summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/etcd/tasks/main.yml2
-rw-r--r--roles/lib_dyn/library/dyn_record.py164
-rw-r--r--roles/lib_zabbix/tasks/create_template.yml14
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py115
-rw-r--r--roles/openshift_manage_node/tasks/main.yml2
-rw-r--r--roles/openshift_master_ca/tasks/main.yml2
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml34
-rw-r--r--roles/openshift_persistent_volumes/tasks/main.yml4
-rw-r--r--roles/openshift_repos/tasks/main.yaml8
-rw-r--r--roles/os_zabbix/vars/template_openshift_master.yml25
-rw-r--r--roles/os_zabbix/vars/template_openshift_node.yml31
-rw-r--r--roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j26
12 files changed, 267 insertions, 140 deletions
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 1e97b047b..e72509c4d 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -8,7 +8,7 @@
when: "'ipv4' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface] or 'address' not in hostvars[inventory_hostname]['ansible_' ~ etcd_interface].ipv4"
- name: Install etcd
- action: "{{ ansible_pkg_mgr }} name=etcd-2.* state=present"
+ action: "{{ ansible_pkg_mgr }} name=etcd state=present"
when: not openshift.common.is_containerized | bool
- name: Pull etcd container
diff --git a/roles/lib_dyn/library/dyn_record.py b/roles/lib_dyn/library/dyn_record.py
index 7b80064f4..42d970060 100644
--- a/roles/lib_dyn/library/dyn_record.py
+++ b/roles/lib_dyn/library/dyn_record.py
@@ -13,6 +13,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# pylint: disable=too-many-branches
'''Ansible module to manage records in the Dyn Managed DNS service'''
DOCUMENTATION = '''
---
@@ -84,9 +85,18 @@ options:
description:
- 'Record's "Time to live". Number of seconds the record remains cached'
- 'in DNS servers or c(0) to use the default TTL for the zone.'
+ - 'This option is mutually exclusive with use_zone_ttl'
required: false
default: 0
+ use_zone_ttl:
+ description:
+ - 'Use the DYN Zone's Default TTL'
+ - 'This option is mutually exclusive with record_ttl'
+ required: false
+ default: false
+ mutually exclusive with: record_ttl
+
notes:
- The module makes a broad assumption that there will be only one record per "node" (FQDN).
- This module returns record(s) in the "result" element when 'state' is set to 'present'. This value can be be registered and used in your playbooks.
@@ -96,18 +106,28 @@ author: "Russell Harrison"
'''
EXAMPLES = '''
+# Attempting to cname www.example.com to web1.example.com
+- name: Update CNAME record
+ dyn_record:
+ state: present
+ record_fqdn: www.example.com
+ zone: example.com
+ record_type: CNAME
+ record_value: web1.example.com
+ record_ttl: 7200
+
+# Use the zones default TTL
- name: Update CNAME record
- local_action:
- module: dyn_record
+ dyn_record:
state: present
record_fqdn: www.example.com
zone: example.com
record_type: CNAME
record_value: web1.example.com
+ use_zone_ttl: true
- name: Update A record
- local_action:
- module: dyn_record
+ dyn_record:
state: present
record_fqdn: web1.example.com
zone: example.com
@@ -144,7 +164,10 @@ def get_record_type(record_key):
return record_key.replace('_records', '').upper()
def get_record_key(record_type):
- '''Get the key to look up records in the dictionary returned from get_any_records.'''
+ '''Get the key to look up records in the dictionary returned from get_any_records.
+ example:
+ 'cname_records'
+ '''
return record_type.lower() + '_records'
def get_any_records(module, node):
@@ -166,14 +189,41 @@ def get_any_records(module, node):
def get_record_values(records):
'''Get the record values for each record returned by get_any_records.'''
