diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/etcd/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/lib_dyn/library/dyn_record.py | 164 | ||||
-rw-r--r-- | roles/lib_zabbix/tasks/create_template.yml | 14 | ||||
-rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 115 | ||||
-rw-r--r-- | roles/openshift_manage_node/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/openshift_master_ca/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/openshift_master_certificates/tasks/main.yml | 34 | ||||
-rw-r--r-- | roles/openshift_persistent_volumes/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/openshift_repos/tasks/main.yaml | 8 | ||||
-rw-r--r-- | roles/os_zabbix/vars/template_openshift_master.yml | 25 | ||||
-rw-r--r-- | roles/os_zabbix/vars/template_openshift_node.yml | 31 | ||||
-rw-r--r-- | roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 | 6 |
12 files changed, 267 insertions, 140 deletions
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 1e97b047b..e72509c4d 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -8,7 +8,7 @@ when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4" - name: Install etcd - action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present" + action: "{{ ansible_pkg_mgr }} name=etcd state=present" when: not openshift.common.is_containerized | bool - name: Pull etcd container diff --git a/roles/lib_dyn/library/dyn_record.py b/roles/lib_dyn/library/dyn_record.py index 7b80064f4..42d970060 100644 --- a/roles/lib_dyn/library/dyn_record.py +++ b/roles/lib_dyn/library/dyn_record.py @@ -13,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# pylint: disable=too-many-branches '''Ansible module to manage records in the Dyn Managed DNS service''' DOCUMENTATION = ''' --- @@ -84,9 +85,18 @@ options: description: - 'Record's "Time to live". Number of seconds the record remains cached' - 'in DNS servers or c(0) to use the default TTL for the zone.' + - 'This option is mutually exclusive with use_zone_ttl' required: false default: 0 + use_zone_ttl: + description: + - 'Use the DYN Zone's Default TTL' + - 'This option is mutually exclusive with record_ttl' + required: false + default: false + mutually exclusive with: record_ttl + notes: - The module makes a broad assumption that there will be only one record per "node" (FQDN). - This module returns record(s) in the "result" element when 'state' is set to 'present'. This value can be be registered and used in your playbooks. @@ -96,18 +106,28 @@ author: "Russell Harrison" ''' EXAMPLES = ''' +# Attempting to cname www.example.com to web1.example.com +- name: Update CNAME record + dyn_record: + state: present + record_fqdn: www.example.com + zone: example.com + record_type: CNAME + record_value: web1.example.com + record_ttl: 7200 + +# Use the zones default TTL - name: Update CNAME record - local_action: - module: dyn_record + dyn_record: state: present record_fqdn: www.example.com zone: example.com record_type: CNAME record_value: web1.example.com + use_zone_ttl: true - name: Update A record - local_action: - module: dyn_record + dyn_record: state: present record_fqdn: web1.example.com zone: example.com @@ -144,7 +164,10 @@ def get_record_type(record_key): return record_key.replace('_records', '').upper() def get_record_key(record_type): - '''Get the key to look up records in the dictionary returned from get_any_records.''' + '''Get the key to look up records in the dictionary returned from get_any_records. + example: + 'cname_records' + ''' return record_type.lower() + '_records' def get_any_records(module, node): @@ -166,14 +189,41 @@ def get_any_records(module, node): def get_record_values(records): '''Get the record values for each record returned by get_any_records.''' - # This simply returns the values from a dictionary of record objects + # This simply returns the values from a record ret_dict = {} for key in records.keys(): record_type = get_record_type(key) - record_value_param = RECORD_PARAMS[record_type]['value_param'] - ret_dict[key] = [getattr(elem, record_value_param) for elem in records[key]] + params = [RECORD_PARAMS[record_type]['value_param'], 'ttl', 'zone', 'fqdn'] + ret_dict[key] = [] + properties = {} + for elem in records[key]: + for param in params: + properties[param] = getattr(elem, param) + ret_dict[key].append(properties) + return ret_dict +def compare_record_values(record_type_key, user_record_value, dyn_values): + ''' Verify the user record_value exists in dyn''' + rtype = get_record_type(record_type_key) + for record in dyn_values[record_type_key]: + if user_record_value in record[RECORD_PARAMS[rtype]['value_param']]: + return True + + return False + +def compare_record_ttl(record_type_key, user_record_value, dyn_values, user_param_ttl): + ''' Verify the ttls match for the record''' + rtype = get_record_type(record_type_key) + for record in dyn_values[record_type_key]: + # find the right record + if user_record_value in record[RECORD_PARAMS[rtype]['value_param']]: + # Compare ttls from the records + if int(record['ttl']) == user_param_ttl: + return True + + return False + def main(): '''Ansible module for managing Dyn DNS records.''' module = AnsibleModule( @@ -187,16 +237,20 @@ def main(): record_type=dict(required=False, type='str', choices=[ 'A', 'AAAA', 'CNAME', 'PTR', 'TXT']), record_value=dict(required=False, type='str'), - record_ttl=dict(required=False, default=0, type='int'), + record_ttl=dict(required=False, default=None, type='int'), + use_zone_ttl=dict(required=False, default=False), ), required_together=( ['record_fqdn', 'record_value', 'record_ttl', 'record_type'] - ) + ), + mutually_exclusive=[('record_ttl', 'use_zone_ttl')] ) if IMPORT_ERROR: - module.fail_json(msg="Unable to import dyn module: https://pypi.python.org/pypi/dyn", - error=IMPORT_ERROR) + module.fail_json(msg="Unable to import dyn module: https://pypi.python.org/pypi/dyn", error=IMPORT_ERROR) + + if module.params['record_ttl'] != None and int(module.params['record_ttl']) <= 0: + module.fail_json(msg="Invalid Value for record TTL") # Start the Dyn session try: @@ -204,22 +258,16 @@ def main(): module.params['user_name'], module.params['user_password']) except dyn.tm.errors.DynectAuthError as error: - module.fail_json(msg='Unable to authenticate with Dyn', - error=str(error)) + module.fail_json(msg='Unable to authenticate with Dyn', error=str(error)) # Retrieve zone object try: dyn_zone = Zone(module.params['zone']) except dyn.tm.errors.DynectGetError as error: if 'No such zone' in str(error): - module.fail_json( - msg="Not a valid zone for this account", - zone=module.params['zone'] - ) + module.fail_json(msg="Not a valid zone for this account", zone=module.params['zone']) else: - module.fail_json(msg="Unable to retrieve zone", - error=str(error)) - + module.fail_json(msg="Unable to retrieve zone", error=str(error)) # To retrieve the node object we need to remove the zone name from the FQDN dyn_node_name = module.params['record_fqdn'].replace('.' + module.params['zone'], '') @@ -233,27 +281,46 @@ def main(): # All states will need a list of the exiting records for the zone. dyn_node_records = get_any_records(module, dyn_node) + dyn_values = get_record_values(dyn_node_records) + if module.params['state'] == 'list': - module.exit_json(changed=False, - records=get_record_values( - dyn_node_records, - )) + module.exit_json(changed=False, dyn_records=dyn_values) - if module.params['state'] == 'present': + elif module.params['state'] == 'absent': + # If there are any records present we'll want to delete the node. + if dyn_node_records: + dyn_node.delete() + + # Publish the zone since we've modified it. + dyn_zone.publish() + + module.exit_json(changed=True, msg="Removed node %s from zone %s" % (dyn_node_name, module.params['zone'])) + + module.exit_json(changed=False) + + elif module.params['state'] == 'present': + + # configure the TTL variable: + # if use_zone_ttl, use the default TTL of the account. + # if TTL == None, don't check it, set it as 0 (api default) + # if TTL > 0, ensure this TTL is set + if module.params['use_zone_ttl']: + user_param_ttl = dyn_zone.ttl + elif not module.params['record_ttl']: + user_param_ttl = 0 + else: + user_param_ttl = module.params['record_ttl'] # First get a list of existing records for the node - values = get_record_values(dyn_node_records) - value_key = get_record_key(module.params['record_type']) - param_value = module.params['record_value'] + record_type_key = get_record_key(module.params['record_type']) + user_record_value = module.params['record_value'] # Check to see if the record is already in place before doing anything. - if (dyn_node_records and - dyn_node_records[value_key][0].ttl == module.params['record_ttl'] and - (param_value in values[value_key] or - param_value + '.' in values[value_key])): - - module.exit_json(changed=False) + if dyn_node_records and compare_record_values(record_type_key, user_record_value, dyn_values): + if user_param_ttl == 0 or \ + compare_record_ttl(record_type_key, user_record_value, dyn_values, user_param_ttl): + module.exit_json(changed=False, dyn_record=dyn_values) # Working on the assumption that there is only one record per # node we will first delete the node if there are any records before @@ -262,27 +329,20 @@ def main(): dyn_node.delete() # Now lets create the correct node entry. - dyn_zone.add_record(dyn_node_name, - module.params['record_type'], - module.params['record_value'], - module.params['record_ttl'] - ) + record = dyn_zone.add_record(dyn_node_name, + module.params['record_type'], + module.params['record_value'], + user_param_ttl + ) # Now publish the zone since we've updated it. dyn_zone.publish() - module.exit_json(changed=True, - msg="Created node %s in zone %s" % (dyn_node_name, module.params['zone'])) - if module.params['state'] == 'absent': - # If there are any records present we'll want to delete the node. - if dyn_node_records: - dyn_node.delete() - # Publish the zone since we've modified it. - dyn_zone.publish() - module.exit_json(changed=True, - msg="Removed node %s from zone %s" % (dyn_node_name, module.params['zone'])) - else: - module.exit_json(changed=False) + rmsg = "Created node [%s] " % dyn_node_name + rmsg += "in zone: [%s]" % module.params['zone'] + module.exit_json(changed=True, msg=rmsg, dyn_record=get_record_values({record_type_key: [record]})) + + module.fail_json(msg="Unknown state: [%s]" % module.params['state']) # Ansible tends to need a wild card import so we'll use it here # pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled diff --git a/roles/lib_zabbix/tasks/create_template.yml b/roles/lib_zabbix/tasks/create_template.yml index 61344357a..783249c3a 100644 --- a/roles/lib_zabbix/tasks/create_template.yml +++ b/roles/lib_zabbix/tasks/create_template.yml @@ -61,6 +61,20 @@ with_items: template.ztriggers when: template.ztriggers is defined +- name: Create Actions + zbx_action: + zbx_server: "{{ server }}" + zbx_user: "{{ user }}" + zbx_password: "{{ password }}" + state: "{{ item.state | default('present', True) }}" + name: "{{ item.name }}" + status: "{{ item.status | default('enabled', True) }}" + escalation_time: "{{ item.escalation_time }}" + conditions_filter: "{{ item.conditions_filter }}" + operations: "{{ item.operations }}" + with_items: template.zactions + when: template.zactions is defined + - name: Create Discoveryrules zbx_discoveryrule: zbx_server: "{{ server }}" diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 25b9534dd..0f25881f1 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -718,7 +718,7 @@ def set_version_facts_if_unset(facts): if deployment_type == 'origin': version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0') version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1') - version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.1.2') + version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.2.0') else: version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.0.2.905') version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('3.1.1') @@ -916,41 +916,79 @@ def apply_provider_facts(facts, provider_facts): facts['provider'] = provider_facts return facts - -def merge_facts(orig, new, additive_facts_to_overwrite): +# Disabling pylint too many branches. This function needs refactored +# but is a very core part of openshift_facts. +# pylint: disable=too-many-branches +def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overwrite): """ Recursively merge facts dicts Args: orig (dict): existing facts new (dict): facts to update - additive_facts_to_overwrite (list): additive facts to overwrite in jinja '.' notation ex: ['master.named_certificates'] + protected_facts_to_overwrite (list): protected facts to overwrite in jinja + '.' notation ex: ['master.master_count'] Returns: dict: the merged