diff options
Diffstat (limited to 'roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml')
-rw-r--r-- | roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index f36175735..995440598 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -4,31 +4,37 @@ vars: component: hawkular-metrics hostnames: "hawkular-metrics,{{ openshift_metrics_hawkular_hostname }}" + changed_when: no + - name: generate hawkular-cassandra certificates include: setup_certificate.yaml vars: component: hawkular-cassandra hostnames: hawkular-cassandra + changed_when: no + - name: check existing aliases on the hawkular-cassandra truststore shell: > keytool -noprompt -list - -keystore {{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore + -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra.truststore -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')" + '{{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd')" | sed -n '7~2s/,.*$//p' register: hawkular_cassandra_truststore_aliases changed_when: false + - name: check existing aliases on the hawkular-metrics truststore shell: > keytool -noprompt -list - -keystore {{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore + -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-metrics.truststore -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')" + '{{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd')" | sed -n '7~2s/,.*$//p' register: hawkular_metrics_truststore_aliases changed_when: false + - name: import the hawkular metrics cert into the cassandra truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics -file '{{ openshift_metrics_certs_dir }}/hawkular-metrics.crt' @@ -38,8 +44,9 @@ when: > 'hawkular-metrics' not in hawkular_cassandra_truststore_aliases.stdout_lines + - name: import the hawkular cassandra cert into the hawkular metrics truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt' @@ -49,8 +56,9 @@ when: > 'hawkular-cassandra' not in hawkular_metrics_truststore_aliases.stdout_lines + - name: import the hawkular cassandra cert into the cassandra truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt' @@ -60,8 +68,9 @@ when: > 'hawkular-cassandra' not in hawkular_cassandra_truststore_aliases.stdout_lines + - name: import the ca certificate into the cassandra truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias '{{ item }}' -file '{{ openshift_metrics_certs_dir }}/ca.crt' @@ -73,8 +82,9 @@ - metricca - cassandraca when: item not in hawkular_cassandra_truststore_aliases.stdout_lines + - name: import the ca certificate into the hawkular metrics truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias '{{ item }}' -file '{{ openshift_metrics_certs_dir }}/ca.crt' @@ -86,6 +96,7 @@ - metricca - cassandraca when: item not in hawkular_metrics_truststore_aliases.stdout_lines + - name: generate password for hawkular metrics and jgroups shell: > tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15 @@ -94,6 +105,7 @@ - hawkular-metrics - hawkular-jgroups-keystore when: not '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd'|exists + - name: generate htpasswd file for hawkular metrics shell: > htpasswd -ci @@ -101,6 +113,7 @@ < '{{ openshift_metrics_certs_dir }}/hawkular-metrics.pwd' when: > not '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd'|exists + - name: generate the jgroups keystore shell: > p=$(< '{{ openshift_metrics_certs_dir }}/hawkular-jgroups-keystore.pwd' ) @@ -110,6 +123,7 @@ -keystore '{{ openshift_metrics_certs_dir }}/hawkular-jgroups.keystore' when: > not '{{ openshift_metrics_certs_dir }}/hawkular-jgroups.keystore'|exists + - name: read files for the hawkular-metrics secret shell: > printf '%s: ' '{{ item }}' @@ -133,10 +147,12 @@ - hawkular-cassandra.truststore - hawkular-cassandra-truststore.pwd changed_when: false + - set_fact: hawkular_secrets: | {{ hawkular_secrets.results|map(attribute='stdout')|join(' ')|from_yaml }} + - name: generate hawkular-metrics-secrets secret template template: src: secret.j2 @@ -163,6 +179,8 @@ {{ hawkular_secrets['hawkular-jgroups-keystore.pwd'] }} hawkular-metrics.jgroups.alias: "{{ 'hawkular'|b64encode }}" when: name not in metrics_secrets.stdout_lines + changed_when: no + - name: generate hawkular-metrics-certificate secret template template: src: secret.j2 @@ -177,6 +195,8 @@ hawkular-metrics-ca.certificate: > {{ hawkular_secrets['ca.crt'] }} when: name not in metrics_secrets.stdout_lines + changed_when: no + - name: generate hawkular-metrics-account secret template template: src: secret.j2 @@ -190,6 +210,8 @@ hawkular-metrics.password: > {{ hawkular_secrets['hawkular-metrics.pwd'] }} when: name not in metrics_secrets.stdout_lines + changed_when: no + - name: generate cassandra secret template template: src: secret.j2 @@ -211,6 +233,8 @@ cassandra.pem: > {{ hawkular_secrets['hawkular-cassandra.pem'] }} when: name not in metrics_secrets + changed_when: no + - name: generate cassandra-certificate secret template template: src: secret.j2 @@ -225,3 +249,4 @@ cassandra-ca.certificate: > {{ hawkular_secrets['hawkular-cassandra.pem'] }} when: name not in metrics_secrets.stdout_lines + changed_when: no |