From c16a92f804518fae19294280a9bd1d57976253ff Mon Sep 17 00:00:00 2001
From: Vishal Patil <vishal.patil@nuagenetworks.net>
Date: Tue, 1 Mar 2016 13:07:33 -0500
Subject: Changes required for Nuage monitor REST server

---
 roles/nuage_master/tasks/certificates.yml | 50 +++++++++++++++++++++++++++++++
 roles/nuage_master/tasks/main.yaml        |  6 ++--
 2 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 roles/nuage_master/tasks/certificates.yml

(limited to 'roles/nuage_master/tasks')

diff --git a/roles/nuage_master/tasks/certificates.yml b/roles/nuage_master/tasks/certificates.yml
new file mode 100644
index 000000000..0d3c69467
--- /dev/null
+++ b/roles/nuage_master/tasks/certificates.yml
@@ -0,0 +1,50 @@
+---
+- name: Create a directory to hold the certificates
+  file: path="{{ nuage_mon_rest_server_crt_dir }}" state=directory
+  delegate_to: "{{ nuage_ca_master }}" 
+
+- name: Create the key
+  command: >
+    openssl genrsa -out "{{ nuage_ca_master_rest_server_key }}" 4096  
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the req file
+  command: >
+    openssl req -key "{{ nuage_ca_master_rest_server_key }}" -new -out "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -subj "/CN={{ ansible_nodename }}"
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Generate the crt file
+  command: >
+     openssl x509 -req -in "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}"  -out "{{ nuage_ca_master_rest_server_crt }}"
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Remove the req file
+  file: path="{{ nuage_mon_rest_server_crt_dir }}/restServer.req" state=absent
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy nuage CA crt
+  shell: cp "{{ nuage_ca_crt }}" "{{ nuage_mon_rest_server_crt_dir }}"
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Archive the certificate dir
+  shell: "cd {{ nuage_mon_rest_server_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *"
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create a temp directory for the certificates 
+  local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX"
+  register: mktemp
+
+- name: Download the certificates
+  fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Extract the certificates
+  unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_master_crt_dir }}
+
+- name: Delete the certificates after copy
+  file: path="{{ nuage_mon_rest_server_crt_dir }}" state=absent 
+  delegate_to: "{{ nuage_ca_master }}"
+
+- name: Delete the temp directory
+  file: path="{{ mktemp.stdout }}" state=absent
+  delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index 20d105b9e..abeee3d71 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -5,7 +5,7 @@
 
 - name: Create the log directory
   sudo: true
-  file: path={{ nuage_openshift_monitor_log_dir }} state=directory
+  file: path={{ nuage_mon_rest_server_logdir }} state=directory
 
 - name: Install Nuage Openshift Monitor 
   sudo: true
@@ -23,7 +23,9 @@
         - nuage.crt
         - nuage.key
         - nuage.kubeconfig 
- 
+
+- include: certificates.yml 
+
 - name: Create nuage-openshift-monitor.yaml
   sudo: true
   template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644
-- 
cgit v1.2.3