summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-02-27 09:40:25 -0500
committerGitHub <noreply@github.com>2017-02-27 09:40:25 -0500
commit41ee91326a9f533396bc876d399d4e7c50c9ea38 (patch)
tree1dd8bceb11ec848683a0c7998d0b2d529a25610c
parent641b7c93b1d5ce5388fce66d737704d00a83ec68 (diff)
parentc6d48d91722384b92dcaf4749de2b0621b7102a1 (diff)
downloadopenshift-41ee91326a9f533396bc876d399d4e7c50c9ea38.tar.gz
openshift-41ee91326a9f533396bc876d399d4e7c50c9ea38.tar.bz2
openshift-41ee91326a9f533396bc876d399d4e7c50c9ea38.tar.xz
openshift-41ee91326a9f533396bc876d399d4e7c50c9ea38.zip
Merge pull request #3358 from jpkrohling/JPK-JGroups-ASYM-Password
Removed JGroups cert and password generation.
-rwxr-xr-xroles/openshift_metrics/files/import_jks_certs.sh19
-rw-r--r--roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml12
-rw-r--r--roles/openshift_metrics/tasks/import_jks_certs.yaml11
-rw-r--r--roles/openshift_metrics/templates/hawkular_metrics_rc.j213
4 files changed, 12 insertions, 43 deletions
diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh
index f4315ef34..c8d5bb3d2 100755
--- a/roles/openshift_metrics/files/import_jks_certs.sh
+++ b/roles/openshift_metrics/files/import_jks_certs.sh
@@ -24,11 +24,10 @@ function import_certs() {
hawkular_cassandra_keystore_password=$(echo $CASSANDRA_KEYSTORE_PASSWD | base64 -d)
hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d)
hawkular_cassandra_truststore_password=$(echo $CASSANDRA_TRUSTSTORE_PASSWD | base64 -d)
- hawkular_jgroups_password=$(echo $JGROUPS_PASSWD | base64 -d)
-
+
cassandra_alias=`keytool -noprompt -list -keystore $dir/hawkular-cassandra.truststore -storepass ${hawkular_cassandra_truststore_password} | sed -n '7~2s/,.*$//p'`
hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'`
-
+
if [ ! -f $dir/hawkular-metrics.keystore ]; then
echo "Creating the Hawkular Metrics keystore from the PEM file"
keytool -importkeystore -v \
@@ -50,7 +49,7 @@ function import_certs() {
-srcstorepass $hawkular_cassandra_keystore_password \
-deststorepass $hawkular_cassandra_keystore_password
fi
-
+
if [[ ! ${cassandra_alias[*]} =~ hawkular-metrics ]]; then
echo "Importing the Hawkular Certificate into the Cassandra Truststore"
keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics \
@@ -59,7 +58,7 @@ function import_certs() {
-trustcacerts \
-storepass $hawkular_cassandra_truststore_password
fi
-
+
if [[ ! ${hawkular_alias[*]} =~ hawkular-cassandra ]]; then
echo "Importing the Cassandra Certificate into the Hawkular Truststore"
keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
@@ -101,16 +100,6 @@ function import_certs() {
-storepass $hawkular_metrics_truststore_password
fi
done
-
- if [ ! -f $dir/hawkular-jgroups.keystore ]; then
- echo "Generating the jgroups keystore"
- keytool -genseckey -alias hawkular -keypass ${hawkular_jgroups_password} \
- -storepass ${hawkular_jgroups_password} \
- -keyalg Blowfish \
- -keysize 56 \
- -keystore $dir/hawkular-jgroups.keystore \
- -storetype JCEKS
- fi
}
import_certs
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
index 9e7140bfa..61a240a33 100644
--- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
@@ -24,7 +24,6 @@
with_items:
- hawkular-metrics.pwd
- hawkular-metrics.htpasswd
- - hawkular-jgroups-keystore.pwd
changed_when: no
- set_fact:
@@ -32,11 +31,10 @@
with_items: "{{pwd_file_stat.results}}"
changed_when: no
-- name: generate password for hawkular metrics and jgroups
+- name: generate password for hawkular metrics
local_action: copy dest="{{ local_tmp.stdout}}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}"
with_items:
- hawkular-metrics
- - hawkular-jgroups-keystore
- name: generate htpasswd file for hawkular metrics
local_action: >
@@ -51,7 +49,6 @@
with_items:
- hawkular-metrics.pwd
- hawkular-metrics.htpasswd
- - hawkular-jgroups-keystore.pwd
- include: import_jks_certs.yaml
@@ -69,8 +66,6 @@
- hawkular-metrics-truststore.pwd
- hawkular-metrics.pwd
- hawkular-metrics.htpasswd
- - hawkular-jgroups.keystore
- - hawkular-jgroups-keystore.pwd
- hawkular-cassandra.crt
- hawkular-cassandra.pem
- hawkular-cassandra.keystore
