Inicio Explorar Ayuda
Registro Iniciar sesión
shixiong
/
okd
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

copy admin cert for use in subsequent tasks (#8)

Jeff Cantrill hace 8 años
padre
ee931f90db
commit
84b1c4848f
Se han modificado 5 ficheros con 19 adiciones y 6 borrados
Unificar vista Mostrar estadísticas de diff
  1. 3 1
      roles/openshift_metrics/tasks/generate_certificates.yaml
  2. 3 1
      roles/openshift_metrics/tasks/generate_heapster_certificates.yaml
  3. 10 2
      roles/openshift_metrics/tasks/main.yaml
  4. 1 0
      roles/openshift_metrics/tasks/setup_certificate.yaml
  5. 2 2
      roles/openshift_metrics/tasks/uninstall_metrics.yaml

+ 3 - 1
roles/openshift_metrics/tasks/generate_certificates.yaml
Ver fichero 

@@ -7,16 +7,18 @@
 
 - name: list existing secrets
 
 - name: list existing secrets
 
   command: >
 
   command: >
 
     {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
 
     {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
 
+    --config={{ mktemp.stdout }}/admin.kubeconfig
 
     get secrets -o name
 
     get secrets -o name
 
   register: metrics_secrets
 
   register: metrics_secrets
 
   changed_when: false
 
   changed_when: false
 
 - name: generate ca certificate chain
 
 - name: generate ca certificate chain
 
   shell: >
 
   shell: >
 
     {{ openshift.common.admin_binary }} ca create-signer-cert
 
     {{ openshift.common.admin_binary }} ca create-signer-cert
 
+    --config={{ mktemp.stdout }}/admin.kubeconfig
 
     --key='{{ openshift_metrics_certs_dir }}/ca.key'
 
     --key='{{ openshift_metrics_certs_dir }}/ca.key'
 
     --cert='{{ openshift_metrics_certs_dir }}/ca.crt'
 
     --cert='{{ openshift_metrics_certs_dir }}/ca.crt'
 
     --serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
 
     --serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
 
     --name="metrics-signer@$(date +%s)"
 
     --name="metrics-signer@$(date +%s)"
 
-  when: not '{{ openshift_metrics_certs_dir }}/ca.key'|exists
 
+  when: not '{{ openshift_metrics_certs_dir }}/ca.key' | exists
 
 - include: generate_heapster_certificates.yaml
 
 - include: generate_heapster_certificates.yaml
 
 - include: generate_hawkular_certificates.yaml
 
 - include: generate_hawkular_certificates.yaml

+ 3 - 1
roles/openshift_metrics/tasks/generate_heapster_certificates.yaml
Ver fichero 

@@ -2,13 +2,15 @@
 
 - name: generate heapster key/cert
 
 - name: generate heapster key/cert
 
   command: >
 
   command: >
 
     {{ openshift.common.admin_binary }} ca create-server-cert
 
     {{ openshift.common.admin_binary }} ca create-server-cert
 
+    --config={{ mktemp.stdout }}/admin.kubeconfig
 
     --key='{{ openshift_metrics_certs_dir }}/heapster.key'
 
     --key='{{ openshift_metrics_certs_dir }}/heapster.key'
 
     --cert='{{ openshift_metrics_certs_dir }}/heapster.cert'
 
     --cert='{{ openshift_metrics_certs_dir }}/heapster.cert'
 
     --hostnames=heapster
 
     --hostnames=heapster
 
     --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt'
 
     --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt'
 
     --signer-key='{{ openshift_metrics_certs_dir }}/ca.key'
 
     --signer-key='{{ openshift_metrics_certs_dir }}/ca.key'
 
     --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
 
     --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
 
-  when: not '{{ openshift_metrics_certs_dir }}/heapster.key'|exists
 
+  when: not '{{ openshift_metrics_certs_dir }}/heapster.key' | exists
 
+
 
 - when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines"
 
 - when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines"
 
   block:
 
   block:
 
