diff options
author | Jeff Cantrill <jcantril@redhat.com> | 2017-01-11 14:07:19 -0500 |
---|---|---|
committer | Jeff Cantrill <jcantril@redhat.com> | 2017-01-17 11:45:04 -0500 |
commit | a5f6e3f684a3294056d4d4e224226b90acc062e6 (patch) | |
tree | 8beb982c613b3dc91be1a9182533d04cf9c99e99 /roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml | |
parent | b097d9f595c378ce35a2d35f2bd4749c3aa5d77d (diff) | |
download | openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.gz openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.bz2 openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.xz openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.zip |
additional code reviews
Diffstat (limited to 'roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml')
-rw-r--r-- | roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index f36175735..995440598 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -4,31 +4,37 @@ vars: component: hawkular-metrics hostnames: "hawkular-metrics,{{ openshift_metrics_hawkular_hostname }}" + changed_when: no + - name: generate hawkular-cassandra certificates include: setup_certificate.yaml vars: component: hawkular-cassandra hostnames: hawkular-cassandra + changed_when: no + - name: check existing aliases on the hawkular-cassandra truststore shell: > keytool -noprompt -list - -keystore {{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore + -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra.truststore -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')" + '{{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd')" | sed -n '7~2s/,.*$//p' register: hawkular_cassandra_truststore_aliases changed_when: false + - name: check existing aliases on the hawkular-metrics truststore shell: > keytool -noprompt -list - -keystore {{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore + -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-metrics.truststore -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')" + '{{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd')" | sed -n '7~2s/,.*$//p' register: hawkular_metrics_truststore_aliases changed_when: false + - name: import the hawkular metrics cert into the cassandra truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics -file '{{ openshift_metrics_certs_dir }}/hawkular-metrics.crt' @@ -38,8 +44,9 @@ when: > 'hawkular-metrics' not in hawkular_cassandra_truststore_aliases.stdout_lines + - name: import the hawkular cassandra cert into the hawkular metrics truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt' @@ -49,8 +56,9 @@ when: > 'hawkular-cassandra' not in hawkular_metrics_truststore_aliases.stdout_lines + - name: import the hawkular cassandra cert into the cassandra truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt' @@ -60,8 +68,9 @@ when: > 'hawkular-cassandra' not in hawkular_cassandra_truststore_aliases.stdout_lines + - name: import the ca certificate into the cassandra truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias '{{ item }}' -file '{{ openshift_metrics_certs_dir }}/ca.crt' @@ -73,8 +82,9 @@ - metricca - cassandraca when: item not in hawkular_cassandra_truststore_aliases.stdout_lines + - name: import the ca certificate into the hawkular metrics truststore - shell: > + command: > keytool -noprompt -import -v -trustcacerts -alias '{{ item }}' -file '{{ openshift_metrics_certs_dir }}/ca.crt' @@ -86,6 +96,7 @@ - metricca - cassandraca when: item not in hawkular_metrics_truststore_aliases.stdout_lines + - name: generate password for hawkular metrics and jgroups shell: > tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15 @@ -94,6 +105,7 @@ - hawkular-metrics - hawkular-jgroups-keystore when: not '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd'|exists + - name: generate htpasswd file for hawkular metrics shell: > htpasswd -ci @@ -101,6 +113,7 @@ < '{{ openshift_metrics_certs_dir }}/hawkular-metrics.pwd' when: > not '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd'|exists + - name: generate the jgroups keystore shell: > p=$(< '{{ openshift_metrics_certs_dir }}/hawkular-jgroups-keystore.pwd' ) @@ -110,6 +123,7 @@ -keystore '{{ openshift_metrics_certs_dir }}/hawkular-jgroups.keystore' when: > not '{{ openshift_metrics_certs_dir }}/hawkular-jgroups.keystore'|exists + - name: read files for the hawkular-metrics secret shell: > printf '%s: ' '{{ item }}' @@ -133,10 +147,12 @@ - hawkular-cassandra.truststore - hawkular-cassandra-truststore.pwd changed_when: false + - set_fact: hawkular_secrets: | {{ hawkular_secrets.results|map(attribute='stdout')|join(' ')|from_yaml }} + - name: generate hawkular-metrics-secrets secret template template: src: secret.j2 @@ -163,6 +179,8 @@ {{ hawkular_secrets['hawkular-jgroups-keystore.pwd'] }} hawkular-metrics.jgroups.alias: "{{ 'hawkular'|b64encode }}" when: name not in metrics_secrets.stdout_lines + changed_when: no + - name: generate hawkular-metrics-certificate secret template template: src: secret.j2 @@ -177,6 +195,8 @@ hawkular-metrics-ca.certificate: > {{ hawkular_secrets['ca.crt'] }} when: name not in metrics_secrets.stdout_lines + changed_when: no + - name: generate hawkular-metrics-account secret template template: src: secret.j2 @@ -190,6 +210,8 @@ hawkular-metrics.password: > {{ hawkular_secrets['hawkular-metrics.pwd'] }} when: name not in metrics_secrets.stdout_lines + changed_when: no + - name: generate cassandra secret template template: src: secret.j2 @@ -211,6 +233,8 @@ cassandra.pem: > {{ hawkular_secrets['hawkular-cassandra.pem'] }} when: name not in metrics_secrets + changed_when: no + - name: generate cassandra-certificate secret template template: src: secret.j2 @@ -225,3 +249,4 @@ cassandra-ca.certificate: > {{ hawkular_secrets['hawkular-cassandra.pem'] }} when: name not in metrics_secrets.stdout_lines + changed_when: no |