Merge pull request #2873 from jcantrill/295_metrics_admin_again

Move Metrics to ansible from deployer

1 files changed, 26 insertions, 0 deletions

diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml
new file mode 100644
index 000000000..16a967aa7
--- /dev/null
+++ b/roles/openshift_metrics/tasks/generate_certificates.yaml
@@ -0,0 +1,26 @@
+---
+- name: create certificate output directory
+  file:
+    path: "{{ openshift_metrics_certs_dir }}"
+    state: directory
+    mode: 0700
+
+- name: list existing secrets
+  command: >
+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
+    --config={{ mktemp.stdout }}/admin.kubeconfig
+    get secrets -o name
+  register: metrics_secrets
+  changed_when: false
+
+- name: generate ca certificate chain
+  shell: >
+    {{ openshift.common.admin_binary }} ca create-signer-cert
+    --config={{ mktemp.stdout }}/admin.kubeconfig
+    --key='{{ openshift_metrics_certs_dir }}/ca.key'
+    --cert='{{ openshift_metrics_certs_dir }}/ca.crt'
+    --serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
+    --name="metrics-signer@$(date +%s)"
+  when: not '{{ openshift_metrics_certs_dir }}/ca.key' | exists
+- include: generate_heapster_certificates.yaml
+- include: generate_hawkular_certificates.yaml