diff options
author | Bruno Barcarol GuimarĂ£es <bbarcaro@redhat.com> | 2016-12-05 16:34:32 +0000 |
---|---|---|
committer | Jeff Cantrill <jcantril@redhat.com> | 2017-01-17 11:45:04 -0500 |
commit | b6ce0464142403785a7ba8eae664286082f4d30e (patch) | |
tree | 3673f52a387edc2894ac11c23fad1253b1f1c9be /roles/openshift_metrics/tasks/generate_heapster_certificates.yaml | |
parent | f3f1f610c9e0fdf8115dd8ea61e647080ad42006 (diff) | |
download | openshift-b6ce0464142403785a7ba8eae664286082f4d30e.tar.gz openshift-b6ce0464142403785a7ba8eae664286082f4d30e.tar.bz2 openshift-b6ce0464142403785a7ba8eae664286082f4d30e.tar.xz openshift-b6ce0464142403785a7ba8eae664286082f4d30e.zip |
Custom certificates (#5)
* Generate secrets on a persistent directory.
* Split certificate generation files.
* Custom certificates.
* Minor fixes.
- use `slurp` instead of `shell: base64`
- fix route hostname
* Updates on origin-metrics.
Diffstat (limited to 'roles/openshift_metrics/tasks/generate_heapster_certificates.yaml')
-rw-r--r-- | roles/openshift_metrics/tasks/generate_heapster_certificates.yaml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml new file mode 100644 index 000000000..2fc449520 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml @@ -0,0 +1,39 @@ +--- +- name: generate heapster key/cert + command: > + {{ openshift.common.admin_binary }} ca create-server-cert + --key='{{ openshift_metrics_certs_dir }}/heapster.key' + --cert='{{ openshift_metrics_certs_dir }}/heapster.cert' + --hostnames=heapster + --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt' + --signer-key='{{ openshift_metrics_certs_dir }}/ca.key' + --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt' + when: not '{{ openshift_metrics_certs_dir }}/heapster.key'|exists +- when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines" + block: + - name: read files for the heapster secret + slurp: src={{ item }} + register: heapster_secret + with_items: + - "{{ openshift_metrics_certs_dir }}/heapster.cert" + - "{{ openshift_metrics_certs_dir }}/heapster.key" + - "{{ client_ca }}" + vars: + custom_ca: "{{ openshift_metrics_certs_dir }}/heapster_client_ca.crt" + default_ca: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + client_ca: "{{ custom_ca|exists|ternary(custom_ca, default_ca) }}" + - name: generate heapster secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/heapster_secrets.yaml" + force: no + vars: + name: heapster-secrets + labels: + metrics-infra: heapster + data: + heapster.cert: "{{ heapster_secret.results[0].content }}" + heapster.key: "{{ heapster_secret.results[1].content }}" + heapster.client-ca: "{{ heapster_secret.results[2].content }}" + heapster.allowed-users: > + {{ openshift_metrics_heapster_allowed_users|b64encode }} |