blob: 460d572da593a11dd55b074c3ba0e30b69a5f1a4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
---
- name: Create local temp directory for syncing certs
hosts: localhost
connection: local
become: no
gather_facts: no
tasks:
- name: Create local temp directory for syncing certs
local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX
register: local_cert_sync_tmpdir
changed_when: false
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Create service signer certificate
hosts: oo_first_master
tasks:
- name: Create remote temp directory for creating certs
command: mktemp -d /tmp/openshift-ansible-XXXXXXX
register: remote_cert_create_tmpdir
changed_when: false
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Create service signer certificate
command: >
{{ openshift.common.client_binary }} adm ca create-signer-cert
--cert=service-signer.crt
--key=service-signer.key
--name=openshift-service-serving-signer
--serial=service-signer.serial.txt
args:
chdir: "{{ remote_cert_create_tmpdir.stdout }}/"
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Retrieve service signer certificate
fetch:
src: "{{ remote_cert_create_tmpdir.stdout }}/{{ item }}"
dest: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/"
flat: yes
fail_on_missing: yes
validate_checksum: yes
with_items:
- "service-signer.crt"
- "service-signer.key"
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Delete remote temp directory
file:
name: "{{ remote_cert_create_tmpdir.stdout }}"
state: absent
changed_when: false
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Deploy service signer certificate
hosts: oo_masters_to_config
tasks:
- name: Deploy service signer certificate
copy:
src: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/{{ item }}"
dest: "{{ openshift.common.config_base }}/master/"
with_items:
- "service-signer.crt"
- "service-signer.key"
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
- name: Delete local temp directory
hosts: localhost
connection: local
become: no
gather_facts: no
tasks:
- name: Delete local temp directory
file:
name: "{{ local_cert_sync_tmpdir.stdout }}"
state: absent
changed_when: false
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
|