diff options
Diffstat (limited to 'roles')
56 files changed, 1680 insertions, 188 deletions
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 79a91dfde..27bfb7de9 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install etcd - yum: pkg=etcd state=present + yum: pkg=etcd-2.* state=present - name: Validate permissions on the config dir file: diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml index ab151fe5b..8a266f732 100644 --- a/roles/etcd_ca/tasks/main.yml +++ b/roles/etcd_ca/tasks/main.yml @@ -37,6 +37,7 @@ openssl req -config openssl.cnf -newkey rsa:4096 -keyout ca.key -new -out ca.crt -x509 -extensions etcd_v3_ca_self -batch -nodes -subj /CN=etcd-signer@{{ ansible_date_time.epoch }} + -days 365 args: chdir: "{{ etcd_ca_dir }}" creates: "{{ etcd_ca_dir }}/ca.crt" diff --git a/roles/fluentd_master/tasks/main.yml b/roles/fluentd_master/tasks/main.yml index d64900eb0..d592dc306 100644 --- a/roles/fluentd_master/tasks/main.yml +++ b/roles/fluentd_master/tasks/main.yml @@ -40,7 +40,7 @@ mode: 0444 - name: "Pause before restarting td-agent and openshift-master, depending on the number of nodes." - pause: seconds={{ num_nodes|int * 5 }} + pause: seconds={{ ( num_nodes|int < 3 ) | ternary(15, (num_nodes|int * 5)) }} - name: ensure td-agent is running service: diff --git a/roles/openshift_cluster_metrics/README.md b/roles/openshift_cluster_metrics/README.md new file mode 100644 index 000000000..9fdfab8e3 --- /dev/null +++ b/roles/openshift_cluster_metrics/README.md @@ -0,0 +1,36 @@ +#openshift_cluster_metrics + +This role configures Cluster wide metrics. It does setting up three services: +* Metrics are stored in InfluxDB for querying. +* Heapster reads all nodes and pods from the master, then connects to eachs node's kubelet to retrieve pod metrics. +* Grafan allows users to create dashboards of metrics from InfluxDB + +## Requirements + +Running OpenShift cluster + +## Role Variables + +``` +# Enable cluster metrics +use_cluster_metrics=true +``` + +## Dependencies + +None + +## Example Playbook + +TODO + +## Security Note +Opening up the read-only port exposes information about the running pods (such as namespace, pod name, labels, etc.) to unauthenticated clients. The requirement to open up this read-only port will be fixed in future versions. + +##License + +Apache License, Version 2.0 + +## Author Information + +Diego Castro (diego.castro@getupcloud.com) diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml new file mode 100644 index 000000000..bff422efc --- /dev/null +++ b/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml @@ -0,0 +1,53 @@ +apiVersion: "v1" +kind: "List" +items: + - + apiVersion: "v1" + kind: "Service" + metadata: + labels: + provider: "fabric8" + component: "grafana" + name: "grafana" + spec: + ports: + - + port: 80 + targetPort: "http" + selector: + provider: "fabric8" + component: "grafana" + - + apiVersion: "v1" + kind: "ReplicationController" + metadata: + labels: + provider: "fabric8" + component: "grafana" + name: "grafana" + spec: + replicas: 1 + selector: + provider: "fabric8" + component: "grafana" + template: + metadata: + labels: + provider: "fabric8" + component: "grafana" + spec: + containers: + - + env: + - + name: "INFLUXDB_SERVICE_NAME" + value: "INFLUXDB_MONITORING" + - + name: "GRAFANA_DEFAULT_DASHBOARD" + value: "/dashboard/file/kubernetes.json" + image: "fabric8/grafana:1.9.1_2" + name: "grafana" + ports: + - + containerPort: 3000 + name: "http"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml new file mode 100644 index 000000000..1de2ad699 --- /dev/null +++ b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: heapster
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml new file mode 100644 index 000000000..83e314074 --- /dev/null +++ b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml @@ -0,0 +1,30 @@ +apiVersion: "v1" +kind: "List" +items: + - + apiVersion: "v1" + kind: "ReplicationController" + metadata: + labels: + provider: "fabric8" + component: "heapster" + name: "heapster" + spec: + replicas: 1 + selector: + provider: "fabric8" + component: "heapster" + template: + metadata: + labels: + provider: "fabric8" + component: "heapster" + spec: + containers: + - + args: + - "-source=kubernetes:https://kubernetes.default.svc.cluster.local?auth=&insecure=true&useServiceAccount=true" + - "-sink=influxdb:http://influxdb-monitoring.default.svc.cluster.local:8086" + image: "kubernetes/heapster:V0.14.2" + name: "heapster" + serviceAccount: "heapster"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml new file mode 100644 index 000000000..6f67c3d7c --- /dev/null +++ b/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml @@ -0,0 +1,67 @@ +apiVersion: "v1" +kind: "List" +items: + - + apiVersion: "v1" + kind: "Service" + metadata: + labels: + provider: "fabric8" + component: "influxdb-monitoring" + name: "influxdb-monitoring" + spec: + ports: + - + port: 8086 + targetPort: "http" + selector: + provider: "fabric8" + component: "influxdb-monitoring" + - + apiVersion: "v1" + kind: "ReplicationController" + metadata: + labels: + provider: "fabric8" + component: "influxdb-monitoring" + name: "influxdb-monitoring" + spec: + replicas: 1 + selector: + provider: "fabric8" + component: "influxdb-monitoring" + template: + metadata: + labels: + provider: "fabric8" + component: "influxdb-monitoring" + spec: + containers: + - + env: + - + name: "PRE_CREATE_DB" + value: "k8s;grafana" + image: "fabric8/influxdb:0.8.8" + name: "influxdb" + ports: + - + containerPort: 8090 + name: "raft" + - + containerPort: 8099 + name: "protobuf" + - + containerPort: 8083 + name: "admin" + - + containerPort: 8086 + name: "http" + volumeMounts: + - + mountPath: "/data" + name: "influxdb-data" + volumes: + - + emptyDir: + name: "influxdb-data"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml new file mode 100644 index 000000000..3938aba4c --- /dev/null +++ b/roles/openshift_cluster_metrics/tasks/main.yml @@ -0,0 +1,50 @@ +--- + +- name: Install cluster metrics templates + copy: + src: cluster-metrics + dest: /etc/openshift/ + +- name: Create InfluxDB Services + command: > + {{ openshift.common.client_binary }} create -f + /etc/openshift/cluster-metrics/influxdb.yaml + register: oex_influxdb_services + failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0" + changed_when: false + +- name: Create Heapster Service Account + command: > + {{ openshift.common.client_binary }} create -f + /etc/openshift/cluster-metrics/heapster-serviceaccount.yaml + register: oex_heapster_serviceaccount + failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0" + changed_when: false + +- name: Add cluster-reader role to Heapster + command: > + {{ openshift.common.admin_binary }} policy + add-cluster-role-to-user + cluster-reader + system:serviceaccount:default:heapster + register: oex_cluster_header_role + register: oex_cluster_header_role + failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0" + changed_when: false + +- name: Create Heapster Services + command: > + {{ openshift.common.client_binary }} create -f + /etc/openshift/cluster-metrics/heapster.yaml + register: oex_heapster_services + failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" + changed_when: false + +- name: Create Grafana Services + command: > + {{ openshift.common.client_binary }} create -f + /etc/openshift/cluster-metrics/grafana.yaml + register: oex_grafana_services + failed_when: "'already exists' not in oex_grafana_services.stderr and oex_grafana_services.rc != 0" + changed_when: false + diff --git a/roles/openshift_common/README.md b/roles/openshift_common/README.md index eb4ef26e8..87306d4a6 100644 --- a/roles/openshift_common/README.md +++ b/roles/openshift_common/README.md @@ -1,7 +1,7 @@ -OpenShift Common -================ +OpenShift/Atomic Enterprise Common +=================================== -OpenShift common installation and configuration tasks. +OpenShift/Atomic Enterprise common installation and configuration tasks. Requirements ------------ @@ -15,7 +15,7 @@ Role Variables | Name | Default value | | |---------------------------|-------------------|---------------------------------------------| | openshift_cluster_id | default | Cluster name if multiple OpenShift clusters | -| openshift_debug_level | 0 | Global openshift debug log verbosity | +| openshift_debug_level | 2 | Global openshift debug log verbosity | | openshift_hostname | UNDEF | Internal hostname to use for this host (this value will set the hostname on the system) | | openshift_ip | UNDEF | Internal IP address to use for this host | | openshift_public_hostname | UNDEF | Public hostname to use for this host | diff --git a/roles/openshift_common/defaults/main.yml b/roles/openshift_common/defaults/main.yml index 4d3e0fe9e..267c03605 100644 --- a/roles/openshift_common/defaults/main.yml +++ b/roles/openshift_common/defaults/main.yml @@ -1,3 +1,3 @@ --- openshift_cluster_id: 'default' -openshift_debug_level: 0 +openshift_debug_level: 2 diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index e4d616067..d9f2dafab 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -4,7 +4,7 @@ role: common local_facts: cluster_id: "{{ openshift_cluster_id | default('default') }}" - debug_level: "{{ openshift_debug_level | default(0) }}" + debug_level: "{{ openshift_debug_level | default(2) }}" hostname: "{{ openshift_hostname | default(None) }}" ip: "{{ openshift_ip | default(None) }}" public_hostname: "{{ openshift_public_hostname | default(None) }}" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index 