diff options
Diffstat (limited to 'roles/openshift_logging/tasks/procure_server_certs.yaml')
| -rw-r--r-- | roles/openshift_logging/tasks/procure_server_certs.yaml | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/roles/openshift_logging/tasks/procure_server_certs.yaml b/roles/openshift_logging/tasks/procure_server_certs.yaml index 44dd5e894..00de0ca06 100644 --- a/roles/openshift_logging/tasks/procure_server_certs.yaml +++ b/roles/openshift_logging/tasks/procure_server_certs.yaml @@ -11,42 +11,48 @@ - name: Trying to discover server cert variable name for {{ cert_info.procure_component }} set_fact: procure_component_crt={{ lookup('env', '{{cert_info.procure_component}}' + '_crt') }} - when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined + when: + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined check_mode: no - name: Trying to discover the server key variable name for {{ cert_info.procure_component }} set_fact: procure_component_key={{ lookup('env', '{{cert_info.procure_component}}' + '_key') }} - when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined + when: + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined check_mode: no - name: Creating signed server cert and key for {{ cert_info.procure_component }} command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig ca create-server-cert + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig ca create-server-cert --key={{generated_certs_dir}}/{{cert_info.procure_component}}.key --cert={{generated_certs_dir}}/{{cert_info.procure_component}}.crt --hostnames={{cert_info.hostnames|quote}} --signer-cert={{generated_certs_dir}}/ca.crt --signer-key={{generated_certs_dir}}/ca.key --signer-serial={{generated_certs_dir}}/ca.serial.txt check_mode: no when: - - cert_info.hostnames is defined - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists - name: Copying server key for {{ cert_info.procure_component }} to generated certs directory copy: content="{{procure_component_key}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.key check_mode: no when: - - cert_info.hostnames is undefined - - "{{ cert_info.procure_component }}_crt is defined" - - "{{ cert_info.procure_component }}_key is defined" - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists - name: Copying Server cert for {{ cert_info.procure_component }} to generated certs directory copy: content="{{procure_component_crt}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.crt check_mode: no when: - - cert_info.hostnames is undefined - - "{{ cert_info.procure_component }}_crt is defined" - - "{{ cert_info.procure_component }}_key is defined" - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists |