diff options
Diffstat (limited to 'roles')
143 files changed, 7605 insertions, 1269 deletions
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml new file mode 100644 index 000000000..1b26af0dd --- /dev/null +++ b/roles/docker/defaults/main.yml @@ -0,0 +1,2 @@ +--- +docker_version: ''
\ No newline at end of file diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 9f827417f..aff905bc8 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -4,7 +4,7 @@ service: name: docker state: restarted - when: not docker_service_status_changed | default(false) + when: not docker_service_status_changed | default(false) | bool - name: restart udev service: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index a56f1f391..9cf949d65 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,9 +1,30 @@ --- # tasks file for docker + +- name: Get current installed version if docker_version is specified + command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" + when: not openshift.common.is_atomic | bool and docker_version != '' + register: docker_version_result + changed_when: false + +- name: Downgrade docker if necessary + command: "{{ ansible_pkg_mgr }} downgrade -y docker-{{ docker_version }}" + register: docker_downgrade_result + when: not docker_version_result | skipped and docker_version_result | default('0.0', True) | version_compare(docker_version, 'gt') + - name: Install docker - action: "{{ ansible_pkg_mgr }} name=docker state=present" - when: not openshift.common.is_atomic | bool - + action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version != '' else '' }} state=present" + when: not openshift.common.is_atomic | bool and not docker_downgrade_result | changed + +- stat: path=/etc/sysconfig/docker + register: docker_check + when: docker_downgrade_result | changed + +- name: Remove deferred deletion for downgrades from 1.9 + command: > + sed -i 's/--storage-opt dm.use_deferred_deletion=true//' /etc/sysconfig/docker-storage + when: docker_downgrade_result | changed and docker_check.stat.exists | bool and docker_version_result | default('0.0', True) | version_compare('1.9', '>=') and docker_version | version_compare('1.9', '<') + - name: enable and start the docker service service: name: docker @@ -15,4 +36,42 @@ docker_service_status_changed: start_result | changed - include: udev_workaround.yml - when: docker_udev_workaround | default(False) + when: docker_udev_workaround | default(False) | bool + +- stat: path=/etc/sysconfig/docker + register: docker_check + +- name: Set registry params + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^{{ item.reg_conf_var }}=.*$' + line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" + when: item.reg_fact_val != '' and docker_check.stat.isreg + with_items: + - reg_conf_var: ADD_REGISTRY + reg_fact_val: "{{ docker_additional_registries | default(None, true)}}" + reg_flag: --add-registry + - reg_conf_var: BLOCK_REGISTRY + reg_fact_val: "{{ docker_blocked_registries| default(None, true) }}" + reg_flag: --block-registry + - reg_conf_var: INSECURE_REGISTRY + reg_fact_val: "{{ docker_insecure_registries| default(None, true) }}" + reg_flag: --insecure-registry + notify: + - restart docker + +- name: Set various docker options + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^OPTIONS=.*$' + line: "OPTIONS='\ + {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\ + {% if docker_log_driver is defined %} --log-driver {{ docker_log_driver }}{% endif %}\ + {% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ + {% if docker_options is defined %} {{ docker_options }}{% endif %}\ + {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'" + when: docker_check.stat.isreg + notify: + - restart docker + +- meta: flush_handlers diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index 162487545..606cdb9b9 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -1,3 +1,3 @@ --- - +repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index e72509c4d..afec6b30b 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -36,9 +36,18 @@ state: stopped enabled: no +- name: Check for etcd service presence + command: systemctl show etcd.service + register: etcd_show + changed_when: false + +- name: Mask system etcd when containerized + when: openshift.common.is_containerized | bool and 'LoadState=not-found' not in etcd_show.stdout + command: systemctl mask etcd + - name: Reload systemd units command: systemctl daemon-reload - when: openshift.common.is_containerized and ( install_etcd_result | changed ) + when: openshift.common.is_containerized | bool and ( install_etcd_result | changed ) - name: Validate permissions on the config dir file: diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index 8058fa188..b8dbefa64 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -1,13 +1,16 @@ [Unit] Description=The Etcd Server container After=docker.service +Requires=docker.service +PartOf=docker.service [Service] EnvironmentFile=/etc/etcd/etcd.conf ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} ExecStop=/usr/bin/docker stop {{ etcd_service }} +SyslogIdentifier=etcd_container Restart=always [Install] -WantedBy=multi-user.target +WantedBy=docker.service diff --git a/roles/lib_openshift_api/build/ansible/edit.py b/roles/lib_openshift_api/build/ansible/edit.py new file mode 100644 index 000000000..943fa47a6 --- /dev/null +++ b/roles/lib_openshift_api/build/ansible/edit.py @@ -0,0 +1,84 @@ +# pylint: skip-file + +def main(): + ''' + ansible oc module for services + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, required=True, type='str'), + kind=dict(required=True, + type='str', + choices=['dc', 'deploymentconfig', + 'svc', 'service', + 'scc', 'securitycontextconstraints', + 'ns', 'namespace', 'project', 'projects', + 'is', 'imagestream', + 'istag', 'imagestreamtag', + 'bc', 'buildconfig', + 'routes', + 'node', + 'secret', + ]), + file_name=dict(default=None, type='str'), + file_format=dict(default='yaml', type='str'), + content=dict(default=None, required=True, type='dict'), + force=dict(default=False, type='bool'), + ), + supports_check_mode=True, + ) + ocedit = Edit(module.params['kind'], + module.params['namespace'], + module.params['name'], + kubeconfig=module.params['kubeconfig'], + verbose=module.params['debug']) + + state = module.params['state'] + + api_rval = ocedit.get() + + ######## + # Create + ######## + if not Utils.exists(api_rval['results'], module.params['name']): + module.fail_json(msg=api_rval) + + ######## + # Update + ######## + api_rval = ocedit.update(module.params['file_name'], + module.params['content'], + module.params['force'], + module.params['file_format']) + + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + if api_rval.has_key('updated') and not api_rval['updated']: + module.exit_json(changed=False, results=api_rval, state="present") + + # return the created object + api_rval = ocedit.get() + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + module.exit_json(changed=True, results=api_rval, state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_openshift_api/build/ansible/obj.py b/roles/lib_openshift_api/build/ansible/obj.py new file mode 100644 index 000000000..a14ac0e43 --- /dev/null +++ b/roles/lib_openshift_api/build/ansible/obj.py @@ -0,0 +1,139 @@ +# pylint: skip-file + +# pylint: disable=too-many-branches +def main(): + ''' + ansible oc module for services + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, type='str'), + files=dict(default=None, type='list'), + kind=dict(required=True, + type='str', + choices=['dc', 'deploymentconfig', + 'svc', 'service', + 'scc', 'securitycontextconstraints', + 'ns', 'namespace', 'project', 'projects', + 'is', 'imagestream', + 'istag', 'imagestreamtag', + 'bc', 'buildconfig', + 'routes', + 'node', + 'secret', + ]), + delete_after=dict(default=False, type='bool'), + content=dict(default=None, type='dict'), + force=dict(default=False, type='bool'), + ), + mutually_exclusive=[["content", "files"]], + + supports_check_mode=True, + ) + ocobj = OCObject(module.params['kind'], + module.params['namespace'], + module.params['name'], + kubeconfig=module.params['kubeconfig'], + verbose=module.params['debug']) + + state = module.params['state'] + + api_rval = ocobj.get() + + ##### + # Get + ##### + if state == 'list': + module.exit_json(changed=False, results=api_rval['results'], state="list") + + if not module.params['name']: + module.fail_json(msg='Please specify a name when state is absent|present.') + ######## + # Delete + ######## + if state == 'absent': + if not Utils.exists(api_rval['results'], module.params['name']): + module.exit_json(changed=False, state="absent") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a delete.') + + api_rval = ocobj.delete() + module.exit_json(changed=True, results=api_rval, state="absent") + + if state == 'present': + ######## + # Create + ######## + if not Utils.exists(api_rval['results'], module.params['name']): + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a create.') + + # Create it here + api_rval = ocobj.create(module.params['files'], module.params['content']) + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + # return the created object + api_rval = ocobj.get() + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + # Remove files + if module.params['files'] and module.params['delete_after']: + Utils.cleanup(module.params['files']) + + module.exit_json(changed=True, results=api_rval, state="present") + + ######## + # Update + ######## + # if a file path is passed, use it. + update = ocobj.needs_update(module.params['files'], module.params['content']) + if not isinstance(update, bool): + module.fail_json(msg=update) + + # No changes + if not update: + if module.params['files'] and module.params['delete_after']: + Utils.cleanup(module.params['files']) + + module.exit_json(changed=False, results=api_rval['results'][0], state="present") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed an update.') + + api_rval = ocobj.update(module.params['files'], + module.params['content'], + module.params['force']) + + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + # return the created object + api_rval = ocobj.get() + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + module.exit_json(changed=True, results=api_rval, state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_openshift_api/build/ansible/secret.py b/roles/lib_openshift_api/build/ansible/secret.py new file mode 100644 index 000000000..8df7bbc64 --- /dev/null +++ b/roles/lib_openshift_api/build/ansible/secret.py @@ -0,0 +1,121 @@ +# pylint: skip-file + +# pylint: disable=too-many-branches +def main(): + ''' + ansible oc module for secrets + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, type='str'), + files=dict(default=None, type='list'), + delete_after=dict(default=False, type='bool'), + contents=dict(default=None, type='list'), + force=dict(default=False, type='bool'), + ), + mutually_exclusive=[["contents", "files"]], + + supports_check_mode=True, + ) + occmd = Secret(module.params['namespace'], + module.params['name'], + kubeconfig=module.params['kubeconfig'], + verbose=module.params['debug']) + + state = module.params['state'] + + api_rval = occmd.get() + + ##### + # Get + ##### + if state == 'list': + module.exit_json(changed=False, results=api_rval['results'], state="list") + + if not module.params['name']: + module.fail_json(msg='Please specify a name when state is absent|present.') + ######## + # Delete + ######## + if state == 'absent': + if not Utils.exists(api_rval['results'], module.params['name']): + module.exit_json(changed=False, state="absent") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a delete.') + + api_rval = occmd.delete() + module.exit_json(changed=True, results=api_rval, state="absent") + + + if state == 'present': + if module.params['files']: + files = module.params['files'] + elif module.params['contents']: + files = Utils.create_files_from_contents(module.params['contents']) + else: + module.fail_json(msg='Either specify files or contents.') + + ######## + # Create + ######## + if not Utils.exists(api_rval['results'], module.params['name']): + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a create.') + + api_rval = occmd.create(module.params['files'], module.params['contents']) + + # Remove files + if files and module.params['delete_after']: + Utils.cleanup(files) + + module.exit_json(changed=True, results=api_rval, state="present") + + ######## + # Update + ######## + secret = occmd.prep_secret(module.params['files'], module.params['contents']) + + if secret['returncode'] != 0: + module.fail_json(msg=secret) + + if Utils.check_def_equal(secret['results'], api_rval['results'][0]): + + # Remove files + if files and module.params['delete_after']: + Utils.cleanup(files) + + module.exit_json(changed=False, results=secret['results'], state="present") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed an update.') + + api_rval = occmd.update(files, force=module.params['force']) + + # Remove files + if secret and module.params['delete_after']: + Utils.cleanup(files) + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + + module.exit_json(changed=True, results=api_rval, state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_openshift_api/build/generate.py b/roles/lib_openshift_api/build/generate.py new file mode 100755 index 000000000..cf3f61d2c --- /dev/null +++ b/roles/lib_openshift_api/build/generate.py @@ -0,0 +1,59 @@ +#!