12d3bc263..3047a3add 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -24,6 +24,7 @@ unzip dancer-ex-master.zip unzip cakephp-ex-master.zip unzip application-templates-master.zip cp origin-master/examples/db-templates/* ${EXAMPLES_BASE}/db-templates/ +cp origin-master/examples/jenkins/jenkins-*template.json ${EXAMPLES_BASE}/quickstart-templates/ cp origin-master/examples/image-streams/* ${EXAMPLES_BASE}/image-streams/ cp django-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ cp rails-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ diff --git a/roles/openshift_examples/files/examples/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/db-templates/mongodb-ephemeral-template.json index 6252da2ec..6b90fa54e 100644 --- a/roles/openshift_examples/files/examples/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/db-templates/mongodb-ephemeral-template.json @@ -1,6 +1,6 @@ { "kind": "Template", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "mongodb-ephemeral", "creationTimestamp": null, @@ -13,7 +13,7 @@ "objects": [ { "kind": "Service", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -41,7 +41,7 @@ }, { "kind": "DeploymentConfig", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -147,30 +147,35 @@ { "name": "DATABASE_SERVICE_NAME", "description": "Database service name", - "value": "mongodb" + "value": "mongodb", + "required": true }, { "name": "MONGODB_USER", "description": "Username for MongoDB user that will be used for accessing the database", "generate": "expression", - "from": "user[A-Z0-9]{3}" + "from": "user[A-Z0-9]{3}", + "required": true }, { "name": "MONGODB_PASSWORD", "description": "Password for the MongoDB user", "generate": "expression", - "from": "[a-zA-Z0-9]{16}" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MONGODB_DATABASE", "description": "Database name", - "value": "sampledb" + "value": "sampledb", + "required": true }, { "name": "MONGODB_ADMIN_PASSWORD", "description": "Password for the database admin user", "generate": "expression", - "from": "[a-zA-Z0-9]{16}" + "from": "[a-zA-Z0-9]{16}", + "required": true } ], "labels": { diff --git a/roles/openshift_examples/files/examples/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/db-templates/mongodb-persistent-template.json index c05e81e56..97b315600 100644 --- a/roles/openshift_examples/files/examples/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/db-templates/mongodb-persistent-template.json @@ -1,6 +1,6 @@ { "kind": "Template", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "mongodb-persistent", "creationTimestamp": null, @@ -13,7 +13,7 @@ "objects": [ { "kind": "Service", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -41,7 +41,7 @@ }, { "kind": "PersistentVolumeClaim", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}" }, @@ -58,7 +58,7 @@ }, { "kind": "DeploymentConfig", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -164,35 +164,41 @@ { "name": "DATABASE_SERVICE_NAME", "description": "Database service name", - "value": "mongodb" + "value": "mongodb", + "required": true }, { "name": "MONGODB_USER", "description": "Username for MongoDB user that will be used for accessing the database", "generate": "expression", - "from": "user[A-Z0-9]{3}" + "from": "user[A-Z0-9]{3}", + "required": true }, { "name": "MONGODB_PASSWORD", "description": "Password for the MongoDB user", "generate": "expression", - "from": "[a-zA-Z0-9]{16}" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MONGODB_DATABASE", "description": "Database name", - "value": "sampledb" + "value": "sampledb", + "required": true }, { "name": "MONGODB_ADMIN_PASSWORD", "description": "Password for the database admin user", "generate": "expression", - "from": "[a-zA-Z0-9]{16}" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "VOLUME_CAPACITY", "description": "Volume space available for data, e.g. 512Mi, 2Gi", - "value": "512Mi" + "value": "512Mi", + "required": true } ], "labels": { diff --git a/roles/openshift_examples/files/examples/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/db-templates/mysql-ephemeral-template.json index 697a4ad68..b384a5992 100644 --- a/roles/openshift_examples/files/examples/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/db-templates/mysql-ephemeral-template.json @@ -1,6 +1,6 @@ { "kind": "Template", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "mysql-ephemeral", "creationTimestamp": null, @@ -13,7 +13,7 @@ "objects": [ { "kind": "Service", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -41,7 +41,7 @@ }, { "kind": "DeploymentConfig", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -143,24 +143,28 @@ { "name": "DATABASE_SERVICE_NAME", "description": "Database service name", - "value": "mysql" + "value": "mysql", + "required": true }, { "name": "MYSQL_USER", "description": "Username for MySQL user that will be used for accessing the database", "generate": "expression", - "from": "user[A-Z0-9]{3}" + "from": "user[A-Z0-9]{3}", + "required": true }, { "name": "MYSQL_PASSWORD", "description": "Password for the MySQL user", "generate": "expression", - "from": "[a-zA-Z0-9]{16}" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MYSQL_DATABASE", "description": "Database name", - "value": "sampledb" + "value": "sampledb", + "required": true } ], "labels": { diff --git a/roles/openshift_examples/files/examples/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/db-templates/mysql-persistent-template.json index 33e1cebb1..6e19f48f5 100644 --- a/roles/openshift_examples/files/examples/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/db-templates/mysql-persistent-template.json @@ -1,6 +1,6 @@ { "kind": "Template", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "mysql-persistent", "creationTimestamp": null, @@ -13,7 +13,7 @@ "objects": [ { "kind": "Service", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -41,7 +41,7 @@ }, { "kind": "PersistentVolumeClaim", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}" }, @@ -58,7 +58,7 @@ }, { "kind": "DeploymentConfig", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -160,29 +160,34 @@ { "name": "DATABASE_SERVICE_NAME", "description": "Database service name", - "value": "mysql" + "value": "mysql", + "required": true }, { "name": "MYSQL_USER", "description": "Username for MySQL user that will be used for accessing the database", "generate": "expression", - "from": "user[A-Z0-9]{3}" + "from": "user[A-Z0-9]{3}", + "required": true }, { "name": "MYSQL_PASSWORD", "description": "Password for the MySQL user", "generate": "expression", - "from": "[a-zA-Z0-9]{16}" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MYSQL_DATABASE", "description": "Database name", - "value": "sampledb" + "value": "sampledb", + "required": true }, { "name": "VOLUME_CAPACITY", "description": "Volume space available for data, e.g. 512Mi, 2Gi", - "value": "512Mi" + "value": "512Mi", + "required": true } ], "labels": { diff --git a/roles/openshift_examples/files/examples/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/db-templates/postgresql-ephemeral-template.json index faf626475..60d6b8519 100644 --- a/roles/openshift_examples/files/examples/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/db-templates/postgresql-ephemeral-template.json @@ -1,6 +1,6 @@ { "kind": "Template", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "postgresql-ephemeral", "creationTimestamp": null, @@ -13,7 +13,7 @@ "objects": [ { "kind": "Service", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -41,7 +41,7 @@ }, { "kind": "DeploymentConfig", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -143,24 +143,28 @@ { "name": "DATABASE_SERVICE_NAME", "description": "Database service name", - "value": "postgresql" + "value": "postgresql", + "required": true }, { "name": "POSTGRESQL_USER", "description": "Username for PostgreSQL user that will be used for accessing the database", "generate": "expression", - "from": "user[A-Z0-9]{3}" + "from": "user[A-Z0-9]{3}", + "required": true }, { "name": "POSTGRESQL_PASSWORD", "description": "Password for the PostgreSQL user", "generate": "expression", - "from": "[a-zA-Z0-9]{16}" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "POSTGRESQL_DATABASE", "description": "Database name", - "value": "sampledb" + "value": "sampledb", + "required": true } ], "labels": { diff --git a/roles/openshift_examples/files/examples/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/db-templates/postgresql-persistent-template.json index 398e288bf..91cd7453e 100644 --- a/roles/openshift_examples/files/examples/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/db-templates/postgresql-persistent-template.json @@ -1,6 +1,6 @@ { "kind": "Template", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "postgresql-persistent", "creationTimestamp": null, @@ -13,7 +13,7 @@ "objects": [ { "kind": "Service", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -41,7 +41,7 @@ }, { "kind": "PersistentVolumeClaim", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}" }, @@ -58,7 +58,7 @@ }, { "kind": "DeploymentConfig", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "${DATABASE_SERVICE_NAME}", "creationTimestamp": null @@ -160,29 +160,34 @@ { "name": "DATABASE_SERVICE_NAME", "description": "Database service name", - "value": "postgresql" + "value": "postgresql", + "required": true }, { "name": "POSTGRESQL_USER", "description": "Username for PostgreSQL user that will be used for accessing the database", "generate": "expression", - "from": "user[A-Z0-9]{3}" + "from": "user[A-Z0-9]{3}", + "required": true }, { "name": "POSTGRESQL_PASSWORD", "description": "Password for the PostgreSQL user", "generate": "expression", - "from": "[a-zA-Z0-9]{16}" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "POSTGRESQL_DATABASE", "description": "Database name", - "value": "sampledb" + "value": "sampledb", + "required": true }, { "name": "VOLUME_CAPACITY", "description": "Volume space available for data, e.g. 512Mi, 2Gi", - "value": "512Mi" + "value": "512Mi", + "required": true } ], "labels": { diff --git a/roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json index 459b841c1..03affbddf 100644 --- a/roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json @@ -1,11 +1,11 @@ { "kind": "ImageStreamList", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": {}, "items": [ { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "ruby", "creationTimestamp": null @@ -35,7 +35,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "nodejs", "creationTimestamp": null @@ -65,7 +65,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "perl", "creationTimestamp": null @@ -95,7 +95,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "php", "creationTimestamp": null @@ -125,7 +125,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "python", "creationTimestamp": null @@ -155,7 +155,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "wildfly", "creationTimestamp": null @@ -185,7 +185,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "mysql", "creationTimestamp": null @@ -208,7 +208,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "postgresql", "creationTimestamp": null @@ -231,7 +231,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "mongodb", "creationTimestamp": null @@ -254,7 +254,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "jenkins", "creationTimestamp": null diff --git a/roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json index a5d2e9d9f..0bd885af3 100644 --- a/roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json @@ -1,11 +1,11 @@ { "kind": "ImageStreamList", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": {}, "items": [ { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "ruby", "creationTimestamp": null @@ -35,7 +35,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "nodejs", "creationTimestamp": null @@ -65,7 +65,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "perl", "creationTimestamp": null @@ -95,7 +95,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "php", "creationTimestamp": null @@ -125,7 +125,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "python", "creationTimestamp": null @@ -155,7 +155,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "mysql", "creationTimestamp": null @@ -178,7 +178,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "postgresql", "creationTimestamp": null @@ -201,7 +201,7 @@ }, { "kind": "ImageStream", - "apiVersion": "v1beta3", + "apiVersion": "v1", "metadata": { "name": "mongodb", "creationTimestamp": null @@ -221,6 +221,29 @@ } ] } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "creationTimestamp": null + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/openshift3/jenkins-16-rhel7", + "tags": [ + { + "name": "latest" + }, + { + "name": "1.6", + "from": { + "Kind": "ImageStreamTag", + "Name": "latest" + } + } + ] + } } ] } diff --git a/roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json index b722a05ae..deac2010f 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json @@ -264,7 +264,7 @@ "containers": [ { "name": "mysql", - "image": "openshift/mysql-55-centos7", + "image": "${MYSQL_IMAGE}", "ports": [ { "containerPort": 3306 @@ -307,8 +307,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the CakePHP service", - "value": "cakephp-mysql-example.openshiftapps.com" + "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", @@ -343,6 +343,11 @@ "from": "[a-zA-Z0-9]{16}" }, { + "name": "MYSQL_IMAGE", + "description": "Image to use for mysql", + "value": "openshift/mysql-55-centos7" + }, + { "name": "CAKEPHP_SECRET_TOKEN", "description": "Set this to a long random string", "generate": "expression", diff --git a/roles/openshift_examples/files/examples/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/quickstart-templates/cakephp.json index 532b9bd2b..ec556ea13 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/cakephp.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/cakephp.json @@ -215,8 +215,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the CakePHP service", - "value": "cakephp-example.openshiftapps.com" + "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", diff --git a/roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json index b46abfbb5..2cbcc0889 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json @@ -162,15 +162,15 @@ }, { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "value": "${DATABASE_USER}" }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "value": "${DATABASE_PASSWORD}" }, { "name": "MYSQL_DATABASE", - "value": "${MYSQL_DATABASE}" + "value": "${DATABASE_NAME}" }, { "name": "SECRET_KEY_BASE", @@ -238,7 +238,7 @@ "containers": [ { "name": "mysql", - "image": "openshift/mysql-55-centos7", + "image": "${MYSQL_IMAGE}", "ports": [ { "containerPort": 3306 @@ -247,15 +247,15 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "value": "${DATABASE_USER}" }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "value": "${DATABASE_PASSWORD}" }, { "name": "MYSQL_DATABASE", - "value": "${MYSQL_DATABASE}" + "value": "${DATABASE_NAME}" } ] } @@ -281,8 +281,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the Dancer service", - "value": "dancer-mysql-example.openshiftapps.com" + "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", @@ -308,23 +308,28 @@ "value": "database" }, { - "name": "MYSQL_USER", + "name": "DATABASE_USER", "description": "database username", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { - "name": "MYSQL_PASSWORD", + "name": "DATABASE_PASSWORD", "description": "database password", "generate": "expression", "from": "[a-zA-Z0-9]{8}" }, { - "name": "MYSQL_DATABASE", + "name": "DATABASE_NAME", "description": "database name", "value": "sampledb" }, { + "name": "MYSQL_IMAGE", + "description": "Image to use for mysql", + "value": "openshift/mysql-55-centos7" + }, + { "name": "SECRET_KEY_BASE", "description": "Your secret key for verifying the integrity of signed cookies", "generate": "expression", diff --git a/roles/openshift_examples/files/examples/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/quickstart-templates/dancer.json index 6f49a7d64..43271dfc5 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/dancer.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/dancer.json @@ -181,8 +181,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the Dancer service", - "value": "dancer-example.openshiftapps.com" + "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", diff --git a/roles/openshift_examples/files/examples/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/quickstart-templates/django-postgresql.json index 64522ce76..749064e98 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/django-postgresql.json @@ -2,7 +2,7 @@ "kind": "Template", "apiVersion": "v1", "metadata": { - "name": "django-postgresql-example", + "name": "django-psql-example", "annotations": { "description": "An example Django application with a PostgreSQL database", "tags": "instant-app,python,django,postgresql", @@ -10,14 +10,14 @@ } }, "labels": { - "template": "django-postgresql-example" + "template": "django-psql-example" }, "objects": [ { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "django-postgresql-example", + "name": "django-psql-example", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "django-postgresql-example" + "name": "django-psql-example" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "django-postgresql-example" + "name": "django-psql-example" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "django-postgresql-example" + "name": "django-psql-example" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "django-postgresql-example", + "name": "django-psql-example", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "django-postgresql-example", + "name": "django-psql-example", "annotations": { "description": "Defines how to build the application" } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "django-postgresql-example:latest" + "name": "django-psql-example:latest" } }, "triggers": [ @@ -110,7 +110,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "django-postgresql-example", + "name": "django-psql-example", "annotations": { "description": "Defines how to deploy the application server" } @@ -125,11 +125,11 @@ "imageChangeParams": { "automatic": true, "containerNames": [ - "django-postgresql-example" + "django-psql-example" ], "from": { "kind": "ImageStreamTag", - "name": "django-postgresql-example:latest" + "name": "django-psql-example:latest" } } }, @@ -139,20 +139,20 @@ ], "replicas": 1, "selector": { - "name": "django-postgresql-example" + "name": "django-psql-example" }, "template": { "metadata": { - "name": "django-postgresql-example", + "name": "django-psql-example", "labels": { - "name": "django-postgresql-example" + "name": "django-psql-example" } }, "spec": { "containers": [ { - "name": "django-postgresql-example", - "image": "django-postgresql-example", + "name": "django-psql-example", + "image": "django-psql-example", "ports": [ { "containerPort": 8080 @@ -249,7 +249,7 @@ "containers": [ { "name": "postgresql", - "image": "openshift/postgresql-92-centos7", + "image": "${POSTGRESQL_IMAGE}", "ports": [ { "containerPort": 5432 @@ -292,8 +292,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the Django service", - "value": "django-postgresql-example.openshiftapps.com" + "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", @@ -328,6 +328,11 @@ "from": "[a-zA-Z0-9]{16}" }, { + "name": "POSTGRESQL_IMAGE", + "description": "Image to use for postgresql", + "value": "openshift/postgresql-92-centos7" + }, + { "name": "APP_CONFIG", "description": "Relative path to Gunicorn configuration file (optional)" }, diff --git a/roles/openshift_examples/files/examples/quickstart-templates/django.json b/roles/openshift_examples/files/examples/quickstart-templates/django.json index 1794d196c..143a942ab 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/django.