diff options
author | Luke Meyer <lmeyer@redhat.com> | 2017-04-27 13:09:08 -0400 |
---|---|---|
committer | Luke Meyer <lmeyer@redhat.com> | 2017-05-22 15:13:15 -0400 |
commit | a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07 (patch) | |
tree | 205410f3d7f759a094fc45054377db2d837e285f /playbooks/certificate_expiry | |
parent | 896a0c90b34217fab19160ea48c51f926fbcdeed (diff) | |
download | openshift-a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07.tar.gz openshift-a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07.tar.bz2 openshift-a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07.tar.xz openshift-a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07.zip |
health check playbooks: relocate and expand
We are moving toward having adhoc post-install checks and so the
"preflight" designation needs to be widened.
Updated location to playbooks/byo/openshift-checks, added health check playbook, and updated README.
Also included the certificate_expiry playbooks.
Left behind symlinks and wrappers for existing checks.
To conform with the direction of the rest of the repo, the
openshift-checks playbooks are split into two directories, one under
playbooks/common with the actual invocation and one under
playbooks/byo for entrypoints that are just wrappers for the ones in common.
Because the certificate_expiry playbooks are intended not just to be
functional but to be examples that users modify, I did not split them
similarly. That could happen later after discussion but for now I just
left them whole under byo/openshift-checks/certificate_expiry.
Diffstat (limited to 'playbooks/certificate_expiry')
l--------- | playbooks/certificate_expiry | 1 | ||||
-rw-r--r-- | playbooks/certificate_expiry/default.yaml | 10 | ||||
-rw-r--r-- | playbooks/certificate_expiry/easy-mode-upload.yaml | 40 | ||||
-rw-r--r-- | playbooks/certificate_expiry/easy-mode.yaml | 18 | ||||
-rw-r--r-- | playbooks/certificate_expiry/html_and_json_default_paths.yaml | 12 | ||||
-rw-r--r-- | playbooks/certificate_expiry/html_and_json_timestamp.yaml | 16 | ||||
-rw-r--r-- | playbooks/certificate_expiry/longer-warning-period-json-results.yaml | 13 | ||||
-rw-r--r-- | playbooks/certificate_expiry/longer_warning_period.yaml | 12 | ||||
l--------- | playbooks/certificate_expiry/roles | 1 |
9 files changed, 1 insertions, 122 deletions
diff --git a/playbooks/certificate_expiry b/playbooks/certificate_expiry new file mode 120000 index 000000000..9cf5334a1 --- /dev/null +++ b/playbooks/certificate_expiry @@ -0,0 +1 @@ +byo/openshift-checks/certificate_expiry/
\ No newline at end of file diff --git a/playbooks/certificate_expiry/default.yaml b/playbooks/certificate_expiry/default.yaml deleted file mode 100644 index 630135cae..000000000 --- a/playbooks/certificate_expiry/default.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Default behavior, you will need to ensure you run ansible with the -# -v option to see report results: - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - roles: - - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/easy-mode-upload.yaml b/playbooks/certificate_expiry/easy-mode-upload.yaml deleted file mode 100644 index 378d1f154..000000000 --- a/playbooks/certificate_expiry/easy-mode-upload.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# This example generates HTML and JSON reports and -# -# Copies of the generated HTML and JSON reports are uploaded to the masters, -# which is particularly useful when this playbook is run from a container. -# -# All certificates (healthy or not) are included in the results -# -# Optional environment variables to alter the behaviour of the playbook: -# CERT_EXPIRY_WARN_DAYS: Length of the warning window in days (45) -# COPY_TO_PATH: path to copy reports to in the masters (/etc/origin/certificate_expiration_report) ---- -- name: Generate certificate expiration reports - hosts: nodes:masters:etcd - gather_facts: no - vars: - openshift_certificate_expiry_save_json_results: yes - openshift_certificate_expiry_generate_html_report: yes - openshift_certificate_expiry_show_all: yes - openshift_certificate_expiry_warning_days: "{{ lookup('env', 'CERT_EXPIRY_WARN_DAYS') | default('45', true) }}" - roles: - - role: openshift_certificate_expiry - -- name: Upload reports to master - hosts: masters - gather_facts: no - vars: - destination_path: "{{ lookup('env', 'COPY_TO_PATH') | default('/etc/origin/certificate_expiration_report', true) }}" - timestamp: "{{ lookup('pipe', 'date +%Y%m%d') }}" - tasks: - - name: Ensure that the target directory exists - file: - path: "{{ destination_path }}" - state: directory - - name: Copy the reports - copy: - dest: "{{ destination_path }}/{{ timestamp }}-{{ item }}" - src: "/tmp/{{ item }}" - with_items: - - "cert-expiry-report.html" - - "cert-expiry-report.json" diff --git a/playbooks/certificate_expiry/easy-mode.yaml b/playbooks/certificate_expiry/easy-mode.yaml deleted file mode 100644 index ae41c7c14..000000000 --- a/playbooks/certificate_expiry/easy-mode.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# This example playbook is great if you're just wanting to try the -# role out. -# -# This example enables HTML and JSON reports -# -# All certificates (healthy or not) are included in the results - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_save_json_results: yes - openshift_certificate_expiry_generate_html_report: yes - openshift_certificate_expiry_show_all: yes - roles: - - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/html_and_json_default_paths.yaml b/playbooks/certificate_expiry/html_and_json_default_paths.yaml deleted file mode 100644 index d80cb6ff4..000000000 --- a/playbooks/certificate_expiry/html_and_json_default_paths.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Generate HTML and JSON artifacts in their default paths: - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_generate_html_report: yes - openshift_certificate_expiry_save_json_results: yes - roles: - - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/html_and_json_timestamp.yaml b/playbooks/certificate_expiry/html_and_json_timestamp.yaml deleted file mode 100644 index 2189455b7..000000000 --- a/playbooks/certificate_expiry/html_and_json_timestamp.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Generate timestamped HTML and JSON reports in /var/lib/certcheck - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_generate_html_report: yes - openshift_certificate_expiry_save_json_results: yes - openshift_certificate_expiry_show_all: yes - timestamp: "{{ lookup('pipe', 'date +%Y%m%d') }}" - openshift_certificate_expiry_html_report_path: "/var/lib/certcheck/{{ timestamp }}-cert-expiry-report.html" - openshift_certificate_expiry_json_results_path: "/var/lib/certcheck/{{ timestamp }}-cert-expiry-report.json" - roles: - - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/longer-warning-period-json-results.yaml b/playbooks/certificate_expiry/longer-warning-period-json-results.yaml deleted file mode 100644 index 87a0f3be4..000000000 --- a/playbooks/certificate_expiry/longer-warning-period-json-results.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Change the expiration warning window to 1500 days (good for testing -# the module out) and save the results as a JSON file: - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_warning_days: 1500 - openshift_certificate_expiry_save_json_results: yes - roles: - - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/longer_warning_period.yaml b/playbooks/certificate_expiry/longer_warning_period.yaml deleted file mode 100644 index 960457c4b..000000000 --- a/playbooks/certificate_expiry/longer_warning_period.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Change the expiration warning window to 1500 days (good for testing -# the module out): - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_warning_days: 1500 - roles: - - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/roles b/playbooks/certificate_expiry/roles deleted file mode 120000 index b741aa3db..000000000 --- a/playbooks/certificate_expiry/roles +++ /dev/null @@ -1 +0,0 @@ -../../roles
\ No newline at end of file |