ee8a7b2cfb
This change fixes an issue where zuul services can't create a lockfile. Another issue happening with older operator-framework and newer kubernetes version is being fixed by updating the operator-framework following this migration documentation: https://sdk.operatorframework.io/docs/building-operators/ansible/migration/ Change-Id: I6adfb907184112f0b7debb050975f76cd1dd4b01
31 lines
1.1 KiB
YAML
31 lines
1.1 KiB
YAML
- name: Check if zookeeper tls cert is already created
|
|
set_fact:
|
|
zookeeper_certs: "{{ lookup('k8s', api_version='v1', kind='Secret', namespace=namespace, resource_name=zuul_name + '-zookeeper-tls') }}"
|
|
|
|
- name: Generate and store certs
|
|
when: zookeeper_certs.data is not defined
|
|
block:
|
|
- name: Generate certs
|
|
command: "sh -c 'mkdir -p zk-ca; {{ role_path }}/files/zk-ca.sh zk-ca/ {{ item }}'"
|
|
loop:
|
|
# TODO: support multiple zk pod
|
|
- zk
|
|
args:
|
|
creates: zk-ca/keys/clientkey.pem
|
|
|
|
- name: Create k8s secret
|
|
community.kubernetes.k8s:
|
|
state: "{{ state }}"
|
|
namespace: "{{ namespace }}"
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: "{{ zuul_name }}-zookeeper-tls"
|
|
stringData:
|
|
ca.crt: "{{ lookup('file', 'zk-ca/demoCA/cacert.pem') }}"
|
|
tls.crt: "{{ lookup('file', 'zk-ca/certs/client.pem') }}"
|
|
tls.key: "{{ lookup('file', 'zk-ca/keys/clientkey.pem') }}"
|
|
data:
|
|
zk.pem: "{{ lookup('file', 'zk-ca/keystores/zk.pem') | b64encode }}"
|