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/django.json @@ -211,8 +211,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the Django service", - "value": "django-example.openshiftapps.com" + "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", diff --git a/roles/openshift_examples/files/examples/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/quickstart-templates/jenkins-ephemeral-template.json new file mode 100644 index 000000000..da08ffbd5 --- /dev/null +++ b/roles/openshift_examples/files/examples/quickstart-templates/jenkins-ephemeral-template.json @@ -0,0 +1,145 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "jenkins-ephemeral", + "creationTimestamp": null, + "annotations": { + "description": "Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-jenkins", + "tags": "database,jenkins" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 8080, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "creationTimestamp": null + }, + "spec": { + "to": { + "kind": "Service", + "name": "${JENKINS_SERVICE_NAME}" + }, + "tls": { + "termination": "edge", + "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", + "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", + "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate", + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "jenkins", + "image": "openshift/jenkins-16-centos7", + "env": [ + { + "name": "JENKINS_PASSWORD", + "value": "${JENKINS_PASSWORD}" + } + ], + "resources": {}, + "volumeMounts": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "mountPath": "/var/lib/jenkins" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + } + } + ], + "parameters": [ + { + "name": "JENKINS_SERVICE_NAME", + "description": "Jenkins service name", + "value": "jenkins" + }, + { + "name": "JENKINS_PASSWORD", + "description": "Password for the Jenkins user", + "generate": "expression", + "value": "password" + } + ], + "labels": { + "template": "jenkins-ephemeral-template" + } +} diff --git a/roles/openshift_examples/files/examples/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/quickstart-templates/jenkins-persistent-template.json new file mode 100644 index 000000000..33df68c74 --- /dev/null +++ b/roles/openshift_examples/files/examples/quickstart-templates/jenkins-persistent-template.json @@ -0,0 +1,168 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "jenkins-persistent", + "creationTimestamp": null, + "annotations": { + "description": "Jenkins service, with persistent storage.", + "iconClass": "icon-jenkins", + "tags": "database,jenkins" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 8080, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "creationTimestamp": null + }, + "spec": { + "to": { + "kind": "Service", + "name": "${JENKINS_SERVICE_NAME}" + }, + "tls": { + "termination": "edge", + "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", + "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", + "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate", + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "jenkins", + "image": "openshift/jenkins-16-centos7", + "env": [ + { + "name": "JENKINS_PASSWORD", + "value": "${JENKINS_PASSWORD}" + } + ], + "resources": {}, + "volumeMounts": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "mountPath": "/var/lib/jenkins" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${JENKINS_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + } + } + ], + "parameters": [ + { + "name": "JENKINS_SERVICE_NAME", + "description": "Jenkins service name", + "value": "jenkins" + }, + { + "name": "JENKINS_PASSWORD", + "description": "Password for the Jenkins user", + "generate": "expression", + "value": "password" + }, + { + "name": "VOLUME_CAPACITY", + "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "value": "512Mi", + "required": true + } + ], + "labels": { + "template": "jenkins-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json index e281feecf..017b5be19 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json @@ -165,19 +165,19 @@ }, { "name": "MONGODB_USER", - "value": "${MONGODB_USER}" + "value": "${DATABASE_USER}" }, { "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" + "value": "${DATABASE_PASSWORD}" }, { "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" + "value": "${DATABASE_NAME}" }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" + "value": "${DATABASE_ADMIN_PASSWORD}" } ] } @@ -241,7 +241,7 @@ "containers": [ { "name": "mongodb", - "image": "openshift/mongodb-24-centos7", + "image": "${MONGODB_IMAGE}", "ports": [ { "containerPort": 27017 @@ -250,19 +250,19 @@ "env": [ { "name": "MONGODB_USER", - "value": "${MONGODB_USER}" + "value": "${DATABASE_USER}" }, { "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" + "value": "${DATABASE_PASSWORD}" }, { "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" + "value": "${DATABASE_NAME}" }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" + "value": "${DATABASE_ADMIN_PASSWORD}" } ] } @@ -288,8 +288,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the Node.js service", - "value": "nodejs-mongodb-example.openshiftapps.com" + "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", @@ -303,27 +303,32 @@ "value": "mongodb" }, { - "name": "MONGODB_USER", + "name": "DATABASE_USER", "description": "Username for MongoDB user that will be used for accessing the database", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { - "name": "MONGODB_PASSWORD", + "name": "DATABASE_PASSWORD", "description": "Password for the MongoDB user", "generate": "expression", "from": "[a-zA-Z0-9]{16}" }, { - "name": "MONGODB_DATABASE", + "name": "DATABASE_NAME", "description": "Database name", "value": "sampledb" }, { - "name": "MONGODB_ADMIN_PASSWORD", + "name": "DATABASE_ADMIN_PASSWORD", "description": "Password for the database admin user", "generate": "expression", "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "MONGODB_IMAGE", + "description": "Image to use for mongodb", + "value": "openshift/mongodb-24-centos7" } ] } diff --git a/roles/openshift_examples/files/examples/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/quickstart-templates/nodejs.json index dd38571eb..55488ab41 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/nodejs.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/nodejs.json @@ -203,8 +203,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the Node.js service", - "value": "nodejs-example.openshiftapps.com" + "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", diff --git a/roles/openshift_examples/files/examples/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/quickstart-templates/rails-postgresql.json index 3b83d3f5b..b98282528 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/rails-postgresql.json @@ -176,15 +176,15 @@ }, { "name": "POSTGRESQL_USER", - "value": "${POSTGRESQL_USER}" + "value": "${DATABASE_USER}" }, { "name": "POSTGRESQL_PASSWORD", - "value": "${POSTGRESQL_PASSWORD}" + "value": "${DATABASE_PASSWORD}" }, { "name": "POSTGRESQL_DATABASE", - "value": "${POSTGRESQL_DATABASE}" + "value": "${DATABASE_NAME}" }, { "name": "SECRET_KEY_BASE", @@ -213,6 +213,10 @@ { "name": "APPLICATION_PASSWORD", "value": "${APPLICATION_PASSWORD}" + }, + { + "name": "RAILS_ENV", + "value": "${RAILS_ENV}" } ] } @@ -276,7 +280,7 @@ "containers": [ { "name": "postgresql", - "image": "openshift/postgresql-92-centos7", + "image": "${POSTGRESQL_IMAGE}", "ports": [ { "containerPort": 5432 @@ -285,15 +289,15 @@ "env": [ { "name": "POSTGRESQL_USER", - "value": "${POSTGRESQL_USER}" + "value": "${DATABASE_USER}" }, { "name": "POSTGRESQL_PASSWORD", - "value": "${POSTGRESQL_PASSWORD}" + "value": "${DATABASE_PASSWORD}" }, { "name": "POSTGRESQL_DATABASE", - "value": "${POSTGRESQL_DATABASE}" + "value": "${DATABASE_NAME}" }, { "name": "POSTGRESQL_MAX_CONNECTIONS", @@ -327,8 +331,8 @@ }, { "name": "APPLICATION_DOMAIN", - "description": "The exposed hostname that will route to the Rails service", - "value": "rails-postgresql-example.openshiftapps.com" + "description": "The exposed hostname that will route to the Rails service, if left blank a value will be defaulted.", + "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", @@ -353,28 +357,38 @@ "value": "secret" }, { + "name": "RAILS_ENV", + "description": "Environment under which the sample application will run. Could be set to production, development or test", + "value": "production" + }, + { "name": "DATABASE_SERVICE_NAME", "description": "Database service name", "value": "postgresql" }, { - "name": "POSTGRESQL_USER", + "name": "DATABASE_USER", "description": "database username", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { - "name": "POSTGRESQL_PASSWORD", + "name": "DATABASE_PASSWORD", "description": "database