diff options
author | Scott Dodson <sdodson@redhat.com> | 2017-02-27 09:40:25 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-27 09:40:25 -0500 |
commit | 41ee91326a9f533396bc876d399d4e7c50c9ea38 (patch) | |
tree | 1dd8bceb11ec848683a0c7998d0b2d529a25610c | |
parent | 641b7c93b1d5ce5388fce66d737704d00a83ec68 (diff) | |
parent | c6d48d91722384b92dcaf4749de2b0621b7102a1 (diff) | |
download | openshift-41ee91326a9f533396bc876d399d4e7c50c9ea38.tar.gz openshift-41ee91326a9f533396bc876d399d4e7c50c9ea38.tar.bz2 openshift-41ee91326a9f533396bc876d399d4e7c50c9ea38.tar.xz openshift-41ee91326a9f533396bc876d399d4e7c50c9ea38.zip |
Merge pull request #3358 from jpkrohling/JPK-JGroups-ASYM-Password
Removed JGroups cert and password generation.
4 files changed, 12 insertions, 43 deletions
diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh index f4315ef34..c8d5bb3d2 100755 --- a/roles/openshift_metrics/files/import_jks_certs.sh +++ b/roles/openshift_metrics/files/import_jks_certs.sh @@ -24,11 +24,10 @@ function import_certs() { hawkular_cassandra_keystore_password=$(echo $CASSANDRA_KEYSTORE_PASSWD | base64 -d) hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d) hawkular_cassandra_truststore_password=$(echo $CASSANDRA_TRUSTSTORE_PASSWD | base64 -d) - hawkular_jgroups_password=$(echo $JGROUPS_PASSWD | base64 -d) - + cassandra_alias=`keytool -noprompt -list -keystore $dir/hawkular-cassandra.truststore -storepass ${hawkular_cassandra_truststore_password} | sed -n '7~2s/,.*$//p'` hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'` - + if [ ! -f $dir/hawkular-metrics.keystore ]; then echo "Creating the Hawkular Metrics keystore from the PEM file" keytool -importkeystore -v \ @@ -50,7 +49,7 @@ function import_certs() { -srcstorepass $hawkular_cassandra_keystore_password \ -deststorepass $hawkular_cassandra_keystore_password fi - + if [[ ! ${cassandra_alias[*]} =~ hawkular-metrics ]]; then echo "Importing the Hawkular Certificate into the Cassandra Truststore" keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics \ @@ -59,7 +58,7 @@ function import_certs() { -trustcacerts \ -storepass $hawkular_cassandra_truststore_password fi - + if [[ ! ${hawkular_alias[*]} =~ hawkular-cassandra ]]; then echo "Importing the Cassandra Certificate into the Hawkular Truststore" keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \ @@ -101,16 +100,6 @@ function import_certs() { -storepass $hawkular_metrics_truststore_password fi done - - if [ ! -f $dir/hawkular-jgroups.keystore ]; then - echo "Generating the jgroups keystore" - keytool -genseckey -alias hawkular -keypass ${hawkular_jgroups_password} \ - -storepass ${hawkular_jgroups_password} \ - -keyalg Blowfish \ - -keysize 56 \ - -keystore $dir/hawkular-jgroups.keystore \ - -storetype JCEKS - fi } import_certs diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml index 9e7140bfa..61a240a33 100644 --- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -24,7 +24,6 @@ with_items: - hawkular-metrics.pwd - hawkular-metrics.htpasswd - - hawkular-jgroups-keystore.pwd changed_when: no - set_fact: @@ -32,11 +31,10 @@ with_items: "{{pwd_file_stat.results}}" changed_when: no -- name: generate password for hawkular metrics and jgroups +- name: generate password for hawkular metrics local_action: copy dest="{{ local_tmp.stdout}}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}" with_items: - hawkular-metrics - - hawkular-jgroups-keystore - name: generate htpasswd file for hawkular metrics local_action: > @@ -51,7 +49,6 @@ with_items: - hawkular-metrics.pwd - hawkular-metrics.htpasswd - - hawkular-jgroups-keystore.pwd - include: import_jks_certs.yaml @@ -69,8 +66,6 @@ - hawkular-metrics-truststore.pwd - hawkular-metrics.pwd - hawkular-metrics.htpasswd - - hawkular-jgroups.keystore - - hawkular-jgroups-keystore.pwd - hawkular-cassandra.crt - hawkular-cassandra.pem - hawkular-cassandra.keystore @@ -104,11 +99,6 @@ hawkular-metrics.keystore.alias: "{{ 'hawkular-metrics'|b64encode }}" hawkular-metrics.htpasswd.file: > {{ hawkular_secrets['hawkular-metrics.htpasswd'] }} - hawkular-metrics.jgroups.keystore: > - {{ hawkular_secrets['hawkular-jgroups.keystore'] }} - hawkular-metrics.jgroups.keystore.password: > - {{ hawkular_secrets['hawkular-jgroups-keystore.pwd'] }} - hawkular-metrics.jgroups.alias: "{{ 'hawkular'|b64encode }}" when: name not in metrics_secrets.stdout_lines changed_when: no diff --git a/roles/openshift_metrics/tasks/import_jks_certs.yaml b/roles/openshift_metrics/tasks/import_jks_certs.yaml index 57ec70c79..2a67dad0e 100644 --- a/roles/openshift_metrics/tasks/import_jks_certs.yaml +++ b/roles/openshift_metrics/tasks/import_jks_certs.yaml @@ -15,10 +15,6 @@ register: metrics_truststore check_mode: no -- stat: path="{{mktemp.stdout}}/hawkular-jgroups.keystore" - register: jgroups_keystore - check_mode: no - - block: - slurp: src={{ mktemp.stdout }}/hawkular-metrics-keystore.pwd register: metrics_keystore_password @@ -26,9 +22,6 @@ - slurp: src={{ mktemp.stdout }}/hawkular-cassandra-keystore.pwd register: cassandra_keystore_password - - slurp: src={{ mktemp.stdout }}/hawkular-jgroups-keystore.pwd - register: jgroups_keystore_password - - fetch: dest: "{{local_tmp.stdout}}/" src: "{{ mktemp.stdout }}/{{item}}" @@ -48,7 +41,6 @@ CASSANDRA_KEYSTORE_PASSWD: "{{cassandra_keystore_password.content}}" METRICS_TRUSTSTORE_PASSWD: "{{hawkular_truststore_password.content}}" CASSANDRA_TRUSTSTORE_PASSWD: "{{cassandra_truststore_password.content}}" - JGROUPS_PASSWD: "{{jgroups_keystore_password.content}}" changed_when: False - copy: @@ -59,5 +51,4 @@ when: not metrics_keystore.stat.exists or not metrics_truststore.stat.exists or not cassandra_keystore.stat.exists or - not cassandra_truststore.stat.exists or - not jgroups_keystore.stat.exists + not cassandra_truststore.stat.exists diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index d39f1b43a..361378df3 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -58,9 +58,6 @@ spec: - "--hmw.truststore=/secrets/hawkular-metrics.truststore" - "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password" - "--hmw.truststore_password_file=/secrets/hawkular-metrics.truststore.password" - - "--hmw.jgroups_keystore=/secrets/hawkular-metrics.jgroups.keystore" - - "--hmw.jgroups_keystore_password_file=/secrets/hawkular-metrics.jgroups.keystore.password" - - "--hmw.jgroups_alias_file=/secrets/hawkular-metrics.jgroups.alias" env: - name: POD_NAMESPACE valueFrom: @@ -68,6 +65,8 @@ spec: fieldPath: metadata.namespace - name: MASTER_URL value: "{{ openshift_metrics_master_url }}" + - name: JGROUPS_PASSWORD + value: "{{ 17 | oo_random_word }}" - name: OPENSHIFT_KUBE_PING_NAMESPACE valueFrom: fieldRef: @@ -81,10 +80,10 @@ spec: mountPath: "/secrets" - name: hawkular-metrics-client-secrets mountPath: "/client-secrets" -{% if ((openshift_metrics_hawkular_limits_cpu is defined and openshift_metrics_hawkular_limits_cpu is not none) +{% if ((openshift_metrics_hawkular_limits_cpu is defined and openshift_metrics_hawkular_limits_cpu is not none) or (openshift_metrics_hawkular_limits_memory is defined and openshift_metrics_hawkular_limits_memory is not none) or (openshift_metrics_hawkular_requests_cpu is defined and openshift_metrics_hawkular_requests_cpu is not none) - or (openshift_metrics_hawkular_requests_memory is defined and openshift_metrics_hawkular_requests_memory is not none)) + or (openshift_metrics_hawkular_requests_memory is defined and openshift_metrics_hawkular_requests_memory is not none)) %} resources: {% if (openshift_metrics_hawkular_limits_cpu is not none @@ -98,8 +97,8 @@ spec: memory: "{{openshift_metrics_hawkular_limits_memory}}" {% endif %} {% endif %} -{% if (openshift_metrics_hawkular_requests_cpu is not none - or openshift_metrics_hawkular_requests_memory is not none) +{% if (openshift_metrics_hawkular_requests_cpu is not none + or openshift_metrics_hawkular_requests_memory is not none) %} requests: {% if openshift_metrics_hawkular_requests_cpu is not none %} |