From 06c111d22641ba5cc2dbbe0144d9d6722d94f159 Mon Sep 17 00:00:00 2001 From: ewolinetz Date: Wed, 11 Jan 2017 15:26:46 -0600 Subject: addressing comments --- roles/openshift_logging/tasks/generate_certs.yaml | 48 +++++++---------------- 1 file changed, 15 insertions(+), 33 deletions(-) (limited to 'roles/openshift_logging/tasks/generate_certs.yaml') diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index 6bfeccf61..bcf4881bb 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -31,14 +31,10 @@ register: signing_conf_file check_mode: no -- block: - - copy: src=signing.conf dest={{generated_certs_dir}}/signing.conf - check_mode: no - - - lineinfile: "dest={{generated_certs_dir}}/signing.conf regexp='# Top dir$' line='dir = {{generated_certs_dir}} # Top dir'" - check_mode: no - when: - - not signing_conf_file.stat.exists +- template: src=signing.conf.j2 dest={{generated_certs_dir}}/signing.conf + vars: + - top_dir: '{{generated_certs_dir}}' + when: not signing_conf_file.stat.exists - include: procure_server_certs.yaml loop_control: @@ -49,19 +45,6 @@ - procure_component: kibana-internal hostnames: "kibana, kibana-ops, {{openshift_logging_kibana_hostname}}, {{openshift_logging_kibana_ops_hostname}}" -# - include: procure_server_certs.yaml -# vars: -# - procure_component: kibana - -# - include: procure_server_certs.yaml -# vars: -# - procure_component: kibana-ops - -# - include: procure_server_certs.yaml -# vars: -# - procure_component: kibana-internal -# - hostnames: "kibana, kibana-ops, {{openshift_logging_kibana_hostname}}, {{openshift_logging_kibana_ops_hostname}}" - - name: Copy proxy TLS configuration file copy: src=server-tls.json dest={{generated_certs_dir}}/server-tls.json when: server_tls_json is undefined @@ -116,8 +99,8 @@ - name: Check for hostmount-anyuid scc entry shell: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get scc hostmount-anyuid -o go-template='{{ '{{' }}.users{{ '}}' }}' | - grep system:serviceaccount:{{openshift_logging_namespace}}:jks-generator + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get scc hostmount-anyuid -o jsonpath='{.users}' | + grep system:serviceaccount:{{openshift_logging_namespace | quote}}:jks-generator register: scc_result ignore_errors: yes when: not ansible_check_mode @@ -131,34 +114,33 @@ copy: src: generate-jks.sh dest: "{{generated_certs_dir}}/generate-jks.sh" + check_mode: no - name: Generate JKS chains template: src: jks_pod.j2 dest: "{{mktemp.stdout}}/jks_pod.yaml" + check_mode: no - name: create pod - shell: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f {{mktemp.stdout}}/jks_pod.yaml -n {{openshift_logging_namespace}} + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f {{mktemp.stdout}}/jks_pod.yaml -n {{openshift_logging_namespace}} -o name register: podoutput + check_mode: no -- shell: > - echo {{podoutput.stdout}} | awk -v podname='\\\".*\\\"' '{print $2}' - register: podname - -- shell: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pod {{podname.stdout}} -o go-template='{{ '{{' }}index .status "phase"{{ '}}' }}' -n {{openshift_logging_namespace}} +- command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get {{podoutput.stdout}} -o jsonpath='{.status.phase}' -n {{openshift_logging_namespace}} register: result until: result.stdout.find("Succeeded") != -1 retries: 5 delay: 10 - name: Generate proxy session - shell: tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 200 + command: echo {{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(200)}} register: session_secret check_mode: no - name: Generate oauth client secret - shell: tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 + command: echo {{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}} register: oauth_secret check_mode: no -- cgit v1.2.1