summaryrefslogtreecommitdiffstats
path: root/roles/ansible_service_broker/tasks/generate_certs.yml
blob: 3da896548a26afb254a4d7266f75e9249edfbbf5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

---

- when: ansible_service_broker_certs_dir is undefined
  block:
  - name: Create ansible-service-broker cert directory
    file:
      path: "{{ openshift.common.config_base }}/ansible-service-broker"
      state: directory
      mode: 0755
    check_mode: no

  - name: Create self signing ca cert
    command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"'
    args:
      creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem'

  - name: Create self signed client cert
    command: '{{ item.cmd }}'
    args:
      creates: '{{ item.creates }}'
    with_items:
    - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048
      creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key'
    - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"'
      creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr'
    - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024
      creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem'

  - set_fact:
      ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker"

- name: Read in certs for etcd
  slurp:
    src: '{{ ansible_service_broker_certs_dir }}/{{ item }}'
  register: asb_etcd_certs
  with_items:
  - cert.pem
  - client.pem
  - client.key

- set_fact:
    etcd_ca_cert: "{{ asb_etcd_certs.results.0.content | b64decode }}"
    etcd_client_cert: "{{ asb_etcd_certs.results.1.content | b64decode }}"
    etcd_client_key: "{{ asb_etcd_certs.results.2.content | b64decode }}"
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-05 18:38:14 +0000