diff options
author | Pep TurrĂ³ Mauri <pep@redhat.com> | 2017-03-23 17:31:20 +0100 |
---|---|---|
committer | Pep TurrĂ³ Mauri <pep@redhat.com> | 2017-04-06 17:58:06 +0200 |
commit | 9dbc6d42ec99f902a9cef786009cee4953bbbde4 (patch) | |
tree | 19c4730022b529b4476786c6e75df322c7ef96f9 /playbooks/certificate_expiry | |
parent | 0bac74c346bb5c620bdf1941b40c29ff3083e2b0 (diff) | |
download | openshift-9dbc6d42ec99f902a9cef786009cee4953bbbde4.tar.gz openshift-9dbc6d42ec99f902a9cef786009cee4953bbbde4.tar.bz2 openshift-9dbc6d42ec99f902a9cef786009cee4953bbbde4.tar.xz openshift-9dbc6d42ec99f902a9cef786009cee4953bbbde4.zip |
Add example scheduled certificate check
Additional certificate expiration check playbooks:
- one that that uploads the generated reports to a location in the masters
- one that uses custom report paths with timestamps
OpenShift Job and ScheduledJob examples that use these playbooks
run from a container to check cluster certificates from within
the cluster itself.
Diffstat (limited to 'playbooks/certificate_expiry')
-rw-r--r-- | playbooks/certificate_expiry/easy-mode-upload.yaml | 40 | ||||
-rw-r--r-- | playbooks/certificate_expiry/html_and_json_timestamp.yaml | 16 |
2 files changed, 56 insertions, 0 deletions
diff --git a/playbooks/certificate_expiry/easy-mode-upload.yaml b/playbooks/certificate_expiry/easy-mode-upload.yaml new file mode 100644 index 000000000..378d1f154 --- /dev/null +++ b/playbooks/certificate_expiry/easy-mode-upload.yaml @@ -0,0 +1,40 @@ +# This example generates HTML and JSON reports and +# +# Copies of the generated HTML and JSON reports are uploaded to the masters, +# which is particularly useful when this playbook is run from a container. +# +# All certificates (healthy or not) are included in the results +# +# Optional environment variables to alter the behaviour of the playbook: +# CERT_EXPIRY_WARN_DAYS: Length of the warning window in days (45) +# COPY_TO_PATH: path to copy reports to in the masters (/etc/origin/certificate_expiration_report) +--- +- name: Generate certificate expiration reports + hosts: nodes:masters:etcd + gather_facts: no + vars: + openshift_certificate_expiry_save_json_results: yes + openshift_certificate_expiry_generate_html_report: yes + openshift_certificate_expiry_show_all: yes + openshift_certificate_expiry_warning_days: "{{ lookup('env', 'CERT_EXPIRY_WARN_DAYS') | default('45', true) }}" + roles: + - role: openshift_certificate_expiry + +- name: Upload reports to master + hosts: masters + gather_facts: no + vars: + destination_path: "{{ lookup('env', 'COPY_TO_PATH') | default('/etc/origin/certificate_expiration_report', true) }}" + timestamp: "{{ lookup('pipe', 'date +%Y%m%d') }}" + tasks: + - name: Ensure that the target directory exists + file: + path: "{{ destination_path }}" + state: directory + - name: Copy the reports + copy: + dest: "{{ destination_path }}/{{ timestamp }}-{{ item }}" + src: "/tmp/{{ item }}" + with_items: + - "cert-expiry-report.html" + - "cert-expiry-report.json" diff --git a/playbooks/certificate_expiry/html_and_json_timestamp.yaml b/playbooks/certificate_expiry/html_and_json_timestamp.yaml new file mode 100644 index 000000000..2189455b7 --- /dev/null +++ b/playbooks/certificate_expiry/html_and_json_timestamp.yaml @@ -0,0 +1,16 @@ +--- +# Generate timestamped HTML and JSON reports in /var/lib/certcheck + +- name: Check cert expirys + hosts: nodes:masters:etcd + become: yes + gather_facts: no + vars: + openshift_certificate_expiry_generate_html_report: yes + openshift_certificate_expiry_save_json_results: yes + openshift_certificate_expiry_show_all: yes + timestamp: "{{ lookup('pipe', 'date +%Y%m%d') }}" + openshift_certificate_expiry_html_report_path: "/var/lib/certcheck/{{ timestamp }}-cert-expiry-report.html" + openshift_certificate_expiry_json_results_path: "/var/lib/certcheck/{{ timestamp }}-cert-expiry-report.json" + roles: + - role: openshift_certificate_expiry |