diff options
-rw-r--r-- | playbooks/provisioning/openstack/README.md | 11 | ||||
-rw-r--r-- | playbooks/provisioning/openstack/custom-actions/add-cas.yml | 13 |
2 files changed, 24 insertions, 0 deletions
diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md index a277047e1..f11a9bd73 100644 --- a/playbooks/provisioning/openstack/README.md +++ b/playbooks/provisioning/openstack/README.md @@ -629,6 +629,16 @@ Example usage: ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml --extra-vars '{"registries": "reg1", "insecure_registries": ["ins_reg1","ins_reg2"]}' ``` +#### Adding extra CAs to the trust chain + +This playbook is also located in the [custom-actions](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions) directory. +It copies passed CAs to the trust chain location and updates the trust chain on each selected host. + +Example usage: +``` +ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-cas.yml --extra-vars '{"ca_files": [<absolute path to ca1 file>, <absolute path to ca2 file>]}' +``` + Please consider contributing your custom playbook back to openshift-ansible-contrib! A library of custom post-provision actions exists in `openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions`. Playbooks include: @@ -636,6 +646,7 @@ A library of custom post-provision actions exists in `openshift-ansible-contrib/ * [add-yum-repos.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-yum-repos.yml): adds a list of custom yum repositories to every node in the cluster * [add-rhn-pools.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): attaches a list of additional RHN pools to every node in the cluster * [add-docker-registry.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml): adds a list of docker registries to the docker configuration on every node in the cluster +* [add-cas.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): adds a list of CAs to the trust chain on every node in the cluster ### Install OpenShift diff --git a/playbooks/provisioning/openstack/custom-actions/add-cas.yml b/playbooks/provisioning/openstack/custom-actions/add-cas.yml new file mode 100644 index 000000000..b2c195f91 --- /dev/null +++ b/playbooks/provisioning/openstack/custom-actions/add-cas.yml @@ -0,0 +1,13 @@ +--- +- hosts: cluster_hosts + become: true + vars: + ca_files: [] + tasks: + - name: Copy CAs to the trusted CAs location + with_items: "{{ ca_files }}" + copy: + src: "{{ item }}" + dest: /etc/pki/ca-trust/source/anchors/ + - name: Update trusted CAs + shell: 'update-ca-trust enable && update-ca-trust extract' |