- # This simply returns the values from a dictionary of record objects
+ # This simply returns the values from a record
ret_dict = {}
for key in records.keys():
record_type = get_record_type(key)
- record_value_param = RECORD_PARAMS[record_type]['value_param']
- ret_dict[key] = [getattr(elem, record_value_param) for elem in records[key]]
+ params = [RECORD_PARAMS[record_type]['value_param'], 'ttl', 'zone', 'fqdn']
+ ret_dict[key] = []
+ properties = {}
+ for elem in records[key]:
+ for param in params:
+ properties[param] = getattr(elem, param)
+ ret_dict[key].append(properties)
+
return ret_dict
+def compare_record_values(record_type_key, user_record_value, dyn_values):
+ ''' Verify the user record_value exists in dyn'''
+ rtype = get_record_type(record_type_key)
+ for record in dyn_values[record_type_key]:
+ if user_record_value in record[RECORD_PARAMS[rtype]['value_param']]:
+ return True
+
+ return False
+
+def compare_record_ttl(record_type_key, user_record_value, dyn_values, user_param_ttl):
+ ''' Verify the ttls match for the record'''
+ rtype = get_record_type(record_type_key)
+ for record in dyn_values[record_type_key]:
+ # find the right record
+ if user_record_value in record[RECORD_PARAMS[rtype]['value_param']]:
+ # Compare ttls from the records
+ if int(record['ttl']) == user_param_ttl:
+ return True
+
+ return False
+
def main():
'''Ansible module for managing Dyn DNS records.'''
module = AnsibleModule(
@@ -187,16 +237,20 @@ def main():
record_type=dict(required=False, type='str', choices=[
'A', 'AAAA', 'CNAME', 'PTR', 'TXT']),
record_value=dict(required=False, type='str'),
- record_ttl=dict(required=False, default=0, type='int'),
+ record_ttl=dict(required=False, default=None, type='int'),
+ use_zone_ttl=dict(required=False, default=False),
),
required_together=(
['record_fqdn', 'record_value', 'record_ttl', 'record_type']
- )
+ ),
+ mutually_exclusive=[('record_ttl', 'use_zone_ttl')]
)
if IMPORT_ERROR:
- module.fail_json(msg="Unable to import dyn module: https://pypi.python.org/pypi/dyn",
- error=IMPORT_ERROR)
+ module.fail_json(msg="Unable to import dyn module: https://pypi.python.org/pypi/dyn", error=IMPORT_ERROR)
+
+ if module.params['record_ttl'] != None and int(module.params['record_ttl']) <= 0:
+ module.fail_json(msg="Invalid Value for record TTL")
# Start the Dyn session
try:
@@ -204,22 +258,16 @@ def main():
module.params['user_name'],
module.params['user_password'])
except dyn.tm.errors.DynectAuthError as error:
- module.fail_json(msg='Unable to authenticate with Dyn',
- error=str(error))
+ module.fail_json(msg='Unable to authenticate with Dyn', error=str(error))
# Retrieve zone object
try:
dyn_zone = Zone(module.params['zone'])
except dyn.tm.errors.DynectGetError as error:
if 'No such zone' in str(error):
- module.fail_json(
- msg="Not a valid zone for this account",
- zone=module.params['zone']
- )
+ module.fail_json(msg="Not a valid zone for this account", zone=module.params['zone'])
else:
- module.fail_json(msg="Unable to retrieve zone",
- error=str(error))
-
+ module.fail_json(msg="Unable to retrieve zone", error=str(error))
# To retrieve the node object we need to remove the zone name from the FQDN
dyn_node_name = module.params['record_fqdn'].replace('.' + module.params['zone'], '')
@@ -233,27 +281,46 @@ def main():
# All states will need a list of the exiting records for the zone.
dyn_node_records = get_any_records(module, dyn_node)
+ dyn_values = get_record_values(dyn_node_records)
+
if module.params['state'] == 'list':
- module.exit_json(changed=False,
- records=get_record_values(
- dyn_node_records,
- ))
+ module.exit_json(changed=False, dyn_records=dyn_values)
- if module.params['state'] == 'present':
+ elif module.params['state'] == 'absent':
+ # If there are any records present we'll want to delete the node.
