nicolas
/
OpenShift-Lab
mirror of https://github.com/nmasse-itix/OpenShift-Lab.git
1
0
Fork 0
Code Issues Releases Wiki Activity
My Ansible Playbook to install an OpenShift Lab
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 Commits
1 Branch
1 Tag
160 KiB
 
Tree: c6b94a51e3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c6b94a51e3'
${ noResults }
OpenShift-Lab/roles/sso/tasks/update-route.yml

22 lines
1.2 KiB
Raw Blame History

---
#
# By default, the RH-SSO template creates a secure route that uses "Passthrough".
#
# This my be useful if you plan to have client certificate authentication but
# it has strong requirements on the client side because of the SNI extensions
# (Server Name Indication) that are used by the underlying OpenShift Router to
# direct the TLS flow to the right service.
#
# For a test lab / PoC, it is better to switch to "Re-encrypt" that has less
# requirements to get it working.
#
- name: Extract the CA Cert from the keystore.jks
command: creates=cacert.pem keytool -exportcert -alias ssl -keypass "{{ sso_keystore_password }}" -storepass "{{ sso_keystore_password }}" -keystore keystore.jks -file cacert.pem -rfc
- name: Convert the CA Cert to a JSON String to be used in a JSON Patch
command: 'perl -pe ''chomp; s/\r//g; print "\\n"'' cacert.pem'
register: cacert
- name: Update the secure route to use "reencrypt" instead of "passthrough"
command: 'oc patch route secure-{{ sso_application_name }} -n {{ sso_project }} --type=json -p ''[ { "op": "replace", "path": "/spec/tls/termination", "value": "reencrypt" }, { "op": "replace", "path": "/spec/tls/destinationCACertificate", "value": "{{ cacert.stdout }}" } ]'' '