blob: 216c110935628f41ce0915fac5564782f5e3cdc0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
---
- name: Create openshift_generated_configs_dir if it doesn\'t exist
file:
path: "{{ openshift_generated_configs_dir }}"
state: directory
mode: 0700
when: nodes_needing_certs | length > 0
- name: Generate the node client config
command: >
{{ openshift.common.admin_binary }} create-api-client-config
--certificate-authority={{ openshift_master_ca_cert }}
--client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
--groups=system:nodes
--master={{ openshift.master.api_url }}
--signer-cert={{ openshift_master_ca_cert }}
--signer-key={{ openshift_master_ca_key }}
--signer-serial={{ openshift_master_ca_serial }}
--user=system:node:{{ item.openshift.common.hostname }}
args:
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
with_items: "{{ nodes_needing_certs | default([]) }}"
- name: Generate the node server certificate
command: >
{{ openshift.common.admin_binary }} ca create-server-cert
--cert={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt
--key={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.key
--overwrite=true
--hostnames={{ item.openshift.common.all_hostnames |join(",") }}
--signer-cert={{ openshift_master_ca_cert }}
--signer-key={{ openshift_master_ca_key }}
--signer-serial={{ openshift_master_ca_serial }}
args:
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
with_items: "{{ nodes_needing_certs | default([]) }}"
|
