roles/openshift_etcd_certs/tasks/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

---
- name: Create openshift_generated_configs_dir if it doesn't exist
  file:
    path: "{{ openshift_generated_configs_dir }}"
    state: directory

- name: Create openshift_generated_configs_dir for each etcd host
  file:
    path: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname}}"
    state: directory
  with_items: etcd_hosts_needing_certs

- name: Generate the etcd client side certs
  delegate_to: "{{ openshift_first_master }}"
  command: >
    {{ openshift.common.admin_binary }} create-server-cert
      --cert=client.crt --key=client.key --overwrite=true
      --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname, item.openshift.common.ip]|unique|join(",") }}
      --signer-cert={{ openshift_master_ca_cert }}
      --signer-key={{ openshift_master_ca_key }}
      --signer-serial={{ openshift_master_ca_serial }}
  args:
    chdir: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname }}"
    creates: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname }}/client.crt"
  with_items: etcd_hosts_needing_certs

- name: Copy CA cert
  delegate_to: "{{ openshift_first_master }}"
  command: "cp {{ openshift_master_ca_cert }} ."
  args:
    chdir: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname }}"
    creates: "{{ openshift_generated_configs_dir }}/etcd-{{ item.openshift.common.hostname }}/ca.crt"
  with_items: etcd_hosts_needing_certs