Creating openshift_logging role for deploying Aggregated Logging without a deployer image

1 files changed, 36 insertions, 0 deletions

diff --git a/roles/openshift_logging/tasks/generate_pems.yaml b/roles/openshift_logging/tasks/generate_pems.yaml
new file mode 100644
index 000000000..289b72ea6
--- /dev/null
+++ b/roles/openshift_logging/tasks/generate_pems.yaml
@@ -0,0 +1,36 @@
+---
+- name: Checking for {{component}}.key
+  stat: path="{{generated_certs_dir}}/{{component}}.key"
+  register: key_file
+  check_mode: no
+
+- name: Checking for {{component}}.crt
+  stat: path="{{generated_certs_dir}}/{{component}}.crt"
+  register: cert_file
+  check_mode: no
+
+- name: Creating cert req for {{component}}
+  command: >
+    openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key
+    -subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes
+  when:
+    - not key_file.stat.exists
+    - cert_ext.stdout is defined
+  check_mode: no
+
+- name: Creating cert req for {{component}}
+  command: >
+    openssl req -out {{generated_certs_dir}}/{{component}}.csr -new -newkey rsa:2048 -keyout {{generated_certs_dir}}/{{component}}.key
+    -subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes
+  when:
+    - not key_file.stat.exists
+    - cert_ext.stdout is undefined
+  check_mode: no
+
+- name: Sign cert request with CA for {{component}}
+  command: >
+    openssl ca -in {{generated_certs_dir}}/{{component}}.csr -notext -out {{generated_certs_dir}}/{{component}}.crt
+    -config {{generated_certs_dir}}/signing.conf -extensions v3_req -batch -extensions server_ext
+  when:
+    - not cert_file.stat.exists
+  check_mode: no