additional code reviews

author: Jeff Cantrill <jcantril@redhat.com> 2017-01-11 14:07:19 -0500
committer: Jeff Cantrill <jcantril@redhat.com> 2017-01-17 11:45:04 -0500
commit: a5f6e3f684a3294056d4d4e224226b90acc062e6 (patch)
tree: 8beb982c613b3dc91be1a9182533d04cf9c99e99 /roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
parent: b097d9f595c378ce35a2d35f2bd4749c3aa5d77d (diff)
download: openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.gz
openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.bz2
openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.xz
openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.zip
1 files changed, 34 insertions, 9 deletions
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
index f36175735..995440598 100644
--- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
@@ -4,31 +4,37 @@
   vars:
     component: hawkular-metrics
     hostnames: "hawkular-metrics,{{ openshift_metrics_hawkular_hostname }}"
+  changed_when: no
+
 - name: generate hawkular-cassandra certificates
   include: setup_certificate.yaml
   vars:
     component: hawkular-cassandra
     hostnames: hawkular-cassandra
+  changed_when: no
+
 - name: check existing aliases on the hawkular-cassandra truststore
   shell: >
     keytool -noprompt -list
-    -keystore {{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore
+    -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra.truststore
     -storepass "$(<
-    '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')"
+    '{{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd')"
     | sed -n '7~2s/,.*$//p'
   register: hawkular_cassandra_truststore_aliases
   changed_when: false
+
 - name: check existing aliases on the hawkular-metrics truststore
   shell: >
     keytool -noprompt -list
-    -keystore {{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore
+    -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-metrics.truststore
     -storepass "$(<
-    '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')"
+    '{{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd')"
     | sed -n '7~2s/,.*$//p'
   register: hawkular_metrics_truststore_aliases
   changed_when: false
+
 - name: import the hawkular metrics cert into the cassandra truststore
-  shell: >
+  command: >
     keytool -noprompt -import -v -trustcacerts
     -alias hawkular-metrics
     -file '{{ openshift_metrics_certs_dir }}/hawkular-metrics.crt'
@@ -38,8 +44,9 @@
   when: >
     'hawkular-metrics' not in
     hawkular_cassandra_truststore_aliases.stdout_lines
+
 - name: import the hawkular cassandra cert into the hawkular metrics truststore
-  shell: >
+  command: >
     keytool -noprompt -import -v -trustcacerts
     -alias hawkular-cassandra
     -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt'
@@ -49,8 +56,9 @@
   when: >
     'hawkular-cassandra' not in
     hawkular_metrics_truststore_aliases.stdout_lines
+
 - name: import the hawkular cassandra cert into the cassandra truststore
-  shell: >
+  command: >
     keytool -noprompt -import -v -trustcacerts
     -alias hawkular-cassandra
     -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt'
@@ -60,8 +68,9 @@
   when: >
     'hawkular-cassandra' not in
     hawkular_cassandra_truststore_aliases.stdout_lines
+
 - name: import the ca certificate into the cassandra truststore
-  shell: >
+  command: >
     keytool -noprompt -import -v -trustcacerts
     -alias '{{ item }}'
     -file '{{ openshift_metrics_certs_dir }}/ca.crt'
@@ -73,8 +82,9 @@
   - metricca
   - cassandraca
   when: item not in hawkular_cassandra_truststore_aliases.stdout_lines
+
 - name: import the ca certificate into the hawkular metrics truststore
-  shell: >
+  command: >
     keytool -noprompt -import -v -trustcacerts
     -alias '{{ item }}'
     -file '{{ openshift_metrics_certs_dir }}/ca.crt'
@@ -86,6 +96,7 @@
   - metricca
   - cassandraca
   when: item not in hawkular_metrics_truststore_aliases.stdout_lines
+
 - name: generate password for hawkular metrics and jgroups
   shell: >
     tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
@@ -94,6 +105,7 @@
   - hawkular-metrics
   - hawkular-jgroups-keystore
   when: not '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd'|exists
+
 - name: generate htpasswd file for hawkular metrics
   shell: >
     htpasswd -ci
@@ -101,6 +113,7 @@
     < '{{ openshift_metrics_certs_dir }}/hawkular-metrics.pwd'
   when: >
     not '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd'|exists
+
 - name: generate the jgroups keystore
   shell: >
     p=$(< '{{ openshift_metrics_certs_dir }}/hawkular-jgroups-keystore.pwd' )
@@ -110,6 +123,7 @@
     -keystore '{{ openshift_metrics_certs_dir }}/hawkular-jgroups.keystore'
   when: >
     not '{{ openshift_metrics_certs_dir }}/hawkular-jgroups.keystore'|exists
+
 - name: read files for the hawkular-metrics secret
   shell: >
     printf '%s: ' '{{ item }}'
@@ -133,10 +147,12 @@
   - hawkular-cassandra.truststore
   - hawkular-cassandra-truststore.pwd
   changed_when: false
+
 - set_fact:
     hawkular_secrets: |
       {{ hawkular_secrets.results|map(attribute='stdout')|join('
       ')|from_yaml }}
+
 - name: generate hawkular-metrics-secrets secret template
   template:
     src: secret.j2
@@ -163,6 +179,8 @@
         {{ hawkular_secrets['hawkular-jgroups-keystore.pwd'] }}
       hawkular-metrics.jgroups.alias: "{{ 'hawkular'|b64encode }}"
   when: name not in metrics_secrets.stdout_lines
+  changed_when: no
+
 - name: generate hawkular-metrics-certificate secret template
   template:
     src: secret.j2
@@ -177,6 +195,8 @@
       hawkular-metrics-ca.certificate: >
         {{ hawkular_secrets['ca.crt'] }}
   when: name not in metrics_secrets.stdout_lines
+  changed_when: no
+
 - name: generate hawkular-metrics-account secret template
   template:
     src: secret.j2
@@ -190,6 +210,8 @@
       hawkular-metrics.password: >
         {{ hawkular_secrets['hawkular-metrics.pwd'] }}
   when: name not in metrics_secrets.stdout_lines
+  changed_when: no
+  
 - name: generate cassandra secret template
   template:
     src: secret.j2
@@ -211,6 +233,8 @@
       cassandra.pem: >
         {{ hawkular_secrets['hawkular-cassandra.pem'] }}
   when: name not in metrics_secrets
+  changed_when: no
+
 - name: generate cassandra-certificate secret template
   template:
     src: secret.j2
@@ -225,3 +249,4 @@
       cassandra-ca.certificate: >
         {{ hawkular_secrets['hawkular-cassandra.pem'] }}
   when: name not in metrics_secrets.stdout_lines
+  changed_when: no
author	Jeff Cantrill <jcantril@redhat.com>	2017-01-11 14:07:19 -0500
committer	Jeff Cantrill <jcantril@redhat.com>	2017-01-17 11:45:04 -0500
commit	a5f6e3f684a3294056d4d4e224226b90acc062e6 (patch)
tree	8beb982c613b3dc91be1a9182533d04cf9c99e99 /roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
parent	b097d9f595c378ce35a2d35f2bd4749c3aa5d77d (diff)
download	openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.gz openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.bz2 openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.tar.xz openshift-a5f6e3f684a3294056d4d4e224226b90acc062e6.zip