summaryrefslogtreecommitdiffstats
path: root/roles/openshift_node_certificates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_node_certificates')
-rw-r--r--roles/openshift_node_certificates/README.md34
-rw-r--r--roles/openshift_node_certificates/meta/main.yml16
-rw-r--r--roles/openshift_node_certificates/tasks/main.yml35
-rw-r--r--roles/openshift_node_certificates/vars/main.yml8
4 files changed, 93 insertions, 0 deletions
diff --git a/roles/openshift_node_certificates/README.md b/roles/openshift_node_certificates/README.md
new file mode 100644
index 000000000..c6304e4b0
--- /dev/null
+++ b/roles/openshift_node_certificates/README.md
@@ -0,0 +1,34 @@
+OpenShift Node Certificates
+========================
+
+TODO
+
+Requirements
+------------
+
+TODO
+
+Role Variables
+--------------
+
+TODO
+
+Dependencies
+------------
+
+TODO
+
+Example Playbook
+----------------
+
+TODO
+
+License
+-------
+
+Apache License Version 2.0
+
+Author Information
+------------------
+
+Jason DeTiberus (jdetiber@redhat.com)
diff --git a/roles/openshift_node_certificates/meta/main.yml b/roles/openshift_node_certificates/meta/main.yml
new file mode 100644
index 000000000..f3236e850
--- /dev/null
+++ b/roles/openshift_node_certificates/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Jason DeTiberus
+ description:
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: openshift_facts }
diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml
new file mode 100644
index 000000000..1b68bc673
--- /dev/null
+++ b/roles/openshift_node_certificates/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- name: Create openshift_generated_configs_dir if it doesn't exist
+ file:
+ path: "{{ openshift_generated_configs_dir }}"
+ state: directory
+
+- name: Generate the node client config
+ command: >
+ {{ openshift.common.admin_binary }} create-api-client-config
+ --certificate-authority={{ openshift_master_ca_cert }}
+ --client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
+ --groups=system:nodes
+ --master={{ openshift.master.api_url }}
+ --signer-cert={{ openshift_master_ca_cert }}
+ --signer-key={{ openshift_master_ca_key }}
+ --signer-serial={{ openshift_master_ca_serial }}
+ --user=system:node:{{ item.openshift.common.hostname }}
+ args:
+ chdir: "{{ openshift_generated_configs_dir }}"
+ creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
+ with_items: nodes_needing_certs
+
+- name: Generate the node server certificate
+ delegate_to: "{{ openshift_first_master }}"
+ command: >
+ {{ openshift.common.admin_binary }} create-server-cert
+ --cert=server.crt --key=server.key --overwrite=true
+ --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }}
+ --signer-cert={{ openshift_master_ca_cert }}
+ --signer-key={{ openshift_master_ca_key }}
+ --signer-serial={{ openshift_master_ca_serial }}
+ args:
+ chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
+ creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
+ with_items: nodes_needing_certs
diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml
new file mode 100644
index 000000000..3801b8427
--- /dev/null
+++ b/roles/openshift_node_certificates/vars/main.yml
@@ -0,0 +1,8 @@
+---
+openshift_node_config_dir: /etc/openshift/node
+openshift_master_config_dir: /etc/openshift/master
+openshift_generated_configs_dir: /etc/openshift/generated-configs
+openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key"
+openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt"
+openshift_kube_api_version: v1beta3