|
1 | 1 | --- |
2 | | -- name: Set up custom CA secret for OpenStack control plane |
| 2 | +- name: Prepare custom CA secret |
3 | 3 | hosts: "{{ cifmw_target_hook_host | default('localhost') }}" |
4 | 4 | gather_facts: false |
| 5 | + connection: local |
5 | 6 | vars: |
6 | | - _custom_ca_cert_filepath: "{{ custom_ca_cert_filepath | mandatory }}" |
| 7 | + _custom_ca_cert_url: "{{ custom_ca_cert_url | mandatory }}" |
7 | 8 | _namespace: "{{ namespace | default('openstack') }}" |
8 | | - _controlplane_name: "{{ controlplane_name | default('controlplane') }}" |
9 | 9 | tasks: |
| 10 | + - name: Download cert |
| 11 | + ansible.builtin.get_url: |
| 12 | + url: "{{ _custom_ca_cert_url }}" |
| 13 | + dest: '/tmp/ca_cert.txt' |
| 14 | + mode: '0644' |
| 15 | + register: download_status |
| 16 | + until: download_status is not failed and (download_status.status_code is undefined or download_status.status_code == 200) |
| 17 | + retries: 10 |
| 18 | + delay: 5 |
| 19 | + |
10 | 20 | - name: Read custom CA certificate file |
11 | 21 | ansible.builtin.slurp: |
12 | | - src: "{{ _custom_ca_cert_filepath }}" |
| 22 | + src: "/tmp/ca_cert.txt" |
13 | 23 | register: custom_ca_certs |
14 | 24 |
|
15 | 25 | - name: Create custom CA secret |
16 | 26 | kubernetes.core.k8s: |
| 27 | + kubeconfig: "{{ cifmw_openshift_kubeconfig }}" |
17 | 28 | state: present |
18 | 29 | definition: |
19 | 30 | apiVersion: v1 |
|
24 | 35 | namespace: "{{ _namespace }}" |
25 | 36 | data: |
26 | 37 | CustomCACerts: "{{ custom_ca_certs.content }}" |
27 | | - |
28 | | - - name: Patch OpenStack control plane to use custom CA secret |
29 | | - kubernetes.core.k8s: |
30 | | - state: patched |
31 | | - kind: OpenStackControlPlane |
32 | | - api_version: core.openstack.org/v1beta1 |
33 | | - name: "{{ _controlplane_name }}" |
34 | | - namespace: "{{ _namespace }}" |
35 | | - definition: |
36 | | - spec: |
37 | | - tls: |
38 | | - podLevel: |
39 | | - enabled: true |
40 | | - caBundleSecretName: custom-ca-certs |
0 commit comments