diff options
author | Eric Wolinetz <ewolinet@redhat.com> | 2018-02-09 18:10:59 -0600 |
---|---|---|
committer | Eric Wolinetz <ewolinet@redhat.com> | 2018-02-13 14:26:33 -0600 |
commit | 61df593d2047995f25327e54b32956944f413100 (patch) | |
tree | 8bd1bb71a3fa57ff935ea67883d8ff8d7688e6d1 /roles/openshift_logging_elasticsearch/tasks/main.yaml | |
parent | f1263cb5edbe409fd044a37a395cc5b49e48dfeb (diff) | |
download | openshift-61df593d2047995f25327e54b32956944f413100.tar.gz openshift-61df593d2047995f25327e54b32956944f413100.tar.bz2 openshift-61df593d2047995f25327e54b32956944f413100.tar.xz openshift-61df593d2047995f25327e54b32956944f413100.zip |
Whenever we create a new es node ignore health checks, changing prometheus pw gen for increased secret idempotency
Diffstat (limited to 'roles/openshift_logging_elasticsearch/tasks/main.yaml')
-rw-r--r-- | roles/openshift_logging_elasticsearch/tasks/main.yaml | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 64e5a3a1f..441460b2d 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -138,15 +138,22 @@ - "prometheus_out.stderr | length > 0" - "'already exists' not in prometheus_out.stderr" -- set_fact: - _logging_metrics_proxy_passwd: "{{ 16 | lib_utils_oo_random_word | b64encode }}" +- name: Checking for passwd.yml + stat: path="{{ generated_certs_dir }}/passwd.yml" + register: passwd_file + check_mode: no -- template: +- when: not passwd_file.stat.exists + template: src: passwd.j2 - dest: "{{mktemp.stdout}}/passwd.yml" + dest: "{{ generated_certs_dir }}/passwd.yml" vars: logging_user_name: "{{ openshift_logging_elasticsearch_prometheus_sa }}" - logging_user_passwd: "{{ _logging_metrics_proxy_passwd }}" + logging_user_passwd: "{{ 16 | lib_utils_oo_random_word | b64encode }}" + +- slurp: + src: "{{ generated_certs_dir }}/passwd.yml" + register: _logging_metrics_proxy_passwd # View role and binding - name: Generate logging-elasticsearch-view-role @@ -296,7 +303,7 @@ - name: admin.jks path: "{{ generated_certs_dir }}/system.admin.jks" - name: passwd.yml - path: "{{mktemp.stdout}}/passwd.yml" + path: "{{ generated_certs_dir }}/passwd.yml" # services - name: Set logging-{{ es_component }}-cluster service @@ -433,7 +440,7 @@ es_container_security_context: "{{ _es_containers.elasticsearch.securityContext if _es_containers is defined and 'elasticsearch' in _es_containers and 'securityContext' in _es_containers.elasticsearch else None }}" deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" es_replicas: 1 - basic_auth_passwd: "{{ _logging_metrics_proxy_passwd | b64decode }}" + basic_auth_passwd: "{{ ( _logging_metrics_proxy_passwd['content'] | b64decode | from_yaml )[openshift_logging_elasticsearch_prometheus_sa]['passwd'] }}" es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}" es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas| default(0) }}" |