From f3cafbe005d54aaea6e46f2f348b092e430531f2 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Fri, 17 Feb 2017 09:42:07 -0500 Subject: Removing cmd, fixed docs and comments. --- .../src/class/oc_adm_ca_server_cert.py | 17 +++--- roles/lib_openshift/src/doc/ca_server_cert | 61 ++-------------------- 2 files changed, 13 insertions(+), 65 deletions(-) (limited to 'roles/lib_openshift/src') diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py index 92505c08e..162f606f7 100644 --- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py @@ -1,16 +1,15 @@ # pylint: skip-file class CAServerCertConfig(OpenShiftCLIConfig): - ''' CertificateAuthorityConfig is a DTO for the oadm ca command ''' - def __init__(self, cmd, kubeconfig, verbose, ca_options): + ''' CAServerCertConfig is a DTO for the oc adm ca command ''' + def __init__(self, kubeconfig, verbose, ca_options): super(CertificateAuthorityConfig, self).__init__('ca', None, kubeconfig, ca_options) - self.cmd = cmd self.kubeconfig = kubeconfig self.verbose = verbose self._ca = ca_options class CAServerCert(OpenShiftCLI): - ''' Class to wrap the oc command line tools ''' + ''' Class to wrap the oc adm ca create-server-cert command line''' def __init__(self, config, verbose=False): @@ -31,11 +30,10 @@ class CAServerCert(OpenShiftCLI): return None def create(self): - '''run openshift ca cmd''' + '''run openshift oc adm ca create-server-cert cmd''' options = self.config.to_option_list() - cmd = ['ca'] - cmd.append(self.config.cmd) + cmd = ['ca', 'create-server-cert'] cmd.extend(options) return self.openshift_cmd(cmd, oadm=True) @@ -47,6 +45,8 @@ class CAServerCert(OpenShiftCLI): if not os.path.exists(cert_path): return False + # Would prefer pyopenssl but is not installed. + # When we verify it is, switch this code proc = subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', cert_path], stdout=subprocess.PIPE, stderr=subprocess.PIPE) stdout, stderr = proc.communicate() @@ -61,8 +61,7 @@ class CAServerCert(OpenShiftCLI): def run_ansible(params, check_mode): '''run the idempotent ansible code''' - config = CAServerCertConfig(params['cmd'], - params['kubeconfig'], + config = CAServerCertConfig(params['kubeconfig'], params['debug'], {'cert': {'value': params['cert'], 'include': True}, 'hostnames': {'value': ','.join(params['hostnames']), 'include': True}, diff --git a/roles/lib_openshift/src/doc/ca_server_cert b/roles/lib_openshift/src/doc/ca_server_cert index bf299f0cb..401caf1fc 100644 --- a/roles/lib_openshift/src/doc/ca_server_cert +++ b/roles/lib_openshift/src/doc/ca_server_cert @@ -3,18 +3,15 @@ DOCUMENTATION = ''' --- -module: oadm_ca -short_description: Module to manage openshift certificate authority +module: oc_adm_ca_server_cert +short_description: Module to run openshift oc adm ca create-server-cert description: - - Wrapper around the openshift `oc adm ca` command. + - Wrapper around the openshift `oc adm ca create-server-cert` command. options: state: description: - Present is the only supported state. The state present means that `oc adm ca` will generate a certificate - - When create-master-certs is desired then the following parameters are passed. - - ['cert_dir', 'hostnames', 'master', 'public_master', 'overwrite', 'signer_name'] - - When create-key-pair is desired then the following parameters are passed. - - ['private_key', 'public_key'] + - and verify if the hostnames and the ClusterIP exists in the certificate. - When create-server-cert is desired then the following parameters are passed. - ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial'] required: false @@ -34,22 +31,6 @@ options: required: false default: False aliases: [] - cmd: - description: - - The sub command given for `oc adm ca` - required: false - default: None - choices: - - create-master-certs - - create-key-pair - - create-server-cert - aliases: [] - cert_dir: - description: - - The certificate data directory. - required: false - default: None - aliases: [] cert: description: - The certificate file. Choose a name that indicates what the service is. @@ -86,43 +67,12 @@ options: required: false default: None aliases: [] - public_key: - description: - - The public key file used with create-key-pair - required: false - default: None - aliases: [] - private_key: - description: - - The private key file used with create-key-pair - required: false - default: None - aliases: [] - hostnames: description: - Every hostname or IP that server certs should be valid for (comma-delimited list) required: false default: None aliases: [] - master: - description: - - The API server's URL - required: false - default: None - aliases: [] - public_master: - description: - - The API public facing server's URL (if applicable) - required: false - default: None - aliases: [] - signer_name: - description: - - The name to use for the generated signer - required: false - default: None - aliases: [] author: - "Kenny Woodson " extends_documentation_fragment: [] @@ -130,8 +80,7 @@ extends_documentation_fragment: [] EXAMPLES = ''' - name: Create a self-signed cert - oadm_ca: - cmd: create-server-cert + oc_adm_ca_server_cert: signer_cert: /etc/origin/master/ca.crt signer_key: /etc/origin/master/ca.key signer_serial: /etc/origin/master/ca.serial.txt -- cgit v1.2.3