From 5dcef5d69e371cacdfd01323e870e6c68542d544 Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Mon, 20 Mar 2017 10:39:09 -0500
Subject: Cherry picking from #3711

---
 roles/openshift_logging/defaults/main.yml          | 12 +++++
 roles/openshift_logging/tasks/generate_routes.yaml | 57 ++++++++++++++++++----
 2 files changed, 59 insertions(+), 10 deletions(-)

diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml
index 04fd42cbf..158f86e54 100644
--- a/roles/openshift_logging/defaults/main.yml
+++ b/roles/openshift_logging/defaults/main.yml
@@ -54,6 +54,18 @@ openshift_logging_kibana_ops_proxy_cpu_limit: null
 openshift_logging_kibana_ops_proxy_memory_limit: null
 openshift_logging_kibana_ops_replica_count: 1
 
+#The absolute path on the control node to the cert file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_cert: ""
+
+#The absolute path on the control node to the key file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_key: ""
+
+#The absolute path on the control node to the CA file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_ca: ""
+
 openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}"
 openshift_logging_fluentd_cpu_limit: 100m
 openshift_logging_fluentd_memory_limit: 512Mi
diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml
index 7af17a708..e77da7a24 100644
--- a/roles/openshift_logging/tasks/generate_routes.yaml
+++ b/roles/openshift_logging/tasks/generate_routes.yaml
@@ -16,12 +16,12 @@
   changed_when: false
 
 - name: Generating logging routes
-  template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml
+  template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-route.yaml
   tags: routes
   vars:
-    obj_name: "{{route_info.name}}"
-    route_host: "{{route_info.host}}"
-    service_name: "{{route_info.name}}"
+    obj_name: "logging-kibana"
+    route_host: "{{openshift_logging_kibana_hostname}}"
+    service_name: "logging-kibana"
     tls_key: "{{kibana_key | default('') | b64decode}}"
     tls_cert: "{{kibana_cert | default('') | b64decode}}"
     tls_ca_cert: "{{kibana_ca | b64decode}}"
@@ -31,10 +31,47 @@
       component: support
       logging-infra: support
       provider: openshift
-  with_items:
-    - {name: logging-kibana, host: "{{openshift_logging_kibana_hostname}}"}
-    - {name: logging-kibana-ops, host: "{{openshift_logging_kibana_ops_hostname}}"}
-  loop_control:
-    loop_var: route_info
-  when: (route_info.name == 'logging-kibana-ops' and openshift_logging_use_ops | bool) or route_info.name == 'logging-kibana'
+  changed_when: no
+
+- set_fact: kibana_ops_key={{ lookup('file', openshift_logging_kibana_ops_key) | b64encode }}
+  when:
+  - openshift_logging_use_ops | bool
+  - "{{ openshift_logging_kibana_ops_key | trim | length > 0 }}"
+  changed_when: false
+
+- set_fact: kibana_ops_cert={{ lookup('file', openshift_logging_kibana_ops_cert)| b64encode  }}
+  when:
+  - openshift_logging_use_ops | bool
+  - "{{openshift_logging_kibana_ops_cert | trim | length > 0}}"
+  changed_when: false
+
+- set_fact: kibana_ops_ca={{ lookup('file', openshift_logging_kibana_ops_ca)| b64encode  }}
+  when:
+  - openshift_logging_use_ops | bool
+  - "{{openshift_logging_kibana_ops_ca | trim | length > 0}}"
+  changed_when: false
+
+- set_fact: kibana_ops_ca={{key_pairs | entry_from_named_pair('ca_file') }}
+  when:
+  - openshift_logging_use_ops | bool
+  - kibana_ops_ca is not defined
+  changed_when: false
+
+- name: Generating logging ops routes
+  template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-ops-route.yaml
+  tags: routes
+  vars:
+    obj_name: "logging-kibana-ops"
+    route_host: "{{openshift_logging_kibana_ops_hostname}}"
+    service_name: "logging-kibana-ops"
+    tls_key: "{{kibana_ops_key | default('') | b64decode}}"
+    tls_cert: "{{kibana_ops_cert | default('') | b64decode}}"
+    tls_ca_cert: "{{kibana_ops_ca | b64decode}}"
+    tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
+    edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}"
+    labels:
+      component: support
+      logging-infra: support
+      provider: openshift
+  when: openshift_logging_use_ops | bool
   changed_when: no
-- 
cgit v1.2.1