From: arvindpatel <arvind.patel@huawei.com>
Date: Tue, 10 Nov 2020 19:56:28 +0000 (+0530)
Subject: Condition added for password
X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=4274bc1e41bb0568bf72914248cf0a24b1f59f11;p=ealt-edge.git

Condition added for password

Signed-off-by: arvindpatel <arvind.patel@huawei.com>
Change-Id: I565aa8dee931c1243a1ecbdf462f15c0a5bb6d58
---

diff --git a/ocd/infra/playbooks/config.yml b/ocd/infra/playbooks/config.yml
index d31ae9b..94a7bb0 100644
--- a/ocd/infra/playbooks/config.yml
+++ b/ocd/infra/playbooks/config.yml
@@ -74,6 +74,8 @@ docker_registry_port:
 
 # All Center related password which needs to be specified if user
 # doesn't need common password for security purpose
+user_mgmt_encryptPassword:
+  name:
 mecm_meo_keystorePassword:
   name:
 mecm_meo_truststorePassword:
diff --git a/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/install.yml b/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/install.yml
index 9d47ed2..bfb3da1 100644
--- a/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/install.yml
+++ b/ocd/infra/playbooks/roles/eg_mecm-meo/tasks/install.yml
@@ -32,17 +32,33 @@
     regexp: 'PASSWORD_VALUE'
     replace: "{{ vardata.db_password.name }}"
 
-- name: Generates certificate mecm-ssl-secret
+- name: Create mecm-ssl-secret with common pwd
   # yamllint disable rule:line-length
   command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.common_pwd.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.common_pwd.name}}
   # yamllint disable rule:line-length
+  when: '{{ vardata.common_pwd.name}}'
 
-- name: Generates certificate edgegallery-mecm-secret
+- name: Generates certificate mecm-ssl-secret
+  # yamllint disable rule:line-length
+  command: kubectl create secret generic mecm-ssl-secret --from-file=keystore.p12=/tmp/ssl-eg-keys-certs/keystore.p12 --from-file=keystore.jks=/tmp/ssl-eg-keys-certs/keystore.jks --from-literal=keystorePassword={{ vardata.mecm_meo_keystorePassword.name}} --from-literal=keystoreType=PKCS12 --from-literal=keyAlias=edgegallery --from-literal=truststorePassword={{ vardata.mecm_meo_truststorePassword.name}}
+  # yamllint disable rule:line-length
+  when: '{{ vardata.mecm_meo_keystorePassword.name}}'
+
+- name: Create certificate edgegallery-mecm-secret with common pwd
   # yamllint disable rule:line-length
   command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.common_pwd.name}} --from-literal=postgresApmPassword={{ vardata.common_pwd.name}} --from-literal=postgresAppoPassword={{ vardata.common_pwd.name}} --from-literal=postgresInventoryPassword={{ vardata.common_pwd.name}} --from-literal=edgeRepoUserName={{ vardata.mecm_meo_edgeRepoUserName.name}}  --from-literal=edgeRepoPassword={{ vardata.mecm_meo_edgeRepoPassword.name}}
   # yamllint disable rule:line-length
   args:
     chdir: /tmp/eg_mecm-meo/deploy/
+  when: '{{ vardata.common_pwd.name}}'
+
+- name: Generates certificate edgegallery-mecm-secret
+  # yamllint disable rule:line-length
+  command: kubectl create secret generic edgegallery-mecm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-meo/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_meo_postgresPassword.name}} --from-literal=postgresApmPassword={{ vardata.mecm_meo_postgresApmPassword.name}} --from-literal=postgresAppoPassword={{ vardata.mecm_meo_postgresAppoPassword.name}} --from-literal=postgresInventoryPassword={{ vardata.mecm_meo_postgresInventoryPassword.name}} --from-literal=edgeRepoUserName={{ vardata.mecm_meo_edgeRepoUserName.name}}  --from-literal=edgeRepoPassword={{ vardata.mecm_meo_edgeRepoPassword.name}}
+  # yamllint disable rule:line-length
+  args:
+    chdir: /tmp/eg_mecm-meo/deploy/
+  when: '{{ vardata.mecm_meo_postgresPassword.name}}'
 
 - name: Fs group value
   shell: 'getent group docker | cut -d: -f3'
diff --git a/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/install.yml b/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/install.yml
index 26eb288..42a72bb 100644
--- a/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/install.yml
+++ b/ocd/infra/playbooks/roles/eg_mecm-mepm/tasks/install.yml
@@ -46,10 +46,17 @@
   args:
     chdir: /tmp/ssl-eg-keys-certs/
 
-- name: Create edgegallery-mepm-secret secret
+- name: Create edgegallery-mepm-secret secret with common pwd
   # yamllint disable rule:line-length
   command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.db_password.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.db_password.name}} --from-literal=postgresk8sPluginPassword={{ vardata.db_password.name}}
   # yamllint disable rule:line-length
+  when: '{{ vardata.db_password.name}}'
+
+- name: Create edgegallery-mepm-secret secret
+  # yamllint disable rule:line-length
+  command: kubectl create secret generic edgegallery-mepm-secret --from-file=postgres_init.sql=/tmp/eg_mecm-mepm/deploy/conf/keys/postgres_init.sql --from-literal=postgresPassword={{ vardata.mecm_mepm_postgresPassword.name}} --from-literal=postgresLcmCntlrPassword={{ vardata.mecm_mepm_postgresLcmCntlrPassword.name}} --from-literal=postgresk8sPluginPassword={{ vardata.mecm_mepm_postgresk8sPluginPassword.name}}
+  # yamllint disable rule:line-length
+  when: '{{ vardata.mecm_mepm_postgresPassword.name}}'
 
