diff options
| author | ewolinetz <ewolinet@redhat.com> | 2017-01-19 18:17:44 -0600 |
|---|---|---|
| committer | ewolinetz <ewolinet@redhat.com> | 2017-01-20 08:20:24 -0600 |
| commit | 7cb710f66261ee6367c0b9ee88bced87f1331134 (patch) | |
| tree | ce3dae24852d395ea1fb9a7b42228a1652140b31 | |
| parent | c995e1273811a24211ccc8a7e31bd793728d0f74 (diff) | |
Updating to use docker run instead of scheduling jks gen pod
| -rw-r--r-- | roles/openshift_logging/tasks/generate_certs.yaml | 60 |
1 files changed, 13 insertions, 47 deletions
diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index e16071e46..b3826838a 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -85,46 +85,12 @@ loop_control: loop_var: node_name -- name: Check for jks-generator service account - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get serviceaccount/jks-generator --no-headers -n {{openshift_logging_namespace}} - register: serviceaccount_result - ignore_errors: yes - when: not ansible_check_mode - changed_when: no - -- name: Create jks-generator service account - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create serviceaccount jks-generator -n {{openshift_logging_namespace}} - when: not ansible_check_mode and "not found" in serviceaccount_result.stderr - -- name: Check for hostmount-anyuid scc entry - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get scc hostmount-anyuid -o jsonpath='{.users}' - register: scc_result - when: not ansible_check_mode - changed_when: no - -- name: Add to hostmount-anyuid scc - command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-scc-to-user hostmount-anyuid -z jks-generator -n {{openshift_logging_namespace}} - when: - - not ansible_check_mode - - scc_result.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:jks-generator") == -1 - - name: Copy JKS generation script copy: src: generate-jks.sh dest: "{{generated_certs_dir}}/generate-jks.sh" check_mode: no -- name: Generate JKS pod template - template: - src: jks_pod.j2 - dest: "{{mktemp.stdout}}/jks_pod.yaml" - check_mode: no - changed_when: no - # check if pod generated files exist -- if they all do don't run the pod - name: Checking for elasticsearch.jks stat: path="{{generated_certs_dir}}/elasticsearch.jks" @@ -146,20 +112,20 @@ register: truststore_jks check_mode: no -- name: create JKS generation pod +- name: create JKS generation container command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f {{mktemp.stdout}}/jks_pod.yaml -n {{openshift_logging_namespace}} -o name - register: podoutput - check_mode: no - when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists - -- command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get {{podoutput.stdout}} -o jsonpath='{.status.phase}' -n {{openshift_logging_namespace}} - register: result - until: result.stdout.find("Succeeded") != -1 - retries: 5 - delay: 10 - changed_when: no + docker run + -u 0 + -e "PROJECT={{openshift_logging_namespace}}" + -e "CERT_DIR={{generated_certs_dir}}" + -v "{{generated_certs_dir}}:{{generated_certs_dir}}" + --name "jks_gen_{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(10)}}" + --entrypoint="/bin/bash" + "{{openshift_logging_image_prefix}}logging-deployer:{{openshift_logging_image_version}}" + "{{generated_certs_dir}}/generate-jks.sh" + register: container_output + check_mode: no + become: yes when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists # check for secret/logging-kibana-proxy |