facts """ additive_facts = ['named_certificates'] + protected_facts = ['ha', 'master_count'] facts = dict() for key, value in orig.iteritems(): + # Key exists in both old and new facts. if key in new: + # Continue to recurse if old and new fact is a dictionary. if isinstance(value, dict) and isinstance(new[key], dict): + # Collect the subset of additive facts to overwrite if + # key matches. These will be passed to the subsequent + # merge_facts call. relevant_additive_facts = [] - # Keep additive_facts_to_overwrite if key matches for item in additive_facts_to_overwrite: if '.' in item and item.startswith(key + '.'): relevant_additive_facts.append(item) - facts[key] = merge_facts(value, new[key], relevant_additive_facts) + + # Collect the subset of protected facts to overwrite + # if key matches. These will be passed to the + # subsequent merge_facts call. + relevant_protected_facts = [] + for item in protected_facts_to_overwrite: + if '.' in item and item.startswith(key + '.'): + relevant_protected_facts.append(item) + facts[key] = merge_facts(value, new[key], relevant_additive_facts, relevant_protected_facts) + # Key matches an additive fact and we are not overwriting + # it so we will append the new value to the existing value. elif key in additive_facts and key not in [x.split('.')[-1] for x in additive_facts_to_overwrite]: - # Fact is additive so we'll combine orig and new. if isinstance(value, list) and isinstance(new[key], list): new_fact = [] for item in copy.deepcopy(value) + copy.deepcopy(new[key]): if item not in new_fact: new_fact.append(item) facts[key] = new_fact + # Key matches a protected fact and we are not overwriting + # it so we will determine if it is okay to change this + # fact. + elif key in protected_facts and key not in [x.split('.')[-1] for x in protected_facts_to_overwrite]: + # The master count (int) can only increase unless it + # has been passed as a protected fact to overwrite. + if key == 'master_count': + if int(value) <= int(new[key]): + facts[key] = copy.deepcopy(new[key]) + else: + module.fail_json(msg='openshift_facts received a lower value for openshift.master.master_count') + # ha (bool) can not change unless it has been passed + # as a protected fact to overwrite. + if key == 'ha': + if bool(value) != bool(new[key]): + module.fail_json(msg='openshift_facts received a different value for openshift.master.ha') + else: + facts[key] = value + # No other condition has been met. Overwrite the old fact + # with the new value. else: facts[key] = copy.deepcopy(new[key]) + # Key isn't in new so add it to facts to keep it. else: facts[key] = copy.deepcopy(value) new_keys = set(new.keys()) - set(orig.keys()) @@ -1114,6 +1152,8 @@ class OpenShiftFacts(object): local_facts (dict): local facts to set additive_facts_to_overwrite (list): additive facts to overwrite in jinja '.' notation ex: ['master.named_certificates'] + protected_facts_to_overwrite (list): protected facts to overwrite in jinja + '.' notation ex: ['master.master_count'] Raises: OpenShiftFactsUnsupportedRoleError: @@ -1122,7 +1162,10 @@ class OpenShiftFacts(object): # Disabling too-many-arguments, this should be cleaned up as a TODO item. # pylint: disable=too-many-arguments - def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False, openshift_env=None): + def __init__(self, role, filename, local_facts, + additive_facts_to_overwrite=None, + openshift_env=None, + protected_facts_to_overwrite=None): self.changed = False self.filename = filename if role not in self.known_roles: @@ -1131,27 +1174,41 @@ class OpenShiftFacts(object): ) self.role = role self.system_facts = ansible_facts(module) - self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, openshift_env) - - def generate_facts(self, local_facts, additive_facts_to_overwrite, openshift_env): + self.facts = self.generate_facts(local_facts, + additive_facts_to_overwrite, + openshift_env, + protected_facts_to_overwrite) + + def generate_facts(self, + local_facts, + additive_facts_to_overwrite, + openshift_env, + protected_facts_to_overwrite): """ Generate facts Args: - local_facts (dict): local_facts for overriding generated - defaults + local_facts (dict): local_facts for overriding generated defaults additive_facts_to_overwrite (list): additive facts to overwrite in jinja '.' notation ex: ['master.named_certificates'] - + openshift_env (dict): openshift_env facts for overriding generated defaults + protected_facts_to_overwrite (list): protected facts to overwrite in jinja + '.' notation ex: ['master.master_count'] Returns: dict: The generated facts """ - local_facts = self.init_local_facts(local_facts, additive_facts_to_overwrite, openshift_env) + local_facts = self.init_local_facts(local_facts, + additive_facts_to_overwrite, + openshift_env, + protected_facts_to_overwrite) roles = local_facts.keys() defaults = self.get_defaults(roles) provider_facts = self.init_provider_facts() facts = apply_provider_facts(defaults, provider_facts) - facts = merge_facts(facts, local_facts, additive_facts_to_overwrite) + facts = merge_facts(facts, + local_facts, + additive_facts_to_overwrite, + protected_facts_to_overwrite) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) @@ -1315,13 +1372,20 @@ class OpenShiftFacts(object): # Disabling too-many-branches. This should be cleaned up as a TODO item. #pylint: disable=too-many-branches - def init_local_facts(self, facts=None, additive_facts_to_overwrite=False, openshift_env=None): + def init_local_facts(self, facts=None, + additive_facts_to_overwrite=None, + openshift_env=None, + protected_facts_to_overwrite=None): """ Initialize the provider facts Args: facts (dict): local facts to set additive_facts_to_overwrite (list): additive facts to overwrite in jinja '.' notation ex: ['master.named_certificates'] + openshift_env (dict): openshift env facts to set + protected_facts_to_overwrite (list): protected facts to overwrite in jinja + '.' notation ex: ['master.master_count'] + Returns: dict: The result of merging the provided facts with existing @@ -1347,7 +1411,10 @@ class OpenShiftFacts(object): elif key not in current_level: current_level[key] = dict() current_level = current_level[key] - facts_to_set = merge_facts(facts_to_set, oo_env_facts, []) + facts_to_set = merge_facts(orig=facts_to_set, + new=oo_env_facts, + additive_facts_to_overwrite=[], + protected_facts_to_overwrite=[]) local_facts = get_local_facts_from_file(self.filename) @@ -1356,7 +1423,10 @@ class OpenShiftFacts(object): basestring): facts_to_set[arg] = module.from_json(facts_to_set[arg]) - new_local_facts = merge_facts(local_facts, facts_to_set, additive_facts_to_overwrite) + new_local_facts = merge_facts(local_facts, + facts_to_set, + additive_facts_to_overwrite, + protected_facts_to_overwrite) for facts in new_local_facts.values(): keys_to_delete = [] if isinstance(facts, dict): @@ -1452,7 +1522,8 @@ def main(): choices=OpenShiftFacts.known_roles), local_facts=dict(default=None, type='dict', required=False), additive_facts_to_overwrite=dict(default=[], type='list', required=False), - openshift_env=dict(default={}, type='dict', required=False) + openshift_env=dict(default={}, type='dict', required=False), + protected_facts_to_overwrite=dict(default=[], type='list', required=False), ), supports_check_mode=True, add_file_common_args=True, @@ -1462,6 +1533,7 @@ def main(): local_facts = module.params['local_facts'] additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] openshift_env = module.params['openshift_env'] + protected_facts_to_overwrite = module.params['protected_facts_to_overwrite'] fact_file = '/etc/ansible/facts.d/openshift.fact' @@ -1469,7 +1541,8 @@ def main(): fact_file, local_facts, additive_facts_to_overwrite, - openshift_env) + openshift_env, + protected_facts_to_overwrite) file_params = module.params.copy() file_params['path'] = fact_file diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index 06f12053a..cee1f1738 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -3,7 +3,7 @@ {{ openshift.common.client_binary }} get node {{ item | lower }} register: omd_get_node until: omd_get_node.rc == 0 - retries: 20 + retries: 50 delay: 5 changed_when: false with_items: openshift_nodes diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 6d9be81c0..66960e73e 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -25,4 +25,4 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_master_config_dir }} --overwrite=false - when: master_certs_missing + when: master_certs_missing | bool diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 