/usr/bin/env python +''' + Generate the openshift-ansible/roles/lib_openshift_cli/library/ modules. +''' + +import os + +# pylint: disable=anomalous-backslash-in-string +GEN_STR = "#!/usr/bin/env python\n" + \ + "# ___ ___ _ _ ___ ___ _ _____ ___ ___\n" + \ + "# / __| __| \| | __| _ \ /_\_ _| __| \\\n" + \ + "# | (_ | _|| .` | _|| / / _ \| | | _|| |) |\n" + \ + "# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____\n" + \ + "# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _|\n" + \ + "# | |) | (_) | | .` | (_) || | | _|| |) | | | |\n" + \ + "# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_|\n" + +OPENSHIFT_ANSIBLE_PATH = os.path.dirname(os.path.realpath(__file__)) + + +FILES = {'oc_obj.py': ['src/base.py', + '../../lib_yaml_editor/build/src/yedit.py', + 'src/obj.py', + 'ansible/obj.py', + ], + 'oc_secret.py': ['src/base.py', + '../../lib_yaml_editor/build/src/yedit.py', + 'src/secret.py', + 'ansible/secret.py', + ], + 'oc_edit.py': ['src/base.py', + '../../lib_yaml_editor/build/src/yedit.py', + 'src/edit.py', + 'ansible/edit.py', + ], + } + + +def main(): + ''' combine the necessary files to create the ansible module ''' + library = os.path.join(OPENSHIFT_ANSIBLE_PATH, '..', 'library/') + for fname, parts in FILES.items(): + with open(os.path.join(library, fname), 'w') as afd: + afd.seek(0) + afd.write(GEN_STR) + for fpart in parts: + with open(os.path.join(OPENSHIFT_ANSIBLE_PATH, fpart)) as pfd: + # first line is pylint disable so skip it + for idx, line in enumerate(pfd): + if idx == 0 and 'skip-file' in line: + continue + + afd.write(line) + + +if __name__ == '__main__': + main() + + diff --git a/roles/lib_openshift_api/build/src/base.py b/roles/lib_openshift_api/build/src/base.py new file mode 100644 index 000000000..66831c4e2 --- /dev/null +++ b/roles/lib_openshift_api/build/src/base.py @@ -0,0 +1,273 @@ +# pylint: skip-file +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' + +import atexit +import json +import os +import shutil +import subprocess +import re + +import yaml +# This is here because of a bug that causes yaml +# to incorrectly handle timezone info on timestamps +def timestamp_constructor(_, node): + '''return timestamps as strings''' + return str(node.value) +yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the oc command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = kubeconfig + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = '/tmp/%s' % rname + yed = Yedit(fname, res['results'][0]) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([not change[0] for change in changes]): + return {'returncode': 0, 'updated': False} + + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + def _replace(self, fname, force=False): + '''return all pods ''' + cmd = ['-n', self.namespace, 'replace', '-f', fname] + if force: + cmd.append('--force') + return self.oc_cmd(cmd) + + def _create(self, fname): + '''return all pods ''' + return self.oc_cmd(['create', '-f', fname, '-n', self.namespace]) + + def _delete(self, resource, rname): + '''return all pods ''' + return self.oc_cmd(['delete', resource, rname, '-n', self.namespace]) + + def _get(self, resource, rname=None): + '''return a secret by name ''' + cmd = ['get', resource, '-o', 'json', '-n', self.namespace] + if rname: + cmd.append(rname) + + rval = self.oc_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if rval.has_key('items'): + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def oc_cmd(self, cmd, output=False): + '''Base command for oc ''' + #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] + cmds = ['/usr/bin/oc'] + cmds.extend(cmd) + + rval = {} + results = '' + err = None + + if self.verbose: + print ' '.join(cmds) + + proc = subprocess.Popen(cmds, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env={'KUBECONFIG': self.kubeconfig}) + + proc.wait() + stdout = proc.stdout.read() + stderr = proc.stderr.read() + + rval = {"returncode": proc.returncode, + "results": results, + } + + if proc.returncode == 0: + if output: + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + + if self.verbose: + print stdout + print stderr + print + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds + }) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}, + }) + + return rval + +class Utils(object): + ''' utilities for openshiftcli modules ''' + @staticmethod + def create_file(rname, data, ftype=None): + ''' create a file in tmp with name and contents''' + path = os.path.join('/tmp', rname) + with open(path, 'w') as fds: + if ftype == 'yaml': + fds.write(yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + fds.write(json.dumps(data)) + else: + fds.write(data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [path]) + return path + + @staticmethod + def create_files_from_contents(data): + '''Turn an array of dict: filename, content into a files array''' + files = [] + + for sfile in data: + path = Utils.create_file(sfile['path'], sfile['content']) + files.append(path) + + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if result.has_key('metadata') and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements + @staticmethod + def check_def_equal(user_def, result_def, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if not isinstance(user_def[key], list): + return False + + # lists should be identical + if value != user_def[key]: + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if not isinstance(user_def[key], dict): + if debug: + print "dict returned false not instance of dict" + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print api_values + print user_values + print "keys are not equal in dict" + return False + + result = Utils.check_def_equal(user_def[key], value, debug=debug) + if not result: + if debug: + print "dict returned false" + return False + + # Verify each key, value pair is the same + else: + if not user_def.has_key(key) or value != user_def[key]: + if debug: + print "value not equal; user_def does not have key" + print value + print user_def[key] + return False + + return True diff --git a/roles/lib_openshift_api/build/src/edit.py b/roles/lib_openshift_api/build/src/edit.py new file mode 100644 index 000000000..7020ace47 --- /dev/null +++ b/roles/lib_openshift_api/build/src/edit.py @@ -0,0 +1,49 @@ +# pylint: skip-file + +class Edit(OpenShiftCLI): + ''' Class to wrap the oc command line tools + ''' + # pylint: disable=too-many-arguments + def __init__(self, + kind, + namespace, + resource_name=None, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(Edit, self).__init__(namespace, kubeconfig) + self.namespace = namespace + self.kind = kind + self.name = resource_name + self.kubeconfig = kubeconfig + self.verbose = verbose + + def get(self): + '''return a secret by name ''' + return self._get(self.kind, self.name) + + def update(self, file_name, content, force=False, content_type='yaml'): + '''run update ''' + if file_name: + if content_type == 'yaml': + data = yaml.load(open(file_name)) + elif content_type == 'json': + data = json.loads(open(file_name).read()) + + changes = [] + yed = Yedit(file_name, data) + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([not change[0] for change in changes]): + return {'returncode': 0, 'updated': False} + + yed.write() + + atexit.register(Utils.cleanup, [file_name]) + + return self._replace(file_name, force=force) + + return self._replace_content(self.kind, self.name, content, force=force) + + diff --git a/roles/lib_openshift_api/build/src/obj.py b/roles/lib_openshift_api/build/src/obj.py new file mode 100644 index 000000000..a3ad4b3c4 --- /dev/null +++ b/roles/lib_openshift_api/build/src/obj.py @@ -0,0 +1,78 @@ +# pylint: skip-file + +class OCObject(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + + # pylint allows 5. we need 6 + # pylint: disable=too-many-arguments + def __init__(self, + kind, + namespace, + rname=None, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(OCObject, self).__init__(namespace, kubeconfig) + self.kind = kind + self.namespace = namespace + self.name = rname + self.kubeconfig = kubeconfig + self.verbose = verbose + + def get(self): + '''return a deploymentconfig by name ''' + return self._get(self.kind, rname=self.name) + + def delete(self): + '''return all pods ''' + return self._delete(self.kind, self.name) + + def create(self, files=None, content=None): + '''Create a deploymentconfig ''' + if files: + return self._create(files[0]) + + return self._create(Utils.create_files_from_contents(content)) + + + # pylint: disable=too-many-function-args + def update(self, files=None, content=None, force=False): + '''run update dc + + This receives a list of file names and takes the first filename and calls replace. + ''' + if files: + return self._replace(files[0], force) + + return self.update_content(content, force) + + def update_content(self, content, force=False): + '''update the dc with the content''' + return self._replace_content(self.kind, self.name, content, force=force) + + def needs_update(self, files=None, content=None, content_type='yaml'): + ''' check to see if we need to update ''' + objects = self.get() + if objects['returncode'] != 0: + return objects + + # pylint: disable=no-member + data = None + if files: + data = Utils.get_resource_file(files[0], content_type) + + # if equal then no need. So not equal is True + return not Utils.check_def_equal(data, objects['results'][0], True) + else: + data = content + + for key, value in data.items(): + if key == 'metadata': + continue + if not objects['results'][0].has_key(key): + return True + if value != objects['results'][0][key]: + return True + + return False + diff --git a/roles/lib_openshift_api/build/src/secret.py b/roles/lib_openshift_api/build/src/secret.py new file mode 100644 index 000000000..af61dfa01 --- /dev/null +++ b/roles/lib_openshift_api/build/src/secret.py @@ -0,0 +1,68 @@ +# pylint: skip-file + +class Secret(OpenShiftCLI): + ''' Class to wrap the oc command line tools + ''' + def __init__(self, + namespace, + secret_name=None, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(Secret, self).__init__(namespace, kubeconfig) + self.namespace = namespace + self.name = secret_name + self.kubeconfig = kubeconfig + self.verbose = verbose + + def get(self): + '''return a secret by name ''' + return self._get('secrets', self.name) + + def delete(self): + '''delete a secret by name''' + return self._delete('secrets', self.name) + + def create(self, files=None, contents=None): + '''Create a secret ''' + if not files: + files = Utils.create_files_from_contents(contents) + + secrets = ["%s=%s" % (os.path.basename(sfile), sfile) for sfile in files] + cmd = ['-n%s' % self.namespace, 'secrets', 'new', self.name] + cmd.extend(secrets) + + return self.oc_cmd(cmd) + + def update(self, files, force=False): + '''run update secret + + This receives a list of file names and converts it into a secret. + The secret is then written to disk and passed into the `oc replace` command. + ''' + secret = self.prep_secret(files) + if secret['returncode'] != 0: + return secret + + sfile_path = '/tmp/%s' % self.name + with open(sfile_path, 'w') as sfd: + sfd.write(json.dumps(secret['results'])) + + atexit.register(Utils.cleanup, [sfile_path]) + + return self._replace(sfile_path, force=force) + + def prep_secret(self, files=None, contents=None): + ''' return what the secret would look like if created + This is accomplished by passing -ojson. This will most likely change in the future + ''' + if not files: + files = Utils.create_files_from_contents(contents) + + secrets = ["%s=%s" % (os.path.basename(sfile), sfile) for sfile in files] + cmd = ['-ojson', '-n%s' % self.namespace, 'secrets', 'new', self.name] + cmd.extend(secrets) + + return self.oc_cmd(cmd, output=True) + + diff --git a/roles/lib_openshift_api/build/test/README b/roles/lib_openshift_api/build/test/README new file mode 100644 index 000000000..af9f05b3d --- /dev/null +++ b/roles/lib_openshift_api/build/test/README @@ -0,0 +1,5 @@ +After generate.py has run, the ansible modules will be placed under ../../../openshift-ansible/roles/lib_openshift_api/library. + + +To run the tests you need to run them like this: +./services.yml -M ../../library diff --git a/roles/lib_openshift_api/build/test/deploymentconfig.yml b/roles/lib_openshift_api/build/test/deploymentconfig.yml new file mode 100755 index 000000000..d041ab22a --- /dev/null +++ b/roles/lib_openshift_api/build/test/deploymentconfig.yml @@ -0,0 +1,120 @@ +#!/usr/bin/ansible-playbook +--- +- hosts: "oo_clusterid_mwoodson:&oo_version_3:&oo_master_primary" + gather_facts: no + user: root + + post_tasks: + - copy: + dest: "/tmp/{{ item }}" + src: "files/{{ item }}" + with_items: + - dc.yml + + - name: list dc + oc_obj: + kind: dc + state: list + namespace: default + name: router + register: dcout + + - debug: + var: dcout + + - name: absent dc + oc_obj: + kind: dc + state: absent + namespace: default + name: router + register: dcout + + - debug: + var: dcout + + - name: present dc + oc_obj: + kind: dc + state: present + namespace: default + name: router + files: + - /tmp/dc.yml + register: dcout + + - debug: + var: dcout + + - name: dump router + oc_obj: + kind: dc + state: list + name: router + register: routerout + + - name: write router file + copy: + dest: /tmp/dc-mod.json + content: "{{ routerout.results[0] }}" + + - command: cat /tmp/dc-mod.json + register: catout + + - debug: + msg: "{{ catout }}" + + - command: "sed -i 's/: 80/: 81/g' /tmp/dc-mod.json" + register: catout + + - name: present dc update + oc_obj: + kind: dc + state: present + namespace: default + name: router + files: + - /tmp/dc-mod.json + delete_after: True + register: dcout + + - debug: + var: dcout + + - include_vars: "files/dc-mod.yml" + + - name: absent dc + oc_obj: + kind: dc + state: absent + namespace: default + name: router + register: dcout + + - debug: + var: dcout + + - name: present dc + oc_obj: + kind: dc + state: present + namespace: default + name: router + files: + - /tmp/dc.yml + delete_after: True + register: dcout + + - name: present dc + oc_obj: + kind: dc + state: present + namespace: default + name: router + content: "{{ dc }}" + delete_after: True + register: dcout + + - debug: + var: dcout + diff --git a/roles/lib_openshift_api/build/test/edit.yml b/roles/lib_openshift_api/build/test/edit.yml new file mode 100755 index 000000000..9aa01303a --- /dev/null +++ b/roles/lib_openshift_api/build/test/edit.yml @@ -0,0 +1,53 @@ +#!/usr/bin/ansible-playbook +--- +- hosts: "oo_clusterid_mwoodson:&oo_version_3:&oo_master_primary" + gather_facts: no + user: root + + post_tasks: + - copy: + dest: "/tmp/{{ item }}" + src: "files/{{ item }}" + with_items: + - dc.yml + + - name: present dc + oc_edit: + kind: dc + namespace: default + name: router + content: + spec.template.spec.containers[0].ports[0].containerPort: 80 + spec.template.spec.containers[0].ports[0].hostPort: 80 + register: dcout + + - debug: + var: dcout + + - name: present dc + oc_edit: + kind: dc + namespace: default + name: router + content: + spec.template.spec.containers[0].ports[0].containerPort: 81 + spec.template.spec.containers[0].ports[0].hostPort: 81 + file_format: yaml + register: dcout + + - debug: + var: dcout + + - name: present dc + oc_edit: + kind: dc + namespace: default + name: router + content: + spec.template.spec.containers[0].ports[0].containerPort: 80 + spec.template.spec.containers[0].ports[0].hostPort: 80 + file_format: yaml + register: dcout + + - debug: + var: dcout diff --git a/roles/lib_openshift_api/build/test/files/config.yml b/roles/lib_openshift_api/build/test/files/config.yml new file mode 100644 index 000000000..c544c6fd4 --- /dev/null +++ b/roles/lib_openshift_api/build/test/files/config.yml @@ -0,0 +1 @@ +value: True diff --git a/roles/lib_openshift_api/build/test/files/dc-mod.yml b/roles/lib_openshift_api/build/test/files/dc-mod.yml new file mode 100644 index 000000000..6c700d6c7 --- /dev/null +++ b/roles/lib_openshift_api/build/test/files/dc-mod.yml @@ -0,0 +1,124 @@ +dc: + path: + dc-mod.yml + content: + apiVersion: v1 + kind: DeploymentConfig + metadata: + labels: + router: router + name: router + namespace: default + resourceVersion: "84016" + selfLink: /oapi/v1/namespaces/default/deploymentconfigs/router + uid: 48f8b9d9-ed42-11e5-9903-0a9a9d4e7f2b + spec: + replicas: 2 + selector: + router: router + strategy: + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 0 + maxUnavailable: 25% + timeoutSeconds: 600 + updatePercent: -25 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + creationTimestamp: null + labels: + router: router + spec: + containers: + - env: + - name: DEFAULT_CERTIFICATE + - name: OPENSHIFT_CA_DATA + value: | + -----BEGIN CERTIFICATE----- + MIIC5jCCAdCgAwIBAgIBATALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo + -----END CERTIFICATE----- + - name: OPENSHIFT_CERT_DATA + value: | + -----BEGIN CERTIFICATE----- + MIIDDTCCAfegAwIBAgIBCDALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo + -----END CERTIFICATE----- + - name: OPENSHIFT_INSECURE + value: "false" + - name: OPENSHIFT_KEY_DATA + value: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEA2lf49DrPHfCdCORcnIbmDVrx8yos7trjWdBvuledijyslRVR + -----END RSA PRIVATE KEY----- + - name: OPENSHIFT_MASTER + value: https://internal.api.mwoodson.openshift.com + - name: ROUTER_EXTERNAL_HOST_HOSTNAME + - name: ROUTER_EXTERNAL_HOST_HTTPS_VSERVER + - name: ROUTER_EXTERNAL_HOST_HTTP_VSERVER + - name: ROUTER_EXTERNAL_HOST_INSECURE + value: "false" + - name: ROUTER_EXTERNAL_HOST_PARTITION_PATH + - name: ROUTER_EXTERNAL_HOST_PASSWORD + - name: ROUTER_EXTERNAL_HOST_PRIVKEY + value: /etc/secret-volume/router.pem + - name: ROUTER_EXTERNAL_HOST_USERNAME + - name: ROUTER_SERVICE_NAME + value: router + - name: ROUTER_SERVICE_NAMESPACE + value: default + - name: STATS_PASSWORD + value: ugCk6YBm4q + - name: STATS_PORT + value: "1936" + - name: STATS_USERNAME + value: admin + image: openshift3/ose-haproxy-router:v3.1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + host: localhost + path: /healthz + port: 1936 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + name: router + ports: + - containerPort: 81 + hostPort: 81 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP + - containerPort: 1936 + hostPort: 1936 + name: stats + protocol: TCP + readinessProbe: + httpGet: + host: localhost + path: /healthz + port: 1937 + scheme: HTTP + timeoutSeconds: 1 + resources: {} + terminationMessagePath: /dev/termination-log + dnsPolicy: ClusterFirst + hostNetwork: true + nodeSelector: + type: infra + restartPolicy: Always + securityContext: {} + serviceAccount: router + serviceAccountName: router + terminationGracePeriodSeconds: 30 + triggers: + - type: ConfigChange + status: + details: + causes: + - type: ConfigChange + latestVersion: 1 + diff --git a/roles/lib_openshift_api/build/test/files/dc.yml b/roles/lib_openshift_api/build/test/files/dc.yml new file mode 100644 index 000000000..24f690ef4 --- /dev/null +++ b/roles/lib_openshift_api/build/test/files/dc.yml @@ -0,0 +1,120 @@ +apiVersion: v1 +kind: DeploymentConfig +metadata: + creationTimestamp: 2016-04-01T15:23:29Z + labels: + router: router + name: router + namespace: default + resourceVersion: "1338477" + selfLink: /oapi/v1/namespaces/default/deploymentconfigs/router + uid: b00c7eba-f81d-11e5-809b-0a581f893e3f +spec: + replicas: 2 + selector: + router: router + strategy: + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 0 + maxUnavailable: 25% + timeoutSeconds: 600 + updatePercent: -25 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + creationTimestamp: null + labels: + router: router + spec: + containers: + - env: + - name: DEFAULT_CERTIFICATE + - name: OPENSHIFT_CA_DATA + value: | + -----BEGIN CERTIFICATE----- + MIIC5jCCAdCgAwIBAgIBATALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo + -----END CERTIFICATE----- + - name: OPENSHIFT_CERT_DATA + value: | + -----BEGIN CERTIFICATE----- + MIIDDTCCAfegAwIBAgIBCDALBgkqhkiG9w0BAQswJjEkMCIGA1UEAwwbb3BlbnNo + -----END CERTIFICATE----- + - name: OPENSHIFT_INSECURE + value: "false" + - name: OPENSHIFT_KEY_DATA + value: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEA2lf49DrPHfCdCORcnIbmDVrx8yos7trjWdBvuledijyslRVR + -----END RSA PRIVATE KEY----- + - name: OPENSHIFT_MASTER + value: https://internal.api.mwoodson.openshift.com + - name: ROUTER_EXTERNAL_HOST_HOSTNAME + - name: ROUTER_EXTERNAL_HOST_HTTPS_VSERVER + - name: ROUTER_EXTERNAL_HOST_HTTP_VSERVER + - name: ROUTER_EXTERNAL_HOST_INSECURE + value: "false" + - name: ROUTER_EXTERNAL_HOST_PARTITION_PATH + - name: ROUTER_EXTERNAL_HOST_PASSWORD + - name: ROUTER_EXTERNAL_HOST_PRIVKEY + value: /etc/secret-volume/router.pem + - name: ROUTER_EXTERNAL_HOST_USERNAME + - name: ROUTER_SERVICE_NAME + value: router + - name: ROUTER_SERVICE_NAMESPACE + value: default + - name: STATS_PASSWORD + value: ugCk6YBm4q + - name: STATS_PORT + value: "1936" + - name: STATS_USERNAME + value: admin + image: openshift3/ose-haproxy-router:v3.1.1.6 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + host: localhost + path: /healthz + port: 1936 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + name: router + ports: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP + - containerPort: 1936 + hostPort: 1936 + name: stats + protocol: TCP + readinessProbe: + httpGet: + host: localhost + path: /healthz + port: 1936 + scheme: HTTP + timeoutSeconds: 1 + resources: {} + terminationMessagePath: /dev/termination-log + dnsPolicy: ClusterFirst + hostNetwork: true + nodeSelector: + type: infra + restartPolicy: Always + securityContext: {} + serviceAccount: router + serviceAccountName: router + terminationGracePeriodSeconds: 30 + triggers: + - type: ConfigChange +status: + details: + causes: + - type: ConfigChange + latestVersion: 12 diff --git a/roles/lib_openshift_api/build/test/files/passwords.yml b/roles/lib_openshift_api/build/test/files/passwords.yml new file mode 100644 index 000000000..fadbf1d85 --- /dev/null +++ b/roles/lib_openshift_api/build/test/files/passwords.yml @@ -0,0 +1,4 @@ +test1 +test2 +test3 +test4 diff --git a/roles/lib_openshift_api/build/test/files/router-mod.json b/roles/lib_openshift_api/build/test/files/router-mod.json new file mode 100644 index 000000000..45e2e7c8d --- /dev/null +++ b/roles/lib_openshift_api/build/test/files/router-mod.json @@ -0,0 +1,30 @@ +{ + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "router", + "namespace": "default", + "labels": { + "router": "router" + } + }, + "spec": { + "ports": [ + { + "name": "81-tcp", + "protocol": "TCP", + "port": 81, + "targetPort": 81 + } + ], + "selector": { + "router": "router" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } +} + diff --git a/roles/lib_openshift_api/build/test/files/router.json b/roles/lib_openshift_api/build/test/files/router.json new file mode 100644 index 000000000..cad3c6f53 --- /dev/null +++ b/roles/lib_openshift_api/build/test/files/router.json @@ -0,0 +1,29 @@ +{ + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "labels": { + "router": "router" + }, + "name": "router", + "namespace": "default" + }, + "spec": { + "ports": [ + { + "name": "80-tcp", + "port": 80, + "protocol": "TCP", + "targetPort": 80 + } + ], + "selector": { + "router": "router" + }, + "sessionAffinity": "None", + "type": "ClusterIP" + }, + "status": { + "loadBalancer": {} + } +} diff --git a/roles/lib_openshift_api/build/test/roles b/roles/lib_openshift_api/build/test/roles new file mode 120000 index 000000000..ae82aa9bb --- /dev/null +++ b/roles/lib_openshift_api/build/test/roles @@ -0,0 +1 @@ +../../../../roles/
