blob: c6e2ccbc01647851b9263dc4cc32e35409056c75 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
---
# check if pod generated files exist -- if they all do don't run the pod
- name: Checking for elasticsearch.jks
stat: path="{{generated_certs_dir}}/elasticsearch.jks"
register: elasticsearch_jks
check_mode: no
- name: Checking for logging-es.jks
stat: path="{{generated_certs_dir}}/logging-es.jks"
register: logging_es_jks
check_mode: no
- name: Checking for system.admin.jks
stat: path="{{generated_certs_dir}}/system.admin.jks"
register: system_admin_jks
check_mode: no
- name: Checking for truststore.jks
stat: path="{{generated_certs_dir}}/truststore.jks"
register: truststore_jks
check_mode: no
- name: Create temp directory for doing work in
local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
register: local_tmp
changed_when: False
check_mode: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
when: elasticsearch_jks.stat.exists
changed_when: False
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r"
when: logging_es_jks.stat.exists
changed_when: False
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r"
when: system_admin_jks.stat.exists
changed_when: False
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r"
when: truststore_jks.stat.exists
changed_when: False
- name: pulling down signing items from host
fetch:
src: "{{generated_certs_dir}}/{{item}}"
dest: "{{local_tmp.stdout}}/{{item}}"
flat: yes
with_items:
- ca.crt
- ca.key
- ca.serial.txt
- ca.crl.srl
- ca.db
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
- local_action: template src=signing.conf.j2 dest={{local_tmp.stdout}}/signing.conf
vars:
- top_dir: "{{local_tmp.stdout}}"
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
- name: Run JKS generation script
local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}}
check_mode: no
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
- name: Pushing locally generated JKS certs to remote host...
copy:
src: "{{local_tmp.stdout}}/elasticsearch.jks"
dest: "{{generated_certs_dir}}/elasticsearch.jks"
when: not elasticsearch_jks.stat.exists
- name: Pushing locally generated JKS certs to remote host...
copy:
src: "{{local_tmp.stdout}}/logging-es.jks"
dest: "{{generated_certs_dir}}/logging-es.jks"
when: not logging_es_jks.stat.exists
- name: Pushing locally generated JKS certs to remote host...
copy:
src: "{{local_tmp.stdout}}/system.admin.jks"
dest: "{{generated_certs_dir}}/system.admin.jks"
when: not system_admin_jks.stat.exists
- name: Pushing locally generated JKS certs to remote host...
copy:
src: "{{local_tmp.stdout}}/truststore.jks"
dest: "{{generated_certs_dir}}/truststore.jks"
when: not truststore_jks.stat.exists
- name: Cleaning up temp dir
local_action: file path="{{local_tmp.stdout}}" state=absent
changed_when: False
|