diff options
| author | OpenShift Bot <eparis+openshiftbot@redhat.com> | 2017-06-16 00:35:15 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-06-16 00:35:15 -0400 |
| commit | ceb68a0dd75bb8aaa0791b1d5fb6238a4a40b7bc (patch) | |
| tree | cbdcfbfa3e7e54924a0e31ea8d27a441577bbfbf /roles/openshift_logging_elasticsearch/tasks/main.yaml | |
| parent | dfb68308220f474534ddba49b247f7766afe51de (diff) | |
| parent | 3973b9fd6fcb80c639c1435e017976319b8c08df (diff) | |
| download | openshift-ceb68a0dd75bb8aaa0791b1d5fb6238a4a40b7bc.tar.gz openshift-ceb68a0dd75bb8aaa0791b1d5fb6238a4a40b7bc.tar.bz2 openshift-ceb68a0dd75bb8aaa0791b1d5fb6238a4a40b7bc.tar.xz openshift-ceb68a0dd75bb8aaa0791b1d5fb6238a4a40b7bc.zip | |
Merge pull request #4294 from richm/fix-es-routes-for-new-logging-roles
Merged by openshift-bot
Diffstat (limited to 'roles/openshift_logging_elasticsearch/tasks/main.yaml')
| -rw-r--r-- | roles/openshift_logging_elasticsearch/tasks/main.yaml | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index f1d15b76d..684dbe0a0 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -269,6 +269,75 @@ - "{{ tempdir }}/templates/logging-es-dc.yml" delete_after: true +- name: Retrieving the cert to use when generating secrets for the {{ es_component }} component + slurp: + src: "{{ generated_certs_dir }}/{{ item.file }}" + register: key_pairs + with_items: + - { name: "ca_file", file: "ca.crt" } + - { name: "es_key", file: "system.logging.es.key" } + - { name: "es_cert", file: "system.logging.es.crt" } + when: openshift_logging_es_allow_external | bool + +- set_fact: + es_key: "{{ lookup('file', openshift_logging_es_key) | b64encode }}" + when: + - openshift_logging_es_key | trim | length > 0 + - openshift_logging_es_allow_external | bool + changed_when: false + +- set_fact: + es_cert: "{{ lookup('file', openshift_logging_es_cert) | b64encode }}" + when: + - openshift_logging_es_cert | trim | length > 0 + - openshift_logging_es_allow_external | bool + changed_when: false + +- set_fact: + es_ca: "{{ lookup('file', openshift_logging_es_ca_ext) | b64encode }}" + when: + - openshift_logging_es_ca_ext | trim | length > 0 + - openshift_logging_es_allow_external | bool + changed_when: false + +- set_fact: + es_ca: "{{ key_pairs | entry_from_named_pair('ca_file') }}" + when: + - es_ca is not defined + - openshift_logging_es_allow_external | bool + changed_when: false + +- name: Generating Elasticsearch {{ es_component }} route template + template: + src: route_reencrypt.j2 + dest: "{{mktemp.stdout}}/templates/logging-{{ es_component }}-route.yaml" + vars: + obj_name: "logging-{{ es_component }}" + route_host: "{{ openshift_logging_es_hostname }}" + service_name: "logging-{{ es_component }}" + tls_key: "{{ es_key | default('') | b64decode }}" + tls_cert: "{{ es_cert | default('') | b64decode }}" + tls_ca_cert: "{{ es_ca | b64decode }}" + tls_dest_ca_cert: "{{ key_pairs | entry_from_named_pair('ca_file') | b64decode }}" + edge_term_policy: "{{ openshift_logging_es_edge_term_policy | default('') }}" + labels: + component: support + logging-infra: support + provider: openshift + changed_when: no + when: openshift_logging_es_allow_external | bool + +# This currently has an issue if the host name changes +- name: Setting Elasticsearch {{ es_component }} route + oc_obj: + state: present + name: "logging-{{ es_component }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + kind: route + files: + - "{{ tempdir }}/templates/logging-{{ es_component }}-route.yaml" + when: openshift_logging_es_allow_external | bool + ## Placeholder for migration when necessary ## - name: Delete temp directory |