\ No newline at end of file diff --git a/roles/lib_openshift_api/build/test/secrets.yml b/roles/lib_openshift_api/build/test/secrets.yml new file mode 100755 index 000000000..dddc05c4d --- /dev/null +++ b/roles/lib_openshift_api/build/test/secrets.yml @@ -0,0 +1,81 @@ +#!/usr/bin/ansible-playbook +--- +- hosts: "oo_clusterid_mwoodson:&oo_version_3:&oo_master_primary" + gather_facts: no + user: root + + post_tasks: + - copy: + dest: "/tmp/{{ item }}" + src: "files/{{ item }}" + with_items: + - config.yml + - passwords.yml + + - name: list secrets + oc_secret: + state: list + namespace: default + name: kenny + register: secret_out + + - debug: + var: secret_out + + - name: absent secrets + oc_secret: + state: absent + namespace: default + name: kenny + register: secret_out + + - debug: + var: secret_out + + - name: present secrets + oc_secret: + state: present + namespace: default + name: kenny + files: + - /tmp/config.yml + - /tmp/passwords.yml + delete_after: True + register: secret_out + + - debug: + var: secret_out + + - name: present secrets + oc_secret: + state: present + namespace: default + name: kenny + contents: + - path: config.yml + content: "value: True\n" + - path: passwords.yml + content: "test1\ntest2\ntest3\ntest4\n" + delete_after: True + register: secret_out + + - debug: + var: secret_out + + - name: present secrets update + oc_secret: + state: present + namespace: default + name: kenny + contents: + - path: config.yml + content: "value: True\n" + - path: passwords.yml + content: "test1\ntest2\ntest3\ntest4\ntest5\n" + delete_after: True + force: True + register: secret_out + + - debug: + var: secret_out + diff --git a/roles/lib_openshift_api/build/test/services.yml b/roles/lib_openshift_api/build/test/services.yml new file mode 100755 index 000000000..a32e8d012 --- /dev/null +++ b/roles/lib_openshift_api/build/test/services.yml @@ -0,0 +1,133 @@ +#!/usr/bin/ansible-playbook +--- +- hosts: "oo_clusterid_mwoodson:&oo_master_primary" + gather_facts: no + user: root + + roles: + - roles/lib_yaml_editor + + tasks: + - copy: + dest: "/tmp/{{ item }}" + src: "files/{{ item }}" + with_items: + - router.json + - router-mod.json + + - name: list services + oc_obj: + kind: service + state: list + namespace: default + name: router + register: service_out + + - debug: + var: service_out.results + + - name: absent service + oc_obj: + kind: service + state: absent + namespace: default + name: router + register: service_out + + - debug: + var: service_out + + - name: present service create + oc_obj: + kind: service + state: present + namespace: default + name: router + files: + - /tmp/router.json + delete_after: True + register: service_out + + - debug: + var: service_out + + - name: dump router + oc_obj: + kind: service + state: list + name: router + namespace: default + register: routerout + + - name: write router file + copy: + dest: /tmp/router-mod.json + content: "{{ routerout.results[0] }}" + + - command: cat /tmp/router-mod.json + register: catout + + - debug: + msg: "{{ catout }}" + + - command: "sed -i 's/80-tcp/81-tcp/g' /tmp/router-mod.json" + register: catout + + - name: present service replace + oc_obj: + kind: service + state: present + namespace: default + name: router + files: + - /tmp/router-mod.json + #delete_after: True + register: service_out + + - debug: + var: service_out + + - name: list services + oc_obj: + kind: service + state: list + namespace: default + name: router + register: service_out + + - debug: + var: service_out.results + + - set_fact: + new_service: "{{ service_out.results[0] }}" + + - yedit: + src: /tmp/routeryedit + content: "{{ new_service }}" + key: spec.ports + value: + - name: 80-tcp + port: 80 + protocol: TCP + targetPort: 80 + + - yedit: + src: /tmp/routeryedit + state: list + register: yeditout + + - debug: + var: yeditout + + - name: present service replace + oc_obj: + kind: service + state: present + namespace: default + name: router + content: "{{ yeditout.results }}" + delete_after: True + register: service_out + + - debug: + var: service_out diff --git a/roles/lib_openshift_api/library/oc_edit.py b/roles/lib_openshift_api/library/oc_edit.py new file mode 100644 index 000000000..44e77331d --- /dev/null +++ b/roles/lib_openshift_api/library/oc_edit.py @@ -0,0 +1,619 @@ +#!/usr/bin/env python +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' + +import atexit +import json +import os +import shutil +import subprocess +import re + +import yaml +# This is here because of a bug that causes yaml +# to incorrectly handle timezone info on timestamps +def timestamp_constructor(_, node): + '''return timestamps as strings''' + return str(node.value) +yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the oc command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = kubeconfig + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = '/tmp/%s' % rname + yed = Yedit(fname, res['results'][0]) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([not change[0] for change in changes]): + return {'returncode': 0, 'updated': False} + + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + def _replace(self, fname, force=False): + '''return all pods ''' + cmd = ['-n', self.namespace, 'replace', '-f', fname] + if force: + cmd.append('--force') + return self.oc_cmd(cmd) + + def _create(self, fname): + '''return all pods ''' + return self.oc_cmd(['create', '-f', fname, '-n', self.namespace]) + + def _delete(self, resource, rname): + '''return all pods ''' + return self.oc_cmd(['delete', resource, rname, '-n', self.namespace]) + + def _get(self, resource, rname=None): + '''return a secret by name ''' + cmd = ['get', resource, '-o', 'json', '-n', self.namespace] + if rname: + cmd.append(rname) + + rval = self.oc_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if rval.has_key('items'): + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def oc_cmd(self, cmd, output=False): + '''Base command for oc ''' + #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] + cmds = ['/usr/bin/oc'] + cmds.extend(cmd) + + rval = {} + results = '' + err = None + + if self.verbose: + print ' '.join(cmds) + + proc = subprocess.Popen(cmds, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env={'KUBECONFIG': self.kubeconfig}) + + proc.wait() + stdout = proc.stdout.read() + stderr = proc.stderr.read() + + rval = {"returncode": proc.returncode, + "results": results, + } + + if proc.returncode == 0: + if output: + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + + if self.verbose: + print stdout + print stderr + print + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds + }) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}, + }) + + return rval + +class Utils(object): + ''' utilities for openshiftcli modules ''' + @staticmethod + def create_file(rname, data, ftype=None): + ''' create a file in tmp with name and contents''' + path = os.path.join('/tmp', rname) + with open(path, 'w') as fds: + if ftype == 'yaml': + fds.write(yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + fds.write(json.dumps(data)) + else: + fds.write(data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [path]) + return path + + @staticmethod + def create_files_from_contents(data): + '''Turn an array of dict: filename, content into a files array''' + files = [] + + for sfile in data: + path = Utils.create_file(sfile['path'], sfile['content']) + files.append(path) + + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if result.has_key('metadata') and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements + @staticmethod + def check_def_equal(user_def, result_def, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if not isinstance(user_def[key], list): + return False + + # lists should be identical + if value != user_def[key]: + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if not isinstance(user_def[key], dict): + if debug: + print "dict returned false not instance of dict" + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print api_values + print user_values + print "keys are not equal in dict" + return False + + result = Utils.check_def_equal(user_def[key], value, debug=debug) + if not result: + if debug: + print "dict returned false" + return False + + # Verify each key, value pair is the same + else: + if not user_def.has_key(key) or value != user_def[key]: + if debug: + print "value not equal; user_def does not have key" + print value + print user_def[key] + return False + + return True + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([a-zA-Z-./]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([a-zA-Z-./]+)" + + def __init__(self, filename=None, content=None, content_type='yaml'): + self.content = content + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + if self.filename and not self.content: + self.load(content_type=self.content_type) + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def remove_entry(data, key): + ''' remove data at location key ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + curr_data = data + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and data.has_key(dict_key): + data = data[dict_key] + continue + + data[dict_key] = {} + data = data[dict_key] + + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for add + # expected list entry + if key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + return curr_data + + @staticmethod + def get_entry(data, key): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + return data + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + with open(self.filename, 'w') as yfd: + yfd.write(yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + def read(self): + ''' write to file ''' + # check if it exists + if not self.exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents: + return None + + # check if it is yaml + try: + if content_type == 'yaml': + self.yaml_dict = yaml.load(contents) + elif content_type == 'json': + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as _: + # Error loading yaml or json + return None + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + return entry + + def delete(self, key): + ''' remove key from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + if not entry: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, key) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def put(self, key, value): + ''' put key, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + result = Yedit.add_entry(self.yaml_dict, key, value) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def create(self, key, value): + ''' create a yaml file ''' + if not self.exists(): + self.yaml_dict = {key: value} + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + +class Edit(OpenShiftCLI): + ''' Class to wrap the oc command line tools + ''' + # pylint: disable=too-many-arguments + def __init__(self, + kind, + namespace, + resource_name=None, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(Edit, self).__init__(namespace, kubeconfig) + self.namespace = namespace + self.kind = kind + self.name = resource_name + self.kubeconfig = kubeconfig + self.verbose = verbose + + def get(self): + '''return a secret by name ''' + return self._get(self.kind, self.name) + + def update(self, file_name, content, force=False, content_type='yaml'): + '''run update ''' + if file_name: + if content_type == 'yaml': + data = yaml.load(open(file_name)) + elif content_type == 'json': + data = json.loads(open(file_name).read()) + + changes = [] + yed = Yedit(file_name, data) + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([not change[0] for change in changes]): + return {'returncode': 0, 'updated': False} + + yed.write() + + atexit.register(Utils.cleanup, [file_name]) + + return self._replace(file_name, force=force) + + return self._replace_content(self.kind, self.name, content, force=force) + + + +def main(): + ''' + ansible oc module for services + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, required=True, type='str'), + kind=dict(required=True, + type='str', + choices=['dc', 'deploymentconfig', + 'svc', 'service', + 'scc', 'securitycontextconstraints', + 'ns', 'namespace', 'project', 'projects', + 'is', 'imagestream', + 'istag', 'imagestreamtag', + 'bc', 'buildconfig', + 'routes', + 'node', + 'secret', + ]), + file_name=dict(default=None, type='str'), + file_format=dict(default='yaml', type='str'), + content=dict(default=None, required=True, type='dict'), + force=dict(default=False, type='bool'), + ), + supports_check_mode=True, + ) + ocedit = Edit(module.params['kind'], + module.params['namespace'], + module.params['name'], + kubeconfig=module.params['kubeconfig'], + verbose=module.params['debug']) + + state = module.params['state'] + + api_rval = ocedit.get() + + ######## + # Create + ######## + if not Utils.exists(api_rval['results'], module.params['name']): + module.fail_json(msg=api_rval) + + ######## + # Update + ######## + api_rval = ocedit.update(module.params['file_name'], + module.params['content'], + module.params['force'], + module.params['file_format']) + + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + if api_rval.has_key('updated') and not api_rval['updated']: + module.exit_json(changed=False, results=api_rval, state="present") + + # return the created object + api_rval = ocedit.get() + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + module.exit_json(changed=True, results=api_rval, state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_openshift_api/library/oc_obj.py b/roles/lib_openshift_api/library/oc_obj.py new file mode 100644 index 000000000..c058072e3 --- /dev/null +++ b/roles/lib_openshift_api/library/oc_obj.py @@ -0,0 +1,703 @@ +#!