summaryrefslogtreecommitdiffstats
path: root/roles/openshift_logging/tasks/procure_server_certs.yaml
blob: bc817075d42c2121145561bc7fb2d0f3834008a5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
---
- name: Checking for {{ cert_info.procure_component }}.crt
  stat: path="{{generated_certs_dir}}/{{ cert_info.procure_component }}.crt"
  register: component_cert_file
  check_mode: no

- name: Checking for {{ cert_info.procure_component }}.key
  stat: path="{{generated_certs_dir}}/{{ cert_info.procure_component }}.key"
  register: component_key_file
  check_mode: no

- name: Trying to discover server cert variable name for {{ cert_info.procure_component }}
  set_fact: procure_component_crt={{ lookup('env', '{{cert_info.procure_component}}' + '_crt') }}
  when:
  - cert_info.hostnames is undefined
  - cert_info[ cert_info.procure_component + '_crt' ] is defined
  - cert_info[ cert_info.procure_component + '_key' ] is defined
  check_mode: no

- name: Trying to discover the server key variable name for {{ cert_info.procure_component }}
  set_fact: procure_component_key={{ lookup('env', '{{cert_info.procure_component}}' + '_key') }}
  when:
  - cert_info.hostnames is undefined
  - cert_info[ cert_info.procure_component + '_crt' ] is defined
  - cert_info[ cert_info.procure_component + '_key' ] is defined
  check_mode: no

- name: Creating signed server cert and key for {{ cert_info.procure_component }}
  command: >
     {{ openshift_client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig ca create-server-cert
     --key={{generated_certs_dir}}/{{cert_info.procure_component}}.key --cert={{generated_certs_dir}}/{{cert_info.procure_component}}.crt
     --hostnames={{cert_info.hostnames|quote}} --signer-cert={{generated_certs_dir}}/ca.crt --signer-key={{generated_certs_dir}}/ca.key
     --signer-serial={{generated_certs_dir}}/ca.serial.txt
  check_mode: no
  when:
  - cert_info.hostnames is defined
  - not component_key_file.stat.exists
  - not component_cert_file.stat.exists

- name: Copying server key for {{ cert_info.procure_component }} to generated certs directory
  copy: content="{{procure_component_key}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.key
  check_mode: no
  when:
  - cert_info.hostnames is undefined
  - cert_info[ cert_info.procure_component + '_crt' ] is defined
  - cert_info[ cert_info.procure_component + '_key' ] is defined
  - not component_key_file.stat.exists
  - not component_cert_file.stat.exists

- name: Copying Server cert for {{ cert_info.procure_component }} to generated certs directory
  copy: content="{{procure_component_crt}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.crt
  check_mode: no
  when:
  - cert_info.hostnames is undefined
  - cert_info[ cert_info.procure_component + '_crt' ] is defined
  - cert_info[ cert_info.procure_component + '_key' ] is defined
  - not component_key_file.stat.exists
  - not component_cert_file.stat.exists