# All Center related password which needs to be specified if user
# doesn't need common password for security purpose
+user_mgmt_encryptPassword:
+ name:
mecm_meo_keystorePassword:
name:
mecm_meo_truststorePassword:
regexp: 'PASSWORD_VALUE'
replace: "{{ vardata.db_password.name }}"
-- name: Generates certificate mecm-ssl-secret
+- name: Create mecm-ssl-secret with common pwd
# yamllint disable rule:line-length
command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.common_pwd.name}}
# yamllint disable rule:line-length
+ when: '{{ vardata.common_pwd.name}}'
-- name: Generates certificate edgegallery-mecm-secret
+- name: Generates certificate mecm-ssl-secret
+ # yamllint disable rule:line-length
+ command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.mecm_meo_keystorePassword.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.mecm_meo_truststorePassword.name}}
+ # yamllint disable rule:line-length
+ when: '{{ vardata.mecm_meo_keystorePassword.name}}'
+
+- name: Create certificate edgegallery-mecm-secret with common pwd
# yamllint disable rule:line-length
command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresApmPassword={{ vardata.common_pwd.name}} --from-literal=postgresAppoPassword={{ vardata.common_pwd.name}} --from-literal=postgresInventoryPassword={{ vardata.common_pwd.name}} --from-literal=edgeRepoUserName={{ vardata.mecm_meo_edgeRepoUserName.name}} --from-literal=edgeRepoPassword={{ vardata.mecm_meo_edgeRepoPassword.name}}
# yamllint disable rule:line-length
args:
chdir: /tmp/eg_mecm-meo/deploy/
+ when: '{{ vardata.common_pwd.name}}'
+
+- name: Generates certificate edgegallery-mecm-secret
+ # yamllint disable rule:line-length
+ command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_meo_postgresPassword.name}} --from-literal=postgresApmPassword={{ vardata.mecm_meo_postgresApmPassword.name}} --from-literal=postgresAppoPassword={{ vardata.mecm_meo_postgresAppoPassword.name}} --from-literal=postgresInventoryPassword={{ vardata.mecm_meo_postgresInventoryPassword.name}} --from-literal=edgeRepoUserName={{ vardata.mecm_meo_edgeRepoUserName.name}} --from-literal=edgeRepoPassword={{ vardata.mecm_meo_edgeRepoPassword.name}}
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/eg_mecm-meo/deploy/
+ when: '{{ vardata.mecm_meo_postgresPassword.name}}'
- name: Fs group value
shell: 'getent group docker | cut -d: -f3'
args:
chdir: /tmp/ssl-eg-keys-certs/
-- name: Create edgegallery-mepm-secret secret
+- name: Create edgegallery-mepm-secret secret with common pwd
# yamllint disable rule:line-length
command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.db_password.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.db_password.name}} --from-literal=postgresk8sPluginPassword={{ vardata.db_password.name}}
# yamllint disable rule:line-length
+ when: '{{ vardata.db_password.name}}'
+
+- name: Create edgegallery-mepm-secret secret
+ # yamllint disable rule:line-length
+ command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_mepm_postgresPassword.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.mecm_mepm_postgresLcmCntlrPassword.name}} --from-literal=postgresk8sPluginPassword={{ vardata.mecm_mepm_postgresk8sPluginPassword.name}}
+ # yamllint disable rule:line-length
+ when: '{{ vardata.mecm_mepm_postgresPassword.name}}'
- name: Create mepm service account
command: kubectl apply -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml
args:
chdir: /tmp/.mep_tmp_cer/
-- name: Openssl rsa mep tls
+- name: Openssl rsa mep tls with common pwd
# yamllint disable rule:line-length
command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out mepserver_encryptedtls.key
# yamllint disable rule:line-length
args:
chdir: /tmp/.mep_tmp_cer/
+ when: '{{ vardata.common_pwd.name}}'
+
+- name: Openssl rsa mep tls
+ # yamllint disable rule:line-length
+ command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out mepserver_encryptedtls.key
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/.mep_tmp_cer/
+ when: '{{ vardata.mep_cert_pwd.name}}'
- name: Openssl req new key mepserver tls key
# yamllint disable rule:line-length
args:
chdir: /tmp/.mep_tmp_cer/
-- name: Openssl rsa in jwt
+- name: Openssl rsa in jwt with common pwd
# yamllint disable rule:line-length
command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out jwt_encrypted_privatekey
# yamllint disable rule:line-length
args:
chdir: /tmp/.mep_tmp_cer/
+ when: '{{ vardata.common_pwd.name}}'
+
+- name: Openssl rsa in jwt
+ # yamllint disable rule:line-length
+ command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out jwt_encrypted_privatekey
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/.mep_tmp_cer/
+ when: '{{ vardata.mep_cert_pwd.name}}'
- name: Create mep namespace
command: kubectl create ns mep
args:
chdir: /tmp/
-- name: Create generic pg secret
+- name: Create generic pg secret with common pwd
# yamllint disable rule:line-length
command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.common_pwd.name}}
--from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
# yamllint disable rule:line-length
args:
chdir: /tmp/
+ when: '{{ vardata.common_pwd.name}}'
-- name: Create mep generic for mep ssl
+- name: Create generic pg secret
+ # yamllint disable rule:line-length
+ command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
+ --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/
+ when: '{{ vardata.mep_pg_admin_pwd.name}}'
+
+- name: Create mep generic for mep ssl with common pwd
# yamllint disable rule:line-length
command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
--from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
# yamllint disable rule:line-length
args:
chdir: /tmp/
+ when: '{{ vardata.common_pwd.name}}'
+
+- name: Create mep generic for mep ssl
+ # yamllint disable rule:line-length
+ command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
+ --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
+ # yamllint disable rule:line-length
+ args:
+ chdir: /tmp/
+ when: '{{ vardata.mep_cert_pwd.name}}'
- name: Create mep seret generic
# yamllint disable rule:line-length
file: ../../../config.yml
name: vardata
-- name: Generating certificates for usermanagment
+- name: Create certificates for usermanagment with common pwd
# yamllint disable rule:line-length
command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.common_pwd.name}}
# yamllint disable rule:line-length
+ when: '{{ vardata.common_pwd.name}}'
+
+- name: Generating certificates for usermanagment
+ # yamllint disable rule:line-length
+ command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.user_mgmt_encryptPassword.name}}
+ # yamllint disable rule:line-length
+ when: '{{ vardata.user_mgmt_encryptPassword.name}}'
- name: Install user-mgmt
# yamllint disable rule:line-length