Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

add custom ssl cert for roles/osbs-master, deploy it for osbs-dev host

Browse source
This commit is contained in:
Adam Miller 2016-03-04 21:51:59 +00:00
parent 2bd176b43d
commit 28f79c0fe8
3 changed files with 55 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

24
playbooks/hosts/osbs-dev.fedorainfracloud.org.yml
View file

@ -50,6 +50,21 @@
src: "{{private}}/files/httpd/osbs.htpasswd"
dest: /etc/origin/htpasswd
- name: create cert dir for openshift public facing REST API SSL
file:
path: "/etc/origin/master/named_certificates"
state: "directory"
- name: install cert for openshift public facing REST API SSL
copy:
src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.crt",
dest: "/etc/origin/master/named_certificates/osbs-dev.fedorainfracloud.org.crt",
- name: install key for openshift public facing REST API SSL
copy:
src: "{{private}}/files/osbs/osbs-dev.certs/osbs-dev.fedorainfracloud.org.key",
dest: "/etc/origin/master/named_certificates/osbs-dev.fedorainfracloud.org.key",
- name: setup osbs
hosts: osbs-dev.fedorainfracloud.org
vars_files:
@ -86,7 +101,14 @@
challenge: true,
login: true,
provider_file: "/etc/origin/htpasswd"
}
},
osbs_named_certificates: {
enabled: true,
cert_file: "named_certificates/osbs-dev.fedorainfracloud.org.crt",
key_file: "named_certificates/osbs-dev.fedorainfracloud.org.key",
names: [ "osbs-dev.fedorainfracloud.org" ],
},
osbs_public_api_url: "osbs-dev.fedorainfracloud.org",
}
- {
role: osbs-client,

17
roles/osbs-master/defaults/main.yml
View file

@ -92,3 +92,20 @@ osbs_identity_htpasswd:
challenge: true
login: true
provider_file: /etc/openshift/htpasswd
# This correlates to the section of OpenShift master-config.yaml for custom
# certificate configuration for the public facing API endpoint
#
# https://docs.openshift.org/latest/install_config/certificate_customization.html
#
# Following values:
# enabled: boolean - used for checking in the config template
# certfile: path to cert (.crt) file
# keyfile: path to key (.key) file
# names: list of names
osbs_named_certificates:
enabled: false
cert_file:
key_file:
names:
osbs_public_api_url:

16
roles/osbs-master/templates/master-config.yaml.j2
View file

@ -10,7 +10,11 @@ assetConfig:
extensions: null
loggingPublicURL: ""
logoutURL: ""
{% if osbs_public_api_url %}
masterPublicURL: https://{{ osbs_public_api_url }}:8443
{% else %}
masterPublicURL: https://{{ ansible_default_ipv4.address }}:8443
{% endif %}
metricsPublicURL: ""
publicURL: https://{{ ansible_default_ipv4.address }}:8443/console/
servingInfo:
@ -170,5 +174,15 @@ servingInfo:
clientCA: ca.crt
keyFile: master.server.key
maxRequestsInFlight: 500
namedCertificates: null
requestTimeoutSeconds: 3600
{%if osbs_named_certificates.enabled %}
namedCertificates:
- certFile: {{ osbs_named_certificates.cert_file }}
keyFile: {{ osbs_named_certificates.key_file }}
names:
{% for name in osbs_named_certificates.names %}
- {{ name }}
{% endfor %}
{% else %}
namedCertificates: null
{% endif %}