首頁 探索 說明
註冊 登入
shixiong
/
okd
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: b804e70cdd
分支列表 標籤列表
okd
/
roles
/
openshift_logging
/
tasks
/
generate_jks.yaml

generate_jks.yaml 3.6 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. ---
    2. 

  2. # check if pod generated files exist -- if they all do don't run the pod
    3. 

  3. - name: Checking for elasticsearch.jks
    4. 

  4.   stat: path="{{generated_certs_dir}}/elasticsearch.jks"
    5. 

  5.   register: elasticsearch_jks
    6. 

  6.   check_mode: no
    7. 

  7. 

  8. - name: Checking for logging-es.jks
    9. 

  9.   stat: path="{{generated_certs_dir}}/logging-es.jks"
    10. 

  10.   register: logging_es_jks
    11. 

  11.   check_mode: no
    12. 

  12. 

  13. - name: Checking for system.admin.jks
    14. 

  14.   stat: path="{{generated_certs_dir}}/system.admin.jks"
    15. 

  15.   register: system_admin_jks
    16. 

  16.   check_mode: no
    17. 

  17. 

  18. - name: Checking for truststore.jks
    19. 

  19.   stat: path="{{generated_certs_dir}}/truststore.jks"
    20. 

  20.   register: truststore_jks
    21. 

  21.   check_mode: no
    22. 

  22. 

  23. - name: Create temp directory for doing work in
    24. 

  24.   local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
    25. 

  25.   register: local_tmp
    26. 

  26.   changed_when: False
    27. 

  27.   check_mode: no
    28. 

  28. 

  29. - name: Create placeholder for previously created JKS certs to prevent recreating...
    30. 

  30.   local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
    31. 

  31.   when: elasticsearch_jks.stat.exists
    32. 

  32.   changed_when: False
    33. 

  33. 

  34. - name: Create placeholder for previously created JKS certs to prevent recreating...
    35. 

  35.   local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r"
    36. 

  36.   when: logging_es_jks.stat.exists
    37. 

  37.   changed_when: False
    38. 

  38. 

  39. - name: Create placeholder for previously created JKS certs to prevent recreating...
    40. 

  40.   local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r"
    41. 

  41.   when: system_admin_jks.stat.exists
    42. 

  42.   changed_when: False
    43. 

  43. 

  44. - name: Create placeholder for previously created JKS certs to prevent recreating...
    45. 

  45.   local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r"
    46. 

  46.   when: truststore_jks.stat.exists
    47. 

  47.   changed_when: False
    48. 

  48. 

  49. - name: pulling down signing items from host
    50. 

  50.   fetch:
    51. 

  51.     src: "{{generated_certs_dir}}/{{item}}"
    52. 

  52.     dest: "{{local_tmp.stdout}}/{{item}}"
    53. 

  53.     flat: yes
    54. 

  54.   with_items:
    55. 

  55.     - ca.crt
    56. 

  56.     - ca.key
    57. 

  57.     - ca.serial.txt
    58. 

  58.     - ca.crl.srl
    59. 

  59.     - ca.db
    60. 

  60.   when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
    61. 

  61. 

  62. - local_action: template src=signing.conf.j2 dest={{local_tmp.stdout}}/signing.conf
    63. 

  63.   vars:
    64. 

  64.     - top_dir: "{{local_tmp.stdout}}"
    65. 

  65.   when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
    66. 

  66. 

  67. - name: Run JKS generation script
    68. 

  68.   local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}}
    69. 

  69.   check_mode: no
    70. 

  70.   when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
    71. 

  71. 

  72. - name: Pushing locally generated JKS certs to remote host...
    73. 

  73.   copy:
    74. 

  74.     src: "{{local_tmp.stdout}}/elasticsearch.jks"
    75. 

  75.     dest: "{{generated_certs_dir}}/elasticsearch.jks"
    76. 

  76.   when: not elasticsearch_jks.stat.exists
    77. 

  77. 

  78. - name: Pushing locally generated JKS certs to remote host...
    79. 

  79.   copy:
    80. 

  80.     src: "{{local_tmp.stdout}}/logging-es.jks"
    81. 

  81.     dest: "{{generated_certs_dir}}/logging-es.jks"
    82. 

  82.   when: not logging_es_jks.stat.exists
    83. 

  83. 

  84. - name: Pushing locally generated JKS certs to remote host...
    85. 

  85.   copy:
    86. 

  86.     src: "{{local_tmp.stdout}}/system.admin.jks"
    87. 

  87.     dest: "{{generated_certs_dir}}/system.admin.jks"
    88. 

  88.   when: not system_admin_jks.stat.exists
    89. 

  89. 

  90. - name: Pushing locally generated JKS certs to remote host...
    91. 

  91.   copy:
    92. 

  92.     src: "{{local_tmp.stdout}}/truststore.jks"
    93. 

  93.     dest: "{{generated_certs_dir}}/truststore.jks"
    94. 

  94.   when: not truststore_jks.stat.exists
    95. 

  95. 

  96. - name: Cleaning up temp dir
    97. 

  97.   local_action: file path="{{local_tmp.stdout}}" state=absent
    98. 

  98.   changed_when: False
    99.