summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2017-02-17 15:46:06 -0500
committerKenny Woodson <kwoodson@redhat.com>2017-02-21 09:33:54 -0500
commita330de2153a66c458a21fd506c3220a4b3acd563 (patch)
treef9c92ccb919b726c2c0770eb2d9b53f5fe1809ea /roles
parentf3cafbe005d54aaea6e46f2f348b092e430531f2 (diff)
downloadopenshift-a330de2153a66c458a21fd506c3220a4b3acd563.tar.gz
openshift-a330de2153a66c458a21fd506c3220a4b3acd563.tar.bz2
openshift-a330de2153a66c458a21fd506c3220a4b3acd563.tar.xz
openshift-a330de2153a66c458a21fd506c3220a4b3acd563.zip
Updated doc and defined defaults for signer_*
Diffstat (limited to 'roles')
-rw-r--r--roles/lib_openshift/library/oc_adm_ca_server_cert.py22
-rw-r--r--roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py7
-rw-r--r--roles/lib_openshift/src/class/oc_adm_ca_server_cert.py7
-rw-r--r--roles/lib_openshift/src/doc/ca_server_cert6
4 files changed, 19 insertions, 23 deletions
diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
index 4c5c1f1ab..98e61cef4 100644
--- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
@@ -104,19 +104,19 @@ options:
description:
- The signer certificate file.
required: false
- default: None
+ default: /etc/origin/master/ca.crt
aliases: []
signer_key:
description:
- The signer key file.
required: false
- default: None
+ default: /etc/origin/master/ca.key
aliases: []
signer_serial:
description:
- The signer serial file.
required: false
- default: None
+ default: /etc/origin/master/ca.serial.txt
aliases: []
hostnames:
description:
@@ -959,7 +959,7 @@ class OpenShiftCLI(object):
stdout, stderr = proc.communicate(input_data)
- return proc.returncode, stdout, stderr
+ return proc.returncode, stdout.decode(), stderr.decode()
# pylint: disable=too-many-arguments,too-many-branches
def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None):
@@ -1316,7 +1316,7 @@ class OpenShiftCLIConfig(object):
class CAServerCertConfig(OpenShiftCLIConfig):
''' CAServerCertConfig is a DTO for the oc adm ca command '''
def __init__(self, kubeconfig, verbose, ca_options):
- super(CertificateAuthorityConfig, self).__init__('ca', None, kubeconfig, ca_options)
+ super(CAServerCertConfig, self).__init__('ca', None, kubeconfig, ca_options)
self.kubeconfig = kubeconfig
self.verbose = verbose
self._ca = ca_options
@@ -1358,11 +1358,11 @@ class CAServerCert(OpenShiftCLI):
if not os.path.exists(cert_path):
return False
- # Would prefer pyopenssl but is not installed.
+ # Would prefer pyopenssl but is not installed.