+ if dyn_node_records:
+ dyn_node.delete()
+
+ # Publish the zone since we've modified it.
+ dyn_zone.publish()
+
+ module.exit_json(changed=True, msg="Removed node %s from zone %s" % (dyn_node_name, module.params['zone']))
+
+ module.exit_json(changed=False)
+
+ elif module.params['state'] == 'present':
+
+ # configure the TTL variable:
+ # if use_zone_ttl, use the default TTL of the account.
+ # if TTL == None, don't check it, set it as 0 (api default)
+ # if TTL > 0, ensure this TTL is set
+ if module.params['use_zone_ttl']:
+ user_param_ttl = dyn_zone.ttl
+ elif not module.params['record_ttl']:
+ user_param_ttl = 0
+ else:
+ user_param_ttl = module.params['record_ttl']
# First get a list of existing records for the node
- values = get_record_values(dyn_node_records)
- value_key = get_record_key(module.params['record_type'])
- param_value = module.params['record_value']
+ record_type_key = get_record_key(module.params['record_type'])
+ user_record_value = module.params['record_value']
# Check to see if the record is already in place before doing anything.
- if (dyn_node_records and
- dyn_node_records[value_key][0].ttl == module.params['record_ttl'] and
- (param_value in values[value_key] or
- param_value + '.' in values[value_key])):
-
- module.exit_json(changed=False)
+ if dyn_node_records and compare_record_values(record_type_key, user_record_value, dyn_values):
+ if user_param_ttl == 0 or \
+ compare_record_ttl(record_type_key, user_record_value, dyn_values, user_param_ttl):
+ module.exit_json(changed=False, dyn_record=dyn_values)
# Working on the assumption that there is only one record per
# node we will first delete the node if there are any records before
@@ -262,27 +329,20 @@ def main():
dyn_node.delete()
# Now lets create the correct node entry.
- dyn_zone.add_record(dyn_node_name,
- module.params['record_type'],
- module.params['record_value'],
- module.params['record_ttl']
- )
+ record = dyn_zone.add_record(dyn_node_name,
+ module.params['record_type'],
+ module.params['record_value'],
+ user_param_ttl
+ )
# Now publish the zone since we've updated it.
dyn_zone.publish()
- module.exit_json(changed=True,
- msg="Created node %s in zone %s" % (dyn_node_name, module.params['zone']))
- if module.params['state'] == 'absent':
- # If there are any records present we'll want to delete the node.
- if dyn_node_records:
- dyn_node.delete()
- # Publish the zone since we've modified it.
- dyn_zone.publish()
- module.exit_json(changed=True,
- msg="Removed node %s from zone %s" % (dyn_node_name, module.params['zone']))
- else:
- module.exit_json(changed=False)
+ rmsg = "Created node [%s] " % dyn_node_name
+ rmsg += "in zone: [%s]" % module.params['zone']
+ module.exit_json(changed=True, msg=rmsg, dyn_record=get_record_values({record_type_key: [record]}))
+
+ module.fail_json(msg="Unknown state: [%s]" % module.params['state'])
# Ansible tends to need a wild card import so we'll use it here
# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled
diff --git a/roles/lib_zabbix/tasks/create_template.yml b/roles/lib_zabbix/tasks/create_template.yml
index 61344357a..783249c3a 100644
--- a/roles/lib_zabbix/tasks/create_template.yml
+++ b/roles/lib_zabbix/tasks/create_template.yml
@@ -61,6 +61,20 @@
with_items: template.ztriggers
when: template.ztriggers is defined
+- name: Create Actions
+ zbx_action:
+ zbx_server: "{{ server }}"
+ zbx_user: "{{ user }}"
+ zbx_password: "{{ password }}"
+ state: "{{ item.state | default('present', True) }}"
+ name: "{{ item.name }}"
+ status: "{{ item.status | default('enabled', True) }}"
+ escalation_time: "{{ item.escalation_time }}"
+ conditions_filter: "{{ item.conditions_filter }}"
+ operations: "{{ item.operations }}"
+ with_items: template.zactions
+ when: template.zactions is defined
+
- name: Create Discoveryrules
zbx_discoveryrule:
zbx_server: "{{ server }}"
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 25b9534dd..0f25881f1 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -718,7 +718,7 @@ def set_version_facts_if_unset(facts):
if deployment_type == 'origin':
version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0')
version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1')
- version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.1.2')
+ version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.2.0')
else:
version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.0.2.905')
version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('3.1.1')
@@ -916,41 +916,79 @@ def apply_provider_facts(facts, provider_facts):
facts['provider'] = provider_facts
return facts
-
-def merge_facts(orig, new, additive_facts_to_overwrite):
+# Disabling pylint too many branches. This function needs refactored
+# but is a very core part of openshift_facts.
+# pylint: disable=too-many-branches
+def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overwrite):
""" Recursively merge facts dicts
Args:
orig (dict): existing facts
new (dict): facts to update
-
additive_facts_to_overwrite (list): additive facts to overwrite in jinja
'.' notation ex: ['master.named_certificates']
+ protected_facts_to_overwrite (list): protected facts to overwrite in jinja
+ '.' notation ex: ['master.master_count']
Returns:
dict: the merged facts
"""
additive_facts = ['named_certificates']
+ protected_facts = ['ha', 'master_count']
facts = dict()
for key, value in orig.iteritems():
+ # Key exists in both old and new facts.
if key in new:
+ # Continue to recurse if old and new fact is a dictionary.
if isinstance(value, dict) and isinstance(new[key], dict):
+ # Collect the subset of additive facts to overwrite if
+ # key matches. These will be passed to the subsequent
+ # merge_facts call.
relevant_additive_facts = []
- # Keep additive_facts_to_overwrite if key matches
for item in additive_facts_to_overwrite:
if '.' in item and item.startswith(key + '.'):
relevant_additive_facts.append(item)
- facts[key] = merge_facts(value, new[key], relevant_additive_facts)
+
+ # Collect the subset of protected facts to overwrite
+ # if key matches. These will be passed to the
+ # subsequent merge_facts call.
+ relevant_protected_facts = []
+ for item in protected_facts_to_overwrite:
+ if '.' in item and item.startswith(key + '.'):
+ relevant_protected_facts.append(item)
+ facts[key] = merge_facts(value, new[key], relevant_additive_facts, relevant_protected_facts)
+ # Key matches an additive fact and we are not overwriting
+ # it so we will append the new value to the existing value.
elif key in additive_facts and key not in [x.split('.')[-1] for x in additive_facts_to_overwrite]:
- # Fact is additive so we'll combine orig and new.
if isinstance(value, list) and isinstance(new[key], list):
new_fact = []
for item in copy.deepcopy(value) + copy.deepcopy(new[key]):
if item not in new_fact:
new_fact.append(item)
facts[key] = new_fact
+ # Key matches a protected fact and we are not overwriting
+ # it so we will determine if it is okay to change this
+ # fact.
+ elif key in protected_facts and key not in [x.split('.')[-1] for x in protected_facts_to_overwrite]:
+ # The master count (int) can only increase unless it
+ # has been passed as a protected fact to overwrite.
+ if key == 'master_count':
+ if int(value) <= int(new[key]):
+ facts[key] = copy.deepcopy(new[key])
+ else:
+ module.fail_json(msg='openshift_facts received a lower value for openshift.master.master_count')
+ # ha (bool) can not change unless it has been passed
+ # as a protected fact to overwrite.
+ if key == 'ha':
+ if bool(value) != bool(new[key]):
+ module.fail_json(msg='openshift_facts received a different value for openshift.master.ha')
+ else:
+ facts[key] = value
+ # No other condition has been met. Overwrite the old fact
+ # with the new value.
else:
facts[key] = copy.deepcopy(new[key])
+ # Key isn't in new so add it to facts to keep it.
else:
facts[key] = copy.deepcopy(value)
new_keys = set(new.keys()) - set(orig.keys())
@@ -1114,6 +1152,8 @@ class OpenShiftFacts(object):
local_facts (dict): local facts to set
additive_facts_to_overwrite (list): additive facts to overwrite in jinja
'.' notation ex: ['master.named_certificates']
+ protected_facts_to_overwrite (list): protected facts to overwrite in jinja
+ '.' notation ex: ['master.master_count']
Raises:
OpenShiftFactsUnsupportedRoleError:
@@ -1122,7 +1162,10 @@ class OpenShiftFacts(object):
# Disabling too-many-arguments, this should be cleaned up as a TODO item.
# pylint: disable=too-many-arguments
- def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=False, openshift_env=None):
+ def __init__(self, role, filename, local_facts,
+ additive_facts_to_overwrite=None,
+ openshift_env=None,
+ protected_facts_to_overwrite=None):
self.changed = False
self.filename = filename
if role not in self.known_roles:
@@ -1131,27 +1174,41 @@ class OpenShiftFacts(object):
)
self.role = role
self.system_facts = ansible_facts(module)
- self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, openshift_env)
-
- def generate_facts(self, local_facts, additive_facts_to_overwrite, openshift_env):
+ self.facts = self.generate_facts(local_facts,
+ additive_facts_to_overwrite,
+ openshift_env,
+ protected_facts_to_overwrite)
+
+ def generate_facts(self,
+ local_facts,
+ additive_facts_to_overwrite,
+ openshift_env,
+ protected_facts_to_overwrite):
""" Generate facts
Args:
- local_facts (dict): local_facts for overriding generated
- defaults
+ local_facts (dict): local_facts for overriding generated defaults
additive_facts_to_overwrite (list): additive facts to overwrite in jinja
'.' notation ex: ['master.named_certificates']
-
+ openshift_env (dict): openshift_env facts for overriding generated defaults
+ protected_facts_to_overwrite (list): protected facts to overwrite in jinja
+ '.' notation ex: ['master.master_count']
Returns:
dict: The generated facts
"""
- local_facts = self.init_local_facts(local_facts, additive_facts_to_overwrite, openshift_env)
+ local_facts = self.init_local_facts(local_facts,
+ additive_facts_to_overwrite,
+ openshift_env,
+ protected_facts_to_overwrite)
roles = local_facts.keys()
defaults = self.get_defaults(roles)
provider_facts = self.init_provider_facts()
facts = apply_provider_facts(defaults, provider_facts)
- facts = merge_facts(facts, local_facts, additive_facts_to_overwrite)
+ facts = merge_facts(facts,
+ local_facts,
+ additive_facts_to_overwrite,
+ protected_facts_to_overwrite)
facts['current_config'] = get_current_config(facts)
facts = set_url_facts_if_unset(facts)
facts = set_project_cfg_facts_if_unset(facts)
@@ -1315,13 +1372,20 @@ class OpenShiftFacts(object):
# Disabling too-many-branches. This should be cleaned up as a TODO item.
#pylint: disable=too-many-branches
- def init_local_facts(self, facts=None, additive_facts_to_overwrite=False, openshift_env=None):
+ def init_local_facts(self, facts=None,
+ additive_facts_to_overwrite=None,
+ openshift_env=None,
+ protected_facts_to_overwrite=None):
""" Initialize the provider facts
Args:
facts (dict): local facts to set
additive_facts_to_overwrite (list): additive facts to overwrite in jinja
'.' notation ex: ['master.named_certificates']
+ openshift_env (dict): openshift env facts to set
+ protected_facts_to_overwrite (list): protected facts to overwrite in jinja
+ '.' notation ex: ['master.master_count']
+
Returns:
dict: The result of merging the provided facts with existing
@@ -1347,7 +1411,10 @@ class OpenShiftFacts(object):
elif key not in current_level:
current_level[key] = dict()
current_level = current_level[key]
- facts_to_set = merge_facts(facts_to_set, oo_env_facts, [])
+ facts_to_set = merge_facts(orig=facts_to_set,
+ new=oo_env_facts,
+ additive_facts_to_overwrite=[],
+ protected_facts_to_overwrite=[])
local_facts = get_local_facts_from_file(self.filename)
@@ -1356,7 +1423,10 @@ class OpenShiftFacts(object):
basestring):
facts_to_set[arg] = module.from_json(facts_to_set[arg])
- new_local_facts = merge_facts(local_facts, facts_to_set, additive_facts_to_overwrite)
+ new_local_facts = merge_facts(local_facts,
+ facts_to_set,
+ additive_facts_to_overwrite,
+ protected_facts_to_overwrite)
for facts in new_local_facts.values():
keys_to_delete = []
if isinstance(facts, dict):
@@ -1452,7 +1522,8 @@ def main():
choices=OpenShiftFacts.known_roles),
local_facts=dict(default=None, type='dict', required=False),
additive_facts_to_overwrite=dict(default=[], type='list', required=False),
- openshift_env=dict(default={}, type='dict', required=False)
+ openshift_env=dict(default={}, type='dict', required=False),
+ protected_facts_to_overwrite=dict(default=[], type='list', required=False),
),
supports_check_mode=True,
add_file_common_args=True,
@@ -1462,6 +1533,7 @@ def main():
local_facts = module.params['local_facts']
additive_facts_to_overwrite = module.params['additive_facts_to_overwrite']
openshift_env = module.params['openshift_env']
+ protected_facts_to_overwrite = module.params['protected_facts_to_overwrite']
fact_file = '/etc/ansible/facts.d/openshift.fact'
@@ -1469,7 +1541,8 @@ def main():
fact_file,
local_facts,
additive_facts_to_overwrite,
- openshift_env)
+ openshift_env,
+ protected_facts_to_overwrite)
file_params = module.params.copy()
file_params['path'] = fact_file
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index 06f12053a..cee1f1738 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -3,7 +3,7 @@
{{ openshift.common.client_binary }} get node {{ item | lower }}
register: omd_get_node
until: omd_get_node.rc == 0
- retries: 20
+ retries: 50
delay: 5
changed_when: false
with_items: openshift_nodes
diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml
index 6d9be81c0..66960e73e 100644
--- a/roles/openshift_master_ca/tasks/main.yml
+++ b/roles/openshift_master_ca/tasks/main.yml
@@ -25,4 +25,4 @@
--master={{ openshift.master.api_url }}
--public-master={{ openshift.master.public_api_url }}
--cert-dir={{ openshift_master_config_dir }} --overwrite=false
- when: master_certs_missing
+ when: master_certs_missing | bool
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index 7c58e943a..72869a592 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -6,40 +6,16 @@
mode: 0700
with_items: masters_needing_certs
-- set_fact:
- master_certificates:
- - ca.crt
- - ca.key
- - ca.serial.txt
- - admin.crt
- - admin.key
- - admin.kubeconfig
- - master.kubelet-client.crt
- - master.kubelet-client.key
- - master.server.crt
- - master.server.key
- - openshift-master.crt
- - openshift-master.key
- - openshift-master.kubeconfig
- - openshift-registry.crt
- - openshift-registry.key
- - openshift-registry.kubeconfig
- - openshift-router.crt