password", "generate": "expression", "from": "[a-zA-Z0-9]{8}" }, { - "name": "POSTGRESQL_DATABASE", + "name": "DATABASE_NAME", "description": "database name", "value": "root" }, { + "name": "POSTGRESQL_IMAGE", + "description": "Image to use for postgresql", + "value": "openshift/postgresql-92-centos7" + }, + { "name": "POSTGRESQL_MAX_CONNECTIONS", "description": "database max connections", "value": "10" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 4e0989c5f..c1c4e1b5c 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -323,6 +323,24 @@ def set_fluentd_facts_if_unset(facts): facts['common']['use_fluentd'] = use_fluentd return facts +def set_cluster_metrics_facts_if_unset(facts): + """ Set cluster metrics facts if not already present in facts dict + dict: the facts dict updated with the generated cluster metrics facts if + missing + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with the generated cluster metrics + facts if they were not already present + + """ + if 'common' in facts: + deployment_type = facts['common']['deployment_type'] + if 'use_cluster_metrics' not in facts['common']: + use_cluster_metrics = True if deployment_type == 'origin' else False + facts['common']['use_cluster_metrics'] = use_cluster_metrics + return facts + def set_identity_providers_if_unset(facts): """ Set identity_providers fact if not already present in facts dict @@ -700,6 +718,7 @@ class OpenShiftFacts(object): facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_fluentd_facts_if_unset(facts) + facts = set_cluster_metrics_facts_if_unset(facts) facts = set_identity_providers_if_unset(facts) facts = set_registry_url_if_unset(facts) facts = set_sdn_facts_if_unset(facts) diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index d17f3f532..74e702248 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -16,3 +16,10 @@ command: > {{ openshift.common.admin_binary }} manage-node {{ item }} --schedulable=true with_items: openshift_scheduleable_nodes + +- name: Label nodes + command: > + {{ openshift.common.client_binary }} label --overwrite node {{ item.openshift.common.hostname }} {{ item.openshift.node.labels | oo_combine_dict }} + with_items: + - "{{ openshift_node_vars }}" + when: "'labels' in item.openshift.node and item.openshift.node.labels != {}" diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md index 19f77d145..0e7ef3aab 100644 --- a/roles/openshift_master/README.md +++ b/roles/openshift_master/README.md @@ -28,7 +28,7 @@ From this role: From openshift_common: | Name | Default Value | | |-------------------------------|----------------|----------------------------------------| -| openshift_debug_level | 0 | Global openshift debug log verbosity | +| openshift_debug_level | 2 | Global openshift debug log verbosity | | openshift_public_ip | UNDEF | Public IP address to use for this host | | openshift_hostname | UNDEF | hostname to use for this instance | diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 151d0662f..9204d25ce 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -55,13 +55,16 @@ sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" + default_node_selector: "{{ osm_default_node_selector | default(None) }}" + api_server_args: "{{ osm_api_server_args | default(None) }}" + controller_args: "{{ osm_controller_args | default(None) }}" # TODO: These values need to be configurable - name: Set dns OpenShift facts openshift_facts: role: dns local_facts: - ip: "{{ openshift.common.ip }}" + ip: "{{ openshift_master_cluster_vip | default(openshift.common.ip, true) | default(None) }}" domain: cluster.local when: openshift.master.embedded_dns diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index c4d319c87..fff123d0d 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -68,8 +68,8 @@ kubernetesMasterConfig: apiLevels: - v1beta3 - v1 - apiServerArguments: null - controllerArguments: null + apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} + controllerArguments: {{ controller_args if controller_args is defined else 'null' }} {# TODO: support overriding masterCount #} masterCount: 1 masterIP: "" @@ -95,7 +95,7 @@ policyConfig: openshiftSharedResourcesNamespace: openshift {# TODO: Allow users to override projectConfig items #} projectConfig: - defaultNodeSelector: "" + defaultNodeSelector: "{{ openshift.master.default_node_selector | default("") }}" projectRequestMessage: "" projectRequestTemplate: "" securityAllocator: diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 index 4ca644876..72889bc29 100644 --- a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 +++ b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 @@ -7,7 +7,7 @@ url: {{ identity_provider.url }} {% for key in ('ca', 'certFile', 'keyFile') %} {% if key in identity_provider %} - {{ key }}: {{ identity_provider[key] }}" + {{ key }}: "{{ identity_provider[key] }}" {% endif %} {% endfor %} {% elif identity_provider.kind == 'LDAPPasswordIdentityProvider' %} diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md index 5edb3b8dd..427269931 100644 --- a/roles/openshift_node/README.md +++ b/roles/openshift_node/README.md @@ -20,9 +20,9 @@ From this role: | oreg_url | UNDEF (Optional) | Default docker registry to use | From openshift_common: -| Name | Default Value | | +| Name | Default Value | | |-------------------------------|---------------------|---------------------| -| openshift_debug_level | 0 | Global openshift debug log verbosity | +| openshift_debug_level | 2 | Global openshift debug log verbosity | | openshift_public_ip | UNDEF (Required) | Public IP address to use for this host | | openshift_hostname | UNDEF (Required) | hostname to use for this instance | @@ -34,6 +34,18 @@ openshift_common Example Playbook ---------------- +Notes +----- + +Currently we support re-labeling nodes but we don't re-schedule running pods nor remove existing labels. That means you will have to trigger the re-schedulling manually. To re-schedule your pods, just follow the steps below: + +``` +oadm manage-node --schedulable=false ${NODE} +oadm manage-node --evacuate ${NODE} +oadm manage-node --schedulable=true ${NODE} +```` + + TODO License diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index be51195f2..1dbcc4301 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -6,3 +6,7 @@ os_firewall_allow: port: 80/tcp - service: https port: 443/tcp +- service: Openshift kubelet ReadOnlyPort + port: 10255/tcp +- service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 953a1421b..8b5acefbf 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,3 +1,6 @@ --- - name: restart openshift-node service: name=openshift-node state=restarted + +- name: restart docker + service: name=docker state=restarted diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index e84e74b40..7679adbf3 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -6,6 +6,9 @@ - fail: msg: This role requres that osn_cluster_dns_ip is set when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip +- fail: + msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." + when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online'] - name: Install OpenShift Node package yum: pkg=openshift-node state=present @@ -33,6 +36,7 @@ registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" portal_net: "{{ openshift_master_portal_net | default(None) }}" + kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -62,12 +66,58 @@ - name: Secure OpenShift Registry lineinfile: dest: /etc/sysconfig/docker - regexp: '^OPTIONS=.*' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} --selinux-enabled'" + regexp: '^OPTIONS=.*$' + line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ +{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" when: docker_check.stat.isreg + notify: + - restart docker + +- set_fact: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') + | oo_split() | union(['registry.access.redhat.com']) + | difference(['']) }}" + when: openshift.common.deployment_type == 'enterprise' +- set_fact: + docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') + | oo_split() | difference(['']) }}" + when: openshift.common.deployment_type != 'enterprise' + +- name: Add personal registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^ADD_REGISTRY=.*$' + line: "ADD_REGISTRY='{{ docker_additional_registries + | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and docker_additional_registries + notify: + - restart docker + +- name: Block registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^BLOCK_REGISTRY=.*$' + line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split() + | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and + lookup('oo_option', 'docker_blocked_registries') != '' + notify: + - restart docker + +- name: Grant access to additional insecure registries + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^INSECURE_REGISTRY=.*' + line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split() + | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'" + when: docker_check.stat.isreg and + lookup('oo_option', 'docker_insecure_registries') != '' + notify: + - restart docker - name: Allow NFS access for VMs seboolean: name=virt_use_nfs state=yes persistent=yes + when: ansible_selinux and ansible_selinux.status == "enabled" - name: Start and enable openshift-node service: name=openshift-node enabled=yes state=started diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 7778a2a61..e176e7511 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -8,6 +8,9 @@ imageConfig: format: {{ openshift.node.registry_url }} latest: false kind: NodeConfig +{% if openshift.node.kubelet_args is defined and openshift.node.kubelet_args %} +kubeletArguments: {{ openshift.node.kubelet_args | to_json }} +{% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig networkPluginName: {{ openshift.common.sdn_network_plugin_name }} nodeName: {{ openshift.common.hostname }} @@ -18,3 +21,4 @@ servingInfo: clientCA: ca.crt keyFile: server.key volumeDirectory: {{ openshift_data_dir }}/openshift.local.volumes +{% include 'partials/kubeletArguments.j2' %}
