diff options
author | ewolinetz <ewolinet@redhat.com> | 2016-09-28 10:52:07 -0500 |
---|---|---|
committer | ewolinetz <ewolinet@redhat.com> | 2016-12-14 15:38:10 -0600 |
commit | b579a4acfa64f85119ffbcbb8f6701972ef0dbb6 (patch) | |
tree | 6b65a25017defdca2fafe8655a858436c34db679 /roles/openshift_logging/tasks/generate_pems.yaml | |
parent | 43f52e292afac7bde5e588377e56d9c49574806c (diff) | |
download | openshift-b579a4acfa64f85119ffbcbb8f6701972ef0dbb6.tar.gz openshift-b579a4acfa64f85119ffbcbb8f6701972ef0dbb6.tar.bz2 openshift-b579a4acfa64f85119ffbcbb8f6701972ef0dbb6.tar.xz openshift-b579a4acfa64f85119ffbcbb8f6701972ef0dbb6.zip |
Creating openshift_logging role for deploying Aggregated Logging without a deployer image
Diffstat (limited to 'roles/openshift_logging/tasks/generate_pems.yaml')
-rw-r--r-- | roles/openshift_logging/tasks/generate_pems.yaml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/roles/openshift_logging/tasks/generate_pems.yaml b/roles/openshift_logging/tasks/generate_pems.yaml new file mode 100644 index 000000000..289b72ea6 --- /dev/null +++ b/roles/openshift_logging/tasks/generate_pems.yaml @@ -0,0 +1,36 @@ +--- +- name: Checking for {{component}}.key + stat: path="{{generated_certs_dir}}/{{component}}.key" + register: key_file + check_mode: no + +- name: Checking for {{component}}.crt + stat: path="{{generated_certs_dir}}/{{component}}.crt" + register: cert_file + check_mode: no + +- name: Creating cert req for {{component}} + command: > + openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key + -subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes + when: + - not key_file.stat.exists + - cert_ext.stdout is defined + check_mode: no + +- name: Creating cert req for {{component}} + command: > + openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key + -subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes + when: + - not key_file.stat.exists + - cert_ext.stdout is undefined + check_mode: no + +- name: Sign cert request with CA for {{component}} + command: > + openssl ca -in {{generated_certs_dir}}/{{component}}.csr -notext -out {{generated_certs_dir}}/{{component}}.crt + -config {{generated_certs_dir}}/signing.conf -extensions v3_req -batch -extensions server_ext + when: + - not cert_file.stat.exists + check_mode: no |