/usr/bin/env python +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' + +import atexit +import json +import os +import shutil +import subprocess +import re + +import yaml +# This is here because of a bug that causes yaml +# to incorrectly handle timezone info on timestamps +def timestamp_constructor(_, node): + '''return timestamps as strings''' + return str(node.value) +yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the oc command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = kubeconfig + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = '/tmp/%s' % rname + yed = Yedit(fname, res['results'][0]) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([not change[0] for change in changes]): + return {'returncode': 0, 'updated': False} + + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + def _replace(self, fname, force=False): + '''return all pods ''' + cmd = ['-n', self.namespace, 'replace', '-f', fname] + if force: + cmd.append('--force') + return self.oc_cmd(cmd) + + def _create(self, fname): + '''return all pods ''' + return self.oc_cmd(['create', '-f', fname, '-n', self.namespace]) + + def _delete(self, resource, rname): + '''return all pods ''' + return self.oc_cmd(['delete', resource, rname, '-n', self.namespace]) + + def _get(self, resource, rname=None): + '''return a secret by name ''' + cmd = ['get', resource, '-o', 'json', '-n', self.namespace] + if rname: + cmd.append(rname) + + rval = self.oc_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if rval.has_key('items'): + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def oc_cmd(self, cmd, output=False): + '''Base command for oc ''' + #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] + cmds = ['/usr/bin/oc'] + cmds.extend(cmd) + + rval = {} + results = '' + err = None + + if self.verbose: + print ' '.join(cmds) + + proc = subprocess.Popen(cmds, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env={'KUBECONFIG': self.kubeconfig}) + + proc.wait() + stdout = proc.stdout.read() + stderr = proc.stderr.read() + + rval = {"returncode": proc.returncode, + "results": results, + } + + if proc.returncode == 0: + if output: + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + + if self.verbose: + print stdout + print stderr + print + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds + }) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}, + }) + + return rval + +class Utils(object): + ''' utilities for openshiftcli modules ''' + @staticmethod + def create_file(rname, data, ftype=None): + ''' create a file in tmp with name and contents''' + path = os.path.join('/tmp', rname) + with open(path, 'w') as fds: + if ftype == 'yaml': + fds.write(yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + fds.write(json.dumps(data)) + else: + fds.write(data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [path]) + return path + + @staticmethod + def create_files_from_contents(data): + '''Turn an array of dict: filename, content into a files array''' + files = [] + + for sfile in data: + path = Utils.create_file(sfile['path'], sfile['content']) + files.append(path) + + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if result.has_key('metadata') and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements + @staticmethod + def check_def_equal(user_def, result_def, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if not isinstance(user_def[key], list): + return False + + # lists should be identical + if value != user_def[key]: + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if not isinstance(user_def[key], dict): + if debug: + print "dict returned false not instance of dict" + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print api_values + print user_values + print "keys are not equal in dict" + return False + + result = Utils.check_def_equal(user_def[key], value, debug=debug) + if not result: + if debug: + print "dict returned false" + return False + + # Verify each key, value pair is the same + else: + if not user_def.has_key(key) or value != user_def[key]: + if debug: + print "value not equal; user_def does not have key" + print value + print user_def[key] + return False + + return True + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([a-zA-Z-./]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([a-zA-Z-./]+)" + + def __init__(self, filename=None, content=None, content_type='yaml'): + self.content = content + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + if self.filename and not self.content: + self.load(content_type=self.content_type) + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def remove_entry(data, key): + ''' remove data at location key ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + curr_data = data + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and data.has_key(dict_key): + data = data[dict_key] + continue + + data[dict_key] = {} + data = data[dict_key] + + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for add + # expected list entry + if key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + return curr_data + + @staticmethod + def get_entry(data, key): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + return data + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + with open(self.filename, 'w') as yfd: + yfd.write(yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + def read(self): + ''' write to file ''' + # check if it exists + if not self.exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents: + return None + + # check if it is yaml + try: + if content_type == 'yaml': + self.yaml_dict = yaml.load(contents) + elif content_type == 'json': + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as _: + # Error loading yaml or json + return None + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + return entry + + def delete(self, key): + ''' remove key from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + if not entry: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, key) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def put(self, key, value): + ''' put key, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + result = Yedit.add_entry(self.yaml_dict, key, value) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def create(self, key, value): + ''' create a yaml file ''' + if not self.exists(): + self.yaml_dict = {key: value} + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + +class OCObject(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + + # pylint allows 5. we need 6 + # pylint: disable=too-many-arguments + def __init__(self, + kind, + namespace, + rname=None, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(OCObject, self).__init__(namespace, kubeconfig) + self.kind = kind + self.namespace = namespace + self.name = rname + self.kubeconfig = kubeconfig + self.verbose = verbose + + def get(self): + '''return a deploymentconfig by name ''' + return self._get(self.kind, rname=self.name) + + def delete(self): + '''return all pods ''' + return self._delete(self.kind, self.name) + + def create(self, files=None, content=None): + '''Create a deploymentconfig ''' + if files: + return self._create(files[0]) + + return self._create(Utils.create_files_from_contents(content)) + + + # pylint: disable=too-many-function-args + def update(self, files=None, content=None, force=False): + '''run update dc + + This receives a list of file names and takes the first filename and calls replace. + ''' + if files: + return self._replace(files[0], force) + + return self.update_content(content, force) + + def update_content(self, content, force=False): + '''update the dc with the content''' + return self._replace_content(self.kind, self.name, content, force=force) + + def needs_update(self, files=None, content=None, content_type='yaml'): + ''' check to see if we need to update ''' + objects = self.get() + if objects['returncode'] != 0: + return objects + + # pylint: disable=no-member + data = None + if files: + data = Utils.get_resource_file(files[0], content_type) + + # if equal then no need. So not equal is True + return not Utils.check_def_equal(data, objects['results'][0], True) + else: + data = content + + for key, value in data.items(): + if key == 'metadata': + continue + if not objects['results'][0].has_key(key): + return True + if value != objects['results'][0][key]: + return True + + return False + + +# pylint: disable=too-many-branches +def main(): + ''' + ansible oc module for services + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, type='str'), + files=dict(default=None, type='list'), + kind=dict(required=True, + type='str', + choices=['dc', 'deploymentconfig', + 'svc', 'service', + 'scc', 'securitycontextconstraints', + 'ns', 'namespace', 'project', 'projects', + 'is', 'imagestream', + 'istag', 'imagestreamtag', + 'bc', 'buildconfig', + 'routes', + 'node', + 'secret', + ]), + delete_after=dict(default=False, type='bool'), + content=dict(default=None, type='dict'), + force=dict(default=False, type='bool'), + ), + mutually_exclusive=[["content", "files"]], + + supports_check_mode=True, + ) + ocobj = OCObject(module.params['kind'], + module.params['namespace'], + module.params['name'], + kubeconfig=module.params['kubeconfig'], + verbose=module.params['debug']) + + state = module.params['state'] + + api_rval = ocobj.get() + + ##### + # Get + ##### + if state == 'list': + module.exit_json(changed=False, results=api_rval['results'], state="list") + + if not module.params['name']: + module.fail_json(msg='Please specify a name when state is absent|present.') + ######## + # Delete + ######## + if state == 'absent': + if not Utils.exists(api_rval['results'], module.params['name']): + module.exit_json(changed=False, state="absent") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a delete.') + + api_rval = ocobj.delete() + module.exit_json(changed=True, results=api_rval, state="absent") + + if state == 'present': + ######## + # Create + ######## + if not Utils.exists(api_rval['results'], module.params['name']): + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a create.') + + # Create it here + api_rval = ocobj.create(module.params['files'], module.params['content']) + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + # return the created object + api_rval = ocobj.get() + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + # Remove files + if module.params['files'] and module.params['delete_after']: + Utils.cleanup(module.params['files']) + + module.exit_json(changed=True, results=api_rval, state="present") + + ######## + # Update + ######## + # if a file path is passed, use it. + update = ocobj.needs_update(module.params['files'], module.params['content']) + if not isinstance(update, bool): + module.fail_json(msg=update) + + # No changes + if not update: + if module.params['files'] and module.params['delete_after']: + Utils.cleanup(module.params['files']) + + module.exit_json(changed=False, results=api_rval['results'][0], state="present") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed an update.') + + api_rval = ocobj.update(module.params['files'], + module.params['content'], + module.params['force']) + + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + # return the created object + api_rval = ocobj.get() + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + module.exit_json(changed=True, results=api_rval, state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_openshift_api/library/oc_secret.py b/roles/lib_openshift_api/library/oc_secret.py new file mode 100644 index 000000000..a03022e35 --- /dev/null +++ b/roles/lib_openshift_api/library/oc_secret.py @@ -0,0 +1,675 @@ +#!/usr/bin/env python +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' + +import atexit +import json +import os +import shutil +import subprocess +import re + +import yaml +# This is here because of a bug that causes yaml +# to incorrectly handle timezone info on timestamps +def timestamp_constructor(_, node): + '''return timestamps as strings''' + return str(node.value) +yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the oc command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = kubeconfig + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = '/tmp/%s' % rname + yed = Yedit(fname, res['results'][0]) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([not change[0] for change in changes]): + return {'returncode': 0, 'updated': False} + + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + def _replace(self, fname, force=False): + '''return all pods ''' + cmd = ['-n', self.namespace, 'replace', '-f', fname] + if force: + cmd.append('--force') + return self.oc_cmd(cmd) + + def _create(self, fname): + '''return all pods ''' + return self.oc_cmd(['create', '-f', fname, '-n', self.namespace]) + + def _delete(self, resource, rname): + '''return all pods ''' + return self.oc_cmd(['delete', resource, rname, '-n', self.namespace]) + + def _get(self, resource, rname=None): + '''return a secret by name ''' + cmd = ['get', resource, '-o', 'json', '-n', self.namespace] + if rname: + cmd.append(rname) + + rval = self.oc_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if rval.has_key('items'): + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def oc_cmd(self, cmd, output=False): + '''Base command for oc ''' + #cmds = ['/usr/bin/oc', '--config', self.kubeconfig] + cmds = ['/usr/bin/oc'] + cmds.extend(cmd) + + rval = {} + results = '' + err = None + + if self.verbose: + print ' '.join(cmds) + + proc = subprocess.Popen(cmds, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env={'KUBECONFIG': self.kubeconfig}) + + proc.wait() + stdout = proc.stdout.read() + stderr = proc.stderr.read() + + rval = {"returncode": proc.returncode, + "results": results, + } + + if proc.returncode == 0: + if output: + try: + rval['results'] = json.loads(stdout) + except ValueError as err: + if "No JSON object could be decoded" in err.message: + err = err.message + + if self.verbose: + print stdout + print stderr + print + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds + }) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}, + }) + + return rval + +class Utils(object): + ''' utilities for openshiftcli modules ''' + @staticmethod + def create_file(rname, data, ftype=None): + ''' create