diff options
Diffstat (limited to 'roles/openshift_logging/tasks/generate_jks_chain.yaml')
| -rw-r--r-- | roles/openshift_logging/tasks/generate_jks_chain.yaml | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/roles/openshift_logging/tasks/generate_jks_chain.yaml b/roles/openshift_logging/tasks/generate_jks_chain.yaml deleted file mode 100644 index 14ffdc51f..000000000 --- a/roles/openshift_logging/tasks/generate_jks_chain.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- debug: msg="certs are {{chain_certs}} and oid is {{oid}}" - when: chain_certs is defined and oid is defined - -- debug: msg="certs are {{chain_certs}}" - when: chain_certs is defined and oid is undefined - -- name: Build extensions with certs - shell: echo "{{chain_certs}}{{ (oid) | ternary(',oid:1.2.3.4.5.5','') }}" - register: cert_ext - when: chain_certs is defined and oid is defined - check_mode: no - -- debug: msg="extensions are {{cert_ext.stdout}}" - when: cert_ext.stdout is defined - -- shell: > - echo {{ (cert_ext.stdout is defined) | ternary( '-ext san=dns:localhost,ip:127.0.0.1','') }}{{ (cert_ext.stdout is defined) | ternary( cert_ext.stdout, '') }} - register: extensions - check_mode: no - -- name: Checking for {{component}}.jks ... - stat: path="{{generated_certs_dir}}/{{component}}.jks" - register: jks_file - check_mode: no - -- name: Checking for truststore... - stat: path="{{generated_certs_dir}}/truststore.jks" - register: jks_truststore - check_mode: no - -- block: - - shell: > - keytool -genkey -alias {{component}} -keystore {{generated_certs_dir}}/{{component}}.jks -keypass kspass -storepass kspass - -keyalg RSA -keysize 2048 -validity 712 -dname "CN={{component}}, OU=OpenShift, O=Logging" {{extensions.stdout}} - - - shell: > - keytool -certreq -alias {{component}} -keystore {{generated_certs_dir}}/{{component}}.jks -storepass kspass - -file {{generated_certs_dir}}/{{component}}-jks.csr -keyalg RSA -dname "CN={{component}}, OU=OpenShift, O=Logging" {{extensions.stdout}} - - - shell: > - openssl ca -in {{generated_certs_dir}}/{{component}}-jks.csr -notext -out {{generated_certs_dir}}/{{component}}-jks.crt - -config {{generated_certs_dir}}/signing.conf -extensions v3_req -batch -extensions server_ext - - - shell: > - keytool -import -file {{generated_certs_dir}}/ca.crt -keystore {{generated_certs_dir}}/{{component}}.jks - -storepass kspass -noprompt -alias sig-ca - - - shell: > - keytool -import -file {{generated_certs_dir}}/{{component}}-jks.crt -keystore {{generated_certs_dir}}/{{component}}.jks - -storepass kspass -noprompt -alias {{component}} - - when: not jks_file.stat.exists - check_mode: no - -- block: - - shell: > - keytool -import -file {{generated_certs_dir}}/ca.crt -keystore {{generated_certs_dir}}/truststore.jks -storepass tspass -noprompt -alias sig-ca - when: not jks_truststore.stat.exists - check_mode: no |