7c58e943a..72869a592 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -6,40 +6,16 @@ mode: 0700 with_items: masters_needing_certs -- set_fact: - master_certificates: - - ca.crt - - ca.key - - ca.serial.txt - - admin.crt - - admin.key - - admin.kubeconfig - - master.kubelet-client.crt - - master.kubelet-client.key - - master.server.crt - - master.server.key - - openshift-master.crt - - openshift-master.key - - openshift-master.kubeconfig - - openshift-registry.crt - - openshift-registry.key - - openshift-registry.kubeconfig - - openshift-router.crt - - openshift-router.key - - openshift-router.kubeconfig - - serviceaccounts.private.key - - serviceaccounts.public.key - master_31_certificates: - - master.proxy-client.crt - - master.proxy-client.key - - file: src: "{{ openshift_master_config_dir }}/{{ item.1 }}" dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" state: hard with_nested: - masters_needing_certs - - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_gte_3_1_or_1_1 | bool else master_certificates }}" + - + - ca.crt + - ca.key + - ca.serial.txt - name: Create the master certificates if they do not already exist command: > @@ -49,5 +25,5 @@ --public-master={{ item.openshift.master.public_api_url }} --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} --overwrite=false - when: master_certs_missing + when: item.master_certs_missing | bool with_items: masters_needing_certs diff --git a/roles/openshift_persistent_volumes/tasks/main.yml b/roles/openshift_persistent_volumes/tasks/main.yml index 2455fc792..e431e978c 100644 --- a/roles/openshift_persistent_volumes/tasks/main.yml +++ b/roles/openshift_persistent_volumes/tasks/main.yml @@ -23,7 +23,7 @@ --config={{ mktemp.stdout }}/admin.kubeconfig register: pv_create_output when: persistent_volumes | length > 0 - failed_when: ('already exists' not in pv_create_output.stderr if pv_create_output.stderr else False) or ('created' not in pv_create_output.stdout if pv_create_output.stdout else False) + failed_when: ('already exists' not in pv_create_output.stderr) and ('created' not in pv_create_output.stdout) changed_when: ('created' in pv_create_output.stdout) - name: Deploy PersistentVolumeClaim definitions @@ -40,7 +40,7 @@ --config={{ mktemp.stdout }}/admin.kubeconfig register: pvc_create_output when: persistent_volume_claims | length > 0 - failed_when: ('already exists' not in pvc_create_output.stderr if pvc_create_output.stderr else False) or ('created' not in pvc_create_output.stdout if pvc_create_output.stdout else False) + failed_when: ('already exists' not in pvc_create_output.stderr) and ('created' not in pvc_create_output.stdout) changed_when: ('created' in pvc_create_output.stdout) - name: Delete temp directory diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 8a75639c2..6143805ca 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -46,19 +46,19 @@ with_fileglob: - '*/repos/*' when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and - (ansible_distribution == "Fedora") + (ansible_distribution == "Fedora") and not openshift.common.is_containerized | bool notify: refresh cache - name: Configure gpg keys if needed - copy: src={{ item }} dest=/etc/pki/rpm-gpg/ + copy: src="{{ item }}" dest=/etc/pki/rpm-gpg/ with_fileglob: - "{{ openshift_deployment_type }}/gpg_keys/*" notify: refresh cache when: not openshift.common.is_containerized | bool - name: Configure yum repositories RHEL/CentOS - copy: src={{ item }} dest=/etc/yum.repos.d/ + copy: src="{{ item }}" dest=/etc/yum.repos.d/ with_fileglob: - "{{ openshift_deployment_type }}/repos/*" notify: refresh cache @@ -66,7 +66,7 @@ and not openshift.common.is_containerized | bool - name: Configure yum repositories Fedora - copy: src={{ item }} dest=/etc/yum.repos.d/ + copy: src="{{ item }}" dest=/etc/yum.repos.d/ with_fileglob: - "fedora-{{ openshift_deployment_type }}/repos/*" notify: refresh cache diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml index 1824d7881..e36f23a2b 100644 --- a/roles/os_zabbix/vars/template_openshift_master.yml +++ b/roles/os_zabbix/vars/template_openshift_master.yml @@ -7,12 +7,6 @@ g_template_openshift_master: - Openshift Master key: openshift.master.app.create - - key: openshift.master.registry.healthy_pct - description: "Shows