summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--filter_plugins/oo_filters.py10
-rw-r--r--roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml27
-rw-r--r--roles/openshift_metrics/tasks/install_cassandra.yaml54
-rw-r--r--roles/openshift_metrics/tasks/install_hawkular.yaml60
-rw-r--r--roles/openshift_metrics/tasks/install_heapster.yaml7
-rw-r--r--roles/openshift_metrics/tasks/install_metrics.yaml1
-rw-r--r--roles/openshift_metrics/tasks/setup_certificate.yaml41
7 files changed, 109 insertions, 91 deletions
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py
index 707662cbf..ca2615b29 100644
--- a/filter_plugins/oo_filters.py
+++ b/filter_plugins/oo_filters.py
@@ -11,6 +11,7 @@ import pkg_resources
import re
import json
import yaml
+import random
from ansible import errors
from collections import Mapping
@@ -921,6 +922,14 @@ Ex:
# '+', .split() returns an array of the original string.
return str(version).split('+')[0]
+def oo_random_word(length,source='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'):
+ """Generates a random string of given length from a set of alphanumeric characters.
+ The default source uses [a-z][A-Z][0-9]
+ Ex:
+ - oo_random_word(3) => aB9
+ - oo_random_word(4, source='012') => 0123
+ """
+ return ''.join(random.choice(source) for i in range(length))
class FilterModule(object):
""" Custom ansible filter mapping """
@@ -961,4 +970,5 @@ class FilterModule(object):
"oo_openshift_loadbalancer_frontends": oo_openshift_loadbalancer_frontends,
"oo_openshift_loadbalancer_backends": oo_openshift_loadbalancer_backends,
"to_padded_yaml": to_padded_yaml,
+ "oo_random_word": oo_random_word
}
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
index 1306d0ccd..489856c27 100644
--- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
@@ -13,22 +13,26 @@
hostnames: hawkular-cassandra
changed_when: no
+- slurp: src={{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd
+ register: cassandra_truststore_password
+
- name: check existing aliases on the hawkular-cassandra truststore
shell: >
keytool -noprompt -list
-keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra.truststore
- -storepass "$(<
- '{{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd')"
+ -storepass {{cassandra_truststore_password.content | b64decode }}
| sed -n '7~2s/,.*$//p'
register: hawkular_cassandra_truststore_aliases
changed_when: false
+- slurp: src={{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd
+ register: hawkular_truststore_password
+
- name: check existing aliases on the hawkular-metrics truststore
shell: >
keytool -noprompt -list
-keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-metrics.truststore
- -storepass "$(<
- '{{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd')"
+ -storepass {{ hawkular_truststore_password.content | b64decode }}
| sed -n '7~2s/,.*$//p'
register: hawkular_metrics_truststore_aliases
changed_when: false
@@ -39,8 +43,7 @@
-alias hawkular-metrics
-file '{{ openshift_metrics_certs_dir }}/hawkular-metrics.crt'
-keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore'
- -storepass "$(<
- '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')"
+ -storepass {{cassandra_truststore_password.content | b64decode }}
when: >
'hawkular-metrics' not in
hawkular_cassandra_truststore_aliases.stdout_lines
@@ -51,8 +54,7 @@
-alias hawkular-cassandra
-file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt'
-keystore '{{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore'
- -storepass "$(<
- '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')"
+ -storepass {{ hawkular_truststore_password.content | b64decode }}
when: >
'hawkular-cassandra' not in
hawkular_metrics_truststore_aliases.stdout_lines
@@ -63,8 +65,7 @@
-alias hawkular-cassandra
-file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt'
-keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore'
- -storepass "$(<
- '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')"
+ -storepass {{cassandra_truststore_password.content | b64decode }}
when: >
'hawkular-cassandra' not in
hawkular_cassandra_truststore_aliases.stdout_lines
@@ -75,8 +76,7 @@
-alias '{{ item }}'
-file '{{ openshift_metrics_certs_dir }}/ca.crt'
-keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore'
- -storepass "$(<
- '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')"
+ -storepass {{cassandra_truststore_password.content | b64decode }}
with_items:
- ca
- metricca
@@ -89,8 +89,7 @@
-alias '{{ item }}'
-file '{{ openshift_metrics_certs_dir }}/ca.crt'
-keystore '{{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore'
- -storepass "$(<
- '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')"
+ -storepass {{ hawkular_truststore_password.content | b64decode }}
with_items:
- ca
- metricca
diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml
new file mode 100644
index 000000000..a9340acc3
--- /dev/null
+++ b/roles/openshift_metrics/tasks/install_cassandra.yaml
@@ -0,0 +1,54 @@
+---
+- shell: >
+ {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }}
+ --config={{ mktemp.stdout }}/admin.kubeconfig
+ get rc hawkular-cassandra-{{node}} -o jsonpath='{.spec.replicas}' || echo 0
+ vars:
+ node: "{{ item }}"
+ register: cassandra_replica_count
+ with_sequence: count={{ openshift_metrics_cassandra_replicas }}
+ changed_when: false
+ failed_when: false
+
+- name: generate hawkular-cassandra replication controllers
+ template:
+ src: hawkular_cassandra_rc.j2
+ dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-rc{{ item }}.yaml"
+ vars:
+ node: "{{ item }}"
+ master: "{{ (item == '1')|string|lower }}"
+ replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}"
+ with_sequence: count={{ openshift_metrics_cassandra_replicas }}
+ changed_when: false
+
+- name: generate hawkular-cassandra persistent volume claims
+ template:
+ src: pvc.j2
+ dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
+ vars:
+ obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
+ labels:
+ metrics-infra: hawkular-cassandra
+ access_modes:
+ - ReadWriteOnce
+ size: "{{ openshift_metrics_cassandra_pv_size }}"
+ with_sequence: count={{ openshift_metrics_cassandra_replicas }}
+ when: openshift_metrics_cassandra_storage_type == 'pv'
+ changed_when: false
+
+- name: generate hawkular-cassandra persistent volume claims (dynamic)
+ template:
+ src: pvc.j2
+ dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
+ vars:
+ obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
+ labels:
+ metrics-infra: hawkular-cassandra
+ annotations:
+ volume.alpha.kubernetes.io/storage-class: dynamic
+ access_modes:
+ - ReadWriteOnce
+ size: "{{ openshift_metrics_cassandra_pv_size }}"
+ with_sequence: count={{ openshift_metrics_cassandra_replicas }}
+ when: openshift_metrics_cassandra_storage_type == 'dynamic'
+ changed_when: false
diff --git a/roles/openshift_metrics/tasks/install_hawkular.yaml b/roles/openshift_metrics/tasks/install_hawkular.yaml
index 7c06bc1db..00f7b2554 100644
--- a/roles/openshift_metrics/tasks/install_hawkular.yaml
+++ b/roles/openshift_metrics/tasks/install_hawkular.yaml
@@ -1,9 +1,10 @@
---
-- shell: >
+- command: >
{{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }}
--config={{ mktemp.stdout }}/admin.kubeconfig
- get rc hawkular-metrics -o jsonpath='{.spec.replicas}' || echo 0
+ get rc hawkular-metrics -o jsonpath='{.spec.replicas}'
register: hawkular_metrics_replica_count
+ failed_when: false
changed_when: false
- name: generate hawkular-metrics replication controller
@@ -11,60 +12,7 @@
src: hawkular_metrics_rc.j2
dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_rc.yaml"
vars:
- replica_count: "{{hawkular_metrics_replica_count.stdout}}"
- changed_when: false
-
-- shell: >
- {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }}
- --config={{ mktemp.stdout }}/admin.kubeconfig
- get rc hawkular-cassandra-{{node}} -o jsonpath='{.spec.replicas}' || echo 0
- vars:
- node: "{{ item }}"
- register: cassandra_replica_count
- with_sequence: count={{ openshift_metrics_cassandra_replicas }}
- changed_when: false
-
-- name: generate hawkular-cassandra replication controllers
- template:
- src: hawkular_cassandra_rc.j2
- dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-rc{{ item }}.yaml"
- vars:
- node: "{{ item }}"
- master: "{{ (item == '1')|string|lower }}"
- replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}"
- with_sequence: count={{ openshift_metrics_cassandra_replicas }}
- changed_when: false
-
-- name: generate hawkular-cassandra persistent volume claims
- template:
- src: pvc.j2
- dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
- vars:
- obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
- labels:
- metrics-infra: hawkular-cassandra
- access_modes:
- - ReadWriteOnce
- size: "{{ openshift_metrics_cassandra_pv_size }}"
- with_sequence: count={{ openshift_metrics_cassandra_replicas }}
- when: openshift_metrics_cassandra_storage_type == 'pv'
- changed_when: false
-
-- name: generate hawkular-cassandra persistent volume claims (dynamic)
- template:
- src: pvc.j2
- dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
- vars:
- obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
- labels:
- metrics-infra: hawkular-cassandra
- annotations:
- volume.alpha.kubernetes.io/storage-class: dynamic
