ssp ps update

roles/ssp_ps_deploy/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-ssp_ps_instanceid: "{{ lookup('env', 'SSP_INSTANCEID') }}"
+ssp_instanceid: "{{ lookup('env', 'SSP_INSTANCEID') }}"
 
 ssp_ps_version: "{{ lookup('env', 'SSP_VERSION') | default('6.1.0.0.03plus', true) }}"
 
@@ -15,11 +15,13 @@ entitled_registry_key: "{{ lookup('env', 'ENTITLED_REGISTRY_KEY') }}"
 # -----------------------------------------------------------------------------
 my_workdir: /tmp
 
-ssp_ps_namespace: "sterling-ssp-cm-{{ ssp_ps_instanceid }}"
-ssp_namespace: "sterling-spp-{{ ssp_ps_instanceid }}"
+ssp_ps_namespace: "ibm-ssp-{{ ssp_instanceid }}-ps"
+ssp_namespace: "ibm-ssp-{{ ssp_instanceid }}-engine"
+ssp_cm_namespace: "ibm-ssp-{{ ssp_instanceid }}-cm"
 
 ssp_ps_registry_secret: ibm-registry-secret
-ssp_ps_secret: ibm-seas-secret
+ssp_ps_secret: ibm-ssp-ps-secret
+ssp_keycert_secret: ssp-cm-keycert
 ssp_ps_use_dynamic_provisioning: false
 
 # https://github.com/IBM/charts/tree/master/repo/ibm-helm

roles/ssp_ps_deploy/tasks/01_check_vars.yml

@@ -2,7 +2,7 @@
 - name: Check for required environment variables
   ansible.builtin.assert:
     that:
-      # CONNECT:DIRECT
+      # Secure Proxy Instance ID
       - lookup('env', 'SSP_INSTANCEID') != ""
       # IBM
       - lookup('env', 'ENTITLED_REGISTRY_KEY') != ""
@@ -20,9 +20,15 @@
     that: entitled_registry_key is defined and entitled_registry_key != ""
     fail_msg: "entitled_registry_key property is required"
 
+- name: Unique Id for files
+  ansible.builtin.set_fact:
+    my_serial: "{{ lookup('password', '/dev/null length=8 chars=ascii_lowercase,digits') }}"
+
 # Debug
 # -----------------------------------------------------------------------------
 - name: Debug
   ansible.builtin.debug:
     msg:
       - "Kubernets Namespace ................. {{ ssp_ps_namespace }}"
+      - "my_serial ........................... {{ my_serial }}"
+

roles/ssp_ps_deploy/tasks/02_create_namespace_secrets.yml

@@ -1,7 +1,7 @@
 ---
 # Create Kubernetes namespace
 # -----------------------------------------------------------------------------
-- name: "Create namespace for SSP Configuration Manager"
+- name: "Create namespace for SSP Perimeter Server"
   kubernetes.core.k8s:
     state: present
     definition:

roles/ssp_ps_deploy/tasks/05_copy_certificates.yml

@@ -0,0 +1,31 @@
+---
+- name: "Set fact cert file"
+  ansible.builtin.set_fact:
+    my_certfile: "{{ my_workdir }}/defkeyCert_{{ my_serial }}.txt"
+
+# kubectl cp some-namespace/some-pod:/tmp/foo /tmp/bar
+- name: Copy /spinstall/IBM/SPcm/defkeyCert.txt from a remote pod to {{ my_certfile }}
+  kubernetes.core.k8s_cp:
+    namespace: "{{ ssp_cm_namespace }}"
+    pod: "s0-ibm-ssp-cm-0"
+    remote_path: /spinstall/IBM/SPcm/defkeyCert.txt
+    local_path: "{{ my_certfile }}"
+    state: from_pod
+  register: cout_k8s_cp
+  retries: 10
+  delay: 30 # seconds
+
+# Create Certificate for Connect:Direct on Kubernetes
+# CD install script only support extensions .crt, .pem and .cer
+# -----------------------------------------------------------------------------
+- name: Create or update Kubernetes secret with certificates files
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: "{{ ssp_keycert_secret }}"
+        namespace: "{{ ssp_ps_namespace }}"
+      data:
+        keycert: "{{ lookup('file', my_certfile) | b64encode }}"

roles/ssp_ps_deploy/tasks/05_install_ssp_ps.yml → roles/ssp_ps_deploy/tasks/06_install_ssp_ps.yml

@@ -1,5 +1,5 @@
 ---
-- name: Define SEAS helm chart values
+- name: Define SSP PS helm chart values
   ansible.builtin.set_fact:
     ssp_ps_other_values:
       persistence:
@@ -30,17 +30,7 @@
   register: helm_cout
   changed_when: helm_cout.rc != 0
 
-# # https://docs.ansible.com/ansible/latest/collections/kubernetes/core/helm_module.html
-# - name: Deploy SEAS chart from local path
-#   kubernetes.core.helm:
-#     name: "{{ my_helm_release }}"
-#     chart_ref: "{{ my_helm.chart }}"
-#     release_namespace: "{{ ssp_ps_namespace }}"
-#     wait: True
-#     timeout: "{{ my_helm.timeout }}"
-#     values_files: "{{ my_helm.values }}"
-
-- name: "Lookup SEAS Pod"
+- name: "Lookup SSP PS Pod"
   kubernetes.core.k8s_info:
     kind: Pod
     namespace: "{{ ssp_ps_namespace }}"
@@ -58,10 +48,10 @@
   ansible.builtin.set_fact:
     ssp_ps_pod_name: "{{ ssp_ps_pod.resources[0].metadata.name }}"
 
-- name: "IBM Sterling SEAS Summary:"
+- name: "IBM Sterling SSP PS Summary:"
   ansible.builtin.debug:
     msg:
-      - "IBM Sterling SEAS status ............................ Ready!"
-      - "SEAS namespace ...................................... {{ ssp_ps_namespace }}"
+      - "IBM Sterling SSP PS status .......................... Ready!"
+      - "SSP PS namespace .................................... {{ ssp_ps_namespace }}"
       - "Pod name ............................................ {{ ssp_ps_pod_name }}"
       - "For username and password check secret .............. {{ ssp_ps_secret }}'"

roles/ssp_ps_deploy/tasks/main.yml

@@ -8,8 +8,11 @@
 - name: Applying Pod Security
   ansible.builtin.include_tasks: 03_apply_pod_security.yml
 
-- name: Define Storage for Data Persistence
-  ansible.builtin.include_tasks: 04_define_storage.yml
+# - name: Define Storage for Data Persistence
+#   ansible.builtin.include_tasks: 04_define_storage.yml
+
+# - name: "Copy Certificates from SSP CM"
+#   ansible.builtin.include_tasks: 05_copy_certificates.yml
 
 - name: Install SSP PS using Helm Chart
-  ansible.builtin.include_tasks: 05_install_ssp_ps.yml
+  ansible.builtin.include_tasks: 06_install_ssp_ps.yml