summaryrefslogtreecommitdiffstats
path: root/roles/openshift_logging/tasks/generate_certs.yaml
diff options
context:
space:
mode:
authorewolinetz <ewolinet@redhat.com>2017-01-24 18:02:23 -0600
committerewolinetz <ewolinet@redhat.com>2017-01-24 19:47:16 -0600
commita5da69ef2e5c21aa82a3c780e6d0fa88df6085dd (patch)
treedfc897b84bdbfbf2bea0208e2a016c67fdaf5305 /roles/openshift_logging/tasks/generate_certs.yaml
parentf7ba230237354b4c82d8514026c4c9a40cadb515 (diff)
downloadopenshift-a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd.tar.gz
openshift-a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd.tar.bz2
openshift-a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd.tar.xz
openshift-a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd.zip
fixes jks generation, node labeling, and rerunning for oauth secrets
Diffstat (limited to 'roles/openshift_logging/tasks/generate_certs.yaml')
-rw-r--r--roles/openshift_logging/tasks/generate_certs.yaml48
1 files changed, 2 insertions, 46 deletions
diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml
index 20e50482e..740e490e1 100644
--- a/roles/openshift_logging/tasks/generate_certs.yaml
+++ b/roles/openshift_logging/tasks/generate_certs.yaml
@@ -88,56 +88,12 @@
- name: Creating necessary JKS certs
include: generate_jks.yaml
-# check for secret/logging-kibana-proxy
-- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get secret/logging-kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.data.oauth-secret}'
- register: kibana_secret_oauth_check
- ignore_errors: yes
- changed_when: no
- check_mode: no
-
-- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get secret/logging-kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.data.session-secret}'
- register: kibana_secret_session_check
- ignore_errors: yes
- changed_when: no
- check_mode: no
-
-# check for oauthclient secret
-- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get oauthclient/kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.secret}'
- register: oauth_secret_check
- ignore_errors: yes
- changed_when: no
- check_mode: no
-
-# set or generate as needed
+# TODO: make idempotent
- name: Generate proxy session
set_fact: session_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(200)}}
check_mode: no
- when:
- - kibana_secret_session_check.stdout is not defined or kibana_secret_session_check.stdout == ''
-
-- name: Generate proxy session
- set_fact: session_secret={{kibana_secret_session_check.stdout | b64decode }}
- check_mode: no
- when:
- - kibana_secret_session_check.stdout is defined
- - kibana_secret_session_check.stdout != ''
+# TODO: make idempotent
- name: Generate oauth client secret
set_fact: oauth_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}}
check_mode: no
- when: kibana_secret_oauth_check.stdout is not defined or kibana_secret_oauth_check.stdout == ''
- or oauth_secret_check.stdout is not defined or oauth_secret_check.stdout == ''
- or kibana_secret_oauth_check.stdout | b64decode != oauth_secret_check.stdout
-
-- name: Generate oauth client secret
- set_fact: oauth_secret={{kibana_secret_oauth_check.stdout | b64decode}}
- check_mode: no
- when:
- - kibana_secret_oauth_check is defined
- - kibana_secret_oauth_check.stdout != ''
- - oauth_secret_check.stdout is defined
- - oauth_secret_check.stdout != ''
- - kibana_secret_oauth_check.stdout | b64decode == oauth_secret_check.stdout