Skip to content

[telemetry certs] deploy certs for telemetry in deploy-mg #1614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lguohan merged 3 commits into from
Apr 30, 2020
Merged

[telemetry certs] deploy certs for telemetry in deploy-mg #1614

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d6ab1f0
adding server and dsmsroot certs for telemetry
pra-moh Apr 25, 2020
2b8ee8c
adding vars for reused values
pra-moh Apr 27, 2020
b3126d0
adding support for ptfhost copy certs
pra-moh Apr 30, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
122 changes: 121 additions & 1 deletion ansible/config_sonic_basedon_testbed.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,99 @@
tasks:

- block:
- name: Creates telemetry directory
file:
path: /etc/sonic/telemetry
state: directory
become: true

- name: Init telemetry keys
set_fact:
server_key: ""
server_csr: ""
server_cer: ""
dsmsroot_key: ""
dsmsroot_csr: ""
dsmsroot_cer: ""
dir_path: ""

- name: read server key
set_fact:
server_key: "{{ telemetry_certs['server_key'] }}"
when: telemetry_certs['server_key'] is defined

- name: read server csr
set_fact:
server_csr: "{{ telemetry_certs['server_csr'] }}"
when: telemetry_certs['server_csr'] is defined

- name: read server cer
set_fact:
server_cer: "{{ telemetry_certs['server_cer'] }}"
when: telemetry_certs['server_cer'] is defined

- name: read dsmsroot key
set_fact:
dsmsroot_key: "{{ telemetry_certs['dsmsroot_key'] }}"
when: telemetry_certs['dsmsroot_key'] is defined

- name: read dsmsroot csr
set_fact:
dsmsroot_csr: "{{ telemetry_certs['dsmsroot_csr'] }}"
when: telemetry_certs['dsmsroot_csr'] is defined

- name: read dsmsroot cer
set_fact:
dsmsroot_cer: "{{ telemetry_certs['dsmsroot_cer'] }}"
when: telemetry_certs['dsmsroot_cer'] is defined

- name: read directory path
set_fact:
dir_path: "{{ telemetry_certs['dir_path'] }}"
when: telemetry_certs['dir_path'] is defined

- name: Create telemetry server private key
openssl_privatekey:
path: "{{ server_key }}"
size: 2048
become: true

- name: create telemetry server csr
openssl_csr:
path: "{{ telemetry_certs['server_csr'] }}"
privatekey_path: "{{ server_key }}"
become: true

- name: Generate a Self Signed OpenSSL telemetry server certificate
openssl_certificate:
path: "{{ server_cer }}"
privatekey_path: "{{ server_key }}"
csr_path: "{{ server_csr }}"
provider: selfsigned
become: true

- name: Create telemetry dsmsroot private key
openssl_privatekey:
path: "{{ dsmsroot_key }}"
size: 2048
become: true

- name: create telemetry dsmsroot csr
openssl_csr:
path: "{{ dsmsroot_csr }}"
privatekey_path: "{{ dsmsroot_key }}"
become: true

- name: Generate a Self Signed OpenSSL telemetry dsmsroot certificate
openssl_certificate:
path: "{{ dsmsroot_cer }}"
privatekey_path: "{{ dsmsroot_key }}"
csr_path: "{{ dsmsroot_csr }}"
subject:
commonName: ndastreamingclienttest.osdinfra.net
provider: selfsigned
become: true

- name: set default testbed file
set_fact:
testbed_file: testbed.csv
Expand All @@ -55,7 +148,34 @@
set_fact:
vm_base: "{{ testbed_facts['vm_base'] }}"
when: "testbed_facts['vm_base'] != ''"
when: testbed_name is defined
when: testbed_name is defined

- name: Set ptf_host
set_fact:
ptf_host: "{{ testbed_facts['ptf_ip'] }}"

- fail: msg="Please set ptf_host first"
when: ptf_host is not defined

- name: create dir on ptfhost
file:
path: "{{ dir_path }}"
state: directory
become: true
delegate_to: "{{ ptf_host }}"

- name: Copy certs on ptfhost
synchronize:
src: "{{ dir_path }}"
dest: "{{ dir_path }}"
become: true
delegate_to: "{{ ptf_host }}"

- name: Rename dsmsroot.cer to client cer
command: mv "{{ dsmsroot_cer }}" "{{ client_cer }}"

- name: Rename dsmsroot.key to client key
command: mv "{{ dsmsroot_key }}" "{{ client_key }}"

- topo_facts: topo={{ topo }}
delegate_to: localhost
Expand Down
12 changes: 12 additions & 0 deletions ansible/group_vars/all/telemetry_certs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Configure telemetry server and dsmsroot key,cer

telemetry_certs:
server_key: "/etc/sonic/telemetry/streamingtelemetryserver.key"
server_csr: "/etc/sonic/telemetry/streamingtelemetryserver.csr"
server_cer: "/etc/sonic/telemetry/streamingtelemetryserver.cer"
dsmsroot_key: "/etc/sonic/telemetry/dsmsroot.key"
dsmsroot_csr: "/etc/sonic/telemetry/dsmsroot.csr"
dsmsroot_cer: "/etc/sonic/telemetry/dsmsroot.cer"
client_key: "/etc/sonic/telemetry/streamingtelemetryclient.key"
client_cer: "/etc/sonic/telemetry/streamingtelemetryclient.cer"
dir_path: "/etc/sonic/telemetry"