blob: 85e67e00cad8e5f932c93cedd9192c8cab6cb5b3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
---
- when: ansible_service_broker_certs_dir is undefined
block:
- name: Create ansible-service-broker cert directory
file:
path: "{{ openshift.common.config_base }}/ansible-service-broker"
state: directory
mode: 0755
check_mode: no
- name: Create self signing ca cert
command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"'
args:
creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem'
- name: Create self signed client cert
command: '{{ item.cmd }}'
args:
creates: '{{ item.creates }}'
with_items:
- cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048
creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key'
- cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"'
creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr'
- cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024
creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem'
- set_fact:
ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker"
- set_fact:
etcd_ca_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/cert.pem') }}"
etcd_client_cert: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/client.pem') }}"
etcd_client_key: "{{ lookup('file', '{{ ansible_service_broker_certs_dir }}/client.key') }}"
|