From 19e92b19c0c7610429402ef15b30288947f6ca13 Mon Sep 17 00:00:00 2001 From: pra-moh <49077256+pra-moh@users.noreply.github.com> Date: Wed, 29 Apr 2020 19:10:20 -0700 Subject: [PATCH] [telemetry certs] deploy certs for telemetry in deploy-mg (#1614) * adding server and dsmsroot certs for telemetry * adding support for ptfhost copy certs --- ansible/config_sonic_basedon_testbed.yml | 122 ++++++++++++++++++++- ansible/group_vars/all/telemetry_certs.yml | 12 ++ 2 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 ansible/group_vars/all/telemetry_certs.yml diff --git a/ansible/config_sonic_basedon_testbed.yml b/ansible/config_sonic_basedon_testbed.yml index aafb30ed5a6..091d77f92b3 100644 --- a/ansible/config_sonic_basedon_testbed.yml +++ b/ansible/config_sonic_basedon_testbed.yml @@ -36,6 +36,99 @@ tasks: - block: + - name: Creates telemetry directory + file: + path: /etc/sonic/telemetry + state: directory + become: true + + - name: Init telemetry keys + set_fact: + server_key: "" + server_csr: "" + server_cer: "" + dsmsroot_key: "" + dsmsroot_csr: "" + dsmsroot_cer: "" + dir_path: "" + + - name: read server key + set_fact: + server_key: "{{ telemetry_certs['server_key'] }}" + when: telemetry_certs['server_key'] is defined + + - name: read server csr + set_fact: + server_csr: "{{ telemetry_certs['server_csr'] }}" + when: telemetry_certs['server_csr'] is defined + + - name: read server cer + set_fact: + server_cer: "{{ telemetry_certs['server_cer'] }}" + when: telemetry_certs['server_cer'] is defined + + - name: read dsmsroot key + set_fact: + dsmsroot_key: "{{ telemetry_certs['dsmsroot_key'] }}" + when: telemetry_certs['dsmsroot_key'] is defined + + - name: read dsmsroot csr + set_fact: + dsmsroot_csr: "{{ telemetry_certs['dsmsroot_csr'] }}" + when: telemetry_certs['dsmsroot_csr'] is defined + + - name: read dsmsroot cer + set_fact: + dsmsroot_cer: "{{ telemetry_certs['dsmsroot_cer'] }}" + when: telemetry_certs['dsmsroot_cer'] is defined + + - name: read directory path + set_fact: + dir_path: "{{ telemetry_certs['dir_path'] }}" + when: telemetry_certs['dir_path'] is defined + + - name: Create telemetry server private key + openssl_privatekey: + path: "{{ server_key }}" + size: 2048 + become: true + + - name: create telemetry server csr + openssl_csr: + path: "{{ telemetry_certs['server_csr'] }}" + privatekey_path: "{{ server_key }}" + become: true + + - name: Generate a Self Signed OpenSSL telemetry server certificate + openssl_certificate: + path: "{{ server_cer }}" + privatekey_path: "{{ server_key }}" + csr_path: "{{ server_csr }}" + provider: selfsigned + become: true + + - name: Create telemetry dsmsroot private key + openssl_privatekey: + path: "{{ dsmsroot_key }}" + size: 2048 + become: true + + - name: create telemetry dsmsroot csr + openssl_csr: + path: "{{ dsmsroot_csr }}" + privatekey_path: "{{ dsmsroot_key }}" + become: true + + - name: Generate a Self Signed OpenSSL telemetry dsmsroot certificate + openssl_certificate: + path: "{{ dsmsroot_cer }}" + privatekey_path: "{{ dsmsroot_key }}" + csr_path: "{{ dsmsroot_csr }}" + subject: + commonName: ndastreamingclienttest.osdinfra.net + provider: selfsigned + become: true + - name: set default testbed file set_fact: testbed_file: testbed.csv @@ -56,7 +149,34 @@ set_fact: vm_base: "{{ testbed_facts['vm_base'] }}" when: "testbed_facts['vm_base'] != ''" - when: testbed_name is defined + when: testbed_name is defined + + - name: Set ptf_host + set_fact: + ptf_host: "{{ testbed_facts['ptf_ip'] }}" + + - fail: msg="Please set ptf_host first" + when: ptf_host is not defined + + - name: create dir on ptfhost + file: + path: "{{ dir_path }}" + state: directory + become: true + delegate_to: "{{ ptf_host }}" + + - name: Copy certs on ptfhost + synchronize: + src: "{{ dir_path }}" + dest: "{{ dir_path }}" + become: true + delegate_to: "{{ ptf_host }}" + + - name: Rename dsmsroot.cer to client cer + command: mv "{{ dsmsroot_cer }}" "{{ client_cer }}" + + - name: Rename dsmsroot.key to client key + command: mv "{{ dsmsroot_key }}" "{{ client_key }}" - topo_facts: topo={{ topo }} delegate_to: localhost diff --git a/ansible/group_vars/all/telemetry_certs.yml b/ansible/group_vars/all/telemetry_certs.yml new file mode 100644 index 00000000000..730adf9143d --- /dev/null +++ b/ansible/group_vars/all/telemetry_certs.yml @@ -0,0 +1,12 @@ +# Configure telemetry server and dsmsroot key,cer + +telemetry_certs: + server_key: "/etc/sonic/telemetry/streamingtelemetryserver.key" + server_csr: "/etc/sonic/telemetry/streamingtelemetryserver.csr" + server_cer: "/etc/sonic/telemetry/streamingtelemetryserver.cer" + dsmsroot_key: "/etc/sonic/telemetry/dsmsroot.key" + dsmsroot_csr: "/etc/sonic/telemetry/dsmsroot.csr" + dsmsroot_cer: "/etc/sonic/telemetry/dsmsroot.cer" + client_key: "/etc/sonic/telemetry/streamingtelemetryclient.key" + client_cer: "/etc/sonic/telemetry/streamingtelemetryclient.cer" + dir_path: "/etc/sonic/telemetry"