WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 13:32:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3782dad657e4e3f6a0263de4d8fec00a0669de4a
fedora-infra_ansible/roles/etcd_certificates/tasks/client.yml

43 lines
1.5 KiB
YAML
Raw Blame History

---
- name: Ensure generated_certs directory present
file:
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
with_items: etcd_needing_client_certs
- name: Create the client csr
command: >
openssl req -new -keyout {{ item.etcd_cert_prefix }}client.key
-config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}client.csr
-reqexts {{ etcd_req_ext }} -batch -nodes
-subj /CN={{ item.openshift.common.hostname }}
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'client.csr' }}"
environment:
SAN: "IP:{{ item.openshift.common.ip }}"
with_items: etcd_needing_client_certs
- name: Sign and create the client crt
command: >
openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}client.crt
-in {{ item.etcd_cert_prefix }}client.csr
-batch
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'client.crt' }}"
environment:
SAN: ''
with_items: etcd_needing_client_certs
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
with_items: etcd_needing_client_certs
Reference in New Issue View Git Blame Copy Permalink