Merge "Refactor platform_certificates.yml.j2 to /common"

playbookconfig/src/playbooks/roles/common/generate-platform-certificates/tasks/main.yml

@@ -0,0 +1,56 @@
+---
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# These tasks get information from the running system and use it to
+# generate a certificate spec file which is going to be applied to
+# kubernetes at a later step
+#
+- name: Get address pool information for system
+  shell: |
+    source /etc/platform/openrc; system addrpool-list --nowrap
+  register: address_table
+
+- name: Get floating management ip
+  shell: |
+    echo "{{ address_table.stdout }}" | awk  '$4 == "management" { print $14 }'
+  register: management_ip
+
+- name: Get floating oam ip
+  shell: |
+    echo "{{ address_table.stdout }}" | awk  '$4 == "oam" { print $14 }'
+  register: oam_ip
+
+- name: Get floating kubernetes cluster ip
+  shell: |
+    echo "{{ address_table.stdout }}" | awk  '$4 == "cluster-host-subnet" { print $14 }'
+  register: kubernetes_cluster_floating_ip
+
+- name: Get controller0 kubernetes cluster ip
+  shell: |
+    echo "{{ address_table.stdout }}" | awk  '$4 == "cluster-host-subnet" { print $16 }'
+  register: kubernetes_cluster_c0_ip
+
+- name: Get controller1 kubernetes cluster ip
+  shell: |
+    echo "{{ address_table.stdout }}" | awk  '$4 == "cluster-host-subnet" { print $18 }'
+  register: kubernetes_cluster_c1_ip
+
+- name: Get region name
+  shell: |
+    source /etc/platform/openrc
+    system show | grep region_name | awk '{ print $4 }'
+  register: region_name
+
+- name: Get distributed_cloud role
+  shell: |
+    source /etc/platform/openrc
+    system show | grep distributed_cloud_role | awk '{ print $4 }'
+  register: distributed_cloud_role
+
+- name: Generate kubernetes yaml for cert-manager resources
+  template:
+    src: platform_certificates.yml.j2
+    dest: "{{ destination }}"

playbookconfig/src/playbooks/roles/common/generate-platform-certificates/templates/platform_certificates.yml.j2

@@ -22,7 +22,7 @@ items:
     ca:
       secretName: system-local-ca
   status: {}
-{% if https_enabled.stdout | bool %}
+{% if install_system_restapi_gui_certificate | bool %}
 - apiVersion: cert-manager.io/v1
   kind: Certificate
   metadata:
@@ -55,6 +55,7 @@ items:
       - "{{ subject_ST }}"
   status: {}
 {% endif %}
+{% if install_system_registry_local_certificate | bool %}
 - apiVersion: cert-manager.io/v1
   kind: Certificate
   metadata:
@@ -91,7 +92,8 @@ items:
       provinces:
       - "{{ subject_ST }}"
   status: {}
-{% if oidc_applied.stdout | bool %}
+{% endif %}
+{% if install_oidc_auth_apps_certificate | bool %}
 - apiVersion: cert-manager.io/v1
   kind: Certificate
   metadata:

playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/check-certificates-to-be-installed.yml

@@ -19,3 +19,8 @@
     system application-show oidc-auth-apps --column status --format value | \
     awk  '{ if ($0 == "applied") print "true"; else print "false"; }'
   register: oidc_applied
+
+- set_fact:
+    install_system_registry_local_certificate: true
+    install_system_restapi_gui_certificate: "{{ true if https_enabled.stdout | bool else false }}"
+    install_oidc_auth_apps_certificate: "{{ true if oidc_applied.stdout | bool else false }}"

playbookconfig/src/playbooks/roles/migrate-platform-certificates-to-certmanager/migrate-certificates/tasks/main.yml

@@ -22,48 +22,6 @@
       include_tasks: check-for-management-alarms.yml
       when: ignore_alarms is undefined or ignore_alarms | bool == False
 
-    - name: Get address pool information for system
-      shell: |
-        source /etc/platform/openrc; system addrpool-list --nowrap
-      register: address_table
-
-    - name: Get floating management ip
-      shell: |
-        echo "{{ address_table.stdout }}" | awk  '$4 == "management" { print $14 }'
-      register: management_ip
-
-    - name: Get floating oam ip
-      shell: |
-        echo "{{ address_table.stdout }}" | awk  '$4 == "oam" { print $14 }'
-      register: oam_ip
-
-    - name: Get floating kubernetes cluster ip
-      shell: |
-        echo "{{ address_table.stdout }}" | awk  '$4 == "cluster-host-subnet" { print $14 }'
-      register: kubernetes_cluster_floating_ip
-
-    - name: Get controller0 kubernetes cluster ip
-      shell: |
-        echo "{{ address_table.stdout }}" | awk  '$4 == "cluster-host-subnet" { print $16 }'
-      register: kubernetes_cluster_c0_ip
-
-    - name: Get controller1 kubernetes cluster ip
-      shell: |
-        echo "{{ address_table.stdout }}" | awk  '$4 == "cluster-host-subnet" { print $18 }'
-      register: kubernetes_cluster_c1_ip
-
-    - name: Get region name
-      shell: |
-        source /etc/platform/openrc
-        system show | grep region_name | awk '{ print $4 }'
-      register: region_name
-
-    - name: Get distributed_cloud role
-      shell: |
-        source /etc/platform/openrc
-        system show | grep distributed_cloud_role | awk '{ print $4 }'
-      register: distributed_cloud_role
-
     - name: Check certificates to be installed
       include_tasks: check-certificates-to-be-installed.yml
 
@@ -98,9 +56,10 @@
       delay: 30
 
     - name: Generate kubernetes yaml for cert-manager resources
-      template:
-        src: platform_certificates.yml.j2
-        dest: /tmp/platform_certificates.yaml
+      include_role:
+        name: common/generate-platform-certificates
+      vars:
+        destination: /tmp/platform_certificates.yaml
 
     - name: Apply kubernetes yaml to create cert-manager clusterissuer and certificates
       command: kubectl apply -f /tmp/platform_certificates.yaml