a file in tmp with name and contents''' + path = os.path.join('/tmp', rname) + with open(path, 'w') as fds: + if ftype == 'yaml': + fds.write(yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + fds.write(json.dumps(data)) + else: + fds.write(data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [path]) + return path + + @staticmethod + def create_files_from_contents(data): + '''Turn an array of dict: filename, content into a files array''' + files = [] + + for sfile in data: + path = Utils.create_file(sfile['path'], sfile['content']) + files.append(path) + + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if result.has_key('metadata') and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements + @staticmethod + def check_def_equal(user_def, result_def, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if not isinstance(user_def[key], list): + return False + + # lists should be identical + if value != user_def[key]: + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if not isinstance(user_def[key], dict): + if debug: + print "dict returned false not instance of dict" + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print api_values + print user_values + print "keys are not equal in dict" + return False + + result = Utils.check_def_equal(user_def[key], value, debug=debug) + if not result: + if debug: + print "dict returned false" + return False + + # Verify each key, value pair is the same + else: + if not user_def.has_key(key) or value != user_def[key]: + if debug: + print "value not equal; user_def does not have key" + print value + print user_def[key] + return False + + return True + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([a-zA-Z-./]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([a-zA-Z-./]+)" + + def __init__(self, filename=None, content=None, content_type='yaml'): + self.content = content + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + if self.filename and not self.content: + self.load(content_type=self.content_type) + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def remove_entry(data, key): + ''' remove data at location key ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + curr_data = data + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and data.has_key(dict_key): + data = data[dict_key] + continue + + data[dict_key] = {} + data = data[dict_key] + + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for add + # expected list entry + if key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + return curr_data + + @staticmethod + def get_entry(data, key): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + return data + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + with open(self.filename, 'w') as yfd: + yfd.write(yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + def read(self): + ''' write to file ''' + # check if it exists + if not self.exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents: + return None + + # check if it is yaml + try: + if content_type == 'yaml': + self.yaml_dict = yaml.load(contents) + elif content_type == 'json': + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as _: + # Error loading yaml or json + return None + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + return entry + + def delete(self, key): + ''' remove key from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + if not entry: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, key) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def put(self, key, value): + ''' put key, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + result = Yedit.add_entry(self.yaml_dict, key, value) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def create(self, key, value): + ''' create a yaml file ''' + if not self.exists(): + self.yaml_dict = {key: value} + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + +class Secret(OpenShiftCLI): + ''' Class to wrap the oc command line tools + ''' + def __init__(self, + namespace, + secret_name=None, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(Secret, self).__init__(namespace, kubeconfig) + self.namespace = namespace + self.name = secret_name + self.kubeconfig = kubeconfig + self.verbose = verbose + + def get(self): + '''return a secret by name ''' + return self._get('secrets', self.name) + + def delete(self): + '''delete a secret by name''' + return self._delete('secrets', self.name) + + def create(self, files=None, contents=None): + '''Create a secret ''' + if not files: + files = Utils.create_files_from_contents(contents) + + secrets = ["%s=%s" % (os.path.basename(sfile), sfile) for sfile in files] + cmd = ['-n%s' % self.namespace, 'secrets', 'new', self.name] + cmd.extend(secrets) + + return self.oc_cmd(cmd) + + def update(self, files, force=False): + '''run update secret + + This receives a list of file names and converts it into a secret. + The secret is then written to disk and passed into the `oc replace` command. + ''' + secret = self.prep_secret(files) + if secret['returncode'] != 0: + return secret + + sfile_path = '/tmp/%s' % self.name + with open(sfile_path, 'w') as sfd: + sfd.write(json.dumps(secret['results'])) + + atexit.register(Utils.cleanup, [sfile_path]) + + return self._replace(sfile_path, force=force) + + def prep_secret(self, files=None, contents=None): + ''' return what the secret would look like if created + This is accomplished by passing -ojson. This will most likely change in the future + ''' + if not files: + files = Utils.create_files_from_contents(contents) + + secrets = ["%s=%s" % (os.path.basename(sfile), sfile) for sfile in files] + cmd = ['-ojson', '-n%s' % self.namespace, 'secrets', 'new', self.name] + cmd.extend(secrets) + + return self.oc_cmd(cmd, output=True) + + + +# pylint: disable=too-many-branches +def main(): + ''' + ansible oc module for secrets + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, type='str'), + files=dict(default=None, type='list'), + delete_after=dict(default=False, type='bool'), + contents=dict(default=None, type='list'), + force=dict(default=False, type='bool'), + ), + mutually_exclusive=[["contents", "files"]], + + supports_check_mode=True, + ) + occmd = Secret(module.params['namespace'], + module.params['name'], + kubeconfig=module.params['kubeconfig'], + verbose=module.params['debug']) + + state = module.params['state'] + + api_rval = occmd.get() + + ##### + # Get + ##### + if state == 'list': + module.exit_json(changed=False, results=api_rval['results'], state="list") + + if not module.params['name']: + module.fail_json(msg='Please specify a name when state is absent|present.') + ######## + # Delete + ######## + if state == 'absent': + if not Utils.exists(api_rval['results'], module.params['name']): + module.exit_json(changed=False, state="absent") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a delete.') + + api_rval = occmd.delete() + module.exit_json(changed=True, results=api_rval, state="absent") + + + if state == 'present': + if module.params['files']: + files = module.params['files'] + elif module.params['contents']: + files = Utils.create_files_from_contents(module.params['contents']) + else: + module.fail_json(msg='Either specify files or contents.') + + ######## + # Create + ######## + if not Utils.exists(api_rval['results'], module.params['name']): + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed a create.') + + api_rval = occmd.create(module.params['files'], module.params['contents']) + + # Remove files + if files and module.params['delete_after']: + Utils.cleanup(files) + + module.exit_json(changed=True, results=api_rval, state="present") + + ######## + # Update + ######## + secret = occmd.prep_secret(module.params['files'], module.params['contents']) + + if secret['returncode'] != 0: + module.fail_json(msg=secret) + + if Utils.check_def_equal(secret['results'], api_rval['results'][0]): + + # Remove files + if files and module.params['delete_after']: + Utils.cleanup(files) + + module.exit_json(changed=False, results=secret['results'], state="present") + + if module.check_mode: + module.exit_json(change=False, msg='Would have performed an update.') + + api_rval = occmd.update(files, force=module.params['force']) + + # Remove files + if secret and module.params['delete_after']: + Utils.cleanup(files) + + if api_rval['returncode'] != 0: + module.fail_json(msg=api_rval) + + + module.exit_json(changed=True, results=api_rval, state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_yaml_editor/build/ansible/yedit.py b/roles/lib_yaml_editor/build/ansible/yedit.py new file mode 100644 index 000000000..dab3d6347 --- /dev/null +++ b/roles/lib_yaml_editor/build/ansible/yedit.py @@ -0,0 +1,69 @@ +#pylint: skip-file + +def main(): + ''' + ansible oc module for secrets + ''' + + module = AnsibleModule( + argument_spec=dict( + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + src=dict(default=None, type='str'), + content=dict(default=None, type='dict'), + key=dict(default=None, type='str'), + value=dict(default=None, type='str'), + value_format=dict(default='yaml', choices=['yaml', 'json'], type='str'), + ), + #mutually_exclusive=[["src", "content"]], + + supports_check_mode=True, + ) + state = module.params['state'] + + yamlfile = Yedit(module.params['src'], module.params['content']) + + rval = yamlfile.load() + if not rval and state != 'present': + module.fail_json(msg='Error opening file [%s]. Verify that the' + \ + ' file exists, that it is has correct permissions, and is valid yaml.') + + if state == 'list': + module.exit_json(changed=False, results=rval, state="list") + + if state == 'absent': + rval = yamlfile.delete(module.params['key']) + module.exit_json(changed=rval[0], results=rval[1], state="absent") + + if state == 'present': + + if module.params['value_format'] == 'yaml': + value = yaml.load(module.params['value']) + elif module.params['value_format'] == 'json': + value = json.loads(module.params['value']) + + if rval: + rval = yamlfile.put(module.params['key'], value) + if rval[0]: + yamlfile.write() + module.exit_json(changed=rval[0], results=rval[1], state="present") + + if not module.params['content']: + rval = yamlfile.create(module.params['key'], value) + else: + rval = yamlfile.load() + yamlfile.write() + + module.exit_json(changed=rval[0], results=rval[1], state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_yaml_editor/build/generate.py b/roles/lib_yaml_editor/build/generate.py new file mode 100755 index 000000000..312e4d0ee --- /dev/null +++ b/roles/lib_yaml_editor/build/generate.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python +''' + Generate the openshift-ansible/roles/lib_openshift_cli/library/ modules. +''' + +import os + +# pylint: disable=anomalous-backslash-in-string +GEN_STR = "#!/usr/bin/env python\n" + \ + "# ___ ___ _ _ ___ ___ _ _____ ___ ___\n" + \ + "# / __| __| \| | __| _ \ /_\_ _| __| \\\n" + \ + "# | (_ | _|| .` | _|| / / _ \| | | _|| |) |\n" + \ + "# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____\n" + \ + "# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _|\n" + \ + "# | |) | (_) | | .