\ No newline at end of file diff --git a/roles/openshift_node/templates/partials/kubeletArguments.j2 b/roles/openshift_node/templates/partials/kubeletArguments.j2 new file mode 100644 index 000000000..6c3bd04c5 --- /dev/null +++ b/roles/openshift_node/templates/partials/kubeletArguments.j2 @@ -0,0 +1,5 @@ +{% if openshift.common.use_cluster_metrics | bool %} +kubeletArguments: + "read-only-port": + - "10255" +{% endif %}
\ No newline at end of file diff --git a/roles/openshift_registry/README.md b/roles/openshift_registry/README.md index ec3b4a10b..8e66c483b 100644 --- a/roles/openshift_registry/README.md +++ b/roles/openshift_registry/README.md @@ -21,7 +21,7 @@ From openshift_common: | Name | Default value | | |-----------------------|---------------|--------------------------------------| -| openshift_debug_level | 0 | Global openshift debug log verbosity | +| openshift_debug_level | 2 | Global openshift debug log verbosity | Dependencies @@ -41,4 +41,3 @@ Author Information ------------------ Red Hat openshift@redhat.com - diff --git a/roles/openshift_router/README.md b/roles/openshift_router/README.md index 6d8ee25c6..836efc443 100644 --- a/roles/openshift_router/README.md +++ b/roles/openshift_router/README.md @@ -19,7 +19,7 @@ From this role: From openshift_common: | Name | Default value | | |-----------------------|---------------|--------------------------------------| -| openshift_debug_level | 0 | Global openshift debug log verbosity | +| openshift_debug_level | 2 | Global openshift debug log verbosity | Dependencies ------------ @@ -38,4 +38,3 @@ Author Information ------------------ Red Hat openshift@redhat.com - diff --git a/roles/os_zabbix/library/get_drule.yml b/roles/os_zabbix/library/get_drule.yml new file mode 100644 index 000000000..a3e39f535 --- /dev/null +++ b/roles/os_zabbix/library/get_drule.yml @@ -0,0 +1,115 @@ +--- +# This is a test playbook to create one of each of the zabbix ansible modules. +# ensure that the zbxapi module is installed +# ansible-playbook test.yml +- name: Test zabbix ansible module + hosts: localhost + gather_facts: no + vars: +#zbx_server: https://localhost/zabbix/api_jsonrpc.php +#zbx_user: Admin +#zbx_password: zabbix + + pre_tasks: + - name: Template Discovery rules + zbx_template: + server: "{{ zbx_server }}" + user: "{{ zbx_user }}" + password: "{{ zbx_password }}" + name: 'Template App HaProxy' + state: list + register: template_output + + - debug: var=template_output + + - name: Discovery rules + zbx_discovery_rule: + server: "{{ zbx_server }}" + user: "{{ zbx_user }}" + password: "{{ zbx_password }}" + name: 'haproxy.discovery sender' + state: list + register: drule + + - debug: var=drule + +# - name: Create an application +# zbx_application: +# server: "{{ zbx_server }}" +# user: "{{ zbx_user }}" +# password: "{{ zbx_password }}" +# name: 'Test App' +# template_name: "test template" +# register: item_output +# +# - name: Create an item +# zbx_item: +# server: "{{ zbx_server }}" +# user: "{{ zbx_user }}" +# password: "{{ zbx_password }}" +# name: 'test item' +# key: 'kenny.item.1' +# applications: +# - 'Test App' +# template_name: "test template" +# register: item_output +# +# - debug: var=item_output +# +# - name: Create an trigger +# zbx_trigger: +# server: "{{ zbx_server }}" +# user: "{{ zbx_user }}" +# password: "{{ zbx_password }}" +# expression: '{test template:kenny.item.1.last()}>2' +# description: 'Kenny desc' +# register: trigger_output +# +# - debug: var=trigger_output +# +# - name: Create a hostgroup +# zbx_hostgroup: +# server: "{{ zbx_server }}" +# user: "{{ zbx_user }}" +# password: "{{ zbx_password }}" +# name: 'kenny hostgroup' +# register: hostgroup_output +# +# - debug: var=hostgroup_output +# +# - name: Create a host +# zbx_host: +# server: "{{ zbx_server }}" +# user: "{{ zbx_user }}" +# password: "{{ zbx_password }}" +# name: 'kenny host' +# template_names: +# - test template +# hostgroup_names: +# - kenny hostgroup +# register: host_output +# +# - debug: var=host_output +# +# - name: Create a usergroup +# zbx_usergroup: +# server: "{{ zbx_server }}" +# user: "{{ zbx_user }}" +# password: "{{ zbx_password }}" +# name: kenny usergroup +# rights: +# - 'kenny hostgroup': rw +# register: usergroup_output +# +# - debug: var=usergroup_output +# +# - name: Create a user +# zbx_user: +# server: "{{ zbx_server }}" +# user: "{{ zbx_user }}" +# password: "{{ zbx_password }}" +# alias: kwoodson +# state: list +# register: user_output +# +# - debug: var=user_output diff --git a/roles/os_zabbix/library/test.yml b/roles/os_zabbix/library/test.yml index f585bcbb2..cedace1a0 100644 --- a/roles/os_zabbix/library/test.yml +++ b/roles/os_zabbix/library/test.yml @@ -6,7 +6,7 @@ hosts: localhost gather_facts: no vars: - zbx_server: http://localhost/zabbix/api_jsonrpc.php + zbx_server: http://localhost:8080/zabbix/api_jsonrpc.php zbx_user: Admin zbx_password: zabbix @@ -21,6 +21,41 @@ - debug: var=template_output + - name: Create a discoveryrule + zbx_discoveryrule: + server: "{{ zbx_server }}" + user: "{{ zbx_user }}" + password: "{{ zbx_password }}" + name: test discoverule + key: test_listener + template_name: test template + lifetime: 14 + register: discoveryrule + + - debug: var=discoveryrule + + - name: Create an itemprototype + zbx_itemprototype: + server: "{{ zbx_server }}" + user: "{{ zbx_user }}" + password: "{{ zbx_password }}" + name: 'Test itemprototype on {#TEST_LISTENER}' + key: 'test[{#TEST_LISTENER}]' + template_name: test template + discoveryrule_name: test discoverule + register: itemproto + + - debug: var=itemproto + + - name: Create an application + zbx_application: + server: "{{ zbx_server }}" + user: "{{ zbx_user }}" + password: "{{ zbx_password }}" + name: 'Test App' + template_name: "test template" + register: item_output + - name: Create an item zbx_item: server: "{{ zbx_server }}" @@ -28,7 +63,9 @@ password: "{{ zbx_password }}" name: 'test item' key: 'kenny.item.1' - template_name: "{{ template_output.results[0].host }}" + applications: + - 'Test App' + template_name: "test template" register: item_output - debug: var=item_output @@ -39,7 +76,7 @@ user: "{{ zbx_user }}" password: "{{ zbx_password }}" expression: '{test template:kenny.item.1.last()}>2' - desc: 'Kenny desc' + description: 'Kenny desc' register: trigger_output - debug: var=trigger_output @@ -60,8 +97,10 @@ user: "{{ zbx_user }}" password: "{{ zbx_password }}" name: 'kenny host' - hostgroups: - - 'kenny hostgroup' + template_names: + - test template + hostgroup_names: + - kenny hostgroup register: host_output - debug: var=host_output diff --git a/roles/os_zabbix/library/zbx_application.py b/roles/os_zabbix/library/zbx_application.py new file mode 100644 index 000000000..5d4acf72d --- /dev/null +++ b/roles/os_zabbix/library/zbx_application.py @@ -0,0 +1,135 @@ +#!/usr/bin/env python +''' +Ansible module for application +''' +# vim: expandtab:tabstop=4:shiftwidth=4 +# +# Zabbix application ansible module +# +# +# Copyright 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This is in place because each module looks similar to each other. +# These need duplicate code as their behavior is very similar +# but different for each zabbix class. +# pylint: disable=duplicate-code + +# pylint: disable=import-error +from openshift_tools.monitoring.zbxapi import ZabbixAPI, ZabbixConnection + +def exists(content, key='result'): + ''' Check if key exists in content or the size of content[key] > 0 + ''' + if not content.has_key(key): + return False + + if not content[key]: + return False + + return True + +def get_template_ids(zapi, template_names): + ''' + get related templates + ''' + template_ids = [] + # Fetch templates by name + for template_name in template_names: + content = zapi.get_content('template', 'get', {'search': {'host': template_name}}) + if content.has_key('result'): + template_ids.append(content['result'][0]['templateid']) + return template_ids + +def main(): + ''' Ansible module for application + ''' + + module = AnsibleModule( + argument_spec=dict( + server=dict(default='https://localhost/zabbix/api_jsonrpc.php', type='str'), + user=dict(default=None, type='str'), + password=dict(default=None, type='str'), + name=dict(default=None, type='str'), + template_name=dict(default=None, type='list'), + debug=dict(default=False, type='bool'), + state=dict(default='present', type='str'), + ), + #supports_check_mode=True + ) + + user = module.params.get('user', os.environ['ZABBIX_USER']) + passwd = module.params.get('password', os.environ['ZABBIX_PASSWORD']) + + zapi = ZabbixAPI(ZabbixConnection(module.params['server'], user, passwd, module.params['debug'])) + + #Set the instance and the application for the rest of the calls + zbx_class_name = 'application' + idname = 'applicationid' + aname = module.params['name'] + state = module.params['state'] + # get a applicationid, see if it exists + content = zapi.get_content(zbx_class_name, + 'get', + {'search': {'host': aname}, + 'selectHost': 'hostid', + }) + if state == 