From d517312b0b14c632d66edfe191269e732242a101 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 15 Feb 2017 17:28:40 -0500 Subject: Fixing doc. --- roles/lib_openshift/library/oadm_ca.py | 130 ++++++++++++++------- .../src/ansible/oadm_certificate_authority.py | 3 +- roles/lib_openshift/src/doc/certificate_authority | 127 +++++++++++++------- 3 files changed, 174 insertions(+), 86 deletions(-) diff --git a/roles/lib_openshift/library/oadm_ca.py b/roles/lib_openshift/library/oadm_ca.py index 30490cc40..1482ab591 100644 --- a/roles/lib_openshift/library/oadm_ca.py +++ b/roles/lib_openshift/library/oadm_ca.py @@ -49,7 +49,7 @@ from ansible.module_utils.basic import AnsibleModule DOCUMENTATION = ''' --- -module: oc_secret +module: oadm_ca short_description: Module to manage openshift certificate authority description: - Wrapper around the openshift `oc adm ca` command. @@ -65,7 +65,8 @@ options: - ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial'] required: false default: present - choices: ["present"] + choices: + - present aliases: [] kubeconfig: description: @@ -91,54 +92,98 @@ options: aliases: [] cert_dir: description: - - The directory to place the certificates. + - The certificate data directory. + required: false + default: None + aliases: [] + cert: + description: + - The certificate file. Choose a name that indicates what the service is. + required: false + default: None + aliases: [] + key: + description: + - The key file. Choose a name that indicates what the service is. + required: false + default: None + aliases: [] + overwrite: + description: + - Overwrite existing cert files if found. If false, any existing file will be left as-is. required: false default: False aliases: [] + signer_cert: + description: + - The signer certificate file. + required: false + default: None + aliases: [] + signer_key: + description: + - The signer key file. + required: false + default: None + aliases: [] + signer_serial: + description: + - The signer serial file. + required: false + default: None + aliases: [] + public_key: + description: + - The public key file used with create-key-pair + required: false + default: None + aliases: [] + private_key: + description: + - The private key file used with create-key-pair + required: false + default: None + aliases: [] + + hostnames: + description: + - Every hostname or IP that server certs should be valid for (comma-delimited list) + required: false + default: None + aliases: [] + master: + description: + - The API server's URL + required: false + default: None + aliases: [] + public_master: + description: + - The API public facing server's URL (if applicable) + required: false + default: None + aliases: [] + signer_name: + description: + - The name to use for the generated signer + required: false + default: None + aliases: [] author: - "Kenny Woodson " extends_documentation_fragment: [] ''' EXAMPLES = ''' -- name: create secret - oc_secret: - state: present - namespace: openshift-infra - name: metrics-deployer - files: - - name: nothing - path: /dev/null - register: secretout - run_once: true - -- name: get ca from hawkular - oc_secret: - state: list - namespace: openshift-infra - name: hawkular-metrics-certificate - decode: True - register: hawkout - run_once: true - -- name: Create secrets - oc_secret: - namespace: mynamespace - name: mysecrets - contents: - - path: data.yml - data: "{{ data_content }}" - - path: auth-keys - data: "{{ auth_keys_content }}" - - path: configdata.yml - data: "{{ configdata_content }}" - - path: cert.crt - data: "{{ cert_content }}" - - path: key.pem - data: "{{ osso_site_key_content }}" - - path: ca.cert.pem - data: "{{ ca_cert_content }}" - register: secretout +- name: Create a self-signed cert + oadm_ca: + cmd: create-server-cert + signer_cert: /etc/origin/master/ca.crt + signer_key: /etc/origin/master/ca.key + signer_serial: /etc/origin/master/ca.serial.txt + hostnames: "registry.test.openshift.com,127.0.0.1,docker-registry.default.svc.cluster.local" + cert: /etc/origin/master/registry.crt + key: /etc/origin/master/registry.key ''' # -*- -*- -*- End included fragment: doc/certificate_authority -*- -*- -*- @@ -1402,8 +1447,7 @@ def main(): module = AnsibleModule( argument_spec=dict( - state=dict(default='present', type='str', - choices=['present']), + state=dict(default='present', type='str', choices=['present']), debug=dict(default=False, type='bool'), kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), cmd=dict(default=None, require=True, type='str'), diff --git a/roles/lib_openshift/src/ansible/oadm_certificate_authority.py b/roles/lib_openshift/src/ansible/oadm_certificate_authority.py index 856b06290..ad00b25b4 100644 --- a/roles/lib_openshift/src/ansible/oadm_certificate_authority.py +++ b/roles/lib_openshift/src/ansible/oadm_certificate_authority.py @@ -8,8 +8,7 @@ def main(): module = AnsibleModule( argument_spec=dict( - state=dict(default='present', type='str', - choices=['present']), + state=dict(default='present', type='str', choices=['present']), debug=dict(default=False, type='bool'), kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), cmd=dict(default=None, require=True, type='str'), diff --git a/roles/lib_openshift/src/doc/certificate_authority b/roles/lib_openshift/src/doc/certificate_authority index be6861444..bf299f0cb 100644 --- a/roles/lib_openshift/src/doc/certificate_authority +++ b/roles/lib_openshift/src/doc/certificate_authority @@ -3,7 +3,7 @@ DOCUMENTATION = ''' --- -module: oc_secret +module: oadm_ca short_description: Module to manage openshift certificate authority description: - Wrapper around the openshift `oc adm ca` command. @@ -19,7 +19,8 @@ options: - ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial'] required: false default: present - choices: ["present"] + choices: + - present aliases: [] kubeconfig: description: @@ -45,52 +46,96 @@ options: aliases: [] cert_dir: description: - - The directory to place the certificates. + - The certificate data directory. + required: false + default: None + aliases: [] + cert: + description: + - The certificate file. Choose a name that indicates what the service is. + required: false + default: None + aliases: [] + key: + description: + - The key file. Choose a name that indicates what the service is. + required: false + default: None + aliases: [] + overwrite: + description: + - Overwrite existing cert files if found. If false, any existing file will be left as-is. required: false default: False aliases: [] + signer_cert: + description: + - The signer certificate file. + required: false + default: None + aliases: [] + signer_key: + description: + - The signer key file. + required: false + default: None + aliases: [] + signer_serial: + description: + - The signer serial file. + required: false + default: None + aliases: [] + public_key: + description: + - The public key file used with create-key-pair + required: false + default: None + aliases: [] + private_key: + description: + - The private key file used with create-key-pair + required: false + default: None + aliases: [] + + hostnames: + description: + - Every hostname or IP that server certs should be valid for (comma-delimited list) + required: false + default: None + aliases: [] + master: + description: + - The API server's URL + required: false + default: None + aliases: [] + public_master: + description: + - The API public facing server's URL (if applicable) + required: false + default: None + aliases: [] + signer_name: + description: + - The name to use for the generated signer + required: false + default: None + aliases: [] author: - "Kenny Woodson " extends_documentation_fragment: [] ''' EXAMPLES = ''' -- name: create secret - oc_secret: - state: present - namespace: openshift-infra - name: metrics-deployer - files: - - name: nothing - path: /dev/null - register: secretout - run_once: true - -- name: get ca from hawkular - oc_secret: - state: list - namespace: openshift-infra - name: hawkular-metrics-certificate - decode: True - register: hawkout - run_once: true - -- name: Create secrets - oc_secret: - namespace: mynamespace - name: mysecrets - contents: - - path: data.yml - data: "{{ data_content }}" - - path: auth-keys - data: "{{ auth_keys_content }}" - - path: configdata.yml - data: "{{ configdata_content }}" - - path: cert.crt - data: "{{ cert_content }}" - - path: key.pem - data: "{{ osso_site_key_content }}" - - path: ca.cert.pem - data: "{{ ca_cert_content }}" - register: secretout +- name: Create a self-signed cert + oadm_ca: + cmd: create-server-cert + signer_cert: /etc/origin/master/ca.crt + signer_key: /etc/origin/master/ca.key + signer_serial: /etc/origin/master/ca.serial.txt + hostnames: "registry.test.openshift.com,127.0.0.1,docker-registry.default.svc.cluster.local" + cert: /etc/origin/master/registry.crt + key: /etc/origin/master/registry.key ''' -- cgit v1.2.3