- access_modes:
- - ReadWriteOnce
- size: "{{ openshift_metrics_cassandra_pv_size }}"
- with_sequence: count={{ openshift_metrics_cassandra_replicas }}
- when: openshift_metrics_cassandra_storage_type == 'dynamic'
+ replica_count: "{{hawkular_metrics_replica_count.stdout | default(0)}}"
changed_when: false
- name: read hawkular-metrics route destination ca certificate
diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml
index e650391a8..39df797ab 100644
--- a/roles/openshift_metrics/tasks/install_heapster.yaml
+++ b/roles/openshift_metrics/tasks/install_heapster.yaml
@@ -1,13 +1,14 @@
---
-- shell: >
+- command: >
{{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }}
--config={{ mktemp.stdout }}/admin.kubeconfig
- get rc heapster -o jsonpath='{.spec.replicas}' || echo 0
+ get rc heapster -o jsonpath='{.spec.replicas}'
register: heapster_replica_count
+ failed_when: false
changed_when: no
- name: Generate heapster replication controller
template: src=heapster.j2 dest={{mktemp.stdout}}/templates/metrics-heapster-rc.yaml
vars:
- replica_count: "{{heapster_replica_count.stdout}}"
+ replica_count: "{{heapster_replica_count.stdout | default(0)}}"
changed_when: no
diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml
index 5f4b84418..e550f6e8d 100644
--- a/roles/openshift_metrics/tasks/install_metrics.yaml
+++ b/roles/openshift_metrics/tasks/install_metrics.yaml
@@ -16,6 +16,7 @@
- support
- heapster
- hawkular
+ - cassandra
loop_control:
loop_var: include_file
diff --git a/roles/openshift_metrics/tasks/setup_certificate.yaml b/roles/openshift_metrics/tasks/setup_certificate.yaml
index 07c8365b1..c185d3f88 100644
--- a/roles/openshift_metrics/tasks/setup_certificate.yaml
+++ b/roles/openshift_metrics/tasks/setup_certificate.yaml
@@ -11,20 +11,28 @@
--signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.key'|exists
+- slurp: src={{item}}
+ register: component_certs
+ with_items:
+ - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.key'
+ - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.crt'
+ when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists
+
- name: generate {{ component }} certificate
- shell: >
- cat
- '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.key'
- '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.crt'
- > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.pem'
+ copy:
+ dest: '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'
+ content: "{{ component_certs.results | map(attribute='content') | map('b64decode') | join('') }}"
when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists
- name: generate random password for the {{ component }} keystore
- shell: >
- tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
- > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd'
+ copy:
+ content: "{{ 15 | oo_random_word }}"
+ dest: '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd'
when: >
not '{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'|exists
+
+- slurp: src={{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd
+ register: keystore_password
- name: create the {{ component }} pkcs12 from the pem file
command: >
@@ -32,27 +40,24 @@
-in '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'
-out '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'
-name '{{ component }}' -noiter -nomaciter
- -password
- 'file:{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'
+ -password 'pass:{{keystore_password.content | b64decode }}'
when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'|exists
- name: create the {{ component }} keystore from the pkcs12 file
- shell: >
- p=$(< {{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd)
- &&
+ command: >
keytool -v -importkeystore
-srckeystore '{{ openshift_metrics_certs_dir | quote }}/{{ component | quote }}.pkcs12'
-srcstoretype PKCS12
-destkeystore '{{ openshift_metrics_certs_dir | quote }}/{{ component | quote}}.keystore'
-deststoretype JKS
- -deststorepass "$p"
- -srcstorepass "$p"
+ -deststorepass '{{keystore_password.content | b64decode }}'
+ -srcstorepass '{{keystore_password.content | b64decode }}'
when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.keystore'|exists
- name: generate random password for the {{ component }} truststore
- shell: >
- tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
- > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-truststore.pwd'
+ copy:
+ content: "{{ 15 | oo_random_word }}"
+ dest: '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-truststore.pwd'
when: >
not
'{{ openshift_metrics_certs_dir | quote }}/{{ component| quote }}-truststore.pwd'|exists