From 868e800a1325a726c24afc752033434a80d13b2d Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Thu, 12 Jan 2017 16:52:23 -0500 Subject: additional cr fixes --- .../tasks/generate_hawkular_certificates.yaml | 27 +++++----- .../openshift_metrics/tasks/install_cassandra.yaml | 54 +++++++++++++++++++ .../openshift_metrics/tasks/install_hawkular.yaml | 60 ++-------------------- .../openshift_metrics/tasks/install_heapster.yaml | 7 +-- roles/openshift_metrics/tasks/install_metrics.yaml | 1 + .../openshift_metrics/tasks/setup_certificate.yaml | 41 ++++++++------- 6 files changed, 99 insertions(+), 91 deletions(-) create mode 100644 roles/openshift_metrics/tasks/install_cassandra.yaml (limited to 'roles') diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 1306d0ccd..489856c27 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -13,22 +13,26 @@ hostnames: hawkular-cassandra changed_when: no +- slurp: src={{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd + register: cassandra_truststore_password + - name: check existing aliases on the hawkular-cassandra truststore shell: > keytool -noprompt -list -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra.truststore - -storepass "$(< - '{{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd')" + -storepass {{cassandra_truststore_password.content | b64decode }} | sed -n '7~2s/,.*$//p' register: hawkular_cassandra_truststore_aliases changed_when: false +- slurp: src={{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd + register: hawkular_truststore_password + - name: check existing aliases on the hawkular-metrics truststore shell: > keytool -noprompt -list -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-metrics.truststore - -storepass "$(< - '{{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd')" + -storepass {{ hawkular_truststore_password.content | b64decode }} | sed -n '7~2s/,.*$//p' register: hawkular_metrics_truststore_aliases changed_when: false @@ -39,8 +43,7 @@ -alias hawkular-metrics -file '{{ openshift_metrics_certs_dir }}/hawkular-metrics.crt' -keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore' - -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')" + -storepass {{cassandra_truststore_password.content | b64decode }} when: > 'hawkular-metrics' not in hawkular_cassandra_truststore_aliases.stdout_lines @@ -51,8 +54,7 @@ -alias hawkular-cassandra -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt' -keystore '{{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore' - -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')" + -storepass {{ hawkular_truststore_password.content | b64decode }} when: > 'hawkular-cassandra' not in hawkular_metrics_truststore_aliases.stdout_lines @@ -63,8 +65,7 @@ -alias hawkular-cassandra -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt' -keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore' - -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')" + -storepass {{cassandra_truststore_password.content | b64decode }} when: > 'hawkular-cassandra' not in hawkular_cassandra_truststore_aliases.stdout_lines @@ -75,8 +76,7 @@ -alias '{{ item }}' -file '{{ openshift_metrics_certs_dir }}/ca.crt' -keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore' - -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')" + -storepass {{cassandra_truststore_password.content | b64decode }} with_items: - ca - metricca @@ -89,8 +89,7 @@ -alias '{{ item }}' -file '{{ openshift_metrics_certs_dir }}/ca.crt' -keystore '{{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore' - -storepass "$(< - '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')" + -storepass {{ hawkular_truststore_password.content | b64decode }} with_items: - ca - metricca diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml new file mode 100644 index 000000000..a9340acc3 --- /dev/null +++ b/roles/openshift_metrics/tasks/install_cassandra.yaml @@ -0,0 +1,54 @@ +--- +- shell: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get rc hawkular-cassandra-{{node}} -o jsonpath='{.spec.replicas}' || echo 0 + vars: + node: "{{ item }}" + register: cassandra_replica_count + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + changed_when: false + failed_when: false + +- name: generate hawkular-cassandra replication controllers + template: + src: hawkular_cassandra_rc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-rc{{ item }}.yaml" + vars: + node: "{{ item }}" + master: "{{ (item == '1')|string|lower }}" + replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + changed_when: false + +- name: generate hawkular-cassandra persistent volume claims + template: + src: pvc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" + vars: + obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}" + labels: + metrics-infra: hawkular-cassandra + access_modes: + - ReadWriteOnce + size: "{{ openshift_metrics_cassandra_pv_size }}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + when: openshift_metrics_cassandra_storage_type == 'pv' + changed_when: false + +- name: generate hawkular-cassandra persistent volume claims (dynamic) + template: + src: pvc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" + vars: + obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}" + labels: + metrics-infra: hawkular-cassandra + annotations: + volume.alpha.kubernetes.io/storage-class: dynamic + access_modes: + - ReadWriteOnce + size: "{{ openshift_metrics_cassandra_pv_size }}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + when: openshift_metrics_cassandra_storage_type == 'dynamic' + changed_when: false diff --git a/roles/openshift_metrics/tasks/install_hawkular.yaml b/roles/openshift_metrics/tasks/install_hawkular.yaml index 7c06bc1db..00f7b2554 100644 --- a/roles/openshift_metrics/tasks/install_hawkular.yaml +++ b/roles/openshift_metrics/tasks/install_hawkular.yaml @@ -1,9 +1,10 @@ --- -- shell: > +- command: > {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} --config={{ mktemp.stdout }}/admin.kubeconfig - get rc hawkular-metrics -o jsonpath='{.spec.replicas}' || echo 0 + get rc hawkular-metrics -o jsonpath='{.spec.replicas}' register: hawkular_metrics_replica_count + failed_when: false changed_when: false - name: generate hawkular-metrics replication controller @@ -11,60 +12,7 @@ src: hawkular_metrics_rc.j2 dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_rc.yaml" vars: - replica_count: "{{hawkular_metrics_replica_count.stdout}}" - changed_when: false - -- shell: > - {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} - --config={{ mktemp.stdout }}/admin.kubeconfig - get rc hawkular-cassandra-{{node}} -o jsonpath='{.spec.replicas}' || echo 0 - vars: - node: "{{ item }}" - register: cassandra_replica_count - with_sequence: count={{ openshift_metrics_cassandra_replicas }} - changed_when: false - -- name: generate hawkular-cassandra replication controllers - template: - src: hawkular_cassandra_rc.j2 - dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-rc{{ item }}.yaml" - vars: - node: "{{ item }}" - master: "{{ (item == '1')|string|lower }}" - replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}" - with_sequence: count={{ openshift_metrics_cassandra_replicas }} - changed_when: false - -- name: generate hawkular-cassandra persistent volume claims - template: - src: pvc.j2 - dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" - vars: - obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}" - labels: - metrics-infra: hawkular-cassandra - access_modes: - - ReadWriteOnce - size: "{{ openshift_metrics_cassandra_pv_size }}" - with_sequence: count={{ openshift_metrics_cassandra_replicas }} - when: openshift_metrics_cassandra_storage_type == 'pv' - changed_when: false - -- name: generate hawkular-cassandra persistent volume claims (dynamic) - template: - src: pvc.j2 - dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" - vars: - obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}" - labels: - metrics-infra: hawkular-cassandra - annotations: - volume.alpha.kubernetes.io/storage-class: dynamic - access_modes: - - ReadWriteOnce - size: "{{ openshift_metrics_cassandra_pv_size }}" - with_sequence: count={{ openshift_metrics_cassandra_replicas }} - when: openshift_metrics_cassandra_storage_type == 'dynamic' + replica_count: "{{hawkular_metrics_replica_count.stdout | default(0)}}" changed_when: false - name: read hawkular-metrics route destination ca certificate diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml index e650391a8..39df797ab 100644 --- a/roles/openshift_metrics/tasks/install_heapster.yaml +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -1,13 +1,14 @@ --- -- shell: > +- command: > {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} --config={{ mktemp.stdout }}/admin.kubeconfig - get rc heapster -o jsonpath='{.spec.replicas}' || echo 0 + get rc heapster -o jsonpath='{.spec.replicas}' register: heapster_replica_count + failed_when: false changed_when: no - name: Generate heapster replication controller template: src=heapster.j2 dest={{mktemp.stdout}}/templates/metrics-heapster-rc.yaml vars: - replica_count: "{{heapster_replica_count.stdout}}" + replica_count: "{{heapster_replica_count.stdout | default(0)}}" changed_when: no diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index 5f4b84418..e550f6e8d 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -16,6 +16,7 @@ - support - heapster - hawkular + - cassandra loop_control: loop_var: include_file diff --git a/roles/openshift_metrics/tasks/setup_certificate.yaml b/roles/openshift_metrics/tasks/setup_certificate.yaml index 07c8365b1..c185d3f88 100644 --- a/roles/openshift_metrics/tasks/setup_certificate.yaml +++ b/roles/openshift_metrics/tasks/setup_certificate.yaml @@ -11,20 +11,28 @@ --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt' when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.key'|exists +- slurp: src={{item}} + register: component_certs + with_items: + - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.key' + - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.crt' + when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists + - name: generate {{ component }} certificate - shell: > - cat - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.key' - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.crt' - > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.pem' + copy: + dest: '{{ openshift_metrics_certs_dir }}/{{ component }}.pem' + content: "{{ component_certs.results | map(attribute='content') | map('b64decode') | join('') }}" when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists - name: generate random password for the {{ component }} keystore - shell: > - tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15 - > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd' + copy: + content: "{{ 15 | oo_random_word }}" + dest: '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd' when: > not '{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'|exists + +- slurp: src={{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd + register: keystore_password - name: create the {{ component }} pkcs12 from the pem file command: > @@ -32,27 +40,24 @@ -in '{{ openshift_metrics_certs_dir }}/{{ component }}.pem' -out '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12' -name '{{ component }}' -noiter -nomaciter - -password - 'file:{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd' + -password 'pass:{{keystore_password.content | b64decode }}' when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'|exists - name: create the {{ component }} keystore from the pkcs12 file - shell: > - p=$(< {{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd) - && + command: > keytool -v -importkeystore -srckeystore '{{ openshift_metrics_certs_dir | quote }}/{{ component | quote }}.pkcs12' -srcstoretype PKCS12 -destkeystore '{{ openshift_metrics_certs_dir | quote }}/{{ component | quote}}.keystore' -deststoretype JKS - -deststorepass "$p" - -srcstorepass "$p" + -deststorepass '{{keystore_password.content | b64decode }}' + -srcstorepass '{{keystore_password.content | b64decode }}' when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.keystore'|exists - name: generate random password for the {{ component }} truststore - shell: > - tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15 - > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-truststore.pwd' + copy: + content: "{{ 15 | oo_random_word }}" + dest: '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-truststore.pwd' when: > not '{{ openshift_metrics_certs_dir | quote }}/{{ component| quote }}-truststore.pwd'|exists -- cgit v1.2.3