@@ -104,11 +99,6 @@
hawkular-metrics.keystore.alias: "{{ 'hawkular-metrics'|b64encode }}"
hawkular-metrics.htpasswd.file: >
{{ hawkular_secrets['hawkular-metrics.htpasswd'] }}
- hawkular-metrics.jgroups.keystore: >
- {{ hawkular_secrets['hawkular-jgroups.keystore'] }}
- hawkular-metrics.jgroups.keystore.password: >
- {{ hawkular_secrets['hawkular-jgroups-keystore.pwd'] }}
- hawkular-metrics.jgroups.alias: "{{ 'hawkular'|b64encode }}"
when: name not in metrics_secrets.stdout_lines
changed_when: no
diff --git a/roles/openshift_metrics/tasks/import_jks_certs.yaml b/roles/openshift_metrics/tasks/import_jks_certs.yaml
index 57ec70c79..2a67dad0e 100644
--- a/roles/openshift_metrics/tasks/import_jks_certs.yaml
+++ b/roles/openshift_metrics/tasks/import_jks_certs.yaml
@@ -15,10 +15,6 @@
register: metrics_truststore
check_mode: no
-- stat: path="{{mktemp.stdout}}/hawkular-jgroups.keystore"
- register: jgroups_keystore
- check_mode: no
-
- block:
- slurp: src={{ mktemp.stdout }}/hawkular-metrics-keystore.pwd
register: metrics_keystore_password
@@ -26,9 +22,6 @@
- slurp: src={{ mktemp.stdout }}/hawkular-cassandra-keystore.pwd
register: cassandra_keystore_password
- - slurp: src={{ mktemp.stdout }}/hawkular-jgroups-keystore.pwd
- register: jgroups_keystore_password
-
- fetch:
dest: "{{local_tmp.stdout}}/"
src: "{{ mktemp.stdout }}/{{item}}"
@@ -48,7 +41,6 @@
CASSANDRA_KEYSTORE_PASSWD: "{{cassandra_keystore_password.content}}"
METRICS_TRUSTSTORE_PASSWD: "{{hawkular_truststore_password.content}}"
CASSANDRA_TRUSTSTORE_PASSWD: "{{cassandra_truststore_password.content}}"
- JGROUPS_PASSWD: "{{jgroups_keystore_password.content}}"
changed_when: False
- copy:
@@ -59,5 +51,4 @@
when: not metrics_keystore.stat.exists or
not metrics_truststore.stat.exists or
not cassandra_keystore.stat.exists or
- not cassandra_truststore.stat.exists or
- not jgroups_keystore.stat.exists
+ not cassandra_truststore.stat.exists
diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
index d39f1b43a..361378df3 100644
--- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2
@@ -58,9 +58,6 @@ spec:
- "--hmw.truststore=/secrets/hawkular-metrics.truststore"
- "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password"
- "--hmw.truststore_password_file=/secrets/hawkular-metrics.truststore.password"
- - "--hmw.jgroups_keystore=/secrets/hawkular-metrics.jgroups.keystore"
- - "--hmw.jgroups_keystore_password_file=/secrets/hawkular-metrics.jgroups.keystore.password"
- - "--hmw.jgroups_alias_file=/secrets/hawkular-metrics.jgroups.alias"
env:
- name: POD_NAMESPACE
valueFrom:
@@ -68,6 +65,8 @@ spec:
fieldPath: metadata.namespace
- name: MASTER_URL
value: "{{ openshift_metrics_master_url }}"
+ - name: JGROUPS_PASSWORD
+ value: "{{ 17 | oo_random_word }}"
- name: OPENSHIFT_KUBE_PING_NAMESPACE
valueFrom:
fieldRef:
@@ -81,10 +80,10 @@ spec:
mountPath: "/secrets"
- name: hawkular-metrics-client-secrets
mountPath: "/client-secrets"
-{% if ((openshift_metrics_hawkular_limits_cpu is defined and openshift_metrics_hawkular_limits_cpu is not none)
+{% if ((openshift_metrics_hawkular_limits_cpu is defined and openshift_metrics_hawkular_limits_cpu is not none)
or (openshift_metrics_hawkular_limits_memory is defined and openshift_metrics_hawkular_limits_memory is not none)
or (openshift_metrics_hawkular_requests_cpu is defined and openshift_metrics_hawkular_requests_cpu is not none)
- or (openshift_metrics_hawkular_requests_memory is defined and openshift_metrics_hawkular_requests_memory is not none))
+ or (openshift_metrics_hawkular_requests_memory is defined and openshift_metrics_hawkular_requests_memory is not none))
%}
resources:
{% if (openshift_metrics_hawkular_limits_cpu is not none
@@ -98,8 +97,8 @@ spec:
memory: "{{openshift_metrics_hawkular_limits_memory}}"
{% endif %}
{% endif %}
-{% if (openshift_metrics_hawkular_requests_cpu is not none
- or openshift_metrics_hawkular_requests_memory is not none)
+{% if (openshift_metrics_hawkular_requests_cpu is not none
+ or openshift_metrics_hawkular_requests_memory is not none)
%}
requests:
{% if openshift_metrics_hawkular_requests_cpu is not none %}