diff options
author | ewolinetz <ewolinet@redhat.com> | 2017-01-24 18:02:23 -0600 |
---|---|---|
committer | ewolinetz <ewolinet@redhat.com> | 2017-01-24 19:47:16 -0600 |
commit | a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd (patch) | |
tree | dfc897b84bdbfbf2bea0208e2a016c67fdaf5305 /roles/openshift_logging/tasks/generate_certs.yaml | |
parent | f7ba230237354b4c82d8514026c4c9a40cadb515 (diff) | |
download | openshift-a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd.tar.gz openshift-a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd.tar.bz2 openshift-a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd.tar.xz openshift-a5da69ef2e5c21aa82a3c780e6d0fa88df6085dd.zip |
fixes jks generation, node labeling, and rerunning for oauth secrets
Diffstat (limited to 'roles/openshift_logging/tasks/generate_certs.yaml')
-rw-r--r-- | roles/openshift_logging/tasks/generate_certs.yaml | 48 |
1 files changed, 2 insertions, 46 deletions
diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index 20e50482e..740e490e1 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -88,56 +88,12 @@ - name: Creating necessary JKS certs include: generate_jks.yaml -# check for secret/logging-kibana-proxy -- command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get secret/logging-kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.data.oauth-secret}' - register: kibana_secret_oauth_check - ignore_errors: yes - changed_when: no - check_mode: no - -- command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get secret/logging-kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.data.session-secret}' - register: kibana_secret_session_check - ignore_errors: yes - changed_when: no - check_mode: no - -# check for oauthclient secret -- command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get oauthclient/kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.secret}' - register: oauth_secret_check - ignore_errors: yes - changed_when: no - check_mode: no - -# set or generate as needed +# TODO: make idempotent - name: Generate proxy session set_fact: session_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(200)}} check_mode: no - when: - - kibana_secret_session_check.stdout is not defined or kibana_secret_session_check.stdout == '' - -- name: Generate proxy session - set_fact: session_secret={{kibana_secret_session_check.stdout | b64decode }} - check_mode: no - when: - - kibana_secret_session_check.stdout is defined - - kibana_secret_session_check.stdout != '' +# TODO: make idempotent - name: Generate oauth client secret set_fact: oauth_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}} check_mode: no - when: kibana_secret_oauth_check.stdout is not defined or kibana_secret_oauth_check.stdout == '' - or oauth_secret_check.stdout is not defined or oauth_secret_check.stdout == '' - or kibana_secret_oauth_check.stdout | b64decode != oauth_secret_check.stdout - -- name: Generate oauth client secret - set_fact: oauth_secret={{kibana_secret_oauth_check.stdout | b64decode}} - check_mode: no - when: - - kibana_secret_oauth_check is defined - - kibana_secret_oauth_check.stdout != '' - - oauth_secret_check.stdout is defined - - oauth_secret_check.stdout != '' - - kibana_secret_oauth_check.stdout | b64decode == oauth_secret_check.stdout |