| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 |
- ---
- - name: generate hawkular-metrics certificates
- include: setup_certificate.yaml
- vars:
- component: hawkular-metrics
- hostnames: "hawkular-metrics,hawkular-metrics.{{ openshift_metrics_project }}.svc.cluster.local,{{ openshift_metrics_hawkular_hostname }}"
- changed_when: no
- - name: generate hawkular-cassandra certificates
- include: setup_certificate.yaml
- vars:
- component: hawkular-cassandra
- hostnames: hawkular-cassandra
- changed_when: no
- - name: generate password for hawkular metrics
- local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}"
- with_items:
- - hawkular-metrics
- become: false
- - local_action: slurp src="{{ local_tmp.stdout }}/hawkular-metrics.pwd"
- register: hawkular_metrics_pwd
- no_log: true
- become: false
- - name: generate htpasswd file for hawkular metrics
- local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}"
- no_log: true
- become: false
- - name: copy local generated passwords to target
- copy:
- src: "{{ local_tmp.stdout }}/{{ item }}"
- dest: "{{ mktemp.stdout }}/{{ item }}"
- with_items:
- - hawkular-metrics.pwd
- - hawkular-metrics.htpasswd
- - name: read files for the hawkular-metrics secret
- shell: >
- printf '%s: ' '{{ item }}'
- && base64 --wrap 0 '{{ mktemp.stdout }}/{{ item }}'
- register: hawkular_secrets
- with_items:
- - ca.crt
- - hawkular-metrics.pwd
- - hawkular-metrics.htpasswd
- - hawkular-metrics.crt
- - hawkular-metrics.key
- - hawkular-metrics.pem
- - hawkular-cassandra.crt
- - hawkular-cassandra.key
- - hawkular-cassandra.pem
- changed_when: false
- - set_fact:
- hawkular_secrets: |
- {{ hawkular_secrets.results|map(attribute='stdout')|join('
- ')|from_yaml }}
- - name: generate hawkular-metrics-certs secret template
- template:
- src: secret.j2
- dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-certs.yaml"
- vars:
- name: hawkular-metrics-certs
- labels:
- metrics-infra: hawkular-metrics-certs
- annotations:
- service.alpha.openshift.io/originating-service-name: hawkular-metrics
- data:
- tls.crt: >
- {{ hawkular_secrets['hawkular-metrics.crt'] }}
- tls.key: >
- {{ hawkular_secrets['hawkular-metrics.key'] }}
- tls.truststore.crt: >
- {{ hawkular_secrets['hawkular-cassandra.crt'] }}
- ca.crt: >
- {{ hawkular_secrets['ca.crt'] }}
- when: name not in metrics_secrets.stdout_lines
- changed_when: no
- - name: generate hawkular-metrics-account secret template
- template:
- src: secret.j2
- dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_account.yaml"
- vars:
- name: hawkular-metrics-account
- labels:
- metrics-infra: hawkular-metrics
- data:
- hawkular-metrics.username: "{{ 'hawkular'|b64encode }}"
- hawkular-metrics.htpasswd: "{{ hawkular_secrets['hawkular-metrics.htpasswd'] }}"
- hawkular-metrics.password: >
- {{ hawkular_secrets['hawkular-metrics.pwd'] }}
- when: name not in metrics_secrets.stdout_lines
- changed_when: no
- - name: generate cassandra secret template
- template:
- src: secret.j2
- dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-certs.yaml"
- vars:
- name: hawkular-cassandra-certs
- labels:
- metrics-infra: hawkular-cassandra-certs
- annotations:
- service.alpha.openshift.io/originating-service-name: hawkular-cassandra
- data:
- tls.crt: >
- {{ hawkular_secrets['hawkular-cassandra.crt'] }}
- tls.key: >
- {{ hawkular_secrets['hawkular-cassandra.key'] }}
- tls.peer.truststore.crt: >
- {{ hawkular_secrets['hawkular-cassandra.crt'] }}
- tls.client.truststore.crt: >
- {{ hawkular_secrets['hawkular-metrics.crt'] }}
- when: name not in metrics_secrets
- changed_when: no
|
