From d740fd159416783c88839e6e2c2e150eb81b67da Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Fri, 20 Jan 2017 15:17:04 -0600
Subject: Adding to ansible spec and changing logging jks generation to be a
 local_action

---
 roles/openshift_logging/tasks/generate_certs.yaml |  36 +------
 roles/openshift_logging/tasks/generate_jks.yaml   | 111 ++++++++++++++++++++++
 roles/openshift_logging/tasks/main.yaml           |   1 -
 3 files changed, 113 insertions(+), 35 deletions(-)
 create mode 100644 roles/openshift_logging/tasks/generate_jks.yaml

(limited to 'roles/openshift_logging/tasks')

diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml
index 3940ff971..20e50482e 100644
--- a/roles/openshift_logging/tasks/generate_certs.yaml
+++ b/roles/openshift_logging/tasks/generate_certs.yaml
@@ -85,40 +85,8 @@
   loop_control:
     loop_var: node_name
 
-- name: Copy JKS generation script
-  copy:
-    src: generate-jks.sh
-    dest: "{{generated_certs_dir}}/generate-jks.sh"
-  check_mode: no
-
-# check if pod generated files exist -- if they all do don't run the pod
-- name: Checking for elasticsearch.jks
-  stat: path="{{generated_certs_dir}}/elasticsearch.jks"
-  register: elasticsearch_jks
-  check_mode: no
-
-- name: Checking for logging-es.jks
-  stat: path="{{generated_certs_dir}}/logging-es.jks"
-  register: logging_es_jks
-  check_mode: no
-
-- name: Checking for system.admin.jks
-  stat: path="{{generated_certs_dir}}/system.admin.jks"
-  register: system_admin_jks
-  check_mode: no
-
-- name: Checking for truststore.jks
-  stat: path="{{generated_certs_dir}}/truststore.jks"
-  register: truststore_jks
-  check_mode: no
-
-- name: Run JKS generation script
-  script: generate-jks.sh {{generate_certs_dir}} {{openshift_logging_namespace}}
-  register: script_output
-  check_mode: no
-  become: yes
-  changed_when: script_output.RC == "0"
-  when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
+- name: Creating necessary JKS certs
+  include: generate_jks.yaml
 
 # check for secret/logging-kibana-proxy
 - command: >
diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml
new file mode 100644
index 000000000..adb6c2b2d
--- /dev/null
+++ b/roles/openshift_logging/tasks/generate_jks.yaml
@@ -0,0 +1,111 @@
+---
+# check if pod generated files exist -- if they all do don't run the pod
+- name: Checking for elasticsearch.jks
+  stat: path="{{generated_certs_dir}}/elasticsearch.jks"
+  register: elasticsearch_jks
+  check_mode: no
+
+- name: Checking for logging-es.jks
+  stat: path="{{generated_certs_dir}}/logging-es.jks"
+  register: logging_es_jks
+  check_mode: no
+
+- name: Checking for system.admin.jks
+  stat: path="{{generated_certs_dir}}/system.admin.jks"
+  register: system_admin_jks
+  check_mode: no
+
+- name: Checking for truststore.jks
+  stat: path="{{generated_certs_dir}}/truststore.jks"
+  register: truststore_jks
+  check_mode: no
+
+- name: Create temp directory for doing work in
+  local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
+  register: local_tmp
+  changed_when: False
+  check_mode: no
+
+- name: Create placeholder for previously created JKS certs to prevent recreating...
+  file:
+    path: "{{local_tmp.stdout}}/elasticsearch.jks"
+    state: touch
+    mode: "u=rw,g=r,o=r"
+  when: elasticsearch_jks.stat.exists
+  changed_when: False
+
+- name: Create placeholder for previously created JKS certs to prevent recreating...
+  file:
+    path: "{{local_tmp.stdout}}/logging-es.jks"
+    state: touch
+    mode: "u=rw,g=r,o=r"
+  when: logging_es_jks.stat.exists
+  changed_when: False
+
+- name: Create placeholder for previously created JKS certs to prevent recreating...
+  file:
+    path: "{{local_tmp.stdout}}/system.admin.jks"
+    state: touch
+    mode: "u=rw,g=r,o=r"
+  when: system_admin_jks.stat.exists
+  changed_when: False
+
+- name: Create placeholder for previously created JKS certs to prevent recreating...
+  file:
+    path: "{{local_tmp.stdout}}/truststore.jks"
+    state: touch
+    mode: "u=rw,g=r,o=r"
+  when: truststore_jks.stat.exists
+  changed_when: False
+
+- name: pulling down signing items from host
+  fetch:
+    src: "{{generated_certs_dir}}/{{item}}"
+    dest: "{{local_tmp.stdout}}/{{item}}"
+    flat: yes
+  with_items:
+    - ca.crt
+    - ca.key
+    - ca.serial.txt
+    - ca.crl.srl
+    - ca.db
+
+- local_action: template src=signing.conf.j2 dest={{local_tmp.stdout}}/signing.conf
+  vars:
+    - top_dir: "{{local_tmp.stdout}}"
+
+- name: Run JKS generation script
+  local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}}
+  check_mode: no
+  become: yes
+  when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
+
+- name: Pushing locally generated JKS certs to remote host...
+  copy:
+    src: "{{local_tmp.stdout}}/elasticsearch.jks"
+    dest: "{{generated_certs_dir}}/elasticsearch.jks"
+  when: not elasticsearch_jks.stat.exists
+
+- name: Pushing locally generated JKS certs to remote host...
+  copy:
+    src: "{{local_tmp.stdout}}/logging-es.jks"
+    dest: "{{generated_certs_dir}}/logging-es.jks"
+  when: not logging_es_jks.stat.exists
+
+- name: Pushing locally generated JKS certs to remote host...
+  copy:
+    src: "{{local_tmp.stdout}}/system.admin.jks"
+    dest: "{{generated_certs_dir}}/system.admin.jks"
+  when: not system_admin_jks.stat.exists
+
+- name: Pushing locally generated JKS certs to remote host...
+  copy:
+    src: "{{local_tmp.stdout}}/truststore.jks"
+    dest: "{{generated_certs_dir}}/truststore.jks"
+  when: not truststore_jks.stat.exists
+
+- name: Cleaning up temp dir
+  file:
+    path: "{{local_tmp.stdout}}"
+    state: absent
+  changed_when: False
diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml
index c4ec1b255..4c718805e 100644
--- a/roles/openshift_logging/tasks/main.yaml
+++ b/roles/openshift_logging/tasks/main.yaml
@@ -3,7 +3,6 @@
     msg: Only one Fluentd nodeselector key pair should be provided
   when: "{{ openshift_logging_fluentd_nodeselector.keys() | count }} > 1"
 
-
 - name: Create temp directory for doing work in
   command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
   register: mktemp
-- 
cgit v1.2.3