From c16a92f804518fae19294280a9bd1d57976253ff Mon Sep 17 00:00:00 2001 From: Vishal Patil Date: Tue, 1 Mar 2016 13:07:33 -0500 Subject: Changes required for Nuage monitor REST server --- roles/nuage_master/meta/main.yml | 16 +++++++ roles/nuage_master/tasks/certificates.yml | 50 ++++++++++++++++++++++ roles/nuage_master/tasks/main.yaml | 6 ++- .../templates/nuage-openshift-monitor.j2 | 6 ++- roles/nuage_master/vars/main.yaml | 11 ++++- 5 files changed, 85 insertions(+), 4 deletions(-) create mode 100644 roles/nuage_master/meta/main.yml create mode 100644 roles/nuage_master/tasks/certificates.yml (limited to 'roles/nuage_master') diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml new file mode 100644 index 000000000..3f16dd819 --- /dev/null +++ b/roles/nuage_master/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Vishal Patil + description: + company: Nuage Networks + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: nuage_ca } diff --git a/roles/nuage_master/tasks/certificates.yml b/roles/nuage_master/tasks/certificates.yml new file mode 100644 index 000000000..0d3c69467 --- /dev/null +++ b/roles/nuage_master/tasks/certificates.yml @@ -0,0 +1,50 @@ +--- +- name: Create a directory to hold the certificates + file: path="{{ nuage_mon_rest_server_crt_dir }}" state=directory + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the key + command: > + openssl genrsa -out "{{ nuage_ca_master_rest_server_key }}" 4096 + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the req file + command: > + openssl req -key "{{ nuage_ca_master_rest_server_key }}" -new -out "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -subj "/CN={{ ansible_nodename }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Generate the crt file + command: > + openssl x509 -req -in "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_rest_server_crt }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Remove the req file + file: path="{{ nuage_mon_rest_server_crt_dir }}/restServer.req" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Copy nuage CA crt + shell: cp "{{ nuage_ca_crt }}" "{{ nuage_mon_rest_server_crt_dir }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Archive the certificate dir + shell: "cd {{ nuage_mon_rest_server_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *" + delegate_to: "{{ nuage_ca_master }}" + +- name: Create a temp directory for the certificates + local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX" + register: mktemp + +- name: Download the certificates + fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes + delegate_to: "{{ nuage_ca_master }}" + +- name: Extract the certificates + unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_master_crt_dir }} + +- name: Delete the certificates after copy + file: path="{{ nuage_mon_rest_server_crt_dir }}" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Delete the temp directory + file: path="{{ mktemp.stdout }}" state=absent + delegate_to: "{{ nuage_ca_master }}" diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index 20d105b9e..abeee3d71 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -5,7 +5,7 @@ - name: Create the log directory sudo: true - file: path={{ nuage_openshift_monitor_log_dir }} state=directory + file: path={{ nuage_mon_rest_server_logdir }} state=directory - name: Install Nuage Openshift Monitor sudo: true @@ -23,7 +23,9 @@ - nuage.crt - nuage.key - nuage.kubeconfig - + +- include: certificates.yml + - name: Create nuage-openshift-monitor.yaml sudo: true template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644 diff --git a/roles/nuage_master/templates/nuage-openshift-monitor.j2 b/roles/nuage_master/templates/nuage-openshift-monitor.j2 index db8c3d85e..e50e225e1 100644 --- a/roles/nuage_master/templates/nuage-openshift-monitor.j2 +++ b/roles/nuage_master/templates/nuage-openshift-monitor.j2 @@ -16,4 +16,8 @@ enterpriseName: {{ enterprise }} # Name of the domain in which pods will reside domainName: {{ domain }} # Location where logs should be saved -log_dir: {{ nuage_openshift_monitor_log_dir }} +log_dir: {{ nuage_mon_rest_server_logdir }} +# Monitor rest server paramters +nuageMonServer: + URL: {{ nuage_mon_rest_server_url }} + certificateDirectory: {{ cert_output_dir }} diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index c489feabe..4b57273e4 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -4,4 +4,13 @@ admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig" cert_output_dir: /usr/share/nuage-openshift-monitor kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml -master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" +master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" +nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}" +nuage_mon_rest_server_url: "0.0.0.0:{{ nuage_mon_rest_server_port }}" +nuage_mon_rest_server_logdir: "{{ nuage_openshift_monitor_log_dir | default('/var/log/nuage-openshift-monitor') }}" + +nuage_mon_rest_server_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}" +nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.key" +nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt" + +nuage_master_crt_dir : /usr/share/nuage-openshift-monitor -- cgit v1.2.1