diff options
Diffstat (limited to 'roles/openshift_metrics/tasks')
| -rw-r--r-- | roles/openshift_metrics/tasks/import_jks_certs.yaml | 146 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/install_metrics.yaml | 16 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/install_support.yaml | 18 |
3 files changed, 79 insertions, 101 deletions
diff --git a/roles/openshift_metrics/tasks/import_jks_certs.yaml b/roles/openshift_metrics/tasks/import_jks_certs.yaml index f6bf6c1a6..f5192b005 100644 --- a/roles/openshift_metrics/tasks/import_jks_certs.yaml +++ b/roles/openshift_metrics/tasks/import_jks_certs.yaml @@ -1,76 +1,4 @@ --- -- name: Check for jks-generator service account - command: > - {{ openshift.common.client_binary }} - --config={{ mktemp.stdout }}/admin.kubeconfig - -n {{openshift_metrics_project}} - get serviceaccount/jks-generator --no-headers - register: serviceaccount_result - ignore_errors: yes - when: not ansible_check_mode - changed_when: no - -- name: Create jks-generator service account - command: > - {{ openshift.common.client_binary }} - --config={{ mktemp.stdout }}/admin.kubeconfig - -n {{openshift_metrics_project}} - create serviceaccount jks-generator - when: not ansible_check_mode and "not found" in serviceaccount_result.stderr - -- name: Check for hostmount-anyuid scc entry - command: > - {{ openshift.common.client_binary }} - --config={{ mktemp.stdout }}/admin.kubeconfig - get scc hostmount-anyuid - -o jsonpath='{.users}' - register: scc_result - when: not ansible_check_mode - changed_when: no - -- name: Add to hostmount-anyuid scc - command: > - {{ openshift.common.admin_binary }} - --config={{ mktemp.stdout }}/admin.kubeconfig - -n {{openshift_metrics_project}} - policy add-scc-to-user hostmount-anyuid - -z jks-generator - when: - - not ansible_check_mode - - scc_result.stdout.find("system:serviceaccount:{{openshift_metrics_project}}:jks-generator") == -1 - -- name: Copy JKS generation script - copy: - src: import_jks_certs.sh - dest: "{{openshift_metrics_certs_dir}}/import_jks_certs.sh" - check_mode: no - -- slurp: src={{ openshift_metrics_certs_dir }}/hawkular-metrics-keystore.pwd - register: metrics_keystore_password - -- slurp: src={{ openshift_metrics_certs_dir }}/hawkular-cassandra-keystore.pwd - register: cassandra_keystore_password - -- slurp: src={{ openshift_metrics_certs_dir }}/hawkular-jgroups-keystore.pwd - register: jgroups_keystore_password - -- name: Generate JKS pod template - template: - src: jks_pod.j2 - dest: "{{mktemp.stdout}}/jks_pod.yaml" - vars: - metrics_keystore_passwd: "{{metrics_keystore_password.content}}" - cassandra_keystore_passwd: "{{cassandra_keystore_password.content}}" - metrics_truststore_passwd: "{{hawkular_truststore_password.content}}" - cassandra_truststore_passwd: "{{cassandra_truststore_password.content}}" - jgroups_passwd: "{{jgroups_keystore_password.content}}" - check_mode: no - changed_when: no - -- stat: path="{{openshift_metrics_certs_dir}}/hawkular-metrics.keystore" - register: metrics_keystore - check_mode: no - - stat: path="{{openshift_metrics_certs_dir}}/hawkular-cassandra.keystore" register: cassandra_keystore check_mode: no @@ -79,6 +7,10 @@ register: cassandra_truststore check_mode: no +- stat: path="{{openshift_metrics_certs_dir}}/hawkular-metrics.keystore" + register: metrics_keystore + check_mode: no + - stat: path="{{openshift_metrics_certs_dir}}/hawkular-metrics.truststore" register: metrics_truststore check_mode: no @@ -87,32 +19,52 @@ register: jgroups_keystore check_mode: no -- name: create JKS pod - command: > - {{ openshift.common.client_binary }} - --config={{ mktemp.stdout }}/admin.kubeconfig - -n {{openshift_metrics_project}} - create -f {{mktemp.stdout}}/jks_pod.yaml - -o name - register: podoutput - check_mode: no - when: not metrics_keystore.stat.exists