summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/lib_openshift/library/oc_adm_ca_server_cert.py20
-rw-r--r--roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py2
-rw-r--r--roles/lib_openshift/src/class/oc_adm_ca_server_cert.py12
-rw-r--r--roles/lib_openshift/src/doc/ca_server_cert6
4 files changed, 38 insertions, 2 deletions
diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
index 9c8c62621..9c57435e7 100644
--- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
@@ -124,6 +124,12 @@ options:
required: false
default: None
aliases: []
+ backup:
+ description:
+ - Whether to backup the cert and key files before writing them.
+ required: false
+ default: True
+ aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
@@ -1345,6 +1351,17 @@ class CAServerCert(OpenShiftCLI):
def create(self):
'''run openshift oc adm ca create-server-cert cmd'''
+
+ # Added this here as a safegaurd for stomping on the
+ # cert and key files if they exist
+ if self.config.config_options['backup']['value']:
+ if os.path.exists(self.config.config_options['key']['value']):
+ shutil.copy(self.config.config_options['key']['value'],
+ "%s.orig" % self.config.config_options['key']['value'])
+ if os.path.exists(self.config.config_options['cert']['value']):
+ shutil.copy(self.config.config_options['cert']['value'],
+ "%s.orig" % self.config.config_options['cert']['value'])
+
options = self.config.to_option_list()
cmd = ['ca', 'create-server-cert']
@@ -1384,6 +1401,7 @@ class CAServerCert(OpenShiftCLI):
'signer_cert': {'value': params['signer_cert'], 'include': True},
'signer_key': {'value': params['signer_key'], 'include': True},
'signer_serial': {'value': params['signer_serial'], 'include': True},
+ 'backup': {'value': params['backup'], 'include': False},
})
server_cert = CAServerCert(config)
@@ -1429,7 +1447,7 @@ def main():
state=dict(default='present', type='str', choices=['present']),
debug=dict(default=False, type='bool'),
kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
- cmd=dict(default=None, require=True, type='str'),
+ backup=dict(default=True, type='bool'),
# oadm ca create-server-cert [options]
cert=dict(default=None, type='str'),
key=dict(default=None, type='str'),
diff --git a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
index 3518a2de4..367f6d932 100644
--- a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py
@@ -11,7 +11,7 @@ def main():
state=dict(default='present', type='str', choices=['present']),
debug=dict(default=False, type='bool'),
kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
- cmd=dict(default=None, require=True, type='str'),
+ backup=dict(default=True, type='bool'),
# oadm ca create-server-cert [options]
cert=dict(default=None, type='str'),
key=dict(default=None, type='str'),
diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
index 7f9ff9e1d..ee6cd4a29 100644
--- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
@@ -33,6 +33,17 @@ class CAServerCert(OpenShiftCLI):
def create(self):
'''run openshift oc adm ca create-server-cert cmd'''
+
+ # Added this here as a safegaurd for stomping on the
+ # cert and key files if they exist
+ if self.config.config_options['backup']['value']:
+ if os.path.exists(self.config.config_options['key']['value']):
+ shutil.copy(self.config.config_options['key']['value'],
+ "%s.orig" % self.config.config_options['key']['value'])
+ if os.path.exists(self.config.config_options['cert']['value']):
+ shutil.copy(self.config.config_options['cert']['value'],
+ "%s.orig" % self.config.config_options['cert']['value'])
+
options = self.config.to_option_list()
cmd = ['ca', 'create-server-cert']
@@ -72,6 +83,7 @@ class CAServerCert(OpenShiftCLI):
'signer_cert': {'value': params['signer_cert'], 'include': True},
'signer_key': {'value': params['signer_key'], 'include': True},
'signer_serial': {'value': params['signer_serial'], 'include': True},
+ 'backup': {'value': params['backup'], 'include': False},
})
server_cert = CAServerCert(config)
diff --git a/roles/lib_openshift/src/doc/ca_server_cert b/roles/lib_openshift/src/doc/ca_server_cert
index bb57a3e11..58720b09f 100644
--- a/roles/lib_openshift/src/doc/ca_server_cert
+++ b/roles/lib_openshift/src/doc/ca_server_cert
@@ -73,6 +73,12 @@ options:
required: false
default: None
aliases: []
+ backup:
+ description:
+ - Whether to backup the cert and key files before writing them.
+ required: false
+ default: True
+ aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []