fix 1414625. Additional fix to run password commands on control node

roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml

@@ -19,25 +19,53 @@
 - slurp: src={{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd
   register: hawkular_truststore_password
 
+- stat: path="{{openshift_metrics_certs_dir}}/{{item}}"
+  register: pwd_file_stat
+  with_items:
+  - hawkular-metrics.pwd
+  - hawkular-metrics.htpasswd
+  - hawkular-jgroups-keystore.pwd
+  changed_when: no
+
+- set_fact:
+    pwd_files: "{{pwd_files | default({}) | combine ({item.item: item.stat}) }}"
+  with_items: "{{pwd_file_stat.results}}"
+  changed_when: no
+
+- name: Create temp directory local on control node
+  local_action: command mktemp -d
+  register: local_tmp
+  changed_when: False
+
 - name: generate password for hawkular metrics and jgroups
-  copy:
-    dest: '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd'
-    content: "{{ 15 | oo_random_word }}"
+  local_action: copy dest="{{ local_tmp.stdout}}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}"
   with_items:
   - hawkular-metrics
   - hawkular-jgroups-keystore
-  when: not '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd'|exists
+  when: "not pwd_files['{{ item }}.pwd'].exists"
 
 - name: generate htpasswd file for hawkular metrics
-  shell: >
-    htpasswd -ci
-    '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd' hawkular
-    < '{{ openshift_metrics_certs_dir }}/hawkular-metrics.pwd'
-  when: >
-    not '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd'|exists
+  local_action: >
+    shell htpasswd -ci
+    '{{ local_tmp.stdout }}/hawkular-metrics.htpasswd' hawkular
+    < '{{ local_tmp.stdout }}/hawkular-metrics.pwd'
+  when: "not pwd_files['hawkular-metrics.htpasswd'].exists"
+
+- name: copy local generated passwords to target
+  copy:
+    src: "{{local_tmp.stdout}}/{{item}}"
+    dest: "{{openshift_metrics_certs_dir}}/{{item}}"
+  with_items:
+  - hawkular-metrics.pwd
+  - hawkular-metrics.htpasswd
+  - hawkular-jgroups-keystore.pwd
+  when: "not pwd_files['{{ item }}'].exists"
 
 - include: import_jks_certs.yaml
 
+- local_action: file path="{{local_tmp.stdout}}" state=absent
+  changed_when: False
+
 - name: read files for the hawkular-metrics secret
   shell: >
     printf '%s: ' '{{ item }}'

roles/openshift_metrics/tasks/import_jks_certs.yaml

@@ -29,10 +29,6 @@
   - slurp: src={{ openshift_metrics_certs_dir }}/hawkular-jgroups-keystore.pwd
     register: jgroups_keystore_password
 
-  - local_action: command mktemp -d
-    register: local_tmp
-    changed_when: False
-
   - fetch:
       dest: "{{local_tmp.stdout}}/"
       src: "{{ openshift_metrics_certs_dir }}/{{item}}"
@@ -60,11 +56,6 @@
       src: "{{item}}"
     with_fileglob: "{{local_tmp.stdout}}/*.*store"
 
-  - file:
-      path: "{{local_tmp.stdout}}"
-      state: absent
-    changed_when: False
-
   when: not metrics_keystore.stat.exists or
         not metrics_truststore.stat.exists or
         not cassandra_keystore.stat.exists or

roles/openshift_metrics/tasks/main.yaml

@@ -1,5 +1,5 @@
 ---
-- name: Create temp directory for doing work in
+- name: Create temp directory for doing work in on target
   command: mktemp -td openshift-metrics-ansible-XXXXXX
   register: mktemp
   changed_when: False