or - not metrics_truststore.stat.exists or - not cassandra_keystore.stat.exists or - not cassandra_truststore.stat.exists or - not jgroups_keystore.stat.exists +- block: + - slurp: src={{ openshift_metrics_certs_dir }}/hawkular-metrics-keystore.pwd + register: metrics_keystore_password + + - slurp: src={{ openshift_metrics_certs_dir }}/hawkular-cassandra-keystore.pwd + register: cassandra_keystore_password + + - slurp: src={{ openshift_metrics_certs_dir }}/hawkular-jgroups-keystore.pwd + register: jgroups_keystore_password + + - local_action: command mktemp -d + register: local_tmp + changed_when: False + + - fetch: + dest: "{{local_tmp.stdout}}/" + src: "{{ openshift_metrics_certs_dir }}/{{item}}" + flat: yes + changed_when: False + with_items: + - hawkular-metrics.pkcs12 + - hawkular-cassandra.pkcs12 + - hawkular-metrics.crt + - hawkular-cassandra.crt + - ca.crt + + - local_action: command {{role_path}}/files/import_jks_certs.sh + environment: + CERT_DIR: "{{local_tmp.stdout}}" + METRICS_KEYSTORE_PASSWD: "{{metrics_keystore_password.content}}" + CASSANDRA_KEYSTORE_PASSWD: "{{cassandra_keystore_password.content}}" + METRICS_TRUSTSTORE_PASSWD: "{{hawkular_truststore_password.content}}" + CASSANDRA_TRUSTSTORE_PASSWD: "{{cassandra_truststore_password.content}}" + JGROUPS_PASSWD: "{{jgroups_keystore_password.content}}" + changed_when: False + + - copy: + dest: "{{openshift_metrics_certs_dir}}/" + src: "{{item}}" + with_fileglob: "{{local_tmp.stdout}}/*.*store" + + - file: + path: "{{local_tmp.stdout}}" + state: absent + changed_when: False -- command: > - {{ openshift.common.client_binary }} - --config={{ mktemp.stdout }}/admin.kubeconfig - -n {{openshift_metrics_project}} - get {{podoutput.stdout}} - -o jsonpath='{.status.phase}' - register: result - until: result.stdout.find("Succeeded") != -1 - retries: 5 - delay: 10 - changed_when: no when: not metrics_keystore.stat.exists or not metrics_truststore.stat.exists or not cassandra_keystore.stat.exists or diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index bab37dbfb..ddaa54438 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -20,15 +20,23 @@ loop_control: loop_var: include_file +- find: paths={{ mktemp.stdout }}/templates patterns=*.yaml + register: object_def_files + changed_when: no + +- slurp: src={{item.path}} + register: object_defs + with_items: "{{object_def_files.files}}" + changed_when: no + - name: Create objects include: oc_apply.yaml vars: kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" namespace: "{{ openshift_metrics_project }}" - file_name: "{{ item }}" - file_content: "{{ lookup('file',item) | from_yaml }}" - with_fileglob: - - "{{ mktemp.stdout }}/templates/*.yaml" + file_name: "{{ item.source }}" + file_content: "{{ item.content | b64decode | from_yaml }}" + with_items: "{{ object_defs.results }}" - name: Scaling up cluster include: start_metrics.yaml diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml index b0e4bec80..cc5acc6e5 100644 --- a/roles/openshift_metrics/tasks/install_support.yaml +++ b/roles/openshift_metrics/tasks/install_support.yaml @@ -1,4 +1,22 @@ --- +- name: Check control node to see if htpasswd is installed + local_action: command which htpasswd + register: htpasswd_check + failed_when: no + changed_when: no + +- fail: msg="'htpasswd' is unavailable. Please install httpd-tools on the control node" + when: htpasswd_check.rc == 1 + +- name: Check control node to see if keytool is installed + local_action: command which htpasswd + register: keytool_check + failed_when: no + changed_when: no + +- fail: msg="'keytool' is unavailable. Please install java-1.8.0-openjdk-headless on the control node" + when: keytool_check.rc == 1 + - include: generate_certificates.yaml - include: generate_serviceaccounts.yaml - include: generate_services.yaml |