From 987d0defdbf36cc14568d48af25eb79fcea7fa23 Mon Sep 17 00:00:00 2001 From: Rei Oliveira Date: Wed, 16 Mar 2022 20:55:54 -0300 Subject: [PATCH] Refactor platform_certificates.yml.j2 to /common Move common tasks and cert-manager certificates spec template file to common role so they can also be used by bootstrap playbook in a subsequent commit: (Story 2009834, Task 45774 - OpenLDAP certifiate on bootstrap). This change only impacts migrate_platform_certificates_to_certmanager playbook. Test Plan: PASS: Test migrate_platform_certificates_to_certmanager playbook and verify it keeps working PASS: Test migrate_platform_certificates_to_certmanager on debian and centos Story: 2009834 Task: 45774 Change-Id: I8dd03700c5e3be7803020e525356d0f6501c486a Signed-off-by: Rei Oliveira --- .../tasks/main.yml | 56 +++++++++++++++++++ .../templates/platform_certificates.yml.j2 | 6 +- .../check-certificates-to-be-installed.yml | 5 ++ .../migrate-certificates/tasks/main.yml | 49 ++-------------- 4 files changed, 69 insertions(+), 47 deletions(-) create mode 100644 playbookconfig/src/playbooks/roles/common/generate-platform-certificates/tasks/main.yml rename playbookconfig/src/playbooks/roles/{migrate-platform-certificates-to-certmanager/migrate-certificates => common/generate-platform-certificates}/templates/platform_certificates.yml.j2 (95%) diff --git a/playbookconfig/src/playbooks/roles/common/generate-platform-certificates/tasks/main.yml b/playbookconfig/src/playbooks/roles/common/generate-platform-certificates/tasks/main.yml new file mode 100644 index 000000000..a83a33b02 --- /dev/null +++ b/playbookconfig/src/playbooks/roles/common/generate-platform-certificates/tasks/main.yml @@ -0,0 +1,56 @@ +--- +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# These tasks get information from the running system and use it to +# generate a certificate spec file which is going to be applied to +# kubernetes at a later step +# +- name: Get address pool information for system + shell: | + source /etc/platform/openrc; system addrpool-list --nowrap + register: address_table + +- name: Get floating management ip + shell: | + echo "{{ address_table.stdout }}" | awk '$4 == "management" { print $14 }' + register: management_ip + +- name: Get floating oam ip + shell: | + echo "{{ address_table.stdout }}" | awk '$4 == "oam" { print $14 }' + register: oam_ip + +- name: Get floating kubernetes cluster ip + shell: | + echo "{{ address_table.stdout }}" | awk '$4 == "cluster-host-subnet" { print $14 }' + register: kubernetes_cluster_floating_ip + +- name: Get controller0 kubernetes cluster ip + shell: | + echo "{{ address_table.stdout }}" | awk '$4 == "cluster-host-subnet" { print $16 }' + register: kubernetes_cluster_c0_ip + +- name: Get controller1 kubernetes cluster ip + shell: | + echo "{{ address_table.stdout }}" | awk '$4 == "cluster-host-subnet" { print $18 }' + register: kubernetes_cluster_c1_ip + +- name: Get region name + shell: | + source /etc/platform/openrc + system show | grep region_name | awk '{ print $4 }' + register: region_name + +- name: Get distributed_cloud role + shell: | + source /etc/platform/openrc + system show | grep distributed_cloud_role | awk '{ print $4 }' + register: distributed_cloud_role + +- name: Generate kubernetes yaml for cert-manager resources + template: + src: platform_certificates.yml.j2 + dest: "{{ destination }}" diff --git a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/templates/platform_certificates.yml.j2 b/playbookconfig/src/playbooks/roles/common/generate-platform-certificates/templates/platform_certificates.yml.j2 similarity index 95% rename from playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/templates/platform_certificates.yml.j2 rename to playbookconfig/src/playbooks/roles/common/generate-platform-certificates/templates/platform_certificates.yml.j2 index fefce132e..bfbfb4ea9 100644 --- a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/templates/platform_certificates.yml.j2 +++ b/playbookconfig/src/playbooks/roles/common/generate-platform-certificates/templates/platform_certificates.yml.j2 @@ -22,7 +22,7 @@ items: ca: secretName: system-local-ca status: {} -{% if https_enabled.stdout | bool %} +{% if install_system_restapi_gui_certificate | bool %} - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -55,6 +55,7 @@ items: - "{{ subject_ST }}" status: {} {% endif %} +{% if install_system_registry_local_certificate | bool %} - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -91,7 +92,8 @@ items: provinces: - "{{ subject_ST }}" status: {} -{% if oidc_applied.stdout | bool %} +{% endif %} +{% if install_oidc_auth_apps_certificate | bool %} - apiVersion: cert-manager.io/v1 kind: Certificate metadata: diff --git a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/check-certificates-to-be-installed.yml b/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/check-certificates-to-be-installed.yml index 256486fa1..e9c29fb29 100644 --- a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/check-certificates-to-be-installed.yml +++ b/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/check-certificates-to-be-installed.yml @@ -19,3 +19,8 @@ system application-show oidc-auth-apps --column status --format value | \ awk '{ if ($0 == "applied") print "true"; else print "false"; }' register: oidc_applied + +- set_fact: + install_system_registry_local_certificate: true + install_system_restapi_gui_certificate: "{{ true if https_enabled.stdout | bool else false }}" + install_oidc_auth_apps_certificate: "{{ true if oidc_applied.stdout | bool else false }}" diff --git a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml b/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml index ee9a59284..b22998240 100644 --- a/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml +++ b/playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml @@ -22,48 +22,6 @@ include_tasks: check-for-management-alarms.yml when: ignore_alarms is undefined or ignore_alarms | bool == False - - name: Get address pool information for system - shell: | - source /etc/platform/openrc; system addrpool-list --nowrap - register: address_table - - - name: Get floating management ip - shell: | - echo "{{ address_table.stdout }}" | awk '$4 == "management" { print $14 }' - register: management_ip - - - name: Get floating oam ip - shell: | - echo "{{ address_table.stdout }}" | awk '$4 == "oam" { print $14 }' - register: oam_ip - - - name: Get floating kubernetes cluster ip - shell: | - echo "{{ address_table.stdout }}" | awk '$4 == "cluster-host-subnet" { print $14 }' - register: kubernetes_cluster_floating_ip - - - name: Get controller0 kubernetes cluster ip - shell: | - echo "{{ address_table.stdout }}" | awk '$4 == "cluster-host-subnet" { print $16 }' - register: kubernetes_cluster_c0_ip - - - name: Get controller1 kubernetes cluster ip - shell: | - echo "{{ address_table.stdout }}" | awk '$4 == "cluster-host-subnet" { print $18 }' - register: kubernetes_cluster_c1_ip - - - name: Get region name - shell: | - source /etc/platform/openrc - system show | grep region_name | awk '{ print $4 }' - register: region_name - - - name: Get distributed_cloud role - shell: | - source /etc/platform/openrc - system show | grep distributed_cloud_role | awk '{ print $4 }' - register: distributed_cloud_role - - name: Check certificates to be installed include_tasks: check-certificates-to-be-installed.yml @@ -98,9 +56,10 @@ delay: 30 - name: Generate kubernetes yaml for cert-manager resources - template: - src: platform_certificates.yml.j2 - dest: /tmp/platform_certificates.yaml + include_role: + name: common/generate-platform-certificates + vars: + destination: /tmp/platform_certificates.yaml - name: Apply kubernetes yaml to create cert-manager clusterissuer and certificates command: kubectl apply -f /tmp/platform_certificates.yaml