'list': + module.exit_json(changed=False, results=content['result'], state="list") + + if state == 'absent': + if not exists(content): + module.exit_json(changed=False, state="absent") + + content = zapi.get_content(zbx_class_name, 'delete', [content['result'][0][idname]]) + module.exit_json(changed=True, results=content['result'], state="absent") + + if state == 'present': + params = {'hostid': get_template_ids(zapi, module.params['template_name'])[0], + 'name': aname, + } + if not exists(content): + # if we didn't find it, create it + content = zapi.get_content(zbx_class_name, 'create', params) + module.exit_json(changed=True, results=content['result'], state='present') + # already exists, we need to update it + # let's compare properties + differences = {} + zab_results = content['result'][0] + for key, value in params.items(): + if key == 'templates' and zab_results.has_key('parentTemplates'): + if zab_results['parentTemplates'] != value: + differences[key] = value + elif zab_results[key] != str(value) and zab_results[key] != value: + differences[key] = value + + if not differences: + module.exit_json(changed=False, results=content['result'], state="present") + + # We have differences and need to update + differences[idname] = zab_results[idname] + content = zapi.get_content(zbx_class_name, 'update', differences) + module.exit_json(changed=True, results=content['result'], state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/os_zabbix/library/zbx_discoveryrule.py b/roles/os_zabbix/library/zbx_discoveryrule.py new file mode 100644 index 000000000..56b87fecc --- /dev/null +++ b/roles/os_zabbix/library/zbx_discoveryrule.py @@ -0,0 +1,177 @@ +#!/usr/bin/env python +''' +Zabbix discovery rule ansible module +''' +# vim: expandtab:tabstop=4:shiftwidth=4 +# +# Copyright 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This is in place because each module looks similar to each other. +# These need duplicate code as their behavior is very similar +# but different for each zabbix class. +# pylint: disable=duplicate-code + +# pylint: disable=import-error +from openshift_tools.monitoring.zbxapi import ZabbixAPI, ZabbixConnection + +def exists(content, key='result'): + ''' Check if key exists in content or the size of content[key] > 0 + ''' + if not content.has_key(key): + return False + + if not content[key]: + return False + + return True + +def get_template(zapi, template_name): + '''get a template by name + ''' + content = zapi.get_content('template', + 'get', + {'search': {'host': template_name}, + 'output': 'extend', + 'selectInterfaces': 'interfaceid', + }) + if not content['result']: + return None + return content['result'][0] + +def get_type(vtype): + ''' + Determine which type of discoverrule this is + ''' + _types = {'agent': 0, + 'SNMPv1': 1, + 'trapper': 2, + 'simple': 3, + 'SNMPv2': 4, + 'internal': 5, + 'SNMPv3': 6, + 'active': 7, + 'external': 10, + 'database monitor': 11, + 'ipmi': 12, + 'ssh': 13, + 'telnet': 14, + 'JMX': 16, + } + + for typ in _types.keys(): + if vtype in typ or vtype == typ: + _vtype = _types[typ] + break + else: + _vtype = 2 + + return _vtype + +def main(): + ''' + Ansible module for zabbix discovery rules + ''' + + module = AnsibleModule( + argument_spec=dict( + server=dict(default='https://localhost/zabbix/api_jsonrpc.php', type='str'), + user=dict(default=os.environ['ZABBIX_USER'], type='str'), + password=dict(default=os.environ['ZABBIX_PASSWORD'], type='str'), + name=dict(default=None, type='str'), + key=dict(default=None, type='str'), + interfaceid=dict(default=None, type='int'), + ztype=dict(default='trapper', type='str'), + delay=dict(default=60, type='int'), + lifetime=dict(default=30, type='int'), + template_name=dict(default=[], type='list'), + debug=dict(default=False, type='bool'), + state=dict(default='present', type='str'), + ), + #supports_check_mode=True + ) + + user = module.params['user'] + passwd = module.params['password'] + + zapi = ZabbixAPI(ZabbixConnection(module.params['server'], user, passwd, module.params['debug'])) + + #Set the instance and the template for the rest of the calls + zbx_class_name = 'discoveryrule' + idname = "itemid" + dname = module.params['name'] + state = module.params['state'] + + # selectInterfaces doesn't appear to be working but is needed. + content = zapi.get_content(zbx_class_name, + 'get', + {'search': {'name': dname}, + #'selectDServices': 'extend', + #'selectDChecks': 'extend', + #'selectDhosts': 'dhostid', + }) + if state == 'list': + module.exit_json(changed=False, results=content['result'], state="list") + + if state == 'absent': + if not exists(content): + module.exit_json(changed=False, state="absent") + + content = zapi.get_content(zbx_class_name, 'delete', [content['result'][0][idname]]) + module.exit_json(changed=True, results=content['result'], state="absent") + + if state == 'present': + template = get_template(zapi, module.params['template_name']) + params = {'name': dname, + 'key_': module.params['key'], + 'hostid': template['templateid'], + 'interfaceid': module.params['interfaceid'], + 'lifetime': module.params['lifetime'], + 'type': get_type(module.params['ztype']), + } + if params['type'] in [2, 5, 7, 11]: + params.pop('interfaceid') + + if not exists(content): + # if we didn't find it, create it + content = zapi.get_content(zbx_class_name, 'create', params) + module.exit_json(changed=True, results=content['result'], state='present') + # already exists, we need to update it + # let's compare properties + differences = {} + zab_results = content['result'][0] + for key, value in params.items(): + + if zab_results[key] != value and zab_results[key] != str(value): + differences[key] = value + + if not differences: + module.exit_json(changed=False, results=zab_results, state="present") + + # We have differences and need to update + differences[idname] = zab_results[idname] + content = zapi.get_content(zbx_class_name, 'update', differences) + module.exit_json(changed=True, results=content['result'], state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/os_zabbix/library/zbx_host.py b/roles/os_zabbix/library/zbx_host.py index d75dfdea1..12c5f3456 100644 --- a/roles/os_zabbix/library/zbx_host.py +++ b/roles/os_zabbix/library/zbx_host.py @@ -60,7 +60,7 @@ def get_template_ids(zapi, template_names): for template_name in template_names: content = zapi.get_content('template', 'get', {'search': {'host': template_name}}) if content.has_key('result'): - template_ids.append({'templateid': content['results'][0]['templateid']}) + template_ids.append({'templateid': content['result'][0]['templateid']}) return template_ids def main(): @@ -71,20 +71,20 @@ def main(): module = AnsibleModule( argument_spec=dict( server=dict(default='https://localhost/zabbix/api_jsonrpc.php', type='str'), - user=dict(default=None, type='str'), - password=dict(default=None, type='str'), + user=dict(default=os.environ['ZABBIX_USER'], type='str'), + password=dict(default=os.environ['ZABBIX_PASSWORD'], type='str'), name=dict(default=None, type='str'), hostgroup_names=dict(default=[], type='list'), template_names=dict(default=[], type='list'), debug=dict(default=False, type='bool'), state=dict(default='present', type='str'), - interfaces=dict(default=[], type='list'), + interfaces=dict(default=None, type='list'), ), #supports_check_mode=True ) - user = module.params.get('user', os.environ['ZABBIX_USER']) - passwd = module.params.get('password', os.environ['ZABBIX_PASSWORD']) + user = module.params['user'] + passwd = module.params['password'] zapi = ZabbixAPI(ZabbixConnection(module.params['server'], user, passwd, module.params['debug'])) @@ -113,16 +113,17 @@ def main(): module.exit_json(changed=True, results=content['result'], state="absent") if state == 'present': + ifs = module.params['interfaces'] or [{'type': 1, # interface type, 1 = agent + 'main': 1, # default interface? 1 = true + 'useip': 1, # default interface? 1 = true + 'ip': '127.0.0.1', # default interface? 1 = true + 'dns': '', # dns for host + 'port': '10050', # port for interface? 10050 + }] params = {'host': hname, - 'groups': get_group_ids(zapi, module.params('hostgroup_names')), - 'templates': get_template_ids(zapi, module.params('template_names')), - 'interfaces': module.params.get('interfaces', [{'type': 1, # interface type, 1 = agent - 'main': 1, # default interface? 1 = true - 'useip': 1, # default interface? 1 = true - 'ip': '127.0.0.1', # default interface? 1 = true - 'dns': '', # dns for host - 'port': '10050', # port for interface? 10050 - }]) + 'groups': get_group_ids(zapi, module.params['hostgroup_names']), + 'templates': get_template_ids(zapi, module.params['template_names']), + 'interfaces': ifs, } if not exists(content): diff --git a/roles/os_zabbix/library/zbx_item.py b/roles/os_zabbix/library/zbx_item.py index 57ec06463..45ba6c2b0 100644 --- a/roles/os_zabbix/library/zbx_item.py +++ b/roles/os_zabbix/library/zbx_item.py @@ -60,6 +60,16 @@ def get_value_type(value_type): return vtype +def get_app_ids(zapi, application_names): + ''' get application ids from names + ''' + app_ids = [] + for app_name in application_names: + content = zapi.get_content('application', 'get', {'search': {'name': app_name}}) + if content.has_key('result'): + app_ids.append(content['result'][0]['applicationid']) + return app_ids + def main(): ''' ansible zabbix module for zbx_item @@ -124,7 +134,7 @@ def main(): 'hostid': templateid, 'type': module.params['zabbix_type'], 'value_type': get_value_type(module.params['value_type']), - 'applications': module.params['applications'], + 'applications': get_app_ids(zapi, module.params['applications']), } if not exists(content): diff --git a/roles/os_zabbix/library/zbx_itemprototype.py b/roles/os_zabbix/library/zbx_itemprototype.py new file mode 100644 index 000000000..f0eb6bbbd --- /dev/null +++ b/roles/os_zabbix/library/zbx_itemprototype.