blob: 31129a6ac2e825f046da5b4104f7d56e40f4c7f5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
---
- name: generate hawkular-metrics certificates
include: setup_certificate.yaml
vars:
component: hawkular-metrics
hostnames: "hawkular-metrics,hawkular-metrics.{{ openshift_metrics_project }}.svc.cluster.local,{{ openshift_metrics_hawkular_hostname }}"
changed_when: no
- name: generate hawkular-cassandra certificates
include: setup_certificate.yaml
vars:
component: hawkular-cassandra
hostnames: hawkular-cassandra
changed_when: no
- name: generate password for hawkular metrics
local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}"
with_items:
- hawkular-metrics
become: false
- local_action: slurp src="{{ local_tmp.stdout }}/hawkular-metrics.pwd"
register: hawkular_metrics_pwd
no_log: true
become: false
- name: generate htpasswd file for hawkular metrics
local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}"
become: false
- name: copy local generated passwords to target
copy:
src: "{{ local_tmp.stdout }}/{{ item }}"
dest: "{{ mktemp.stdout }}/{{ item }}"
with_items:
- hawkular-metrics.pwd
- hawkular-metrics.htpasswd
- name: read files for the hawkular-metrics secret
shell: >
printf '%s: ' '{{ item }}'
&& base64 --wrap 0 '{{ mktemp.stdout }}/{{ item }}'
register: hawkular_secrets
with_items:
- ca.crt
- hawkular-metrics.pwd
- hawkular-metrics.htpasswd
- hawkular-metrics.crt
- hawkular-metrics.key
- hawkular-metrics.pem
- hawkular-cassandra.crt
- hawkular-cassandra.key
- hawkular-cassandra.pem
changed_when: false
- set_fact:
hawkular_secrets: |
{{ hawkular_secrets.results|map(attribute='stdout')|join('
')|from_yaml }}
- name: generate hawkular-metrics-certs secret template
template:
src: secret.j2
dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-certs.yaml"
vars:
name: hawkular-metrics-certs
labels:
metrics-infra: hawkular-metrics-certs
annotations:
service.alpha.openshift.io/originating-service-name: hawkular-metrics
data:
tls.crt: >
{{ hawkular_secrets['hawkular-metrics.crt'] }}
tls.key: >
{{ hawkular_secrets['hawkular-metrics.key'] }}
tls.truststore.crt: >
{{ hawkular_secrets['hawkular-cassandra.crt'] }}
ca.crt: >
{{ hawkular_secrets['ca.crt'] }}
when: name not in metrics_secrets.stdout_lines
changed_when: no
- name: generate hawkular-metrics-account secret template
template:
src: secret.j2
dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_account.yaml"
vars:
name: hawkular-metrics-account
labels:
metrics-infra: hawkular-metrics
data:
hawkular-metrics.username: "{{ 'hawkular'|b64encode }}"
hawkular-metrics.htpasswd: "{{ hawkular_secrets['hawkular-metrics.htpasswd'] }}"
hawkular-metrics.password: >
{{ hawkular_secrets['hawkular-metrics.pwd'] }}
when: name not in metrics_secrets.stdout_lines
changed_when: no
- name: generate cassandra secret template
template:
src: secret.j2
dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-certs.yaml"
vars:
name: hawkular-cassandra-certs
labels:
metrics-infra: hawkular-cassandra-certs
annotations:
service.alpha.openshift.io/originating-service-name: hawkular-cassandra
data:
tls.crt: >
{{ hawkular_secrets['hawkular-cassandra.crt'] }}
tls.key: >
{{ hawkular_secrets['hawkular-cassandra.key'] }}
tls.peer.truststore.crt: >
{{ hawkular_secrets['hawkular-cassandra.crt'] }}
tls.client.truststore.crt: >
{{ hawkular_secrets['hawkular-metrics.crt'] }}
when: name not in metrics_secrets
changed_when: no
|