From 84b1c4848f610c5792809bb2e9e5b0d8f77ea50c Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Wed, 14 Dec 2016 14:40:36 -0500 Subject: copy admin cert for use in subsequent tasks (#8) --- roles/openshift_metrics/tasks/generate_certificates.yaml | 4 +++- .../tasks/generate_heapster_certificates.yaml | 4 +++- roles/openshift_metrics/tasks/main.yaml | 12 ++++++++++-- roles/openshift_metrics/tasks/setup_certificate.yaml | 1 + roles/openshift_metrics/tasks/uninstall_metrics.yaml | 4 ++-- 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml index 92ce919a1..66cfbca03 100644 --- a/roles/openshift_metrics/tasks/generate_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -7,16 +7,18 @@ - name: list existing secrets command: > {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} + --config={{ mktemp.stdout }}/admin.kubeconfig get secrets -o name register: metrics_secrets changed_when: false - name: generate ca certificate chain shell: > {{ openshift.common.admin_binary }} ca create-signer-cert + --config={{ mktemp.stdout }}/admin.kubeconfig --key='{{ openshift_metrics_certs_dir }}/ca.key' --cert='{{ openshift_metrics_certs_dir }}/ca.crt' --serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt' --name="metrics-signer@$(date +%s)" - when: not '{{ openshift_metrics_certs_dir }}/ca.key'|exists + when: not '{{ openshift_metrics_certs_dir }}/ca.key' | exists - include: generate_heapster_certificates.yaml - include: generate_hawkular_certificates.yaml diff --git a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml index 2fc449520..2449b1518 100644 --- a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml @@ -2,13 +2,15 @@ - name: generate heapster key/cert command: > {{ openshift.common.admin_binary }} ca create-server-cert + --config={{ mktemp.stdout }}/admin.kubeconfig --key='{{ openshift_metrics_certs_dir }}/heapster.key' --cert='{{ openshift_metrics_certs_dir }}/heapster.cert' --hostnames=heapster --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt' --signer-key='{{ openshift_metrics_certs_dir }}/ca.key' --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt' - when: not '{{ openshift_metrics_certs_dir }}/heapster.key'|exists + when: not '{{ openshift_metrics_certs_dir }}/heapster.key' | exists + - when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines" block: - name: read files for the heapster secret diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index adedd4069..d4bafdc30 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,7 +1,7 @@ --- - name: check that hawkular_metrics_hostname is set fail: msg='the openshift_metrics_hawkular_metrics_hostname variable is required' - when: "{{ openshift_metrics_hawkular_metrics_hostname is not defined }}" + when: openshift_metrics_hawkular_metrics_hostname is not defined - name: check the value of openshift_metrics_hawkular_cassandra_storage_type fail: @@ -21,6 +21,13 @@ file: path={{mktemp.stdout}}/templates state=directory mode=0755 changed_when: False +- name: Copy the admin client config(s) + command: > + cp {{ openshift.common.config_base}}/master/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + check_mode: no + tags: metrics_init + - include: "{{role_path}}/tasks/install_metrics.yaml" when: openshift_metrics_install_metrics | default(false) | bool @@ -29,7 +36,8 @@ - name: create objects command: > - {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}' + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} + --config={{ mktemp.stdout }}/admin.kubeconfig apply -f {{ item }} with_fileglob: - "{{ mktemp.stdout }}/templates/*.yaml" diff --git a/roles/openshift_metrics/tasks/setup_certificate.yaml b/roles/openshift_metrics/tasks/setup_certificate.yaml index d6ee4167b..52e748234 100644 --- a/roles/openshift_metrics/tasks/setup_certificate.yaml +++ b/roles/openshift_metrics/tasks/setup_certificate.yaml @@ -2,6 +2,7 @@ - name: generate {{ component }} keys command: > {{ openshift.common.admin_binary }} ca create-server-cert + --config={{ mktemp.stdout }}/admin.kubeconfig --key='{{ openshift_metrics_certs_dir }}/{{ component }}.key' --cert='{{ openshift_metrics_certs_dir }}/{{ component }}.crt' --hostnames='{{ hostnames }}' diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml index a29faef31..cf9b5171c 100644 --- a/roles/openshift_metrics/tasks/uninstall_metrics.yaml +++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml @@ -1,14 +1,14 @@ --- - name: remove metrics components command: > - {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}' + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --selector=metrics-infra all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings register: delete_metrics changed_when: "delete_metrics.stdout != 'No resources found'" - name: remove rolebindings command: > - {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --ignore-not-found rolebinding/hawkular-view clusterrolebinding/heapster-cluster-reader -- cgit v1.2.3