summaryrefslogtreecommitdiffstats
path: root/roles/nuage_node
diff options
context:
space:
mode:
Diffstat (limited to 'roles/nuage_node')
-rw-r--r--roles/nuage_node/meta/main.yml16
-rw-r--r--roles/nuage_node/tasks/certificates.yml50
-rw-r--r--roles/nuage_node/tasks/main.yaml2
-rw-r--r--roles/nuage_node/templates/vsp-openshift.j210
-rw-r--r--roles/nuage_node/vars/main.yaml12
5 files changed, 90 insertions, 0 deletions
diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml
new file mode 100644
index 000000000..3f16dd819
--- /dev/null
+++ b/roles/nuage_node/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Vishal Patil
+ description:
+ company: Nuage Networks
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: nuage_ca }
diff --git a/roles/nuage_node/tasks/certificates.yml b/roles/nuage_node/tasks/certificates.yml
new file mode 100644
index 000000000..0fe6f7bac
--- /dev/null
+++ b/roles/nuage_node/tasks/certificates.yml
@@ -0,0 +1,50 @@
+---
+- name: Create a directory to hold the certificates
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=directory
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the key
+ command: >
+ openssl genrsa -out "{{ nuage_ca_master_plugin_key }}" 4096
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the req file
+ command: >
+ openssl req -key "{{ nuage_ca_master_plugin_key }}" -new -out "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -subj "/CN=nuage-client"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Generate the crt file
+ command: >
+ openssl x509 -req -in "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_plugin_crt }}" -extensions clientauth -extfile "{{ nuage_ca_dir }}"/openssl.cnf
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Remove the req file
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy nuage CA crt
+ shell: cp "{{ nuage_ca_crt }}" "{{ nuage_plugin_rest_client_crt_dir }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Archive the certificate dir
+ shell: "cd {{ nuage_plugin_rest_client_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create a temp directory for the certificates
+ local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX"
+ register: mktemp
+
+- name: Download the certificates
+ fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Extract the certificates
+ unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_plugin_crt_dir }}
+
+- name: Delete the certificates after copy
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Delete the temp directory
+ file: path="{{ mktemp.stdout }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml
index c1e49902d..d7dd53802 100644
--- a/roles/nuage_node/tasks/main.yaml
+++ b/roles/nuage_node/tasks/main.yaml
@@ -29,6 +29,8 @@
- nuage.key
- nuage.kubeconfig
+- include: certificates.yml
+
- name: Set the vsp-openshift.yaml
sudo: true
template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644
diff --git a/roles/nuage_node/templates/vsp-openshift.j2 b/roles/nuage_node/templates/vsp-openshift.j2
index 98d6c3a9c..6c10b9c24 100644
--- a/roles/nuage_node/templates/vsp-openshift.j2
+++ b/roles/nuage_node/templates/vsp-openshift.j2
@@ -10,5 +10,15 @@ enterpriseName: {{ enterprise }}
domainName: {{ domain }}
# IP address and port number of master API server
masterApiServer: {{ api_server }}
+# REST server URL
+nuageMonRestServer: {{ nuage_mon_rest_server_url }}
# Bridge name for the docker bridge
dockerBridgeName: {{ docker_bridge }}
+# Certificate for connecting to the kubemon REST API
+nuageMonClientCert: {{ rest_client_cert }}
+# Key to the certificate in restClientCert
+nuageMonClientKey: {{ rest_client_key }}
+# CA certificate for verifying the master's rest server
+nuageMonServerCA: {{ rest_server_ca_cert }}
+# Nuage vport mtu size
+interfaceMTU: {{ vport_mtu }}
diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml
index 4975d17ed..5acc65ef4 100644
--- a/roles/nuage_node/vars/main.yaml
+++ b/roles/nuage_node/vars/main.yaml
@@ -6,4 +6,16 @@ client_cert: "{{ vsp_openshift_dir }}/nuage.crt"
client_key: "{{ vsp_openshift_dir }}/nuage.key"
ca_cert: "{{ vsp_openshift_dir }}/ca.crt"
api_server: "{{ openshift_node_master_api_url }}"
+nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}"
+nuage_mon_rest_server_url: "https://{{ openshift_master_cluster_hostname }}:{{ nuage_mon_rest_server_port }}"
docker_bridge: "docker0"
+rest_client_cert: "{{ vsp_openshift_dir }}/nuageMonClient.crt"
+rest_client_key: "{{ vsp_openshift_dir }}/nuageMonClient.key"
+rest_server_ca_cert: "{{ vsp_openshift_dir }}/nuageMonCA.crt"
+vport_mtu: "{{ nuage_interface_mtu | default('1460') }}"
+
+nuage_plugin_rest_client_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}"
+nuage_ca_master_plugin_key: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.key"
+nuage_ca_master_plugin_crt: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.crt"
+
+nuage_plugin_crt_dir : /usr/share/vsp-openshift