From 1e8928c96627218fdc422bfa3731f790699abfbb Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Fri, 6 Jan 2017 11:23:28 -0500 Subject: User provided certs pushed from control. vars reorg (#12) Merging per discussion and agreement from @bbguimaraes --- .../tasks/generate_certificates.yaml | 2 + .../tasks/generate_hawkular_certificates.yaml | 2 +- .../openshift_metrics/tasks/install_hawkular.yaml | 47 ++++++++++++++-------- roles/openshift_metrics/tasks/install_metrics.yaml | 4 +- 4 files changed, 35 insertions(+), 20 deletions(-) (limited to 'roles/openshift_metrics/tasks') diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml index 66cfbca03..16a967aa7 100644 --- a/roles/openshift_metrics/tasks/generate_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -4,6 +4,7 @@ path: "{{ openshift_metrics_certs_dir }}" state: directory mode: 0700 + - name: list existing secrets command: > {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} @@ -11,6 +12,7 @@ get secrets -o name register: metrics_secrets changed_when: false + - name: generate ca certificate chain shell: > {{ openshift.common.admin_binary }} ca create-signer-cert diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 4e032ca7e..f36175735 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -3,7 +3,7 @@ include: setup_certificate.yaml vars: component: hawkular-metrics - hostnames: "hawkular-metrics,{{ openshift_metrics_hawkular_metrics_hostname }}" + hostnames: "hawkular-metrics,{{ openshift_metrics_hawkular_hostname }}" - name: generate hawkular-cassandra certificates include: setup_certificate.yaml vars: diff --git a/roles/openshift_metrics/tasks/install_hawkular.yaml b/roles/openshift_metrics/tasks/install_hawkular.yaml index 1acc8948d..34a8c58b8 100644 --- a/roles/openshift_metrics/tasks/install_hawkular.yaml +++ b/roles/openshift_metrics/tasks/install_hawkular.yaml @@ -11,7 +11,7 @@ vars: node: "{{ item }}" master: "{{ (item == '1')|string|lower }}" - with_sequence: count={{ openshift_metrics_cassandra_nodes }} + with_sequence: count={{ openshift_metrics_cassandra_replicas }} - name: generate hawkular-cassandra persistent volume claims template: @@ -24,7 +24,7 @@ access_modes: - ReadWriteOnce size: "{{ openshift_metrics_cassandra_pv_size }}" - with_sequence: count={{ openshift_metrics_cassandra_nodes }} + with_sequence: count={{ openshift_metrics_cassandra_replicas }} when: openshift_metrics_cassandra_storage_type == 'pv' - name: generate hawkular-cassandra persistent volume claims (dynamic) @@ -40,25 +40,38 @@ access_modes: - ReadWriteOnce size: "{{ openshift_metrics_cassandra_pv_size }}" - with_sequence: count={{ openshift_metrics_cassandra_nodes }} + with_sequence: count={{ openshift_metrics_cassandra_replicas }} when: openshift_metrics_cassandra_storage_type == 'dynamic' - name: read hawkular-metrics route destination ca certificate slurp: src={{ openshift_metrics_certs_dir }}/ca.crt register: metrics_route_dest_ca_cert -- name: generate the hawkular-metrics route - template: - src: route.j2 - dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-route.yaml" - vars: - name: hawkular-metrics - labels: - metrics-infra: hawkular-metrics - host: "{{ openshift_metrics_hawkular_metrics_hostname }}" - to: - kind: Service +- block: + - set_fact: hawkular_key={{ lookup('file', openshift_metrics_hawkular_key) }} + when: openshift_metrics_hawkular_key | exists + + - set_fact: hawkular_cert={{ lookup('file', openshift_metrics_hawkular_cert) }} + when: openshift_metrics_hawkular_cert | exists + + - set_fact: hawkular_ca={{ lookup('file', openshift_metrics_hawkular_ca) }} + when: openshift_metrics_hawkular_ca | exists + + - name: generate the hawkular-metrics route + template: + src: route.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-route.yaml" + vars: name: hawkular-metrics - tls: - termination: reencrypt - destination_ca_certificate: "{{ metrics_route_dest_ca_cert.content }}" + labels: + metrics-infra: hawkular-metrics + host: "{{ openshift_metrics_hawkular_hostname }}" + to: + kind: Service + name: hawkular-metrics + tls: + termination: reencrypt + key: "{{ hawkular_key | default('') }}" + certificate: "{{ hawkular_cert | default('') }}" + ca_certificate: "{{ hawkular_ca | default('') }}" + destination_ca_certificate: "{{ metrics_route_dest_ca_cert.content | b64decode }}" diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index a6a094a83..b45629b70 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -1,7 +1,7 @@ --- - name: check that hawkular_metrics_hostname is set - fail: msg='the openshift_metrics_hawkular_metrics_hostname variable is required' - when: openshift_metrics_hawkular_metrics_hostname is not defined + fail: msg='the openshift_metrics_hawkular_hostname variable is required' + when: openshift_metrics_hawkular_hostname is not defined - name: check the value of openshift_metrics_cassandra_storage_type fail: -- cgit v1.2.3