From 60ad4626f03cbfb119290a4bfaf9ecba53dc762b Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Tue, 2 May 2017 11:21:56 -0500
Subject: Pulling in changes from master

---
 .../openshift_logging/tasks/generate_secrets.yaml  | 129 ---------------------
 1 file changed, 129 deletions(-)
 delete mode 100644 roles/openshift_logging/tasks/generate_secrets.yaml

(limited to 'roles/openshift_logging/tasks/generate_secrets.yaml')

diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml
deleted file mode 100644
index b629bd995..000000000
--- a/roles/openshift_logging/tasks/generate_secrets.yaml
+++ /dev/null
@@ -1,129 +0,0 @@
----
-- name: Retrieving the cert to use when generating secrets for the logging components
-  slurp: src="{{generated_certs_dir}}/{{item.file}}"
-  register: key_pairs
-  with_items:
-    - { name: "ca_file", file: "ca.crt" }
-    - { name: "kibana_key", file: "system.logging.kibana.key"}
-    - { name: "kibana_cert", file: "system.logging.kibana.crt"}
-    - { name: "curator_key", file: "system.logging.curator.key"}
-    - { name: "curator_cert", file: "system.logging.curator.crt"}
-    - { name: "fluentd_key", file: "system.logging.fluentd.key"}
-    - { name: "fluentd_cert", file: "system.logging.fluentd.crt"}
-    - { name: "kibana_internal_key", file: "kibana-internal.key"}
-    - { name: "kibana_internal_cert", file: "kibana-internal.crt"}
-    - { name: "server_tls", file: "server-tls.json"}
-
-- name: Generating secrets for logging components
-  template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml
-  vars:
-    secret_name: "logging-{{component}}"
-    secret_key_file: "{{component}}_key"
-    secret_cert_file: "{{component}}_cert"
-    secrets:
-      - {key: ca, value: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"}
-      - {key: key, value: "{{key_pairs | entry_from_named_pair(secret_key_file)| b64decode }}"}
-      - {key: cert, value: "{{key_pairs | entry_from_named_pair(secret_cert_file)| b64decode }}"}
-    secret_keys: ["ca", "cert", "key"]
-  with_items:
-    - kibana
-    - curator
-    - fluentd
-  loop_control:
-    loop_var: component
-  check_mode: no
-  changed_when: no
-
-- name: Retrieving the cert to use when generating secrets for mux
-  slurp: src="{{generated_certs_dir}}/{{item.file}}"
-  register: mux_key_pairs
-  with_items:
-    - { name: "ca_file", file: "ca.crt" }
-    - { name: "mux_key", file: "system.logging.mux.key"}
-    - { name: "mux_cert", file: "system.logging.mux.crt"}
-    - { name: "mux_shared_key", file: "mux_shared_key"}
-  when: openshift_logging_use_mux
-
-- name: Generating secrets for mux
-  template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml
-  vars:
-    secret_name: "logging-{{component}}"
-    secret_key_file: "{{component}}_key"
-    secret_cert_file: "{{component}}_cert"
-    secrets:
-      - {key: ca, value: "{{mux_key_pairs | entry_from_named_pair('ca_file')| b64decode }}"}
-      - {key: key, value: "{{mux_key_pairs | entry_from_named_pair(secret_key_file)| b64decode }}"}
-      - {key: cert, value: "{{mux_key_pairs | entry_from_named_pair(secret_cert_file)| b64decode }}"}
-      - {key: shared_key, value: "{{mux_key_pairs | entry_from_named_pair('mux_shared_key')| b64decode }}"}
-    secret_keys: ["ca", "cert", "key", "shared_key"]
-  with_items:
-    - mux
-  loop_control:
-    loop_var: component
-  check_mode: no
-  changed_when: no
-  when: openshift_logging_use_mux
-
-- name: Generating secrets for kibana proxy
-  template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml
-  vars:
-    secret_name: logging-kibana-proxy
-    secrets:
-      - {key: oauth-secret, value: "{{oauth_secret}}"}
-      - {key: session-secret, value: "{{session_secret}}"}
-      - {key: server-key, value: "{{kibana_key_file}}"}
-      - {key: server-cert, value: "{{kibana_cert_file}}"}
-      - {key: server-tls.json, value: "{{server_tls_file}}"}
-    secret_keys: ["server-tls.json", "server-key", "session-secret", "oauth-secret", "server-cert"]
-    kibana_key_file: "{{key_pairs | entry_from_named_pair('kibana_internal_key')| b64decode }}"
-    kibana_cert_file: "{{key_pairs | entry_from_named_pair('kibana_internal_cert')| b64decode }}"
-    server_tls_file: "{{key_pairs | entry_from_named_pair('server_tls')| b64decode }}"
-  check_mode: no
-  changed_when: no
-
-- name: Generating secrets for elasticsearch
-  command: >
-    {{openshift.common.client_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new {{secret_name}}
-    key={{generated_certs_dir}}/logging-es.jks truststore={{generated_certs_dir}}/truststore.jks
-    searchguard.key={{generated_certs_dir}}/elasticsearch.jks searchguard.truststore={{generated_certs_dir}}/truststore.jks
-    admin-key={{generated_certs_dir}}/system.admin.key admin-cert={{generated_certs_dir}}/system.admin.crt
-    admin-ca={{generated_certs_dir}}/ca.crt admin.jks={{generated_certs_dir}}/system.admin.jks -o yaml
-  vars:
-    secret_name: logging-elasticsearch
-    secret_keys: ["admin-cert", "searchguard.key", "admin-ca", "key", "truststore", "admin-key", "searchguard.truststore"]
-  register: logging_es_secret
-  check_mode: no
-  changed_when: no
-
-- copy: content="{{logging_es_secret.stdout}}" dest={{mktemp.stdout}}/templates/logging-elasticsearch-secret.yaml
-  when: logging_es_secret.stdout is defined
-  check_mode: no
-  changed_when: no
-
-- name: Retrieving the cert to use when generating secrets for Elasticsearch external route
-  slurp: src="{{generated_certs_dir}}/{{item.file}}"
-  register: es_key_pairs
-  with_items:
-    - { name: "ca_file", file: "ca.crt" }
-    - { name: "es_key", file: "system.logging.es.key"}
-    - { name: "es_cert", file: "system.logging.es.crt"}
-  when: openshift_logging_es_allow_external | bool
-
-- name: Generating secrets for Elasticsearch external route
-  template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml
-  vars:
-    secret_name: "logging-{{component}}"
-    secret_key_file: "{{component}}_key"
-    secret_cert_file: "{{component}}_cert"
-    secrets:
-      - {key: ca, value: "{{es_key_pairs | entry_from_named_pair('ca_file')| b64decode }}"}
-      - {key: key, value: "{{es_key_pairs | entry_from_named_pair(secret_key_file)| b64decode }}"}
-      - {key: cert, value: "{{es_key_pairs | entry_from_named_pair(secret_cert_file)| b64decode }}"}
-    secret_keys: ["ca", "cert", "key"]
-  with_items:
-    - es
-  loop_control:
-    loop_var: component
-  check_mode: no
-  changed_when: no
-  when: openshift_logging_es_allow_external | bool
-- 
cgit v1.2.3