summaryrefslogtreecommitdiffstats
path: root/roles/openshift_logging/tasks/generate_certs.yaml
diff options
context:
space:
mode:
authorRich Megginson <rmeggins@redhat.com>2017-05-02 08:51:51 -0600
committerRich Megginson <rmeggins@redhat.com>2017-05-18 21:18:05 -0600
commita4c6ae5af5237bc4c09476be1c12e61b9d41fb9b (patch)
tree89550cab3eb2898df87db86c53005ab01431ccb2 /roles/openshift_logging/tasks/generate_certs.yaml
parentbe064f7be58d905874e8ebc34c8f270841b49887 (diff)
downloadopenshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.gz
openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.bz2
openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.xz
openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.zip
add ability to expose Elasticsearch as an external route
This adds the ability to expose Elastisearch as a route outside of the cluster. - `openshift_logging_es_allow_external`: True (default is False) - if this is True, Elasticsearch will be exposed as a Route - `openshift_logging_es_ops_hostname`: The external facing hostname to use for the route and the TLS server certificate (default is "es." + `openshift_master_default_subdomain`) There are other similar parameters for the TLS server cert, key, and CA cert. There are other similar parameters for when the OPS cluster is deployed e.g. `openshift_logging_es_ops_allow_external`, etc.
Diffstat (limited to 'roles/openshift_logging/tasks/generate_certs.yaml')
-rw-r--r--roles/openshift_logging/tasks/generate_certs.yaml26
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml
index b34df018d..46a7e82c6 100644
--- a/roles/openshift_logging/tasks/generate_certs.yaml
+++ b/roles/openshift_logging/tasks/generate_certs.yaml
@@ -60,6 +60,24 @@
- procure_component: mux
when: openshift_logging_use_mux
+- include: procure_server_certs.yaml
+ loop_control:
+ loop_var: cert_info
+ with_items:
+ - procure_component: es
+ hostnames: "es, {{openshift_logging_es_hostname}}"
+ when: openshift_logging_es_allow_external | bool
+
+- include: procure_server_certs.yaml
+ loop_control:
+ loop_var: cert_info
+ with_items:
+ - procure_component: es-ops
+ hostnames: "es-ops, {{openshift_logging_es_ops_hostname}}"
+ when:
+ - openshift_logging_es_allow_external | bool
+ - openshift_logging_use_ops | bool
+
- name: Copy proxy TLS configuration file
copy: src=server-tls.json dest={{generated_certs_dir}}/server-tls.json
when: server_tls_json is undefined
@@ -108,6 +126,14 @@
loop_var: node_name
when: openshift_logging_use_mux
+- name: Generate PEM cert for Elasticsearch external route
+ include: generate_pems.yaml component={{node_name}}
+ with_items:
+ - system.logging.es
+ loop_control:
+ loop_var: node_name
+ when: openshift_logging_es_allow_external | bool
+
- name: Creating necessary JKS certs
include: generate_jks.yaml