diff options
| author | Andrew Butcher <abutcher@redhat.com> | 2016-09-13 16:33:26 -0400 |
|---|---|---|
| committer | Andrew Butcher <abutcher@redhat.com> | 2016-09-14 10:47:04 -0400 |
| commit | 3e5d38caf39d53c917a78542a04ebb6a109e7e6f (patch) | |
| tree | 11d949640205db7c43269fcb73c49e2b74a75e2e /playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml | |
| parent | e1ce7d7b305cf5dc2cd7077a462416155fc89be7 (diff) | |
| download | openshift-3e5d38caf39d53c917a78542a04ebb6a109e7e6f.tar.gz openshift-3e5d38caf39d53c917a78542a04ebb6a109e7e6f.tar.bz2 openshift-3e5d38caf39d53c917a78542a04ebb6a109e7e6f.tar.xz openshift-3e5d38caf39d53c917a78542a04ebb6a109e7e6f.zip | |
[upgrade] Create/configure service signer cert when missing.
Diffstat (limited to 'playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml')
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml new file mode 100644 index 000000000..e8a20aa2b --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml @@ -0,0 +1,69 @@ +--- +- name: Create local temp directory for syncing certs + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: local_cert_sync_tmpdir + changed_when: false + +- name: Create service signer certificate + hosts: oo_first_master + tasks: + - name: Create remote temp directory for creating certs + command: mktemp -d /tmp/openshift-ansible-XXXXXXX + register: remote_cert_create_tmpdir + changed_when: false + + - name: Create service signer certificate + command: > + {{ openshift.common.admin_binary }} ca create-signer-cert + --cert=service-signer.crt + --key=service-signer.key + --name=openshift-service-serving-signer + --serial=service-signer.serial.txt + args: + chdir: "{{ remote_cert_create_tmpdir.stdout }}/" + + - name: Retrieve service signer certificate + fetch: + src: "{{ remote_cert_create_tmpdir.stdout }}/{{ item }}" + dest: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + with_items: + - "service-signer.crt" + - "service-signer.key" + + - name: Delete remote temp directory + file: + name: "{{ remote_cert_create_tmpdir.stdout }}" + state: absent + changed_when: false + +- name: Deploy service signer certificate + hosts: oo_masters_to_config + tasks: + - name: Deploy service signer certificate + copy: + src: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/{{ item }}" + dest: "{{ openshift.common.config_base }}/master/" + with_items: + - "service-signer.crt" + - "service-signer.key" + +- name: Delete local temp directory + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Delete local temp directory + file: + name: "{{ local_cert_sync_tmpdir.stdout }}" + state: absent + changed_when: false |