mux does not require privileged, only hostmount-anyuid

1 files changed, 30 insertions, 0 deletions

diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml
index f396bcc6d..7ea10f60c 100644
--- a/roles/openshift_logging/tasks/generate_secrets.yaml
+++ b/roles/openshift_logging/tasks/generate_secrets.yaml
@@ -34,6 +34,36 @@
   check_mode: no
   changed_when: no
 
+- name: Retrieving the cert to use when generating secrets for mux
+  slurp: src="{{generated_certs_dir}}/{{item.file}}"
+  register: mux_key_pairs
+  with_items:
+    - { name: "ca_file", file: "ca.crt" }
+    - { name: "mux_key", file: "system.logging.mux.key"}
+    - { name: "mux_cert", file: "system.logging.mux.crt"}
+    - { name: "mux_shared_key", file: "mux_shared_key"}
+  when: openshift_logging_use_mux
+
+- name: Generating secrets for mux
+  template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml
+  vars:
+    secret_name: "logging-{{component}}"
+    secret_key_file: "{{component}}_key"
+    secret_cert_file: "{{component}}_cert"
+    secrets:
+      - {key: ca, value: "{{mux_key_pairs | entry_from_named_pair('ca_file')| b64decode }}"}
+      - {key: key, value: "{{mux_key_pairs | entry_from_named_pair(secret_key_file)| b64decode }}"}
+      - {key: cert, value: "{{mux_key_pairs | entry_from_named_pair(secret_cert_file)| b64decode }}"}
+      - {key: shared_key, value: "{{mux_key_pairs | entry_from_named_pair('mux_shared_key')| b64decode }}"}
+    secret_keys: ["ca", "cert", "key", "shared_key"]
+  with_items:
+    - mux
+  loop_control:
+    loop_var: component
+  check_mode: no
+  changed_when: no
+  when: openshift_logging_use_mux
+
 - name: Generating secrets for kibana proxy
   template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml
   vars: