summaryrefslogtreecommitdiffstats
path: root/playbooks/certificate_expiry
diff options
context:
space:
mode:
authorLuke Meyer <lmeyer@redhat.com>2017-04-27 13:09:08 -0400
committerLuke Meyer <lmeyer@redhat.com>2017-05-22 15:13:15 -0400
commita1228a7c4acdb088fbf43c9a67b7eccf7ee67d07 (patch)
tree205410f3d7f759a094fc45054377db2d837e285f /playbooks/certificate_expiry
parent896a0c90b34217fab19160ea48c51f926fbcdeed (diff)
downloadopenshift-a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07.tar.gz
openshift-a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07.tar.bz2
openshift-a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07.tar.xz
openshift-a1228a7c4acdb088fbf43c9a67b7eccf7ee67d07.zip
health check playbooks: relocate and expand
We are moving toward having adhoc post-install checks and so the "preflight" designation needs to be widened. Updated location to playbooks/byo/openshift-checks, added health check playbook, and updated README. Also included the certificate_expiry playbooks. Left behind symlinks and wrappers for existing checks. To conform with the direction of the rest of the repo, the openshift-checks playbooks are split into two directories, one under playbooks/common with the actual invocation and one under playbooks/byo for entrypoints that are just wrappers for the ones in common. Because the certificate_expiry playbooks are intended not just to be functional but to be examples that users modify, I did not split them similarly. That could happen later after discussion but for now I just left them whole under byo/openshift-checks/certificate_expiry.
Diffstat (limited to 'playbooks/certificate_expiry')
l---------playbooks/certificate_expiry1
-rw-r--r--playbooks/certificate_expiry/default.yaml10
-rw-r--r--playbooks/certificate_expiry/easy-mode-upload.yaml40
-rw-r--r--playbooks/certificate_expiry/easy-mode.yaml18
-rw-r--r--playbooks/certificate_expiry/html_and_json_default_paths.yaml12
-rw-r--r--playbooks/certificate_expiry/html_and_json_timestamp.yaml16
-rw-r--r--playbooks/certificate_expiry/longer-warning-period-json-results.yaml13
-rw-r--r--playbooks/certificate_expiry/longer_warning_period.yaml12
l---------playbooks/certificate_expiry/roles1
9 files changed, 1 insertions, 122 deletions
diff --git a/playbooks/certificate_expiry b/playbooks/certificate_expiry
new file mode 120000
index 000000000..9cf5334a1
--- /dev/null
+++ b/playbooks/certificate_expiry
@@ -0,0 +1 @@
+byo/openshift-checks/certificate_expiry/ \ No newline at end of file
diff --git a/playbooks/certificate_expiry/default.yaml b/playbooks/certificate_expiry/default.yaml
deleted file mode 100644
index 630135cae..000000000
--- a/playbooks/certificate_expiry/default.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# Default behavior, you will need to ensure you run ansible with the
-# -v option to see report results:
-
-- name: Check cert expirys
- hosts: nodes:masters:etcd
- become: yes
- gather_facts: no
- roles:
- - role: openshift_certificate_expiry
diff --git a/playbooks/certificate_expiry/easy-mode-upload.yaml b/playbooks/certificate_expiry/easy-mode-upload.yaml
deleted file mode 100644
index 378d1f154..000000000
--- a/playbooks/certificate_expiry/easy-mode-upload.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-# This example generates HTML and JSON reports and
-#
-# Copies of the generated HTML and JSON reports are uploaded to the masters,
-# which is particularly useful when this playbook is run from a container.
-#
-# All certificates (healthy or not) are included in the results
-#
-# Optional environment variables to alter the behaviour of the playbook:
-# CERT_EXPIRY_WARN_DAYS: Length of the warning window in days (45)
-# COPY_TO_PATH: path to copy reports to in the masters (/etc/origin/certificate_expiration_report)
----
-- name: Generate certificate expiration reports
- hosts: nodes:masters:etcd
- gather_facts: no
- vars:
- openshift_certificate_expiry_save_json_results: yes
- openshift_certificate_expiry_generate_html_report: yes
- openshift_certificate_expiry_show_all: yes
- openshift_certificate_expiry_warning_days: "{{ lookup('env', 'CERT_EXPIRY_WARN_DAYS') | default('45', true) }}"
- roles:
- - role: openshift_certificate_expiry
-
-- name: Upload reports to master
- hosts: masters
- gather_facts: no
- vars:
- destination_path: "{{ lookup('env', 'COPY_TO_PATH') | default('/etc/origin/certificate_expiration_report', true) }}"
- timestamp: "{{ lookup('pipe', 'date +%Y%m%d') }}"
- tasks:
- - name: Ensure that the target directory exists
- file:
- path: "{{ destination_path }}"
- state: directory
- - name: Copy the reports
- copy:
- dest: "{{ destination_path }}/{{ timestamp }}-{{ item }}"
- src: "/tmp/{{ item }}"
- with_items:
- - "cert-expiry-report.html"
- - "cert-expiry-report.json"
diff --git a/playbooks/certificate_expiry/easy-mode.yaml b/playbooks/certificate_expiry/easy-mode.yaml
deleted file mode 100644
index ae41c7c14..000000000
--- a/playbooks/certificate_expiry/easy-mode.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-# This example playbook is great if you're just wanting to try the
-# role out.
-#
-# This example enables HTML and JSON reports
-#
-# All certificates (healthy or not) are included in the results
-
-- name: Check cert expirys
- hosts: nodes:masters:etcd
- become: yes
- gather_facts: no
- vars:
- openshift_certificate_expiry_save_json_results: yes
- openshift_certificate_expiry_generate_html_report: yes
- openshift_certificate_expiry_show_all: yes
- roles:
- - role: openshift_certificate_expiry
diff --git a/playbooks/certificate_expiry/html_and_json_default_paths.yaml b/playbooks/certificate_expiry/html_and_json_default_paths.yaml
deleted file mode 100644
index d80cb6ff4..000000000
--- a/playbooks/certificate_expiry/html_and_json_default_paths.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# Generate HTML and JSON artifacts in their default paths:
-
-- name: Check cert expirys
- hosts: nodes:masters:etcd
- become: yes
- gather_facts: no
- vars:
- openshift_certificate_expiry_generate_html_report: yes
- openshift_certificate_expiry_save_json_results: yes
- roles:
- - role: openshift_certificate_expiry
diff --git a/playbooks/certificate_expiry/html_and_json_timestamp.yaml b/playbooks/certificate_expiry/html_and_json_timestamp.yaml
deleted file mode 100644
index 2189455b7..000000000
--- a/playbooks/certificate_expiry/html_and_json_timestamp.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-# Generate timestamped HTML and JSON reports in /var/lib/certcheck
-
-- name: Check cert expirys
- hosts: nodes:masters:etcd
- become: yes
- gather_facts: no
- vars:
- openshift_certificate_expiry_generate_html_report: yes
- openshift_certificate_expiry_save_json_results: yes
- openshift_certificate_expiry_show_all: yes
- timestamp: "{{ lookup('pipe', 'date +%Y%m%d') }}"
- openshift_certificate_expiry_html_report_path: "/var/lib/certcheck/{{ timestamp }}-cert-expiry-report.html"
- openshift_certificate_expiry_json_results_path: "/var/lib/certcheck/{{ timestamp }}-cert-expiry-report.json"
- roles:
- - role: openshift_certificate_expiry
diff --git a/playbooks/certificate_expiry/longer-warning-period-json-results.yaml b/playbooks/certificate_expiry/longer-warning-period-json-results.yaml
deleted file mode 100644
index 87a0f3be4..000000000
--- a/playbooks/certificate_expiry/longer-warning-period-json-results.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-# Change the expiration warning window to 1500 days (good for testing
-# the module out) and save the results as a JSON file:
-
-- name: Check cert expirys
- hosts: nodes:masters:etcd
- become: yes
- gather_facts: no
- vars:
- openshift_certificate_expiry_warning_days: 1500
- openshift_certificate_expiry_save_json_results: yes
- roles:
- - role: openshift_certificate_expiry
diff --git a/playbooks/certificate_expiry/longer_warning_period.yaml b/playbooks/certificate_expiry/longer_warning_period.yaml
deleted file mode 100644
index 960457c4b..000000000
--- a/playbooks/certificate_expiry/longer_warning_period.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# Change the expiration warning window to 1500 days (good for testing
-# the module out):
-
-- name: Check cert expirys
- hosts: nodes:masters:etcd
- become: yes
- gather_facts: no
- vars:
- openshift_certificate_expiry_warning_days: 1500
- roles:
- - role: openshift_certificate_expiry
diff --git a/playbooks/certificate_expiry/roles b/playbooks/certificate_expiry/roles
deleted file mode 120000
index b741aa3db..000000000
--- a/playbooks/certificate_expiry/roles
+++ /dev/null
@@ -1 +0,0 @@
-../../roles \ No newline at end of file