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python +''' +Zabbix discovery rule ansible module +''' +# vim: expandtab:tabstop=4:shiftwidth=4 +# +# Copyright 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This is in place because each module looks similar to each other. +# These need duplicate code as their behavior is very similar +# but different for each zabbix class. +# pylint: disable=duplicate-code + +# pylint: disable=import-error +from openshift_tools.monitoring.zbxapi import ZabbixAPI, ZabbixConnection + +def exists(content, key='result'): + ''' Check if key exists in content or the size of content[key] > 0 + ''' + if not content.has_key(key): + return False + + if not content[key]: + return False + + return True + +def get_rule_id(zapi, discoveryrule_name): + '''get a discoveryrule by name + ''' + content = zapi.get_content('discoveryrule', + 'get', + {'search': {'name': discoveryrule_name}, + 'output': 'extend', + }) + if not content['result']: + return None + return content['result'][0]['itemid'] + +def get_template(zapi, template_name): + '''get a template by name + ''' + content = zapi.get_content('template', + 'get', + {'search': {'host': template_name}, + 'output': 'extend', + 'selectInterfaces': 'interfaceid', + }) + if not content['result']: + return None + return content['result'][0] + +def get_type(ztype): + ''' + Determine which type of discoverrule this is + ''' + _types = {'agent': 0, + 'SNMPv1': 1, + 'trapper': 2, + 'simple': 3, + 'SNMPv2': 4, + 'internal': 5, + 'SNMPv3': 6, + 'active': 7, + 'aggregate': 8, + 'external': 10, + 'database monitor': 11, + 'ipmi': 12, + 'ssh': 13, + 'telnet': 14, + 'calculated': 15, + 'JMX': 16, + } + + for typ in _types.keys(): + if ztype in typ or ztype == typ: + _vtype = _types[typ] + break + else: + _vtype = 2 + + return _vtype + +def get_value_type(value_type): + ''' + Possible values: + 0 - numeric float; + 1 - character; + 2 - log; + 3 - numeric unsigned; + 4 - text + ''' + vtype = 0 + if 'int' in value_type: + vtype = 3 + elif 'char' in value_type: + vtype = 1 + elif 'str' in value_type: + vtype = 4 + + return vtype + +def get_status(status): + ''' Determine status + ''' + _status = 0 + if status == 'disabled': + _status = 1 + elif status == 'unsupported': + _status = 3 + + return _status + +def get_app_ids(zapi, application_names): + ''' get application ids from names + ''' + app_ids = [] + for app_name in application_names: + content = zapi.get_content('application', 'get', {'search': {'name': app_name}}) + if content.has_key('result'): + app_ids.append(content['result'][0]['applicationid']) + return app_ids + +def main(): + ''' + Ansible module for zabbix discovery rules + ''' + + module = AnsibleModule( + argument_spec=dict( + server=dict(default='https://localhost/zabbix/api_jsonrpc.php', type='str'), + user=dict(default=os.environ['ZABBIX_USER'], type='str'), + password=dict(default=os.environ['ZABBIX_PASSWORD'], type='str'), + name=dict(default=None, type='str'), + key=dict(default=None, type='str'), + interfaceid=dict(default=None, type='int'), + ztype=dict(default='trapper', type='str'), + value_type=dict(default='float', type='str'), + delay=dict(default=60, type='int'), + lifetime=dict(default=30, type='int'), + template_name=dict(default=[], type='list'), + debug=dict(default=False, type='bool'), + state=dict(default='present', type='str'), + status=dict(default='enabled', type='str'), + discoveryrule_name=dict(default=None, type='str'), + applications=dict(default=[], type='list'), + ), + #supports_check_mode=True + ) + + user = module.params['user'] + passwd = module.params['password'] + + zapi = ZabbixAPI(ZabbixConnection(module.params['server'], user, passwd, module.params['debug'])) + + #Set the instance and the template for the rest of the calls + zbx_class_name = 'itemprototype' + idname = "itemid" + dname = module.params['name'] + state = module.params['state'] + + # selectInterfaces doesn't appear to be working but is needed. + content = zapi.get_content(zbx_class_name, + 'get', + {'search': {'name': dname}, + 'selectApplications': 'applicationid', + 'selectDiscoveryRule': 'itemid', + #'selectDhosts': 'dhostid', + }) + if state == 'list': + module.exit_json(changed=False, results=content['result'], state="list") + + if state == 'absent': + if not exists(content): + module.exit_json(changed=False, state="absent") + + content = zapi.get_content(zbx_class_name, 'delete', [content['result'][0][idname]]) + module.exit_json(changed=True, results=content['result'], state="absent") + + if state == 'present': + template = get_template(zapi, module.params['template_name']) + params = {'name': dname, + 'key_': module.params['key'], + 'hostid': template['templateid'], + 'interfaceid': module.params['interfaceid'], + 'ruleid': get_rule_id(zapi, module.params['discoveryrule_name']), + 'type': get_type(module.params['ztype']), + 'value_type': get_value_type(module.params['value_type']), + 'applications': get_app_ids(zapi, module.params['applications']), + } + if params['type'] in [2, 5, 7, 8, 11, 15]: + params.pop('interfaceid') + + if not exists(content): + # if we didn't find it, create it + content = zapi.get_content(zbx_class_name, 'create', params) + module.exit_json(changed=True, results=content['result'], state='present') + # already exists, we need to update it + # let's compare properties + differences = {} + zab_results = content['result'][0] + for key, value in params.items(): + + if key == 'ruleid': + if value != zab_results['discoveryRule']['itemid']: + differences[key] = value + + elif zab_results[key] != value and zab_results[key] != str(value): + differences[key] = value + + if not differences: + module.exit_json(changed=False, results=zab_results, state="present") + + # We have differences and need to update + differences[idname] = zab_results[idname] + content = zapi.get_content(zbx_class_name, 'update', differences) + module.exit_json(changed=True, results=content['result'], state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/os_zabbix/library/zbx_template.py b/roles/os_zabbix/library/zbx_template.py index 676fa7e49..20ea48a85 100644 --- a/roles/os_zabbix/library/zbx_template.py +++ b/roles/os_zabbix/library/zbx_template.py @@ -74,7 +74,8 @@ def main(): {'search': {'host': tname}, 'selectParentTemplates': 'templateid', 'selectGroups': 'groupid', - #'selectApplications': extend, + 'selectApplications': 'applicationid', + 'selectDiscoveries': 'extend', }) if state == 'list': module.exit_json(changed=False, results=content['result'], state="list") diff --git a/roles/os_zabbix/library/zbx_user.py b/roles/os_zabbix/library/zbx_user.py index 489023407..c45c9a75d 100644 --- a/roles/os_zabbix/library/zbx_user.py +++ b/roles/os_zabbix/library/zbx_user.py @@ -54,7 +54,22 @@ def get_usergroups(zapi, usergroups): if content['result']: ugroups.append({'usrgrpid': content['result'][0]['usrgrpid']}) - return ugroups + return ugroups or None + +def get_usertype(user_type): + ''' + Determine zabbix user account type + ''' + if not user_type: + return None + + utype = 1 + if 'super' in user_type: + utype = 3 + elif 'admin' in user_type or user_type == 'admin': + utype = 2 + + return utype def main(): ''' @@ -69,8 +84,11 @@ def main(): user=dict(default=None, type='str'), password=dict(default=None, type='str'), alias=dict(default=None, type='str'), + name=dict(default=None, type='str'), + surname=dict(default=None, type='str'), + user_type=dict(default=None, type='str'), passwd=dict(default=None, type='str'), - usergroups=dict(default=None, type='list'), + usergroups=dict(default=[], type='list'), debug=dict(default=False, type='bool'), state=dict(default='present', type='str'), ), @@ -80,8 +98,7 @@ def main(): user = module.params.get('user', os.environ['ZABBIX_USER']) password = module.params.get('password', os.environ['ZABBIX_PASSWORD']) - zbc = ZabbixConnection(module.params['server'], user, password, module.params['debug']) - zapi = ZabbixAPI(zbc) + zapi = ZabbixAPI(ZabbixConnection(module.params['server'], user, password, module.params['debug'])) ## before we can create a user media and users with media types we need media zbx_class_name = 'user' @@ -109,8 +126,14 @@ def main(): params = {'alias': alias, 'passwd': module.params['passwd'], 'usrgrps': get_usergroups(zapi, module.params['usergroups']), + 'name': module.params['name'], + 'surname': module.params['surname'], + 'type': get_usertype(module.params['user_type']), } + # Remove any None valued params + _ = [params.pop(key, None) for key in params.keys() if params[key] is None] + if not exists(content): # if we didn't find it, create it content = zapi.get_content(zbx_class_name, 'create', params) diff --git a/roles/rhel_subscribe/tasks/enterprise.yml b/roles/rhel_subscribe/tasks/enterprise.yml index fc4d44745..e9e6e4bd4 100644 --- a/roles/rhel_subscribe/tasks/enterprise.yml +++ b/roles/rhel_subscribe/tasks/enterprise.yml @@ -1,5 +1,9 @@ --- +- name: Disable all repositories + command: subscription-manager repos --disable="*" + - name: Enable RHEL repositories command: subscription-manager repos \ --enable="rhel-7-server-rpms" \ + --enable="rhel-7-server-extras-rpms" \ --enable="rhel-7-server-ose-3.0-rpms" |