- - openshift-router.key
- - openshift-router.kubeconfig
- - serviceaccounts.private.key
- - serviceaccounts.public.key
- master_31_certificates:
- - master.proxy-client.crt
- - master.proxy-client.key
-
- file:
src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
state: hard
with_nested:
- masters_needing_certs
- - "{{ master_certificates | union(master_31_certificates) if openshift.common.version_gte_3_1_or_1_1 | bool else master_certificates }}"
+ -
+ - ca.crt
+ - ca.key
+ - ca.serial.txt
- name: Create the master certificates if they do not already exist
command: >
@@ -49,5 +25,5 @@
--public-master={{ item.openshift.master.public_api_url }}
--cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
--overwrite=false
- when: master_certs_missing
+ when: item.master_certs_missing | bool
with_items: masters_needing_certs
diff --git a/roles/openshift_persistent_volumes/tasks/main.yml b/roles/openshift_persistent_volumes/tasks/main.yml
index 2455fc792..e431e978c 100644
--- a/roles/openshift_persistent_volumes/tasks/main.yml
+++ b/roles/openshift_persistent_volumes/tasks/main.yml
@@ -23,7 +23,7 @@
--config={{ mktemp.stdout }}/admin.kubeconfig
register: pv_create_output
when: persistent_volumes | length > 0
- failed_when: ('already exists' not in pv_create_output.stderr if pv_create_output.stderr else False) or ('created' not in pv_create_output.stdout if pv_create_output.stdout else False)
+ failed_when: ('already exists' not in pv_create_output.stderr) and ('created' not in pv_create_output.stdout)
changed_when: ('created' in pv_create_output.stdout)
- name: Deploy PersistentVolumeClaim definitions
@@ -40,7 +40,7 @@
--config={{ mktemp.stdout }}/admin.kubeconfig
register: pvc_create_output
when: persistent_volume_claims | length > 0
- failed_when: ('already exists' not in pvc_create_output.stderr if pvc_create_output.stderr else False) or ('created' not in pvc_create_output.stdout if pvc_create_output.stdout else False)
+ failed_when: ('already exists' not in pvc_create_output.stderr) and ('created' not in pvc_create_output.stdout)
changed_when: ('created' in pvc_create_output.stdout)
- name: Delete temp directory
diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml
index 8a75639c2..6143805ca 100644
--- a/roles/openshift_repos/tasks/main.yaml
+++ b/roles/openshift_repos/tasks/main.yaml
@@ -46,19 +46,19 @@
with_fileglob:
- '*/repos/*'
when: not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) and
- (ansible_distribution == "Fedora")
+ (ansible_distribution == "Fedora")
and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Configure gpg keys if needed
- copy: src={{ item }} dest=/etc/pki/rpm-gpg/
+ copy: src="{{ item }}" dest=/etc/pki/rpm-gpg/
with_fileglob:
- "{{ openshift_deployment_type }}/gpg_keys/*"
notify: refresh cache
when: not openshift.common.is_containerized | bool
- name: Configure yum repositories RHEL/CentOS
- copy: src={{ item }} dest=/etc/yum.repos.d/
+ copy: src="{{ item }}" dest=/etc/yum.repos.d/
with_fileglob:
- "{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
@@ -66,7 +66,7 @@
and not openshift.common.is_containerized | bool
- name: Configure yum repositories Fedora
- copy: src={{ item }} dest=/etc/yum.repos.d/
+ copy: src="{{ item }}" dest=/etc/yum.repos.d/
with_fileglob:
- "fedora-{{ openshift_deployment_type }}/repos/*"
notify: refresh cache
diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml
index 1824d7881..e36f23a2b 100644
--- a/roles/os_zabbix/vars/template_openshift_master.yml
+++ b/roles/os_zabbix/vars/template_openshift_master.yml
@@ -7,12 +7,6 @@ g_template_openshift_master:
- Openshift Master
key: openshift.master.app.create
- - key: openshift.master.registry.healthy_pct
- description: "Shows the percentage of healthy registries in the cluster"
- type: int
- applications:
- - Openshift Master
-
- key: openshift.master.process.count
description: Shows number of master processes running
type: int
@@ -278,11 +272,6 @@ g_template_openshift_master:
url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc'