# When we verify it is, switch this code
proc = subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', cert_path],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- stdout, stderr = proc.communicate()
+ stdout, _ = proc.communicate()
if proc.returncode == 0:
for var in self.config.config_options['hostnames']['value'].split(','):
if var in stdout:
@@ -1379,7 +1379,6 @@ class CAServerCert(OpenShiftCLI):
{'cert': {'value': params['cert'], 'include': True},
'hostnames': {'value': ','.join(params['hostnames']), 'include': True},
'overwrite': {'value': params['overwrite'], 'include': True},
- 'signer_name': {'value': params['signer_name'], 'include': True},
'key': {'value': params['key'], 'include': True},
'signer_cert': {'value': params['signer_cert'], 'include': True},
'signer_key': {'value': params['signer_key'], 'include': True},
@@ -1433,16 +1432,15 @@ def main():
# oadm ca create-server-cert [options]
cert=dict(default=None, type='str'),
key=dict(default=None, type='str'),
- signer_cert=dict(default=None, type='str'),
- signer_key=dict(default=None, type='str'),
- signer_serial=dict(default=None, type='str'),
+ signer_cert=dict(default='/etc/origin/master/ca.crt', type='str'),
+ signer_key=dict(default='/etc/origin/master/ca.key', type='str'),
+ signer_serial=dict(default='/etc/origin/master/ca.serial.txt', type='str'),
hostnames=dict(default=[], type='list'),
overwrite=dict(default=False, type='bool'),
),
supports_check_mode=True,
)
- # pylint: disable=line-too-long
results = CAServerCert.run_ansible(module.params, module.check_mode)
if 'failed' in results:
return module.fail_json(**results)
diff --git a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
index 91d8c83b0..3518a2de4 100644
--- a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
@@ -15,16 +15,15 @@ def main():
# oadm ca create-server-cert [options]
cert=dict(default=None, type='str'),
key=dict(default=None, type='str'),
- signer_cert=dict(default=None, type='str'),
- signer_key=dict(default=None, type='str'),
- signer_serial=dict(default=None, type='str'),
+ signer_cert=dict(default='/etc/origin/master/ca.crt', type='str'),
+ signer_key=dict(default='/etc/origin/master/ca.key', type='str'),
+ signer_serial=dict(default='/etc/origin/master/ca.serial.txt', type='str'),
hostnames=dict(default=[], type='list'),
overwrite=dict(default=False, type='bool'),
),
supports_check_mode=True,
)
- # pylint: disable=line-too-long
results = CAServerCert.run_ansible(module.params, module.check_mode)
if 'failed' in results:
return module.fail_json(**results)
diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
index 162f606f7..62200b592 100644
--- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
@@ -3,7 +3,7 @@
class CAServerCertConfig(OpenShiftCLIConfig):
''' CAServerCertConfig is a DTO for the oc adm ca command '''
def __init__(self, kubeconfig, verbose, ca_options):
- super(CertificateAuthorityConfig, self).__init__('ca', None, kubeconfig, ca_options)
+ super(CAServerCertConfig, self).__init__('ca', None, kubeconfig, ca_options)
self.kubeconfig = kubeconfig
self.verbose = verbose
self._ca = ca_options
@@ -45,11 +45,11 @@ class CAServerCert(OpenShiftCLI):
if not os.path.exists(cert_path):
return False
- # Would prefer pyopenssl but is not installed.
+ # Would prefer pyopenssl but is not installed.
# When we verify it is, switch this code
proc = subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', cert_path],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- stdout, stderr = proc.communicate()
+ stdout, _ = proc.communicate()
if proc.returncode == 0:
for var in self.config.config_options['hostnames']['value'].split(','):
if var in stdout:
@@ -66,7 +66,6 @@ class CAServerCert(OpenShiftCLI):
{'cert': {'value': params['cert'], 'include': True},
'hostnames': {'value': ','.join(params['hostnames']), 'include': True},
'overwrite': {'value': params['overwrite'], 'include': True},
- 'signer_name': {'value': params['signer_name'], 'include': True},
'key': {'value': params['key'], 'include': True},
'signer_cert': {'value': params['signer_cert'], 'include': True},
'signer_key': {'value': params['signer_key'], 'include': True},
diff --git a/roles/lib_openshift/src/doc/ca_server_cert b/roles/lib_openshift/src/doc/ca_server_cert
index 401caf1fc..bb57a3e11 100644
--- a/roles/lib_openshift/src/doc/ca_server_cert
+++ b/roles/lib_openshift/src/doc/ca_server_cert
@@ -53,19 +53,19 @@ options:
description:
- The signer certificate file.
required: false
- default: None
+ default: /etc/origin/master/ca.crt
aliases: []
signer_key:
description:
- The signer key file.
required: false
- default: None
+ default: /etc/origin/master/ca.key
aliases: []
signer_serial:
description:
- The signer serial file.
required: false
- default: None
+ default: /etc/origin/master/ca.serial.txt
aliases: []
hostnames:
description: