blob: 7f2be4adab5c27e6df33ac38df122190456cae75 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
# flake8: noqa
# pylint: skip-file
DOCUMENTATION = '''
---
module: oc_adm_ca_server_cert
short_description: Module to run openshift oc adm ca create-server-cert
description:
- Wrapper around the openshift `oc adm ca create-server-cert` command.
options:
state:
description:
- Present is the only supported state. The state present means that `oc adm ca` will generate a certificate
- and verify if the hostnames and the ClusterIP exists in the certificate.
- When create-server-cert is desired then the following parameters are passed.
- ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial']
required: false
default: present
choices:
- present
aliases: []
kubeconfig:
description:
- The path for the kubeconfig file to use for authentication
required: false
default: /etc/origin/master/admin.kubeconfig
aliases: []
debug:
description:
- Turn on debug output.
required: false
default: False
aliases: []
cert:
description:
- The certificate file. Choose a name that indicates what the service is.
required: false
default: None
aliases: []
key:
description:
- The key file. Choose a name that indicates what the service is.
required: false
default: None
aliases: []
force:
description:
- Force updating of the existing cert and key files
required: false
default: False
aliases: []
signer_cert:
description:
- The signer certificate file.
required: false
default: /etc/origin/master/ca.crt
aliases: []
signer_key:
description:
- The signer key file.
required: false
default: /etc/origin/master/ca.key
aliases: []
signer_serial:
description:
- The signer serial file.
required: false
default: /etc/origin/master/ca.serial.txt
aliases: []
hostnames:
description:
- Every hostname or IP that server certs should be valid for
required: false
default: []
aliases: []
backup:
description:
- Whether to backup the cert and key files before writing them.
required: false
default: True
aliases: []
expire_days:
description
- Validity of the certificate in days
required: false
default: None
aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
'''
EXAMPLES = '''
- name: Create a self-signed cert
oc_adm_ca_server_cert:
signer_cert: /etc/origin/master/ca.crt
signer_key: /etc/origin/master/ca.key
signer_serial: /etc/origin/master/ca.serial.txt
hostnames: "registry.test.openshift.com,127.0.0.1,docker-registry.default.svc.cluster.local"
cert: /etc/origin/master/registry.crt
key: /etc/origin/master/registry.key
'''
|