 - name: Create mepm service account
   command: kubectl apply -f /tmp/eg_mecm-mepm/deploy/conf/manifest/mepm/mepm-service-account.yaml
diff --git a/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml b/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml
index 5474126..62e103b 100644
--- a/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml
+++ b/ocd/infra/playbooks/roles/eg_mep/tasks/install.yml
@@ -59,12 +59,21 @@
   args:
     chdir: /tmp/.mep_tmp_cer/
 
-- name: Openssl rsa mep tls
+- name: Openssl rsa mep tls with common pwd
   # yamllint disable rule:line-length
   command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.common_pwd.name}} -out mepserver_encryptedtls.key
   # yamllint disable rule:line-length
   args:
     chdir: /tmp/.mep_tmp_cer/
+  when: '{{ vardata.common_pwd.name}}'
+
+- name: Openssl rsa mep tls
+  # yamllint disable rule:line-length
+  command: openssl rsa -in mepserver_tls.key -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out mepserver_encryptedtls.key
+  # yamllint disable rule:line-length
+  args:
+    chdir: /tmp/.mep_tmp_cer/
+  when: '{{ vardata.mep_cert_pwd.name}}'
 
 - name: Openssl req new key mepserver tls key
   # yamllint disable rule:line-length
@@ -90,33 +99,62 @@
   args:
     chdir: /tmp/.mep_tmp_cer/
 
-- name: Openssl rsa in jwt
+- name: Openssl rsa in jwt with common pwd
   # yamllint disable rule:line-length
   command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.common_pwd.name}} -out jwt_encrypted_privatekey
   # yamllint disable rule:line-length
   args:
     chdir: /tmp/.mep_tmp_cer/
+  when: '{{ vardata.common_pwd.name}}'
+
+- name: Openssl rsa in jwt
+  # yamllint disable rule:line-length
+  command: openssl rsa -in jwt_privatekey -aes256 -passout pass:{{ vardata.mep_cert_pwd.name}} -out jwt_encrypted_privatekey
+  # yamllint disable rule:line-length
+  args:
+    chdir: /tmp/.mep_tmp_cer/
+  when: '{{ vardata.mep_cert_pwd.name}}'
 
 - name: Create mep namespace
   command: kubectl create ns mep
   args:
     chdir: /tmp/
 
-- name: Create generic pg secret
+- name: Create generic pg secret with common pwd
   # yamllint disable rule:line-length
   command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.common_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.common_pwd.name}}
            --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
   # yamllint disable rule:line-length
   args:
     chdir: /tmp/
+  when: '{{ vardata.common_pwd.name}}'
 
-- name: Create mep generic for mep ssl
+- name: Create generic pg secret
+  # yamllint disable rule:line-length
+  command: kubectl -n mep create secret generic pg-secret --from-literal=pg_admin_pwd={{ vardata.mep_pg_admin_pwd.name}} --from-literal=kong_pg_pwd={{ vardata.mep_kong_pg_pwd.name}}
+           --from-file=server.key=/tmp/.mep_tmp_cer/mepserver_tls.key --from-file=server.crt=/tmp/.mep_tmp_cer/mepserver_tls.crt
+  # yamllint disable rule:line-length
+  args:
+    chdir: /tmp/
+  when: '{{ vardata.mep_pg_admin_pwd.name}}'
+
+- name: Create mep generic for mep ssl with common pwd
   # yamllint disable rule:line-length
   command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.common_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
            --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
   # yamllint disable rule:line-length
   args:
     chdir: /tmp/
+  when: '{{ vardata.common_pwd.name}}'
+
+- name: Create mep generic for mep ssl
+  # yamllint disable rule:line-length
+  command: kubectl -n mep create secret generic mep-ssl --from-literal=cert_pwd={{ vardata.mep_cert_pwd.name}} --from-file=server.cer=/tmp/.mep_tmp_cer/mepserver_tls.crt
+           --from-file=server_key.pem=/tmp/.mep_tmp_cer/mepserver_encryptedtls.key --from-file=trust.cer=/tmp/.mep_tmp_cer/ca.crt
+  # yamllint disable rule:line-length
+  args:
+    chdir: /tmp/
+  when: '{{ vardata.mep_cert_pwd.name}}'
 
 - name: Create mep seret generic
   # yamllint disable rule:line-length
diff --git a/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/install.yml b/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/install.yml
index 63de481..f2a3686 100644
--- a/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/install.yml
+++ b/ocd/infra/playbooks/roles/eg_user-mgmt/tasks/install.yml
@@ -21,10 +21,17 @@
       file: ../../../config.yml
       name: vardata
 
-- name: Generating certificates for usermanagment
+- name: Create certificates for usermanagment with common pwd
   # yamllint disable rule:line-length
   command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.common_pwd.name}}
   # yamllint disable rule:line-length
+  when: '{{ vardata.common_pwd.name}}'
+
+- name: Generating certificates for usermanagment
+  # yamllint disable rule:line-length
+  command: kubectl create secret generic user-mgmt-jwt-secret --from-file=publicKey=/tmp/ssl-eg-keys-certs/rsa_public_key.pem --from-file=encryptedPrivateKey=/tmp/ssl-eg-keys-certs/encrypted_rsa_private_key.pem --from-literal=encryptPassword={{ vardata.user_mgmt_encryptPassword.name}}
+  # yamllint disable rule:line-length
+  when: '{{ vardata.user_mgmt_encryptPassword.name}}'
 
 - name: Install user-mgmt
   # yamllint disable rule:line-length