diff options
Diffstat (limited to 'roles/openshift_logging/tasks/generate_secrets.yaml')
-rw-r--r-- | roles/openshift_logging/tasks/generate_secrets.yaml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml index c1da49fd8..b629bd995 100644 --- a/roles/openshift_logging/tasks/generate_secrets.yaml +++ b/roles/openshift_logging/tasks/generate_secrets.yaml @@ -99,3 +99,31 @@ when: logging_es_secret.stdout is defined check_mode: no changed_when: no + +- name: Retrieving the cert to use when generating secrets for Elasticsearch external route + slurp: src="{{generated_certs_dir}}/{{item.file}}" + register: es_key_pairs + with_items: + - { name: "ca_file", file: "ca.crt" } + - { name: "es_key", file: "system.logging.es.key"} + - { name: "es_cert", file: "system.logging.es.crt"} + when: openshift_logging_es_allow_external | bool + +- name: Generating secrets for Elasticsearch external route + template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml + vars: + secret_name: "logging-{{component}}" + secret_key_file: "{{component}}_key" + secret_cert_file: "{{component}}_cert" + secrets: + - {key: ca, value: "{{es_key_pairs | entry_from_named_pair('ca_file')| b64decode }}"} + - {key: key, value: "{{es_key_pairs | entry_from_named_pair(secret_key_file)| b64decode }}"} + - {key: cert, value: "{{es_key_pairs | entry_from_named_pair(secret_cert_file)| b64decode }}"} + secret_keys: ["ca", "cert", "key"] + with_items: + - es + loop_control: + loop_var: component + check_mode: no + changed_when: no + when: openshift_logging_es_allow_external | bool |