priority: high
- - name: 'Low number of etcd watchers on {HOST.NAME}'
- expression: '{Template Openshift Master:openshift.master.etcd.watchers.last(#1)}<10 and {Template Openshift Master:openshift.master.etcd.watchers.last(#2)}<10'
- url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_etcd.asciidoc'
- priority: avg
-
- name: 'Etcd ping failed on {HOST.NAME}'
expression: '{Template Openshift Master:openshift.master.etcd.ping.last(#1)}=0 and {Template Openshift Master:openshift.master.etcd.ping.last(#2)}=0'
url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_etcd.asciidoc'
@@ -345,20 +334,6 @@ g_template_openshift_master:
- 'Openshift Master process not running on {HOST.NAME}'
priority: avg
- - name: 'One or more Docker Registries is unhealthy according to {HOST.NAME}'
- expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<100 and {Template Openshift Master:openshift.master.registry.healthy_pct.max(#2)}>50'
- url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
- dependencies:
- - 'Openshift Master process not running on {HOST.NAME}'
- priority: avg
-
- - name: 'Multiple Docker Registries are unhealthy according to {HOST.NAME}'
- expression: '{Template Openshift Master:openshift.master.registry.healthy_pct.last(#2)}<51'
- url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
- dependencies:
- - 'Openshift Master process not running on {HOST.NAME}'
- priority: high
-
- name: 'SkyDNS port not listening on {HOST.NAME}'
expression: '{Template Openshift Master:openshift.master.skydns.port.open.max(#3)}<1'
url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc'
diff --git a/roles/os_zabbix/vars/template_openshift_node.yml b/roles/os_zabbix/vars/template_openshift_node.yml
index c36c593df..e6daee8e4 100644
--- a/roles/os_zabbix/vars/template_openshift_node.yml
+++ b/roles/os_zabbix/vars/template_openshift_node.yml
@@ -69,4 +69,33 @@ g_template_openshift_node:
url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc'
priority: high
-
+ zactions:
+ - name: '[HEAL] OVS may not be running on {HOST.NAME}'
+ status: disabled
+ escalation_time: 60
+ conditions_filter:
+ calculation_type: "and/or"
+ conditions:
+ - conditiontype: maintenance status
+ operator: not in
+ - conditiontype: trigger name
+ operator: like
+ value: "[HEAL] OVS may not be running on"
+ - conditiontype: trigger value
+ operator: "="
+ value: PROBLEM
+ operations:
+ - esc_step_from: 1
+ esc_step_to: 1
+ esc_period: 0
+ operationtype: remote command
+ opcommand:
+ command: 'ssh -i /etc/openshift_tools/scriptrunner_id_rsa {{ ozb_scriptrunner_user }}@{{ ozb_scriptrunner_bastion_host }} remote-healer --host \"{HOST.NAME}\" --trigger \"{TRIGGER.NAME}\" --trigger-val \"{TRIGGER.VALUE}\"'
+ execute_on: "zabbix server"
+ type: 'custom script'
+ target_hosts:
+ - target_type: 'zabbix server'
+ opconditions:
+ - conditiontype: 'event acknowledged'
+ operator: '='
+ value: 'not acknowledged'
diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
index d85d8b94e..e17092202 100644
--- a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
+++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
@@ -43,13 +43,13 @@ ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }}
-e ZAGG_URL={{ osohm_zagg_web_url }} \
-e ZAGG_USER={{ osohm_default_zagg_server_user }} \
-e ZAGG_PASSWORD={{ osohm_default_zagg_server_password }} \
- -e ZAGG_CLIENT_HOSTNAME={{ ec2_tag_Name }} \
+ -e ZAGG_CLIENT_HOSTNAME={{ oo_name }} \
-e ZAGG_SSL_VERIFY={{ osohm_zagg_verify_ssl }} \
-e OSO_CLUSTER_GROUP={{ cluster_group }} \
-e OSO_CLUSTER_ID={{ oo_clusterid }} \
-e OSO_ENVIRONMENT={{ oo_environment }} \
- -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_host-type'] }} \
- -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }} \
+ -e OSO_HOST_TYPE={{ hostvars[inventory_hostname]['oo_hosttype'] }} \
+ -e OSO_SUB_HOST_TYPE={{ hostvars[inventory_hostname]['oo_subhosttype'] }} \
-e OSO_MASTER_HA={{ osohm_master_ha }} \
-v /etc/localtime:/etc/localtime \
-v /sys:/sys:ro \