Adding to ansible spec and changing logging jks generation to be a local_action

1 files changed, 111 insertions, 0 deletions

diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml
new file mode 100644
index 000000000..adb6c2b2d
--- /dev/null
+++ b/roles/openshift_logging/tasks/generate_jks.yaml
@@ -0,0 +1,111 @@
+---
+# check if pod generated files exist -- if they all do don't run the pod
+- name: Checking for elasticsearch.jks
+  stat: path="{{generated_certs_dir}}/elasticsearch.jks"
+  register: elasticsearch_jks
+  check_mode: no
+
+- name: Checking for logging-es.jks
+  stat: path="{{generated_certs_dir}}/logging-es.jks"
+  register: logging_es_jks
+  check_mode: no
+
+- name: Checking for system.admin.jks
+  stat: path="{{generated_certs_dir}}/system.admin.jks"
+  register: system_admin_jks
+  check_mode: no
+
+- name: Checking for truststore.jks
+  stat: path="{{generated_certs_dir}}/truststore.jks"
+  register: truststore_jks
+  check_mode: no
+
+- name: Create temp directory for doing work in
+  local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
+  register: local_tmp
+  changed_when: False
+  check_mode: no
+
+- name: Create placeholder for previously created JKS certs to prevent recreating...
+  file:
+    path: "{{local_tmp.stdout}}/elasticsearch.jks"
+    state: touch
+    mode: "u=rw,g=r,o=r"
+  when: elasticsearch_jks.stat.exists
+  changed_when: False
+
+- name: Create placeholder for previously created JKS certs to prevent recreating...
+  file:
+    path: "{{local_tmp.stdout}}/logging-es.jks"
+    state: touch
+    mode: "u=rw,g=r,o=r"
+  when: logging_es_jks.stat.exists
+  changed_when: False
+
+- name: Create placeholder for previously created JKS certs to prevent recreating...
+  file:
+    path: "{{local_tmp.stdout}}/system.admin.jks"
+    state: touch
+    mode: "u=rw,g=r,o=r"
+  when: system_admin_jks.stat.exists
+  changed_when: False
+
+- name: Create placeholder for previously created JKS certs to prevent recreating...
+  file:
+    path: "{{local_tmp.stdout}}/truststore.jks"
+    state: touch
+    mode: "u=rw,g=r,o=r"
+  when: truststore_jks.stat.exists
+  changed_when: False
+
+- name: pulling down signing items from host
+  fetch:
+    src: "{{generated_certs_dir}}/{{item}}"
+    dest: "{{local_tmp.stdout}}/{{item}}"
+    flat: yes
+  with_items:
+    - ca.crt
+    - ca.key
+    - ca.serial.txt
+    - ca.crl.srl
+    - ca.db
+
+- local_action: template src=signing.conf.j2 dest={{local_tmp.stdout}}/signing.conf
+  vars:
+    - top_dir: "{{local_tmp.stdout}}"
+
+- name: Run JKS generation script
+  local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}}
+  check_mode: no
+  become: yes
+  when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
+
+- name: Pushing locally generated JKS certs to remote host...
+  copy:
+    src: "{{local_tmp.stdout}}/elasticsearch.jks"
+    dest: "{{generated_certs_dir}}/elasticsearch.jks"
+  when: not elasticsearch_jks.stat.exists
+
+- name: Pushing locally generated JKS certs to remote host...
+  copy:
+    src: "{{local_tmp.stdout}}/logging-es.jks"
+    dest: "{{generated_certs_dir}}/logging-es.jks"
+  when: not logging_es_jks.stat.exists
+
+- name: Pushing locally generated JKS certs to remote host...
+  copy:
+    src: "{{local_tmp.stdout}}/system.admin.jks"
+    dest: "{{generated_certs_dir}}/system.admin.jks"
+  when: not system_admin_jks.stat.exists
+
+- name: Pushing locally generated JKS certs to remote host...
+  copy:
+    src: "{{local_tmp.stdout}}/truststore.jks"
+    dest: "{{generated_certs_dir}}/truststore.jks"
+  when: not truststore_jks.stat.exists
+
+- name: Cleaning up temp dir
+  file:
+    path: "{{local_tmp.stdout}}"
+    state: absent
+  changed_when: False