` | (_) || | | _|| |) | | | |\n" + \ + "# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_|\n" + +OPENSHIFT_ANSIBLE_PATH = os.path.dirname(os.path.realpath(__file__)) + +FILES = {'yedit.py': ['src/base.py', 'src/yedit.py', 'ansible/yedit.py'], + } + +def main(): + ''' combine the necessary files to create the ansible module ''' + library = os.path.join(OPENSHIFT_ANSIBLE_PATH, '..', 'library/') + for fname, parts in FILES.items(): + with open(os.path.join(library, fname), 'w') as afd: + afd.seek(0) + afd.write(GEN_STR) + for fpart in parts: + with open(os.path.join(OPENSHIFT_ANSIBLE_PATH, fpart)) as pfd: + # first line is pylint disable so skip it + for idx, line in enumerate(pfd): + if idx == 0 and 'skip-file' in line: + continue + + afd.write(line) + + +if __name__ == '__main__': + main() + + diff --git a/roles/lib_yaml_editor/build/src/base.py b/roles/lib_yaml_editor/build/src/base.py new file mode 100644 index 000000000..9e43d45dc --- /dev/null +++ b/roles/lib_yaml_editor/build/src/base.py @@ -0,0 +1,17 @@ +# pylint: skip-file + +''' +module for managing yaml files +''' + +import os +import re + +import yaml +# This is here because of a bug that causes yaml +# to incorrectly handle timezone info on timestamps +def timestamp_constructor(_, node): + ''' return timestamps as strings''' + return str(node.value) +yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) + diff --git a/roles/lib_yaml_editor/build/src/yedit.py b/roles/lib_yaml_editor/build/src/yedit.py new file mode 100644 index 000000000..642733914 --- /dev/null +++ b/roles/lib_yaml_editor/build/src/yedit.py @@ -0,0 +1,209 @@ +# pylint: skip-file + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([a-zA-Z-./]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([a-zA-Z-./]+)" + + def __init__(self, filename=None, content=None, content_type='yaml'): + self.content = content + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + if self.filename and not self.content: + self.load(content_type=self.content_type) + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def remove_entry(data, key): + ''' remove data at location key ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + curr_data = data + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and data.has_key(dict_key): + data = data[dict_key] + continue + + data[dict_key] = {} + data = data[dict_key] + + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for add + # expected list entry + if key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + return curr_data + + @staticmethod + def get_entry(data, key): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + return data + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + with open(self.filename, 'w') as yfd: + yfd.write(yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + def read(self): + ''' write to file ''' + # check if it exists + if not self.exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents: + return None + + # check if it is yaml + try: + if content_type == 'yaml': + self.yaml_dict = yaml.load(contents) + elif content_type == 'json': + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as _: + # Error loading yaml or json + return None + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + return entry + + def delete(self, key): + ''' remove key from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + if not entry: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, key) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def put(self, key, value): + ''' put key, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + result = Yedit.add_entry(self.yaml_dict, key, value) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def create(self, key, value): + ''' create a yaml file ''' + if not self.exists(): + self.yaml_dict = {key: value} + return (True, self.yaml_dict) + + return (False, self.yaml_dict) diff --git a/roles/lib_yaml_editor/build/test/foo.yml b/roles/lib_yaml_editor/build/test/foo.yml new file mode 100644 index 000000000..20e9ff3fe --- /dev/null +++ b/roles/lib_yaml_editor/build/test/foo.yml @@ -0,0 +1 @@ +foo: bar diff --git a/roles/lib_yaml_editor/build/test/test.yaml b/roles/lib_yaml_editor/build/test/test.yaml new file mode 100755 index 000000000..ac9c37565 --- /dev/null +++ b/roles/lib_yaml_editor/build/test/test.yaml @@ -0,0 +1,15 @@ +#!/usr/bin/ansible-playbook +--- +- hosts: localhost + gather_facts: no + tasks: + - yedit: + src: /home/kwoodson/git/openshift-ansible/roles/lib_yaml_editor/build/test/foo.yml + key: foo + value: barplus + state: present + register: output + + - debug: + msg: "{{ output }}" + diff --git a/roles/lib_yaml_editor/library/yedit.py b/roles/lib_yaml_editor/library/yedit.py new file mode 100644 index 000000000..b7ae45b31 --- /dev/null +++ b/roles/lib_yaml_editor/library/yedit.py @@ -0,0 +1,300 @@ +#!/usr/bin/env python +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| + +''' +module for managing yaml files +''' + +import os +import re + +import yaml +# This is here because of a bug that causes yaml +# to incorrectly handle timezone info on timestamps +def timestamp_constructor(_, node): + ''' return timestamps as strings''' + return str(node.value) +yaml.add_constructor(u'tag:yaml.org,2002:timestamp', timestamp_constructor) + + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([a-zA-Z-./]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([a-zA-Z-./]+)" + + def __init__(self, filename=None, content=None, content_type='yaml'): + self.content = content + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + if self.filename and not self.content: + self.load(content_type=self.content_type) + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def remove_entry(data, key): + ''' remove data at location key ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + curr_data = data + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and data.has_key(dict_key): + data = data[dict_key] + continue + + data[dict_key] = {} + data = data[dict_key] + + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + # process last index for add + # expected list entry + if key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + return curr_data + + @staticmethod + def get_entry(data, key): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if not (key and re.match(Yedit.re_valid_key, key) and isinstance(data, (list, dict))): + return None + + key_indexes = re.findall(Yedit.re_key, key) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1: + data = data[int(arr_ind)] + else: + return None + + return data + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + with open(self.filename, 'w') as yfd: + yfd.write(yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + def read(self): + ''' write to file ''' + # check if it exists + if not self.exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents: + return None + + # check if it is yaml + try: + if content_type == 'yaml': + self.yaml_dict = yaml.load(contents) + elif content_type == 'json': + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as _: + # Error loading yaml or json + return None + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + return entry + + def delete(self, key): + ''' remove key from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + if not entry: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, key) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def put(self, key, value): + ''' put key, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, key) + except KeyError as _: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + result = Yedit.add_entry(self.yaml_dict, key, value) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def create(self, key, value): + ''' create a yaml file ''' + if not self.exists(): + self.yaml_dict = {key: value} + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + +def main(): + ''' + ansible oc module for secrets + ''' + + module = AnsibleModule( + argument_spec=dict( + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + src=dict(default=None, type='str'), + content=dict(default=None, type='dict'), + key=dict(default=None, type='str'), + value=dict(default=None, type='str'), + value_format=dict(default='yaml', choices=['yaml', 'json'], type='str'), + ), + #mutually_exclusive=[["src", "content"]], + + supports_check_mode=True, + ) + state = module.params['state'] + + yamlfile = Yedit(module.params['src'], module.params['content']) + + rval = yamlfile.load() + if not rval and state != 'present': + module.fail_json(msg='Error opening file [%s]. Verify that the' + \ + ' file exists, that it is has correct permissions, and is valid yaml.') + + if state == 'list': + module.exit_json(changed=False, results=rval, state="list") + + if state == 'absent': + rval = yamlfile.delete(module.params['key']) + module.exit_json(changed=rval[0], results=rval[1], state="absent") + + if state == 'present': + + if module.params['value_format'] == 'yaml': + value = yaml.load(module.params['value']) + elif module.params['value_format'] == 'json': + value = json.loads(module.params['value']) + + if rval: + rval = yamlfile.put(module.params['key'], value) + if rval[0]: + yamlfile.write() + module.exit_json(changed=rval[0], results=rval[1], state="present") + + if not module.params['content']: + rval = yamlfile.create(module.params['key'], value) + else: + rval = yamlfile.load() + yamlfile.write() + + module.exit_json(changed=rval[0], results=rval[1], state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/nuage_master/templates/nuage-openshift-monitor.j2 b/roles/nuage_master/templates/nuage-openshift-monitor.j2 index e50e225e1..7228e646b 100644 --- a/roles/nuage_master/templates/nuage-openshift-monitor.j2 +++ b/roles/nuage_master/templates/nuage-openshift-monitor.j2 @@ -18,6 +18,10 @@ domainName: {{ domain }} # Location where logs should be saved log_dir: {{ nuage_mon_rest_server_logdir }} # Monitor rest server paramters +# Logging level for the nuage openshift monitor +# allowed options are: 0 => INFO, 1 => WARNING, 2 => ERROR, 3 => FATAL +logLevel: {{ nuage_mon_log_level }} +# Parameters related to the nuage monitor REST server nuageMonServer: URL: {{ nuage_mon_rest_server_url }} certificateDirectory: {{ cert_output_dir }} diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index 4b57273e4..ec4562c77 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -8,6 +8,7 @@ master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}" nuage_mon_rest_server_url: "0.0.0.0:{{ nuage_mon_rest_server_port }}" nuage_mon_rest_server_logdir: "{{ nuage_openshift_monitor_log_dir | default('/var/log/nuage-openshift-monitor') }}" +nuage_mon_log_level: "{{ nuage_openshift_monitor_log_level | default('3') }}" nuage_mon_rest_server_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}" nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.key" diff --git a/roles/nuage_node/templates/vsp-openshift.j2 b/roles/nuage_node/templates/vsp-openshift.j2 index 6c10b9c24..d3c0a122a 100644 --- a/roles/nuage_node/templates/vsp-openshift.j2 +++ b/roles/nuage_node/templates/vsp-openshift.j2 @@ -22,3 +22,6 @@ nuageMonClientKey: {{ rest_client_key }} nuageMonServerCA: {{ rest_server_ca_cert }} # Nuage vport mtu size interfaceMTU: {{ vport_mtu }} +# Logging level for the plugin +# allowed options are: "dbg", "info", "warn", "err", "emer", "off" +logLevel: {{ plugin_log_level }} diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml index 5acc65ef4..a4d7052a7 100644 --- a/roles/nuage_node/vars/main.yaml +++ b/roles/nuage_node/vars/main.yaml @@ -13,6 +13,7 @@ rest_client_cert: "{{ vsp_openshift_dir }}/nuageMonClient.crt" rest_client_key: "{{ vsp_openshift_dir }}/nuageMonClient.key" rest_server_ca_cert: "{{ vsp_openshift_dir }}/nuageMonCA.crt" vport_mtu: "{{ nuage_interface_mtu | default('1460') }}" +plugin_log_level: "{{ nuage_plugin_log_level | default('err') }}" nuage_plugin_rest_client_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}" nuage_ca_master_plugin_key: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.key" diff --git a/roles/openshift_cli/meta/main.yml b/roles/openshift_cli/meta/main.yml index 1e8f8b719..223cb768d 100644 --- a/roles/openshift_cli/meta/main.yml +++ b/roles/openshift_cli/meta/main.yml @@ -12,5 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } -- { role: docker } +- role: openshift_docker +- role: openshift_common +- role: openshift_cli_facts diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 3b224416e..bfa60e5b0 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -1,10 +1,4 @@ --- -- openshift_facts: - role: common - local_facts: - deployment_type: "{{ openshift_deployment_type }}" - cli_image: "{{ osm_image | default(None) }}" - - name: Install clients action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-clients state=present" when: not openshift.common.is_containerized | bool @@ -13,16 +7,16 @@ command: > docker pull {{ openshift.common.cli_image }}:{{ openshift_version }} when: openshift.common.is_containerized | bool - + - name: Create /usr/local/bin/openshift cli wrapper template: src: openshift.j2 dest: /usr/local/bin/openshift mode: 0755 when: openshift.common.is_containerized | bool - + - name: Create client symlinks - file: + file: path: "{{ item }}" state: link src: /usr/local/bin/openshift diff --git a/roles/openshift_cli_facts/meta/main.yml b/roles/openshift_cli_facts/meta/main.yml new file mode 100644 index 000000000..59acde215 --- /dev/null +++ b/roles/openshift_cli_facts/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift CLI Facts + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_facts diff --git a/roles/openshift_cli_facts/tasks/main.yml b/roles/openshift_cli_facts/tasks/main.yml new file mode 100644 index 000000000..dd1ed8965 --- /dev/null +++ b/roles/openshift_cli_facts/tasks/main.yml @@ -0,0 +1,6 @@ +--- +# TODO: move this to a new 'cli' role +- openshift_facts: + role: common + local_facts: + cli_image: "{{ osm_image | default(None) }}" diff --git a/roles/openshift_cloud_provider/meta/main.yml b/roles/openshift_cloud_provider/meta/main.yml new file mode 100644 index 000000000..8ab95bf5a --- /dev/null +++ b/roles/openshift_cloud_provider/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Sylvain Baubeau, Andrew Butcher + description: OpenShift Cloud Provider + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_facts diff --git a/roles/openshift_cloud_provider/tasks/aws.yml b/roles/openshift_cloud_provider/tasks/aws.yml new file mode 100644 index 000000000..bf2abcbf5 --- /dev/null +++ b/roles/openshift_cloud_provider/tasks/aws.yml @@ -0,0 +1,6 @@ +- name: Create cloud config + ini_file: + dest: "{{ openshift.common.config_base }}/cloudprovider/aws.conf" + section: Global + option: Zone + value: "{{ openshift.provider.zone }}" diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml new file mode 100644 index 000000000..471fd686b --- /dev/null +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Set cloud provider facts + openshift_facts: + role: cloudprovider + openshift_env: "{{ item | oo_openshift_env }}" + openshift_env_structures: + - 'openshift.cloudprovider.aws.