diff options
| author | Andrew Butcher <abutcher@redhat.com> | 2017-09-06 10:21:50 -0400 |
|---|---|---|
| committer | Andrew Butcher <abutcher@redhat.com> | 2017-10-02 10:05:44 -0400 |
| commit | d8d0e6d7de600d6896014fef928da5bf133dc85e (patch) | |
| tree | 1b8b802ad1629b5cf23f3e3656d0ee1d7ef76d01 /playbooks/common/openshift-etcd | |
| parent | 54ea443f4ad24ad311c0a036cf283f9e39c865ee (diff) | |
| download | openshift-d8d0e6d7de600d6896014fef928da5bf133dc85e.tar.gz openshift-d8d0e6d7de600d6896014fef928da5bf133dc85e.tar.bz2 openshift-d8d0e6d7de600d6896014fef928da5bf133dc85e.tar.xz openshift-d8d0e6d7de600d6896014fef928da5bf133dc85e.zip | |
Separate certificate playbooks.
Diffstat (limited to 'playbooks/common/openshift-etcd')
| -rw-r--r-- | playbooks/common/openshift-etcd/ca.yml | 15 | ||||
| -rw-r--r-- | playbooks/common/openshift-etcd/certificates.yml | 29 | ||||
| -rw-r--r-- | playbooks/common/openshift-etcd/scaleup.yml | 7 |
3 files changed, 51 insertions, 0 deletions
diff --git a/playbooks/common/openshift-etcd/ca.yml b/playbooks/common/openshift-etcd/ca.yml new file mode 100644 index 000000000..ac5543be9 --- /dev/null +++ b/playbooks/common/openshift-etcd/ca.yml @@ -0,0 +1,15 @@ +--- +- name: Generate new etcd CA + hosts: oo_first_etcd + roles: + - role: openshift_etcd_facts + tasks: + - include_role: + name: etcd + tasks_from: ca + vars: + etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" + when: + - etcd_ca_setup | default(True) | bool diff --git a/playbooks/common/openshift-etcd/certificates.yml b/playbooks/common/openshift-etcd/certificates.yml new file mode 100644 index 000000000..31a0f50d8 --- /dev/null +++ b/playbooks/common/openshift-etcd/certificates.yml @@ -0,0 +1,29 @@ +--- +- name: Create etcd server certificates for etcd hosts + hosts: oo_etcd_to_config + any_errors_fatal: true + roles: + - role: openshift_etcd_facts + post_tasks: + - include_role: + name: etcd + tasks_from: server_certificates + vars: + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" + etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + +- name: Create etcd client certificates for master hosts + hosts: oo_masters_to_config + any_errors_fatal: true + roles: + - role: openshift_etcd_facts + - role: openshift_etcd_client_certificates + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}" + etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" + etcd_cert_prefix: "master.etcd-" + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/common/openshift-etcd/scaleup.yml index 4f83264d0..8aa508119 100644 --- a/playbooks/common/openshift-etcd/scaleup.yml +++ b/playbooks/common/openshift-etcd/scaleup.yml @@ -30,6 +30,13 @@ retries: 3 delay: 10 until: etcd_add_check.rc == 0 + - include_role: + name: etcd + tasks_from: server_certificates + vars: + etcd_peers: "{{ groups.oo_new_etcd_to_config | default([], true) }}" + etcd_certificates_etcd_hosts: "{{ groups.oo_new_etcd_to_config | default([], true) }}" + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" roles: - role: os_firewall when: etcd_add_check.rc == 0 |