[telemetry] Adding server and dsmsroot certs to start telemetry in auth mode (#1716)

pra-moh · web-flow · commit 66d96fa2094b · 2020-06-03T16:43:44.000-07:00
Adding server and dsmsroot certs to start telemetry in auth mode

- Declare server key/cer/csr under /group/all/vars inside telemetry_certs.yml
- Create variables to hold values from telemetry_certs.yml
- Create server and dsmsroot certs using private key and csr
- Copy all certs on localhost
- Copy certs from localhost to SONiC DUT
diff --git a/ansible/config_sonic_basedon_testbed.yml b/ansible/config_sonic_basedon_testbed.yml
@@ -122,6 +122,137 @@
     delegate_to: localhost
     when: local_minigraph is defined and local_minigraph|bool == true
 
+  - block:
+       - name: Init telemetry keys
+         set_fact:
+            server_key: ""
+            server_csr: ""
+            server_cer: ""
+            dsmsroot_key: ""
+            dsmsroot_csr: ""
+            dsmsroot_cer: ""
+            dir_path: ""
+
+       - name: read server key
+         set_fact:
+            server_key: "{{ telemetry_certs['server_key'] }}"
+         when: telemetry_certs['server_key'] is defined
+
+       - name: read server csr
+         set_fact:
+            server_csr: "{{ telemetry_certs['server_csr'] }}"
+         when: telemetry_certs['server_csr'] is defined
+
+       - name: read server cer
+         set_fact:
+            server_cer: "{{ telemetry_certs['server_cer'] }}"
+          when: telemetry_certs['server_cer'] is defined
+
+       - name: read dsmsroot key
+         set_fact:
+            dsmsroot_key: "{{ telemetry_certs['dsmsroot_key'] }}"
+         when: telemetry_certs['dsmsroot_key'] is defined
+
+       - name: read dsmsroot csr
+         set_fact:
+            dsmsroot_csr: "{{ telemetry_certs['dsmsroot_csr'] }}"
+         when: telemetry_certs['dsmsroot_csr'] is defined
+
+       - name: read dsmsroot cer
+         set_fact:
+            dsmsroot_cer: "{{ telemetry_certs['dsmsroot_cer'] }}"
+         when: telemetry_certs['dsmsroot_cer'] is defined
+
+       - name: read directory path
+         set_fact:
+             dir_path: "{{ telemetry_certs['dir_path'] }}"
+         when: telemetry_certs['dir_path'] is defined
+
+       - name: Create telemetry directory
+         file:
+           path: "{{ dir_path }}"
+           state: directory
+           mode: '0755'
+         become: true
+         delegate_to: localhost
+
+       - name: Create telemetry server private key
+         openssl_privatekey:
+            path: "{{ server_key }}"
+            size: 2048
+            mode: '0755'
+         become: true
+         delegate_to: localhost
+
+       - name: create telemetry server csr
+         openssl_csr:
+            path: "{{ telemetry_certs['server_csr'] }}"
+            privatekey_path: "{{ server_key }}"
+         become: true
+         delegate_to: localhost
+
+       - name: Generate a Self Signed OpenSSL telemetry server certificate
+         openssl_certificate:
+             path: "{{ server_cer }}"
+             privatekey_path: "{{ server_key }}"
+             csr_path: "{{ server_csr }}"
+             subject:
+                commonName: ndastreamingservertest
+             provider: selfsigned
+         become: true
+         delegate_to: localhost
+
+       - name: Create telemetry dsmsroot private key
+         openssl_privatekey:
+             path: "{{ dsmsroot_key }}"
+             size: 2048
+             mode: '0755'
+         become: true
+         delegate_to: localhost
+
+       - name: create telemetry dsmsroot csr
+         openssl_csr:
+             path: "{{ dsmsroot_csr }}"
+             privatekey_path: "{{ dsmsroot_key }}"
+         become: true
+         delegate_to: localhost
+
+       - name: Generate a Self Signed OpenSSL telemetry dsmsroot certificate
+         openssl_certificate:
+              path: "{{ dsmsroot_cer }}"
+              privatekey_path: "{{ dsmsroot_key }} "
+              csr_path: "{{ dsmsroot_csr }} "
+              subject:
+                 commonName: ndastreamingclienttest
+              provider: selfsigned
+         become: true
+         delegate_to: localhost
+
+       - name: Creates telemetry directory
+         file:
+           path: "{{ dir_path }}"
+           state: directory
+           mode: '0755'
+         become: true
+
+        - name: copy server_key from local to remote
+          copy:
+            src: "{{ server_key }}"
+            dest: "{{ server_key }}"
+          become: yes
+
+        - name: copy server_cer from local to remote
+          copy:
+            src: "{{ server_cer }}"
+            dest: "{{ server_cer }}"
+          become: yes
+
+        - name: copy dsmsroot_key from local to remote
+          copy:
+            src: "{{ dsmsroot_key }}"
+            dest: "{{ dsmsroot_key }}"
+          become: yes
+
   - block:
       - name: saved original minigraph file in SONiC DUT(ignore errors when file doesnot exist)
         shell: mv /etc/sonic/minigraph.xml /etc/sonic/minigraph.xml.orig
@@ -140,7 +271,7 @@
         delegate_to: localhost
 
       - name: debug print stat_result
-        debug: 
+        debug:
             msg: Stat result is {{ stat_result }}
 
       - name: Copy corresponding configlet files if exist
diff --git a/ansible/group_vars/all/telemetry_certs.yml b/ansible/group_vars/all/telemetry_certs.yml
@@ -0,0 +1,10 @@
+# Configure telemetry server and dsmsroot key,cer
+
+telemetry_certs:
+    server_key: "/etc/sonic/telemetry/streamingtelemetryserver.key"
+    server_csr: "/etc/sonic/telemetry/streamingtelemetryserver.csr"
+    server_cer: "/etc/sonic/telemetry/streamingtelemetryserver.cer"
+    dsmsroot_key: "/etc/sonic/telemetry/dsmsroot.key"
+    dsmsroot_csr: "/etc/sonic/telemetry/dsmsroot.csr"
+    dsmsroot_cer: "/etc/sonic/telemetry/dsmsroot.cer"
+    dir_path: "/etc/sonic/telemetry"
