openshift_ca
+ openshift_ca_host: master1.example.com
+```
+
+License
+-------
+
+Apache License Version 2.0
+
+Author Information
+------------------
+
+Jason DeTiberus (jdetiber@redhat.com)
diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml
new file mode 100644
index 000000000..0089f4209
--- /dev/null
+++ b/roles/openshift_ca/meta/main.yml
@@ -0,0 +1,17 @@
+---
+galaxy_info:
+ author: Jason DeTiberus
+ description: OpenShift CA
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.9.4
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- role: openshift_repos
+- role: openshift_cli
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
new file mode 100644
index 000000000..497473f22
--- /dev/null
+++ b/roles/openshift_ca/tasks/main.yml
@@ -0,0 +1,56 @@
+---
+- fail:
+ msg: "openshift_ca_host variable must be defined for this role"
+ when: openshift_ca_host is not defined
+
+- name: Install the base package for admin tooling
+ action: >
+ {{ ansible_pkg_mgr }}
+ name={{ openshift.common.service_type }}{{ openshift_version }}
+ state=present
+ when: not openshift.common.is_containerized | bool
+ register: install_result
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Reload generated facts
+ openshift_facts:
+ when: install_result | changed
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Create openshift_ca_config_dir if it does not exist
+ file:
+ path: "{{ openshift_ca_config_dir }}"
+ state: directory
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Determine if CA must be created
+ stat:
+ path: "{{ openshift_ca_config_dir }}/{{ item }}"
+ register: g_master_ca_stat_result
+ with_items:
+ - ca.crt
+ - ca.key
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- set_fact:
+ master_ca_missing: "{{ False in (g_master_ca_stat_result.results
+ | oo_collect(attribute='stat.exists')
+ | list) }}"
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
+
+- name: Create the master certificates if they do not already exist
+ command: >
+ {{ openshift.common.admin_binary }} create-master-certs
+ --hostnames={{ openshift_master_hostnames | join(',') }}
+ --master={{ openshift.master.api_url }}
+ --public-master={{ openshift.master.public_api_url }}
+ --cert-dir={{ openshift_ca_config_dir }}
+ --overwrite=false
+ when: hostvars[openshift_ca_host].master_ca_missing | bool
+ delegate_to: "{{ openshift_ca_host }}"
+ run_once: true
diff --git a/roles/openshift_ca/vars/main.yml b/roles/openshift_ca/vars/main.yml
new file mode 100644
index 000000000..a32e385ec
--- /dev/null
+++ b/roles/openshift_ca/vars/main.yml
@@ -0,0 +1,6 @@
+---
+openshift_ca_config_dir: "{{ openshift.common.config_base }}/master"
+openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt"
+openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key"
+openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt"
+openshift_version: "{{ openshift_pkg_version | default('') }}"