summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorJeff Cantrill <jcantrill@users.noreply.github.com>2016-12-14 14:40:36 -0500
committerJeff Cantrill <jcantril@redhat.com>2017-01-17 11:45:04 -0500
commit84b1c4848f610c5792809bb2e9e5b0d8f77ea50c (patch)
tree0d47f74415ed4b547fdaafa8a897ee75ca0f0ecb /roles
parentee931f90dbab01596bd90fa8007ac49de5178a17 (diff)
downloadopenshift-84b1c4848f610c5792809bb2e9e5b0d8f77ea50c.tar.gz
openshift-84b1c4848f610c5792809bb2e9e5b0d8f77ea50c.tar.bz2
openshift-84b1c4848f610c5792809bb2e9e5b0d8f77ea50c.tar.xz
openshift-84b1c4848f610c5792809bb2e9e5b0d8f77ea50c.zip
copy admin cert for use in subsequent tasks (#8)
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_metrics/tasks/generate_certificates.yaml4
-rw-r--r--roles/openshift_metrics/tasks/generate_heapster_certificates.yaml4
-rw-r--r--roles/openshift_metrics/tasks/main.yaml12
-rw-r--r--roles/openshift_metrics/tasks/setup_certificate.yaml1
-rw-r--r--roles/openshift_metrics/tasks/uninstall_metrics.yaml4
5 files changed, 19 insertions, 6 deletions
diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml
index 92ce919a1..66cfbca03 100644
--- a/roles/openshift_metrics/tasks/generate_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_certificates.yaml
@@ -7,16 +7,18 @@
- name: list existing secrets
command: >
{{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
+ --config={{ mktemp.stdout }}/admin.kubeconfig
get secrets -o name
register: metrics_secrets
changed_when: false
- name: generate ca certificate chain
shell: >
{{ openshift.common.admin_binary }} ca create-signer-cert
+ --config={{ mktemp.stdout }}/admin.kubeconfig
--key='{{ openshift_metrics_certs_dir }}/ca.key'
--cert='{{ openshift_metrics_certs_dir }}/ca.crt'
--serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
--name="metrics-signer@$(date +%s)"
- when: not '{{ openshift_metrics_certs_dir }}/ca.key'|exists
+ when: not '{{ openshift_metrics_certs_dir }}/ca.key' | exists
- include: generate_heapster_certificates.yaml
- include: generate_hawkular_certificates.yaml
diff --git a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml
index 2fc449520..2449b1518 100644
--- a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml
@@ -2,13 +2,15 @@
- name: generate heapster key/cert
command: >
{{ openshift.common.admin_binary }} ca create-server-cert
+ --config={{ mktemp.stdout }}/admin.kubeconfig
--key='{{ openshift_metrics_certs_dir }}/heapster.key'
--cert='{{ openshift_metrics_certs_dir }}/heapster.cert'
--hostnames=heapster
--signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt'
--signer-key='{{ openshift_metrics_certs_dir }}/ca.key'
--signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
- when: not '{{ openshift_metrics_certs_dir }}/heapster.key'|exists
+ when: not '{{ openshift_metrics_certs_dir }}/heapster.key' | exists
+
- when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines"
block:
- name: read files for the heapster secret
diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml
index adedd4069..d4bafdc30 100644
--- a/roles/openshift_metrics/tasks/main.yaml
+++ b/roles/openshift_metrics/tasks/main.yaml
@@ -1,7 +1,7 @@
---
- name: check that hawkular_metrics_hostname is set
fail: msg='the openshift_metrics_hawkular_metrics_hostname variable is required'
- when: "{{ openshift_metrics_hawkular_metrics_hostname is not defined }}"
+ when: openshift_metrics_hawkular_metrics_hostname is not defined
- name: check the value of openshift_metrics_hawkular_cassandra_storage_type
fail:
@@ -21,6 +21,13 @@
file: path={{mktemp.stdout}}/templates state=directory mode=0755
changed_when: False
+- name: Copy the admin client config(s)
+ command: >
+ cp {{ openshift.common.config_base}}/master/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
+ changed_when: False
+ check_mode: no
+ tags: metrics_init
+
- include: "{{role_path}}/tasks/install_metrics.yaml"
when: openshift_metrics_install_metrics | default(false) | bool
@@ -29,7 +36,8 @@
- name: create objects
command: >
- {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}'
+ {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
+ --config={{ mktemp.stdout }}/admin.kubeconfig
apply -f {{ item }}
with_fileglob:
- "{{ mktemp.stdout }}/templates/*.yaml"
diff --git a/roles/openshift_metrics/tasks/setup_certificate.yaml b/roles/openshift_metrics/tasks/setup_certificate.yaml
index d6ee4167b..52e748234 100644
--- a/roles/openshift_metrics/tasks/setup_certificate.yaml
+++ b/roles/openshift_metrics/tasks/setup_certificate.yaml
@@ -2,6 +2,7 @@
- name: generate {{ component }} keys
command: >
{{ openshift.common.admin_binary }} ca create-server-cert
+ --config={{ mktemp.stdout }}/admin.kubeconfig
--key='{{ openshift_metrics_certs_dir }}/{{ component }}.key'
--cert='{{ openshift_metrics_certs_dir }}/{{ component }}.crt'
--hostnames='{{ hostnames }}'
diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml
index a29faef31..cf9b5171c 100644
--- a/roles/openshift_metrics/tasks/uninstall_metrics.yaml
+++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml
@@ -1,14 +1,14 @@
---
- name: remove metrics components
command: >
- {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}'
+ {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
delete --selector=metrics-infra
all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings
register: delete_metrics
changed_when: "delete_metrics.stdout != 'No resources found'"
- name: remove rolebindings
command: >
- {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
+ {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
delete --ignore-not-found
rolebinding/hawkular-view
clusterrolebinding/heapster-cluster-reader