diff options
author | Rich Megginson <rmeggins@redhat.com> | 2017-05-02 08:51:51 -0600 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2017-05-18 21:18:05 -0600 |
commit | a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b (patch) | |
tree | 89550cab3eb2898df87db86c53005ab01431ccb2 /roles/openshift_logging/tasks/generate_certs.yaml | |
parent | be064f7be58d905874e8ebc34c8f270841b49887 (diff) | |
download | openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.gz openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.bz2 openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.xz openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.zip |
add ability to expose Elasticsearch as an external route
This adds the ability to expose Elastisearch as a route outside of the
cluster.
- `openshift_logging_es_allow_external`: True (default is False) - if this is
True, Elasticsearch will be exposed as a Route
- `openshift_logging_es_ops_hostname`: The external facing hostname to use for
the route and the TLS server certificate (default is "es." +
`openshift_master_default_subdomain`)
There are other similar parameters for the TLS server cert, key, and CA cert.
There are other similar parameters for when the OPS cluster is deployed e.g.
`openshift_logging_es_ops_allow_external`, etc.
Diffstat (limited to 'roles/openshift_logging/tasks/generate_certs.yaml')
-rw-r--r-- | roles/openshift_logging/tasks/generate_certs.yaml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index b34df018d..46a7e82c6 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -60,6 +60,24 @@ - procure_component: mux when: openshift_logging_use_mux +- include: procure_server_certs.yaml + loop_control: + loop_var: cert_info + with_items: + - procure_component: es + hostnames: "es, {{openshift_logging_es_hostname}}" + when: openshift_logging_es_allow_external | bool + +- include: procure_server_certs.yaml + loop_control: + loop_var: cert_info + with_items: + - procure_component: es-ops + hostnames: "es-ops, {{openshift_logging_es_ops_hostname}}" + when: + - openshift_logging_es_allow_external | bool + - openshift_logging_use_ops | bool + - name: Copy proxy TLS configuration file copy: src=server-tls.json dest={{generated_certs_dir}}/server-tls.json when: server_tls_json is undefined @@ -108,6 +126,14 @@ loop_var: node_name when: openshift_logging_use_mux +- name: Generate PEM cert for Elasticsearch external route + include: generate_pems.yaml component={{node_name}} + with_items: + - system.logging.es + loop_control: + loop_var: node_name + when: openshift_logging_es_allow_external | bool + - name: Creating necessary JKS certs include: generate_jks.yaml |