Skip to content

Commit

Permalink
Compatibility updates to openshift_logging role for ansible 2.2.2.0+
Browse files Browse the repository at this point in the history
  • Loading branch information
@etsauer
etsauer committed Mar 31, 2017
1 parent 929d0b7 commit 6c4941a
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 13 deletions.
3 changes: 2 additions & 1 deletion roles/openshift_logging/tasks/generate_pems.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
-subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes
when:
- not key_file.stat.exists
- cert_ext is defined
- cert_ext.stdout is defined
check_mode: no

Expand All @@ -24,7 +25,7 @@
-subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes
when:
- not key_file.stat.exists
- cert_ext.stdout is undefined
- cert_ext is undefined or cert_ext is defined and cert_ext.stdout is undefined
check_mode: no

- name: Sign cert request with CA for {{component}}
Expand Down
30 changes: 18 additions & 12 deletions roles/openshift_logging/tasks/procure_server_certs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,18 @@

- name: Trying to discover server cert variable name for {{ cert_info.procure_component }}
set_fact: procure_component_crt={{ lookup('env', '{{cert_info.procure_component}}' + '_crt') }}
when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined
when:
- cert_info.hostnames is undefined
- cert_info[ cert_info.procure_component + '_crt' ] is defined
- cert_info[ cert_info.procure_component + '_key' ] is defined
check_mode: no

- name: Trying to discover the server key variable name for {{ cert_info.procure_component }}
set_fact: procure_component_key={{ lookup('env', '{{cert_info.procure_component}}' + '_key') }}
when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined
when:
- cert_info.hostnames is undefined
- cert_info[ cert_info.procure_component + '_crt' ] is defined
- cert_info[ cert_info.procure_component + '_key' ] is defined
check_mode: no

- name: Creating signed server cert and key for {{ cert_info.procure_component }}
Expand All @@ -35,18 +41,18 @@
copy: content="{{procure_component_key}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.key
check_mode: no
when:
- cert_info.hostnames is undefined
- "{{ cert_info.procure_component }}_crt is defined"
- "{{ cert_info.procure_component }}_key is defined"
- not component_key_file.stat.exists
- not component_cert_file.stat.exists
- cert_info.hostnames is undefined
- cert_info[ cert_info.procure_component + '_crt' ] is defined
- cert_info[ cert_info.procure_component + '_key' ] is defined
- not component_key_file.stat.exists
- not component_cert_file.stat.exists

- name: Copying Server cert for {{ cert_info.procure_component }} to generated certs directory
copy: content="{{procure_component_crt}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.crt
check_mode: no
when:
- cert_info.hostnames is undefined
- "{{ cert_info.procure_component }}_crt is defined"
- "{{ cert_info.procure_component }}_key is defined"
- not component_key_file.stat.exists
- not component_cert_file.stat.exists
- cert_info.hostnames is undefined
- cert_info[ cert_info.procure_component + '_crt' ] is defined
- cert_info[ cert_info.procure_component + '_key' ] is defined
- not component_key_file.stat.exists
- not component_cert_file.stat.exists

0 comments on commit 6c4941a

Please sign in to comment.