diff options
Diffstat (limited to 'roles/openshift_node_certificates')
-rw-r--r-- | roles/openshift_node_certificates/README.md | 34 | ||||
-rw-r--r-- | roles/openshift_node_certificates/meta/main.yml | 16 | ||||
-rw-r--r-- | roles/openshift_node_certificates/tasks/main.yml | 35 | ||||
-rw-r--r-- | roles/openshift_node_certificates/vars/main.yml | 8 |
4 files changed, 93 insertions, 0 deletions
diff --git a/roles/openshift_node_certificates/README.md b/roles/openshift_node_certificates/README.md new file mode 100644 index 000000000..c6304e4b0 --- /dev/null +++ b/roles/openshift_node_certificates/README.md @@ -0,0 +1,34 @@ +OpenShift Node Certificates +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_node_certificates/meta/main.yml b/roles/openshift_node_certificates/meta/main.yml new file mode 100644 index 000000000..f3236e850 --- /dev/null +++ b/roles/openshift_node_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_facts } diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml new file mode 100644 index 000000000..1b68bc673 --- /dev/null +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -0,0 +1,35 @@ +--- +- name: Create openshift_generated_configs_dir if it doesn't exist + file: + path: "{{ openshift_generated_configs_dir }}" + state: directory + +- name: Generate the node client config + command: > + {{ openshift.common.admin_binary }} create-api-client-config + --certificate-authority={{ openshift_master_ca_cert }} + --client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }} + --groups=system:nodes + --master={{ openshift.master.api_url }} + --signer-cert={{ openshift_master_ca_cert }} + --signer-key={{ openshift_master_ca_key }} + --signer-serial={{ openshift_master_ca_serial }} + --user=system:node:{{ item.openshift.common.hostname }} + args: + chdir: "{{ openshift_generated_configs_dir }}" + creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" + with_items: nodes_needing_certs + +- name: Generate the node server certificate + delegate_to: "{{ openshift_first_master }}" + command: > + {{ openshift.common.admin_binary }} create-server-cert + --cert=server.crt --key=server.key --overwrite=true + --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }} + --signer-cert={{ openshift_master_ca_cert }} + --signer-key={{ openshift_master_ca_key }} + --signer-serial={{ openshift_master_ca_serial }} + args: + chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" + creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt" + with_items: nodes_needing_certs diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml new file mode 100644 index 000000000..3801b8427 --- /dev/null +++ b/roles/openshift_node_certificates/vars/main.yml @@ -0,0 +1,8 @@ +--- +openshift_node_config_dir: /etc/openshift/node +openshift_master_config_dir: /etc/openshift/master +openshift_generated_configs_dir: /etc/openshift/generated-configs +openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" +openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" +openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" +openshift_kube_api_version: v1beta3 |