Creating openshift_logging role for deploying Aggregated Logging without a deployer image

1 files changed, 24 insertions, 0 deletions

diff --git a/roles/openshift_logging/tasks/generate_pkcs12.yaml b/roles/openshift_logging/tasks/generate_pkcs12.yaml
new file mode 100644
index 000000000..dde65746f
--- /dev/null
+++ b/roles/openshift_logging/tasks/generate_pkcs12.yaml
@@ -0,0 +1,24 @@
+---
+- debug: msg="certs are {{chain_certs}} and oid is {{oid}}"
+  when: chain_certs is defined and oid is defined
+
+- debug: msg="certs are {{chain_certs}}"
+  when: chain_certs is defined and oid is undefined
+
+- name: Build extensions with certs
+  shell: echo "{{chain_certs}}{{ (oid) | ternary(',oid=1.2.3.4.5.5','') }}"
+  register: cert_ext
+  when: chain_certs is defined and oid is defined
+
+- debug: msg="extensions are {{cert_ext.stdout}}"
+  when: cert_ext.stdout is defined
+
+- include: generate_pems.yaml
+
+- local_action: stat path="{{mktemp.stdout}}/{{component}}.pkcs12"
+  register: pkcs_file
+  become: no
+
+- name: Generating pkcs12 chain for {{component}}
+  command: openssl pkcs12 -export -out {{generated_certs_dir}}/{{component}}.pkcs12 -inkey {{generated_certs_dir}}/{{component}}.key -in {{generated_certs_dir}}/{{component}}.crt -password pass:pass
+  when: not pkcs_file.stat.exists