the percentage of healthy registries in the cluster" - type: int - applications: - - Openshift Master - - key: openshift.master.process.count description: Shows number of master processes running type: int @@ -278,11 +272,6 @@ g_template_openshift_master: url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc' priority: high - - name: 'Low number of etcd watchers on {HOST.NAME}' - expression: '{Template Openshift Master:openshift.master.etcd.watchers.last(#1)}<10 and {Template Openshift Master:openshift.master.etcd.watchers.last(#2)}<10' - url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_etcd.asciidoc' - priority: avg - - name: 'Etcd ping failed on {HOST.NAME}' expression: '{Template Openshift Master:openshift.master.etcd.ping.last(#1)}=0 and {Template Openshift Master:openshift.master.etcd.ping.last(#2)}=0' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_etcd.asciidoc' @@ -345,20 +334,6 @@ g_template_openshift_master: - 'Openshift Master process not running on {HOST.NAME}' priority: avg - - name: 'One or more Docker Registries is unhealthy according to {HOST.NAME}' - expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<100 and {Template Openshift Master:openshift.master.registry.healthy_pct.max(#2)}>50' - url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc' - dependencies: - - 'Openshift Master process not running on {HOST.NAME}' - priority: avg - - - name: 'Multiple Docker Registries are unhealthy according to {HOST.NAME}' - expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<51' - url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc' - dependencies: - - 'Openshift Master process not running on {HOST.NAME}' - priority: high - - name: 'SkyDNS port not listening on {HOST.NAME}' expression: '{Template Openshift Master:openshift.master.skydns.port.open.max(#3)}<1' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc' diff --git a/roles/os_zabbix/vars/template_openshift_node.yml b/roles/os_zabbix/vars/template_openshift_node.yml index c36c593df..e6daee8e4 100644 --- a/roles/os_zabbix/vars/template_openshift_node.yml +++ b/roles/os_zabbix/vars/template_openshift_node.yml @@ -69,4 +69,33 @@ g_template_openshift_node: url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc' priority: high - + zactions: + - name: '[HEAL] OVS may not be running on {HOST.NAME}' + status: disabled + escalation_time: 60 + conditions_filter: + calculation_type: "and/or" + conditions: + - conditiontype: maintenance status + operator: not in + - conditiontype: trigger name + operator: like + value: "[HEAL] OVS may not be running on" + - conditiontype: trigger value + operator: "=" + value: PROBLEM + operations: + - esc_step_from: 1 + esc_step_to: 1 + esc_period: 0 + operationtype: remote command + opcommand: + command: 'ssh -i /etc/openshift_tools/scriptrunner_id_rsa {{ ozb_scriptrunner_user }}@{{ ozb_scriptrunner_bastion_host }} remote-healer --host \"{HOST.NAME}\" --trigger \"{TRIGGER.NAME}\" --trigger-val \"{TRIGGER.VALUE}\"' + execute_on: "zabbix server" + type: 'custom script' + target_hosts: + - target_type: 'zabbix server' + opconditions: + - conditiontype: 'event acknowledged' + operator: '=' + value: 'not acknowledged' diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 index d85d8b94e..e17092202 100644 --- a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 +++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 @@ -43,13 +43,13 @@ ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }} -e ZAGG_URL={{ osohm_zagg_web_url }} \ -e ZAGG_USER={{ osohm_default_zagg_server_user }} \ -e ZAGG_PASSWORD={{ osohm_default_zagg_server_password }} \ - -e ZAGG_CLIENT_HOSTNAME={{ ec2_tag_Name }} \ + -e ZAGG_CLIENT_HOSTNAME={{ oo_name }} \ -e ZAGG_SSL_VERIFY={{ osohm_zagg_verify_ssl }} \ -e OSO_CLUSTER_GROUP={{ cluster_group }} \ -e OSO_CLUSTER_ID={{ oo_clusterid }} \ -e OSO_ENVIRONMENT={{ oo_environment }} \ - -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_host-type'] }} \ - -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }} \ + -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['oo_hosttype'] }} \ + -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['oo_subhosttype'] }} \ -e OSO_MASTER_HA={{ osohm_master_ha }} \ -v /etc/localtime:/etc/localtime \ -v /sys:/sys:ro \ |