8 years ago · 84b1c4848f
--- a/roles/openshift_metrics/tasks/generate_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_certificates.yaml
@@ -7,16 +7,18 @@
 
				 - name: list existing secrets
			
 
				   command: >
			
 
				     {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
			
 
				+    --config={{ mktemp.stdout }}/admin.kubeconfig
			
 
				     get secrets -o name
			
 
				   register: metrics_secrets
			
 
				   changed_when: false
			
 
				 - name: generate ca certificate chain
			
 
				   shell: >
			
 
				     {{ openshift.common.admin_binary }} ca create-signer-cert
			
 
				+    --config={{ mktemp.stdout }}/admin.kubeconfig
			
 
				     --key='{{ openshift_metrics_certs_dir }}/ca.key'
			
 
				     --cert='{{ openshift_metrics_certs_dir }}/ca.crt'
			
 
				     --serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
			
 
				     --name="metrics-signer@$(date +%s)"
			
 
				-  when: not '{{ openshift_metrics_certs_dir }}/ca.key'|exists
			
 
				+  when: not '{{ openshift_metrics_certs_dir }}/ca.key' | exists
			
 
				 - include: generate_heapster_certificates.yaml
			
 
				 - include: generate_hawkular_certificates.yaml
			
--- a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml
@@ -2,13 +2,15 @@
 
				 - name: generate heapster key/cert
			
 
				   command: >
			
 
				     {{ openshift.common.admin_binary }} ca create-server-cert
			
 
				+    --config={{ mktemp.stdout }}/admin.kubeconfig
			
 
				     --key='{{ openshift_metrics_certs_dir }}/heapster.key'
			
 
				     --cert='{{ openshift_metrics_certs_dir }}/heapster.cert'
			
 
				     --hostnames=heapster
			
 
				     --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt'
			
 
				     --signer-key='{{ openshift_metrics_certs_dir }}/ca.key'
			
 
				     --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
			
 
				-  when: not '{{ openshift_metrics_certs_dir }}/heapster.key'|exists
			
 
				+  when: not '{{ openshift_metrics_certs_dir }}/heapster.key' | exists
			
 
				+
			
 
				 - when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines"
			
 
				   block:
			
 
				   - name: read files for the heapster secret
			
--- a/roles/openshift_metrics/tasks/main.yaml
+++ b/roles/openshift_metrics/tasks/main.yaml
@@ -1,7 +1,7 @@
 
				 ---
			
 
				 - name: check that hawkular_metrics_hostname is set
			
 
				   fail: msg='the openshift_metrics_hawkular_metrics_hostname variable is required'
			
 
				-  when: "{{ openshift_metrics_hawkular_metrics_hostname is not defined }}"
			
 
				+  when: openshift_metrics_hawkular_metrics_hostname is not defined
			
 
				 
			
 
				 - name: check the value of openshift_metrics_hawkular_cassandra_storage_type
			
 
				   fail:
			
@@ -21,6 +21,13 @@
 
				   file: path={{mktemp.stdout}}/templates state=directory mode=0755
			
 
				   changed_when: False
			
 
				 
			
 
				+- name: Copy the admin client config(s)
			
 
				+  command: >
			
 
				+     cp {{ openshift.common.config_base}}/master/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
			
 
				+  changed_when: False
			
 
				+  check_mode: no
			
 
				+  tags: metrics_init
			
 
				+
			
 
				 - include: "{{role_path}}/tasks/install_metrics.yaml"
			
 
				   when: openshift_metrics_install_metrics | default(false) | bool
			
 
				 
			
@@ -29,7 +36,8 @@
 
				 
			
 
				 - name: create objects
			
 
				   command: >
			
 
				-    {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}'
			
 
				+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
			
 
				+    --config={{ mktemp.stdout }}/admin.kubeconfig
			
 
				     apply -f {{ item }}
			
 
				   with_fileglob:
			
 
				   - "{{ mktemp.stdout }}/templates/*.yaml"
			
--- a/roles/openshift_metrics/tasks/setup_certificate.yaml
+++ b/roles/openshift_metrics/tasks/setup_certificate.yaml
@@ -2,6 +2,7 @@
 
				 - name: generate {{ component }} keys
			
 
				   command: >
			
 
				     {{ openshift.common.admin_binary }} ca create-server-cert
			
 
				+    --config={{ mktemp.stdout }}/admin.kubeconfig
			
 
				     --key='{{ openshift_metrics_certs_dir }}/{{ component }}.key'
			
 
				     --cert='{{ openshift_metrics_certs_dir }}/{{ component }}.crt'
			
 
				     --hostnames='{{ hostnames }}'
			
--- a/roles/openshift_metrics/tasks/uninstall_metrics.yaml
+++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml
@@ -1,14 +1,14 @@
 
				 ---
			
 
				 - name: remove metrics components
			
 
				   command: >
			
 
				-    {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}'
			
 
				+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
			
 
				     delete --selector=metrics-infra
			
 
				     all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings
			
 
				   register: delete_metrics
			
 
				   changed_when: "delete_metrics.stdout != 'No resources found'"
			
 
				 - name: remove rolebindings
			
 
				   command: >
			
 
				-    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
			
 
				+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
			
 
				     delete --ignore-not-found
			
 
				     rolebinding/hawkular-view
			
 
				     clusterrolebinding/heapster-cluster-reader