summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted_metrics
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_hosted_metrics')
-rw-r--r--roles/openshift_hosted_metrics/README.md54
-rw-r--r--roles/openshift_hosted_metrics/defaults/main.yml2
-rw-r--r--roles/openshift_hosted_metrics/handlers/main.yml35
-rw-r--r--roles/openshift_hosted_metrics/meta/main.yaml18
-rw-r--r--roles/openshift_hosted_metrics/tasks/install.yml132
-rw-r--r--roles/openshift_hosted_metrics/tasks/main.yaml75
-rw-r--r--roles/openshift_hosted_metrics/vars/main.yaml21
7 files changed, 337 insertions, 0 deletions
diff --git a/roles/openshift_hosted_metrics/README.md b/roles/openshift_hosted_metrics/README.md
new file mode 100644
index 000000000..c2af3c494
--- /dev/null
+++ b/roles/openshift_hosted_metrics/README.md
@@ -0,0 +1,54 @@
+OpenShift Metrics with Hawkular
+====================
+
+OpenShift Metrics Installation
+
+Requirements
+------------
+
+* Ansible 2.2
+* It requires subdomain fqdn to be set.
+* If persistence is enabled, then it also requires NFS.
+
+Role Variables
+--------------
+
+From this role:
+
+| Name | Default value | |
+|-------------------------------------------------|-----------------------|-------------------------------------------------------------|
+| openshift_hosted_metrics_deploy | `False` | If metrics should be deployed |
+| openshift_hosted_metrics_public_url | null | Hawkular metrics public url |
+| openshift_hosted_metrics_storage_nfs_directory | `/exports` | Root export directory. |
+| openshift_hosted_metrics_storage_volume_name | `metrics` | Metrics volume within openshift_hosted_metrics_volume_dir |
+| openshift_hosted_metrics_storage_volume_size | `10Gi` | Metrics volume size |
+| openshift_hosted_metrics_storage_nfs_options | `*(rw,root_squash)` | NFS options for configured exports. |
+| openshift_hosted_metrics_duration | `7` | Metrics query duration |
+| openshift_hosted_metrics_resolution | `10s` | Metrics resolution |
+
+
+Dependencies
+------------
+openshift_facts
+openshift_examples
+openshift_master_facts
+
+Example Playbook
+----------------
+
+```
+- name: Configure openshift-metrics
+ hosts: oo_first_master
+ roles:
+ - role: openshift_hosted_metrics
+```
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Jose David Martín (j.david.nieto@gmail.com)
diff --git a/roles/openshift_hosted_metrics/defaults/main.yml b/roles/openshift_hosted_metrics/defaults/main.yml
new file mode 100644
index 000000000..a01f24df8
--- /dev/null
+++ b/roles/openshift_hosted_metrics/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+hosted_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/hosted"
diff --git a/roles/openshift_hosted_metrics/handlers/main.yml b/roles/openshift_hosted_metrics/handlers/main.yml
new file mode 100644
index 000000000..69c5a1663
--- /dev/null
+++ b/roles/openshift_hosted_metrics/handlers/main.yml
@@ -0,0 +1,35 @@
+---
+- name: restart master
+ systemd: name={{ openshift.common.service_type }}-master state=restarted
+ when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool))
+ notify: Verify API Server
+
+- name: restart master api
+ systemd: name={{ openshift.common.service_type }}-master-api state=restarted
+ when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
+ notify: Verify API Server
+
+- name: restart master controllers
+ systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native'
+
+- name: Verify API Server
+ # Using curl here since the uri module requires python-httplib2 and
+ # wait_for port doesn't provide health information.
+ command: >
+ curl --silent --tlsv1.2
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
+ {{ openshift.master.api_url }}/healthz/ready
+ args:
+ # Disables the following warning:
+ # Consider using get_url or uri module rather than running curl
+ warn: no
+ register: api_available_output
+ until: api_available_output.stdout == 'ok'
+ retries: 120
+ delay: 1
+ changed_when: false
diff --git a/roles/openshift_hosted_metrics/meta/main.yaml b/roles/openshift_hosted_metrics/meta/main.yaml
new file mode 100644
index 000000000..debca3ca6
--- /dev/null
+++ b/roles/openshift_hosted_metrics/meta/main.yaml
@@ -0,0 +1,18 @@
+---
+galaxy_info:
+ author: David Martín
+ description:
+ company:
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.2
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: openshift_examples }
+- { role: openshift_facts }
+- { role: openshift_master_facts }
diff --git a/roles/openshift_hosted_metrics/tasks/install.yml b/roles/openshift_hosted_metrics/tasks/install.yml
new file mode 100644
index 000000000..2c839996e
--- /dev/null
+++ b/roles/openshift_hosted_metrics/tasks/install.yml
@@ -0,0 +1,132 @@
+---
+
+- name: Test if metrics-deployer service account exists
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace=openshift-infra
+ get serviceaccount metrics-deployer -o json
+ register: serviceaccount
+ changed_when: false
+ failed_when: false
+
+- name: Create metrics-deployer Service Account
+ shell: >
+ echo {{ metrics_deployer_sa | to_json | quote }} |
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ create -f -
+ when: serviceaccount.rc == 1
+
+- name: Test edit permissions
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}'
+ register: edit_rolebindings
+ changed_when: false
+
+- name: Add edit permission to the openshift-infra project to metrics-deployer SA
+ command: >
+ {{ openshift.common.client_binary }} adm
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ policy add-role-to-user edit
+ system:serviceaccount:openshift-infra:metrics-deployer
+ when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout"
+
+- name: Test hawkular view permissions
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get rolebindings -o jsonpath='{.items[?(@.metadata.name == "view")].userNames}'
+ register: view_rolebindings
+ changed_when: false
+
+- name: Add view permissions to hawkular SA
+ command: >
+ {{ openshift.common.client_binary }} adm
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ policy add-role-to-user view
+ system:serviceaccount:openshift-infra:hawkular
+ when: "'system:serviceaccount:openshift-infra:hawkular' not in view_rolebindings"
+
+- name: Test cluster-reader permissions
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}'
+ register: cluster_reader_clusterrolebindings
+ changed_when: false
+
+- name: Add cluster-reader permission to the openshift-infra project to heapster SA
+ command: >
+ {{ openshift.common.client_binary }} adm
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ policy add-cluster-role-to-user cluster-reader
+ system:serviceaccount:openshift-infra:heapster
+ when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout"
+
+- name: Create metrics-deployer secret
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ secrets new metrics-deployer nothing=/dev/null
+ register: metrics_deployer_secret
+ changed_when: metrics_deployer_secret.rc == 0
+ failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr"
+
+# TODO: extend this to allow user passed in certs or generating cert with
+# OpenShift CA
+- name: Build metrics deployer command
+ set_fact:
+ deployer_cmd: "{{ openshift.common.client_binary }} process -f \
+ {{ hosted_base }}/metrics-deployer.yaml -v \
+ HAWKULAR_METRICS_HOSTNAME={{ g_metrics_hostname }} \
+ -v USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }} \
+ -v DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }} \
+ -v METRIC_DURATION={{ openshift.hosted.metrics.duration }} \
+ -v METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}
+ {{ image_prefix }} \
+ {{ image_version }} \
+ -v MODE={{ deployment_mode }} \
+ | {{ openshift.common.client_binary }} --namespace openshift-infra \
+ --config={{ openshift_hosted_metrics_kubeconfig }} \
+ create -o name -f -"
+
+- name: Deploy Metrics
+ shell: "{{ deployer_cmd }}"
+ register: deploy_metrics
+ failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0"
+ changed_when: deploy_metrics.rc == 0
+
+- set_fact:
+ deployer_pod: "{{ deploy_metrics.stdout[1:2] }}"
+
+# TODO: re-enable this once the metrics deployer validation issue is fixed
+# when using dynamically provisioned volumes
+- name: "Wait for image pull and deployer pod"
+ shell: >
+ {{ openshift.common.client_binary }}
+ --namespace openshift-infra
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ get {{ deploy_metrics.stdout }}
+ register: deploy_result
+ until: "{{ 'Completed' in deploy_result.stdout }}"
+ failed_when: False
+ retries: 60
+ delay: 10
+
+- name: Configure master for metrics
+ modify_yaml:
+ dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ yaml_key: assetConfig.metricsPublicURL
+ yaml_value: "{{ openshift_hosted_metrics_public_url }}"
+ notify: restart master
diff --git a/roles/openshift_hosted_metrics/tasks/main.yaml b/roles/openshift_hosted_metrics/tasks/main.yaml
new file mode 100644
index 000000000..5ce8aa92b
--- /dev/null
+++ b/roles/openshift_hosted_metrics/tasks/main.yaml
@@ -0,0 +1,75 @@
+---
+- name: Create temp directory for kubeconfig
+ command: mktemp -d /tmp/openshift-ansible-XXXXXX
+ register: mktemp
+ changed_when: False
+
+- name: Record kubeconfig tmp dir
+ set_fact:
+ openshift_hosted_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+
+- name: Copy the admin client config(s)
+ command: >
+ cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_metrics_kubeconfig }}
+ changed_when: False
+
+- name: Set hosted metrics facts
+ openshift_facts:
+ role: hosted
+ openshift_env: "{{ hostvars
+ | oo_merge_hostvars(vars, inventory_hostname)
+ | oo_openshift_env }}"
+ openshift_env_structures:
+ - 'openshift.hosted.metrics.*'
+
+- set_fact:
+ metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}"
+ metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}"
+ metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}"
+ image_prefix: "{{ '-v IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer.prefix if 'prefix' in openshift.hosted.metrics.deployer else '' }}"
+ image_version: "{{ '-v IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer.version if 'version' in openshift.hosted.metrics.deployer else '' }}"
+
+
+- name: Check for existing metrics pods
+ shell: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get pods -l {{ item }} | grep -q Running
+ register: metrics_pods_status
+ with_items:
+ - metrics-infra=hawkular-metrics
+ - metrics-infra=heapster
+ - metrics-infra=hawkular-cassandra
+ failed_when: false
+ changed_when: false
+
+- name: Check for previous deployer
+ shell: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_metrics_kubeconfig }}
+ --namespace openshift-infra
+ get pods -l metrics-infra=deployer --sort-by='{.metadata.creationTimestamp}' | tail -1 | grep metrics-deployer-
+ register: metrics_deployer_status
+ failed_when: false
+ changed_when: false
+
+- name: Record current deployment status
+ set_fact:
+ greenfield: "{{ not metrics_deployer_status.rc == 0 }}"
+ failed_error: "{{ True if 'Error' in metrics_deployer_status.stdout else False }}"
+ metrics_running: "{{ metrics_pods_status.results | oo_collect(attribute='rc') == [0,0,0] }}"
+
+- name: Set deployment mode
+ set_fact:
+ deployment_mode: "{{ 'refresh' if (failed_error | bool or metrics_upgrade | bool) else 'deploy' }}"
+
+# TODO: handle non greenfield deployments in the future
+- include: install.yml
+ when: greenfield
+
+- name: Delete temp directory
+ file:
+ name: "{{ mktemp.stdout }}"
+ state: absent
+ changed_when: False
diff --git a/roles/openshift_hosted_metrics/vars/main.yaml b/roles/openshift_hosted_metrics/vars/main.yaml
new file mode 100644
index 000000000..6c207d6ac
--- /dev/null
+++ b/roles/openshift_hosted_metrics/vars/main.yaml
@@ -0,0 +1,21 @@
+---
+hawkular_permission_oc_commands:
+ - policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra
+ - policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster
+
+metrics_deployer_sa:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ name: metrics-deployer
+ secrets:
+ - name: metrics-deployer
+
+
+hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig
+
+hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}true{% else %}false{% endif %}"
+
+hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}"
+
+metrics_upgrade: openshift.hosted.metrics.upgrade | default(False)