Skip to content

Commit

Permalink
[telemetry certs] deploy certs for telemetry in deploy-mg (#1614)
Browse files Browse the repository at this point in the history
* adding server and dsmsroot certs for telemetry
* adding support for ptfhost copy certs
  • Loading branch information
pra-moh authored Apr 30, 2020
1 parent 74536ef commit 19e92b1
Show file tree
Hide file tree
Showing 2 changed files with 133 additions and 1 deletion.
122 changes: 121 additions & 1 deletion ansible/config_sonic_basedon_testbed.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,99 @@
tasks:

- block:
- name: Creates telemetry directory
file:
path: /etc/sonic/telemetry
state: directory
become: true

- name: Init telemetry keys
set_fact:
server_key: ""
server_csr: ""
server_cer: ""
dsmsroot_key: ""
dsmsroot_csr: ""
dsmsroot_cer: ""
dir_path: ""

- name: read server key
set_fact:
server_key: "{{ telemetry_certs['server_key'] }}"
when: telemetry_certs['server_key'] is defined

- name: read server csr
set_fact:
server_csr: "{{ telemetry_certs['server_csr'] }}"
when: telemetry_certs['server_csr'] is defined

- name: read server cer
set_fact:
server_cer: "{{ telemetry_certs['server_cer'] }}"
when: telemetry_certs['server_cer'] is defined

- name: read dsmsroot key
set_fact:
dsmsroot_key: "{{ telemetry_certs['dsmsroot_key'] }}"
when: telemetry_certs['dsmsroot_key'] is defined

- name: read dsmsroot csr
set_fact:
dsmsroot_csr: "{{ telemetry_certs['dsmsroot_csr'] }}"
when: telemetry_certs['dsmsroot_csr'] is defined

- name: read dsmsroot cer
set_fact:
dsmsroot_cer: "{{ telemetry_certs['dsmsroot_cer'] }}"
when: telemetry_certs['dsmsroot_cer'] is defined

- name: read directory path
set_fact:
dir_path: "{{ telemetry_certs['dir_path'] }}"
when: telemetry_certs['dir_path'] is defined

- name: Create telemetry server private key
openssl_privatekey:
path: "{{ server_key }}"
size: 2048
become: true

- name: create telemetry server csr
openssl_csr:
path: "{{ telemetry_certs['server_csr'] }}"
privatekey_path: "{{ server_key }}"
become: true

- name: Generate a Self Signed OpenSSL telemetry server certificate
openssl_certificate:
path: "{{ server_cer }}"
privatekey_path: "{{ server_key }}"
csr_path: "{{ server_csr }}"
provider: selfsigned
become: true

- name: Create telemetry dsmsroot private key
openssl_privatekey:
path: "{{ dsmsroot_key }}"
size: 2048
become: true

- name: create telemetry dsmsroot csr
openssl_csr:
path: "{{ dsmsroot_csr }}"
privatekey_path: "{{ dsmsroot_key }}"
become: true

- name: Generate a Self Signed OpenSSL telemetry dsmsroot certificate
openssl_certificate:
path: "{{ dsmsroot_cer }}"
privatekey_path: "{{ dsmsroot_key }}"
csr_path: "{{ dsmsroot_csr }}"
subject:
commonName: ndastreamingclienttest.osdinfra.net
provider: selfsigned
become: true

- name: set default testbed file
set_fact:
testbed_file: testbed.csv
Expand All @@ -56,7 +149,34 @@
set_fact:
vm_base: "{{ testbed_facts['vm_base'] }}"
when: "testbed_facts['vm_base'] != ''"
when: testbed_name is defined
when: testbed_name is defined

- name: Set ptf_host
set_fact:
ptf_host: "{{ testbed_facts['ptf_ip'] }}"

- fail: msg="Please set ptf_host first"
when: ptf_host is not defined

- name: create dir on ptfhost
file:
path: "{{ dir_path }}"
state: directory
become: true
delegate_to: "{{ ptf_host }}"

- name: Copy certs on ptfhost
synchronize:
src: "{{ dir_path }}"
dest: "{{ dir_path }}"
become: true
delegate_to: "{{ ptf_host }}"

- name: Rename dsmsroot.cer to client cer
command: mv "{{ dsmsroot_cer }}" "{{ client_cer }}"

- name: Rename dsmsroot.key to client key
command: mv "{{ dsmsroot_key }}" "{{ client_key }}"

- topo_facts: topo={{ topo }}
delegate_to: localhost
Expand Down
12 changes: 12 additions & 0 deletions ansible/group_vars/all/telemetry_certs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Configure telemetry server and dsmsroot key,cer

telemetry_certs:
server_key: "/etc/sonic/telemetry/streamingtelemetryserver.key"
server_csr: "/etc/sonic/telemetry/streamingtelemetryserver.csr"
server_cer: "/etc/sonic/telemetry/streamingtelemetryserver.cer"
dsmsroot_key: "/etc/sonic/telemetry/dsmsroot.key"
dsmsroot_csr: "/etc/sonic/telemetry/dsmsroot.csr"
dsmsroot_cer: "/etc/sonic/telemetry/dsmsroot.cer"
client_key: "/etc/sonic/telemetry/streamingtelemetryclient.key"
client_cer: "/etc/sonic/telemetry/streamingtelemetryclient.cer"
dir_path: "/etc/sonic/telemetry"

0 comments on commit 19e92b1

Please sign in to comment.