summaryrefslogtreecommitdiffstats
path: root/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml')
-rw-r--r--roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml119
1 files changed, 119 insertions, 0 deletions
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
new file mode 100644
index 000000000..31129a6ac
--- /dev/null
+++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
@@ -0,0 +1,119 @@
+---
+- name: generate hawkular-metrics certificates
+ include: setup_certificate.yaml
+ vars:
+ component: hawkular-metrics
+ hostnames: "hawkular-metrics,hawkular-metrics.{{ openshift_metrics_project }}.svc.cluster.local,{{ openshift_metrics_hawkular_hostname }}"
+ changed_when: no
+
+- name: generate hawkular-cassandra certificates
+ include: setup_certificate.yaml
+ vars:
+ component: hawkular-cassandra
+ hostnames: hawkular-cassandra
+ changed_when: no
+
+- name: generate password for hawkular metrics
+ local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}"
+ with_items:
+ - hawkular-metrics
+ become: false
+
+- local_action: slurp src="{{ local_tmp.stdout }}/hawkular-metrics.pwd"
+ register: hawkular_metrics_pwd
+ no_log: true
+ become: false
+
+- name: generate htpasswd file for hawkular metrics
+ local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}"
+ become: false
+
+- name: copy local generated passwords to target
+ copy:
+ src: "{{ local_tmp.stdout }}/{{ item }}"
+ dest: "{{ mktemp.stdout }}/{{ item }}"
+ with_items:
+ - hawkular-metrics.pwd
+ - hawkular-metrics.htpasswd
+
+- name: read files for the hawkular-metrics secret
+ shell: >
+ printf '%s: ' '{{ item }}'
+ && base64 --wrap 0 '{{ mktemp.stdout }}/{{ item }}'
+ register: hawkular_secrets
+ with_items:
+ - ca.crt
+ - hawkular-metrics.pwd
+ - hawkular-metrics.htpasswd
+ - hawkular-metrics.crt
+ - hawkular-metrics.key
+ - hawkular-metrics.pem
+ - hawkular-cassandra.crt
+ - hawkular-cassandra.key
+ - hawkular-cassandra.pem
+ changed_when: false
+
+- set_fact:
+ hawkular_secrets: |
+ {{ hawkular_secrets.results|map(attribute='stdout')|join('
+ ')|from_yaml }}
+
+- name: generate hawkular-metrics-certs secret template
+ template:
+ src: secret.j2
+ dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-certs.yaml"
+ vars:
+ name: hawkular-metrics-certs
+ labels:
+ metrics-infra: hawkular-metrics-certs
+ annotations:
+ service.alpha.openshift.io/originating-service-name: hawkular-metrics
+ data:
+ tls.crt: >
+ {{ hawkular_secrets['hawkular-metrics.crt'] }}
+ tls.key: >
+ {{ hawkular_secrets['hawkular-metrics.key'] }}
+ tls.truststore.crt: >
+ {{ hawkular_secrets['hawkular-cassandra.crt'] }}
+ ca.crt: >
+ {{ hawkular_secrets['ca.crt'] }}
+ when: name not in metrics_secrets.stdout_lines
+ changed_when: no
+
+- name: generate hawkular-metrics-account secret template
+ template:
+ src: secret.j2
+ dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_account.yaml"
+ vars:
+ name: hawkular-metrics-account
+ labels:
+ metrics-infra: hawkular-metrics
+ data:
+ hawkular-metrics.username: "{{ 'hawkular'|b64encode }}"
+ hawkular-metrics.htpasswd: "{{ hawkular_secrets['hawkular-metrics.htpasswd'] }}"
+ hawkular-metrics.password: >
+ {{ hawkular_secrets['hawkular-metrics.pwd'] }}
+ when: name not in metrics_secrets.stdout_lines
+ changed_when: no
+
+- name: generate cassandra secret template
+ template:
+ src: secret.j2
+ dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-certs.yaml"
+ vars:
+ name: hawkular-cassandra-certs
+ labels:
+ metrics-infra: hawkular-cassandra-certs
+ annotations:
+ service.alpha.openshift.io/originating-service-name: hawkular-cassandra
+ data:
+ tls.crt: >
+ {{ hawkular_secrets['hawkular-cassandra.crt'] }}
+ tls.key: >
+ {{ hawkular_secrets['hawkular-cassandra.key'] }}
+ tls.peer.truststore.crt: >
+ {{ hawkular_secrets['hawkular-cassandra.crt'] }}
+ tls.client.truststore.crt: >
+ {{ hawkular_secrets['hawkular-metrics.crt'] }}
+ when: name not in metrics_secrets
+ changed_when: no
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-02 15:54:41 +0000