From bef725c7b04f7f0ba9fe83673024928e33b3ce2e Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Thu, 26 Jan 2017 12:28:46 -0500 Subject: fix 1414625. Additional fix to run password commands on control node --- .../tasks/generate_hawkular_certificates.yaml | 48 +++++++++++++++++----- .../openshift_metrics/tasks/import_jks_certs.yaml | 9 ---- roles/openshift_metrics/tasks/main.yaml | 2 +- 3 files changed, 39 insertions(+), 20 deletions(-) (limited to 'roles/openshift_metrics') diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 9cf4afee0..9333d341c 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -19,25 +19,53 @@ - slurp: src={{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd register: hawkular_truststore_password +- stat: path="{{openshift_metrics_certs_dir}}/{{item}}" + register: pwd_file_stat + with_items: + - hawkular-metrics.pwd + - hawkular-metrics.htpasswd + - hawkular-jgroups-keystore.pwd + changed_when: no + +- set_fact: + pwd_files: "{{pwd_files | default({}) | combine ({item.item: item.stat}) }}" + with_items: "{{pwd_file_stat.results}}" + changed_when: no + +- name: Create temp directory local on control node + local_action: command mktemp -d + register: local_tmp + changed_when: False + - name: generate password for hawkular metrics and jgroups - copy: - dest: '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd' - content: "{{ 15 | oo_random_word }}" + local_action: copy dest="{{ local_tmp.stdout}}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}" with_items: - hawkular-metrics - hawkular-jgroups-keystore - when: not '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd'|exists + when: "not pwd_files['{{ item }}.pwd'].exists" - name: generate htpasswd file for hawkular metrics - shell: > - htpasswd -ci - '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd' hawkular - < '{{ openshift_metrics_certs_dir }}/hawkular-metrics.pwd' - when: > - not '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd'|exists + local_action: > + shell htpasswd -ci + '{{ local_tmp.stdout }}/hawkular-metrics.htpasswd' hawkular + < '{{ local_tmp.stdout }}/hawkular-metrics.pwd' + when: "not pwd_files['hawkular-metrics.htpasswd'].exists" + +- name: copy local generated passwords to target + copy: + src: "{{local_tmp.stdout}}/{{item}}" + dest: "{{openshift_metrics_certs_dir}}/{{item}}" + with_items: + - hawkular-metrics.pwd + - hawkular-metrics.htpasswd + - hawkular-jgroups-keystore.pwd + when: "not pwd_files['{{ item }}'].exists" - include: import_jks_certs.yaml +- local_action: file path="{{local_tmp.stdout}}" state=absent + changed_when: False + - name: read files for the hawkular-metrics secret shell: > printf '%s: ' '{{ item }}' diff --git a/roles/openshift_metrics/tasks/import_jks_certs.yaml b/roles/openshift_metrics/tasks/import_jks_certs.yaml index f5192b005..16fd8d9f8 100644 --- a/roles/openshift_metrics/tasks/import_jks_certs.yaml +++ b/roles/openshift_metrics/tasks/import_jks_certs.yaml @@ -29,10 +29,6 @@ - slurp: src={{ openshift_metrics_certs_dir }}/hawkular-jgroups-keystore.pwd register: jgroups_keystore_password - - local_action: command mktemp -d - register: local_tmp - changed_when: False - - fetch: dest: "{{local_tmp.stdout}}/" src: "{{ openshift_metrics_certs_dir }}/{{item}}" @@ -60,11 +56,6 @@ src: "{{item}}" with_fileglob: "{{local_tmp.stdout}}/*.*store" - - file: - path: "{{local_tmp.stdout}}" - state: absent - changed_when: False - when: not metrics_keystore.stat.exists or not metrics_truststore.stat.exists or not cassandra_keystore.stat.exists or diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 1808db5d5..d03d4176b 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,5 +1,5 @@ --- -- name: Create temp directory for doing work in +- name: Create temp directory for doing work in on target command: mktemp -td openshift-metrics-ansible-XXXXXX register: mktemp changed_when: False -- cgit v1.2.1