WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-28 12:32:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
07ec00d196e04c104f7a2d2b78b625f26795cd7c
fedora-infra_ansible/roles/openshift_node_certificates/tasks/main.yml

36 lines
1.6 KiB
YAML
Raw Blame History

---
- name: Create openshift_generated_configs_dir if it doesn't exist
file:
path: "{{ openshift_generated_configs_dir }}"
state: directory
when: nodes_needing_certs | length > 0
- name: Generate the node client config
command: >
{{ openshift.common.admin_binary }} create-api-client-config
--certificate-authority={{ openshift_master_ca_cert }}
--client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}
--groups=system:nodes
--master={{ openshift.master.api_url }}
--signer-cert={{ openshift_master_ca_cert }}
--signer-key={{ openshift_master_ca_key }}
--signer-serial={{ openshift_master_ca_serial }}
--user=system:node:{{ item.openshift.common.hostname }}
args:
chdir: "{{ openshift_generated_configs_dir }}"
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
with_items: nodes_needing_certs
- name: Generate the node server certificate
command: >
{{ openshift.common.admin_binary }} create-server-cert
--cert=server.crt --key=server.key --overwrite=true
--hostnames={{ item.openshift.common.all_hostnames |join(",") }}
--signer-cert={{ openshift_master_ca_cert }}
--signer-key={{ openshift_master_ca_key }}
--signer-serial={{ openshift_master_ca_serial }}
args:
chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
with_items: nodes_needing_certs
Reference in New Issue View Git Blame Copy Permalink