diff options
Diffstat (limited to 'roles/nuage_master/tasks')
-rw-r--r-- | roles/nuage_master/tasks/certificates.yml | 50 | ||||
-rw-r--r-- | roles/nuage_master/tasks/main.yaml | 36 |
2 files changed, 86 insertions, 0 deletions
diff --git a/roles/nuage_master/tasks/certificates.yml b/roles/nuage_master/tasks/certificates.yml new file mode 100644 index 000000000..0d3c69467 --- /dev/null +++ b/roles/nuage_master/tasks/certificates.yml @@ -0,0 +1,50 @@ +--- +- name: Create a directory to hold the certificates + file: path="{{ nuage_mon_rest_server_crt_dir }}" state=directory + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the key + command: > + openssl genrsa -out "{{ nuage_ca_master_rest_server_key }}" 4096 + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the req file + command: > + openssl req -key "{{ nuage_ca_master_rest_server_key }}" -new -out "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -subj "/CN={{ ansible_nodename }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Generate the crt file + command: > + openssl x509 -req -in "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_rest_server_crt }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Remove the req file + file: path="{{ nuage_mon_rest_server_crt_dir }}/restServer.req" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Copy nuage CA crt + shell: cp "{{ nuage_ca_crt }}" "{{ nuage_mon_rest_server_crt_dir }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Archive the certificate dir + shell: "cd {{ nuage_mon_rest_server_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *" + delegate_to: "{{ nuage_ca_master }}" + +- name: Create a temp directory for the certificates + local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX" + register: mktemp + +- name: Download the certificates + fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes + delegate_to: "{{ nuage_ca_master }}" + +- name: Extract the certificates + unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_master_crt_dir }} + +- name: Delete the certificates after copy + file: path="{{ nuage_mon_rest_server_crt_dir }}" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Delete the temp directory + file: path="{{ mktemp.stdout }}" state=absent + delegate_to: "{{ nuage_ca_master }}" diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml new file mode 100644 index 000000000..abeee3d71 --- /dev/null +++ b/roles/nuage_master/tasks/main.yaml @@ -0,0 +1,36 @@ +--- +- name: Create directory /usr/share/nuage-openshift-monitor + sudo: true + file: path=/usr/share/nuage-openshift-monitor state=directory + +- name: Create the log directory + sudo: true + file: path={{ nuage_mon_rest_server_logdir }} state=directory + +- name: Install Nuage Openshift Monitor + sudo: true + yum: name={{ nuage_openshift_rpm }} state=present + +- name: Run the service account creation script + sudo: true + script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }} + +- name: Download the certs and keys + sudo: true + fetch: src={{ cert_output_dir }}/{{ item }} dest=/tmp/{{ item }} flat=yes + with_items: + - ca.crt + - nuage.crt + - nuage.key + - nuage.kubeconfig + +- include: certificates.yml + +- name: Create nuage-openshift-monitor.yaml + sudo: true + template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644 + notify: + - restart master + - restart master api + - restart master controllers + - restart nuage-openshift-monitor |