diff options
| author | Jeff Cantrill <jcantril@redhat.com> | 2016-11-29 16:31:13 -0500 |
|---|---|---|
| committer | Jeff Cantrill <jcantril@redhat.com> | 2017-01-17 11:45:04 -0500 |
| commit | 04c1500801f4d88635001bda1e4f73473fe8e33a (patch) | |
| tree | f2b5a87f6f793c5c1083b58e422c82ae30f793ab /roles/openshift_metrics/tasks/setup_certificate.yaml | |
| parent | e810fb6abab0c6fe9198bfc3f39c82ca8054f76e (diff) | |
| download | openshift-04c1500801f4d88635001bda1e4f73473fe8e33a.tar.gz openshift-04c1500801f4d88635001bda1e4f73473fe8e33a.tar.bz2 openshift-04c1500801f4d88635001bda1e4f73473fe8e33a.tar.xz openshift-04c1500801f4d88635001bda1e4f73473fe8e33a.zip | |
Bruno Barcarol GuimarĂ£es work to move metrics to ansible from deployer
Diffstat (limited to 'roles/openshift_metrics/tasks/setup_certificate.yaml')
| -rw-r--r-- | roles/openshift_metrics/tasks/setup_certificate.yaml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/roles/openshift_metrics/tasks/setup_certificate.yaml b/roles/openshift_metrics/tasks/setup_certificate.yaml new file mode 100644 index 000000000..46ac4ea7f --- /dev/null +++ b/roles/openshift_metrics/tasks/setup_certificate.yaml @@ -0,0 +1,50 @@ +--- +- name: generate {{ component }} keys + command: > + {{ openshift.common.admin_binary }} ca create-server-cert + --key='{{ mktemp.stdout }}/certs/{{ component }}.key' + --cert='{{ mktemp.stdout }}/certs/{{ component }}.crt' + --hostnames='{{ hostnames }}' + --signer-cert='{{ mktemp.stdout }}/certs/ca.crt' + --signer-key='{{ mktemp.stdout }}/certs/ca.key' + --signer-serial='{{ mktemp.stdout }}/certs/ca.serial.txt' +- name: generate {{ component }} certificate + shell: > + cat + '{{ mktemp.stdout|quote }}/certs/{{ component|quote }}.key' + '{{ mktemp.stdout|quote }}/certs/{{ component|quote }}.crt' + > '{{ mktemp.stdout|quote }}/certs/{{ component|quote }}.pem' +- name: generate random password for the {{ component }} keystore + shell: tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15 + register: keystore_pwd +- name: create the password file for {{ component }} + shell: > + echo '{{ keystore_pwd.stdout|quote }}' + > '{{ mktemp.stdout }}/certs/{{ component|quote }}-keystore.pwd' +- name: create the {{ component }} pkcs12 from the pem file + command: > + openssl pkcs12 -export + -in '{{ mktemp.stdout }}/certs/{{ component }}.pem' + -out '{{ mktemp.stdout }}/certs/{{ component }}.pkcs12' + -name '{{ component }}' -noiter -nomaciter + -password 'pass:{{ keystore_pwd.stdout }}' +- name: create the {{ component }} keystore from the pkcs12 file + command: > + keytool -v -importkeystore + -srckeystore '{{ mktemp.stdout }}/certs/{{ component }}.pkcs12' + -srcstoretype PKCS12 + -destkeystore '{{ mktemp.stdout }}/certs/{{ component }}.keystore' + -deststoretype JKS + -deststorepass '{{ keystore_pwd.stdout }}' + -srcstorepass '{{ keystore_pwd.stdout }}' +- name: create the {{ component }} certificate + command: > + keytool -noprompt -export + -alias '{{ component }}' + -file '{{ mktemp.stdout }}/certs/{{ component }}.cert' + -keystore '{{ mktemp.stdout }}/certs/{{ component }}.keystore' + -storepass '{{ keystore_pwd.stdout }}' +- name: generate random password for the {{ component }} truststore + shell: > + tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15 + > '{{ mktemp.stdout }}/certs/{{ component|quote }}-truststore.pwd' |