summaryrefslogtreecommitdiffstats
path: root/roles/lib_openshift/src
diff options
context:
space:
mode:
Diffstat (limited to 'roles/lib_openshift/src')
-rw-r--r--roles/lib_openshift/src/class/oc_adm_ca_server_cert.py17
-rw-r--r--roles/lib_openshift/src/doc/ca_server_cert61
2 files changed, 13 insertions, 65 deletions
diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
index 92505c08e..162f606f7 100644
--- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
@@ -1,16 +1,15 @@
# pylint: skip-file
class CAServerCertConfig(OpenShiftCLIConfig):
- ''' CertificateAuthorityConfig is a DTO for the oadm ca command '''
- def __init__(self, cmd, kubeconfig, verbose, ca_options):
+ ''' CAServerCertConfig is a DTO for the oc adm ca command '''
+ def __init__(self, kubeconfig, verbose, ca_options):
super(CertificateAuthorityConfig, self).__init__('ca', None, kubeconfig, ca_options)
- self.cmd = cmd
self.kubeconfig = kubeconfig
self.verbose = verbose
self._ca = ca_options
class CAServerCert(OpenShiftCLI):
- ''' Class to wrap the oc command line tools '''
+ ''' Class to wrap the oc adm ca create-server-cert command line'''
def __init__(self,
config,
verbose=False):
@@ -31,11 +30,10 @@ class CAServerCert(OpenShiftCLI):
return None
def create(self):
- '''run openshift ca cmd'''
+ '''run openshift oc adm ca create-server-cert cmd'''
options = self.config.to_option_list()
- cmd = ['ca']
- cmd.append(self.config.cmd)
+ cmd = ['ca', 'create-server-cert']
cmd.extend(options)
return self.openshift_cmd(cmd, oadm=True)
@@ -47,6 +45,8 @@ class CAServerCert(OpenShiftCLI):
if not os.path.exists(cert_path):
return False
+ # Would prefer pyopenssl but is not installed.
+ # When we verify it is, switch this code
proc = subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', cert_path],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = proc.communicate()
@@ -61,8 +61,7 @@ class CAServerCert(OpenShiftCLI):
def run_ansible(params, check_mode):
'''run the idempotent ansible code'''
- config = CAServerCertConfig(params['cmd'],
- params['kubeconfig'],
+ config = CAServerCertConfig(params['kubeconfig'],
params['debug'],
{'cert': {'value': params['cert'], 'include': True},
'hostnames': {'value': ','.join(params['hostnames']), 'include': True},
diff --git a/roles/lib_openshift/src/doc/ca_server_cert b/roles/lib_openshift/src/doc/ca_server_cert
index bf299f0cb..401caf1fc 100644
--- a/roles/lib_openshift/src/doc/ca_server_cert
+++ b/roles/lib_openshift/src/doc/ca_server_cert
@@ -3,18 +3,15 @@
DOCUMENTATION = '''
---
-module: oadm_ca
-short_description: Module to manage openshift certificate authority
+module: oc_adm_ca_server_cert
+short_description: Module to run openshift oc adm ca create-server-cert
description:
- - Wrapper around the openshift `oc adm ca` command.
+ - Wrapper around the openshift `oc adm ca create-server-cert` command.
options:
state:
description:
- Present is the only supported state. The state present means that `oc adm ca` will generate a certificate
- - When create-master-certs is desired then the following parameters are passed.
- - ['cert_dir', 'hostnames', 'master', 'public_master', 'overwrite', 'signer_name']
- - When create-key-pair is desired then the following parameters are passed.
- - ['private_key', 'public_key']
+ - and verify if the hostnames and the ClusterIP exists in the certificate.
- When create-server-cert is desired then the following parameters are passed.
- ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial']
required: false
@@ -34,22 +31,6 @@ options:
required: false
default: False
aliases: []
- cmd:
- description:
- - The sub command given for `oc adm ca`
- required: false
- default: None
- choices:
- - create-master-certs
- - create-key-pair
- - create-server-cert
- aliases: []
- cert_dir:
- description:
- - The certificate data directory.
- required: false
- default: None
- aliases: []
cert:
description:
- The certificate file. Choose a name that indicates what the service is.
@@ -86,43 +67,12 @@ options:
required: false
default: None
aliases: []
- public_key:
- description:
- - The public key file used with create-key-pair
- required: false
- default: None
- aliases: []
- private_key:
- description:
- - The private key file used with create-key-pair
- required: false
- default: None
- aliases: []
-
hostnames:
description:
- Every hostname or IP that server certs should be valid for (comma-delimited list)
required: false
default: None
aliases: []
- master:
- description:
- - The API server's URL
- required: false
- default: None
- aliases: []
- public_master:
- description:
- - The API public facing server's URL (if applicable)
- required: false
- default: None
- aliases: []
- signer_name:
- description:
- - The name to use for the generated signer
- required: false
- default: None
- aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
@@ -130,8 +80,7 @@ extends_documentation_fragment: []
EXAMPLES = '''
- name: Create a self-signed cert
- oadm_ca:
- cmd: create-server-cert
+ oc_adm_ca_server_cert:
signer_cert: /etc/origin/master/ca.crt
signer_key: /etc/origin/master/ca.key
signer_serial: /etc/origin/master/ca.serial.txt