   - name: read files for the heapster secret
 
   - name: read files for the heapster secret

+ 10 - 2
roles/openshift_metrics/tasks/main.yaml
Ver fichero 

@@ -1,7 +1,7 @@
 
 ---
 
 ---
 
 - name: check that hawkular_metrics_hostname is set
 
 - name: check that hawkular_metrics_hostname is set
 
   fail: msg='the openshift_metrics_hawkular_metrics_hostname variable is required'
 
   fail: msg='the openshift_metrics_hawkular_metrics_hostname variable is required'
 
-  when: "{{ openshift_metrics_hawkular_metrics_hostname is not defined }}"
 
+  when: openshift_metrics_hawkular_metrics_hostname is not defined
 
 
 
 - name: check the value of openshift_metrics_hawkular_cassandra_storage_type
 
 - name: check the value of openshift_metrics_hawkular_cassandra_storage_type
 
   fail:
 
   fail:
 
@@ -21,6 +21,13 @@
 
   file: path={{mktemp.stdout}}/templates state=directory mode=0755
 
   file: path={{mktemp.stdout}}/templates state=directory mode=0755
 
   changed_when: False
 
   changed_when: False
 
 
 
+- name: Copy the admin client config(s)
 
+  command: >
 
+     cp {{ openshift.common.config_base}}/master/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
 
+  changed_when: False
 
+  check_mode: no
 
+  tags: metrics_init
 
+
 
 - include: "{{role_path}}/tasks/install_metrics.yaml"
 
 - include: "{{role_path}}/tasks/install_metrics.yaml"
 
   when: openshift_metrics_install_metrics | default(false) | bool
 
   when: openshift_metrics_install_metrics | default(false) | bool
 
 
 
@@ -29,7 +36,8 @@
 
 
 
 - name: create objects
 
 - name: create objects
 
   command: >
 
   command: >
 
-    {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}'
 
+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
 
+    --config={{ mktemp.stdout }}/admin.kubeconfig
 
     apply -f {{ item }}
 
     apply -f {{ item }}
 
   with_fileglob:
 
   with_fileglob:
 
   - "{{ mktemp.stdout }}/templates/*.yaml"
 
   - "{{ mktemp.stdout }}/templates/*.yaml"

+ 1 - 0
roles/openshift_metrics/tasks/setup_certificate.yaml
Ver fichero 

@@ -2,6 +2,7 @@
 
 - name: generate {{ component }} keys
 
 - name: generate {{ component }} keys
 
   command: >
 
   command: >
 
     {{ openshift.common.admin_binary }} ca create-server-cert
 
     {{ openshift.common.admin_binary }} ca create-server-cert
 
+    --config={{ mktemp.stdout }}/admin.kubeconfig
 
     --key='{{ openshift_metrics_certs_dir }}/{{ component }}.key'
 
     --key='{{ openshift_metrics_certs_dir }}/{{ component }}.key'
 
     --cert='{{ openshift_metrics_certs_dir }}/{{ component }}.crt'
 
     --cert='{{ openshift_metrics_certs_dir }}/{{ component }}.crt'
 
     --hostnames='{{ hostnames }}'
 
     --hostnames='{{ hostnames }}'

+ 2 - 2
roles/openshift_metrics/tasks/uninstall_metrics.yaml
Ver fichero 

@@ -1,14 +1,14 @@
 
 ---
 
 ---
 
 - name: remove metrics components
 
 - name: remove metrics components
 
   command: >
 
   command: >
 
-    {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}'
 
+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
 
     delete --selector=metrics-infra
 
     delete --selector=metrics-infra
 
     all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings
 
     all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings
 
   register: delete_metrics
 
   register: delete_metrics
 
   changed_when: "delete_metrics.stdout != 'No resources found'"
 
   changed_when: "delete_metrics.stdout != 'No resources found'"
 
 - name: remove rolebindings
 
 - name: remove rolebindings
 
   command: >
 
   command: >
 
-    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
 
+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
 
     delete --ignore-not-found
 
     delete --ignore-not-found
 
     rolebinding/hawkular-view
 
     rolebinding/hawkular-view
 
     clusterrolebinding/heapster-cluster-reader
 
     clusterrolebinding/heapster-cluster-reader