WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-29 13:01:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3782dad657e4e3f6a0263de4d8fec00a0669de4a
fedora-infra_ansible/roles/etcd_certificates/tasks/server.yml

74 lines
2.7 KiB
YAML
Raw Blame History

---
- name: Ensure generated_certs directory present
file:
path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
state: directory
mode: 0700
with_items: etcd_needing_server_certs
- name: Create the server csr
command: >
openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key
-config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}server.csr
-reqexts {{ etcd_req_ext }} -batch -nodes
-subj /CN={{ item.openshift.common.hostname }}
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'server.csr' }}"
environment:
SAN: "IP:{{ item.openshift.common.ip }}"
with_items: etcd_needing_server_certs
- name: Sign and create the server crt
command: >
openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}server.crt
-in {{ item.etcd_cert_prefix }}server.csr
-extensions {{ etcd_ca_exts_server }} -batch
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'server.crt' }}"
environment:
SAN: ''
with_items: etcd_needing_server_certs
- name: Create the peer csr
command: >
openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key
-config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}peer.csr
-reqexts {{ etcd_req_ext }} -batch -nodes
-subj /CN={{ item.openshift.common.hostname }}
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'peer.csr' }}"
environment:
SAN: "IP:{{ item.openshift.common.ip }}"
with_items: etcd_needing_server_certs
- name: Sign and create the peer crt
command: >
openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }}
-out {{ item.etcd_cert_prefix }}peer.crt
-in {{ item.etcd_cert_prefix }}peer.csr
-extensions {{ etcd_ca_exts_peer }} -batch
args:
chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/'
~ item.etcd_cert_prefix ~ 'peer.crt' }}"
environment:
SAN: ''
with_items: etcd_needing_server_certs
- file:
src: "{{ etcd_ca_cert }}"
dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
state: hard
with_items: etcd_needing_server_certs
Reference in New Issue View Git Blame Copy Permalink