*' + - 'openshift.cloudprovider.openstack.*' + no_log: true + with_items: + - "{{ hostvars[inventory_hostname] }}" + - "{{ hostvars }}" + +- name: Create cloudprovider config dir + file: + path: "{{ openshift.common.config_base }}/cloudprovider" + state: directory + when: has_cloudprovider | bool + +- include: openstack.yml + when: cloudprovider_is_openstack | bool + +- include: aws.yml + when: cloudprovider_is_aws | bool diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml new file mode 100644 index 000000000..c501121e5 --- /dev/null +++ b/roles/openshift_cloud_provider/tasks/openstack.yml @@ -0,0 +1,10 @@ +--- +- fail: + msg: "The Openstack integration requires OpenShift Enterprise 3.2 or Origin 1.2." + when: not openshift.common.version_gte_3_2_or_1_2 | bool + +- name: Create cloud config + template: + dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf" + src: openstack.conf.j2 + when: "'auth_url' in openshift.cloudprovider.openstack and 'username' in openshift.cloudprovider.openstack and 'password' in openshift.cloudprovider.openstack and ('tenant_id' in openshift.cloudprovider.openstack or 'tenant_name' in openshift.cloudprovider.openstack)" diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2 new file mode 100644 index 000000000..1b70edc16 --- /dev/null +++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2 @@ -0,0 +1,17 @@ +[Global] +auth-url = {{ openshift.cloudprovider.openstack.auth_url }} +username = {{ openshift.cloudprovider.openstack.username }} +password = {{ openshift.cloudprovider.openstack.password }} +{% if 'tenant_id' in openshift.cloudprovider.openstack %} +tenant-id = {{ openshift.cloudprovider.openstack.tenant_id }} +{% else %} +tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }} +{% endif %} +{% if 'region' in openshift.cloudprovider.openstack %} +region = {{ openshift.cloudprovider.openstack.region }} +{% endif %} +{% if 'lb_subnet_id' in openshift.cloudprovider.openstack %} ++ ++[LoadBalancer] ++subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }} ++{% endif %} diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml new file mode 100644 index 000000000..c608e9b54 --- /dev/null +++ b/roles/openshift_cloud_provider/vars/main.yml @@ -0,0 +1,4 @@ +--- +has_cloudprovider: "{{ 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != None }}" +cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'aws' }}" +cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'openstack' }}" diff --git a/roles/openshift_common/meta/main.yml b/roles/openshift_common/meta/main.yml index 81363ec68..02150406d 100644 --- a/roles/openshift_common/meta/main.yml +++ b/roles/openshift_common/meta/main.yml @@ -12,6 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- { role: os_firewall } -- { role: openshift_facts } -- { role: openshift_repos } +- role: os_firewall +- role: openshift_facts +- role: openshift_repos diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index a2fcff507..b6074ff64 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -19,23 +19,21 @@ openshift_facts: role: common local_facts: - cluster_id: "{{ openshift_cluster_id | default('default') }}" debug_level: "{{ openshift_debug_level | default(2) }}" - hostname: "{{ openshift_hostname | default(None) }}" install_examples: "{{ openshift_install_examples | default(True) }}" - ip: "{{ openshift_ip | default(None) }}" - public_hostname: "{{ openshift_public_hostname | default(None) }}" - public_ip: "{{ openshift_public_ip | default(None) }}" use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}" sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}" - deployment_type: "{{ openshift_deployment_type }}" use_flannel: "{{ openshift_use_flannel | default(None) }}" use_nuage: "{{ openshift_use_nuage | default(None) }}" use_manageiq: "{{ openshift_use_manageiq | default(None) }}" data_dir: "{{ openshift_data_dir | default(None) }}" +# Using oo_image_tag_to_rpm_version here is a workaround for how +# openshift_version is set. That value is computed based on either RPM +# versions or image tags. openshift_common's usage requires that it be a RPM +# version and openshift_cli expects it to be an image tag. - name: Install the base package for versioning - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') }} state=present" + action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_version | default('') | oo_image_tag_to_rpm_version }} state=present" when: not openshift.common.is_containerized | bool # This invocation also updates the version facts which are necessary diff --git a/roles/openshift_docker/handlers/main.yml b/roles/openshift_docker/handlers/main.yml deleted file mode 100644 index 92a6c325f..000000000 --- a/roles/openshift_docker/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- name: restart openshift_docker - service: - name: docker - state: restarted diff --git a/roles/openshift_docker/meta/main.yml b/roles/openshift_docker/meta/main.yml index 1e8f8b719..d98f953ea 100644 --- a/roles/openshift_docker/meta/main.yml +++ b/roles/openshift_docker/meta/main.yml @@ -12,5 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } -- { role: docker } +- role: openshift_repos +- role: openshift_docker_facts +- role: docker diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml deleted file mode 100644 index a57cf815e..000000000 --- a/roles/openshift_docker/tasks/main.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Set docker facts - openshift_facts: - role: "{{ item.role }}" - local_facts: "{{ item.local_facts }}" - with_items: - - role: common - local_facts: - deployment_type: "{{ openshift_deployment_type }}" - docker_additional_registries: "{{ docker_additional_registries }}" - docker_insecure_registries: "{{ docker_insecure_registries }}" - docker_blocked_registries: "{{ docker_blocked_registries }}" - docker_options: "{{ openshift_docker_options | default('',True) }}" - - role: node - local_facts: - portal_net: "{{ openshift_master_portal_net | default(None) }}" - docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" - docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" - -- stat: path=/etc/sysconfig/docker - register: docker_check - -- name: Set registry params - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^{{ item.reg_conf_var }}=.*$' - line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" - when: "'docker_additional_registries' in openshift.common and docker_check.stat.isreg" - with_items: - - reg_conf_var: ADD_REGISTRY - reg_fact_val: "{{ openshift.common.docker_additional_registries }}" - reg_flag: --add-registry - - reg_conf_var: BLOCK_REGISTRY - reg_fact_val: "{{ openshift.common.docker_blocked_registries }}" - reg_flag: --block-registry - - reg_conf_var: INSECURE_REGISTRY - reg_fact_val: "{{ openshift.common.docker_insecure_registries }}" - reg_flag: --insecure-registry - notify: - - restart openshift_docker - -# TODO: Enable secure registry when code available in origin -# TODO: perhaps move this to openshift_docker? -- name: Secure Registry and Logs Options - lineinfile: - dest: /etc/sysconfig/docker - regexp: '^OPTIONS=.*$' - line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }}\ - {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\ - {% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }}{% endif %}\ - {% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ - {% if openshift.common.docker_options is defined %} {{ openshift.common.docker_options }}{% endif %}'" - when: docker_check.stat.isreg - notify: - - restart openshift_docker diff --git a/roles/openshift_docker_facts/meta/main.yml b/roles/openshift_docker_facts/meta/main.yml new file mode 100644 index 000000000..5b1be7a8d --- /dev/null +++ b/roles/openshift_docker_facts/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Docker Facts + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- { role: openshift_facts } diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml new file mode 100644 index 000000000..1848619e0 --- /dev/null +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -0,0 +1,55 @@ +--- +- name: Set docker facts + openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: docker + local_facts: + additional_registries: "{{ openshift_docker_additional_registries | default(None) }}" + blocked_registries: "{{ openshift_docker_blocked_registries | default(None) }}" + insecure_registries: "{{ openshift_docker_insecure_registries | default(None) }}" + log_driver: "{{ openshift_docker_log_driver | default(None) }}" + log_options: "{{ openshift_docker_log_options | default(None) }}" + options: "{{ openshift_docker_options | default(None) }}" + disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}" + hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(None) }}" + hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}" + +- set_fact: + docker_additional_registries: "{{ openshift.docker.additional_registries + | default(omit) }}" + docker_blocked_registries: "{{ openshift.docker.blocked_registries + | default(omit) }}" + docker_insecure_registries: "{{ openshift.docker.insecure_registries + | default(omit) }}" + docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}" + docker_log_options: "{{ openshift.docker.log_options | default(omit) }}" + docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub + | default(omit) }}" + +- set_fact: + docker_options: > + --insecure-registry={{ openshift.docker.hosted_registry_network }} + {{ openshift.docker.options | default ('') }} + when: openshift.docker.hosted_registry_insecure | default(False) | bool + +- set_fact: + docker_options: "{{ openshift.docker.options | default(omit) }}" + when: not openshift.docker.hosted_registry_insecure | default(False) | bool + +# Avoid docker 1.9 when installing origin < 1.2 or OSE < 3.2 on RHEL/Centos and +# See: https://bugzilla.redhat.com/show_bug.cgi?id=1304038 +- name: Gather common package version + command: > + {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}" + register: common_version + failed_when: false + changed_when: false + when: not openshift.common.is_atomic | bool + +- name: Set docker version to be installed + set_fact: + docker_version: "{{ '1.8.2' }}" + when: " ( common_version.stdout | default('0.0', True) | version_compare('3.2','<') and openshift.common.service_type == 'atomic-openshift' ) or + ( common_version.stdout | default('0.0', True) | version_compare('1.2','<') and openshift.common.service_type == 'origin' )" diff --git a/roles/openshift_docker_facts/vars/main.yml b/roles/openshift_docker_facts/vars/main.yml new file mode 100644 index 000000000..f7ad1b329 --- /dev/null +++ b/roles/openshift_docker_facts/vars/main.yml @@ -0,0 +1,2 @@ +--- +repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery' }}" diff --git a/roles/openshift_etcd/meta/main.yml b/roles/openshift_etcd/meta/main.yml new file mode 100644 index 000000000..5e5f96d44 --- /dev/null +++ b/roles/openshift_etcd/meta/main.yml @@ -0,0 +1,18 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift etcd + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_facts +- role: openshift_docker + when: openshift.common.is_containerized | bool +- role: etcd diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index ad21d0f09..976ff7702 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -8,7 +8,7 @@ openshift_examples_load_quickstarts: true content_version: "{{ openshift.common.examples_content_version }}" -examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized else '/usr/share/openshift' }}/examples" +examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples" image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index 22cef303b..6108a1485 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -6,7 +6,7 @@ # This script should be run from openshift-ansible/roles/openshift_examples XPAAS_VERSION=ose-v1.2.0-1 -ORIGIN_VERSION=v1.2 +ORIGIN_VERSION=${1:-v1.2} EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} find ${EXAMPLES_BASE} -name '*.json' -delete find ${EXAMPLES_BASE} -name '*.yaml' -delete diff --git a/roles/openshift_examples/files/examples/v1.1/db-templates/README.md b/roles/openshift_examples/files/examples/v1.1/db-templates/README.md index b39abf8b9..609f4dec9 100644 --- a/roles/openshift_examples/files/examples/v1.1/db-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.1/db-templates/README.md @@ -9,7 +9,7 @@ the Web Console or the CLI. The examples can also be tweaked to create new templates. -## Ephemeral x Persistent +## Ephemeral vs Persistent For each supported database, there are two template files. diff --git a/roles/openshift_examples/files/examples/v1.1/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.1/db-templates/mongodb-ephemeral-template.json index 68438b538..227c8d30e 100644 --- a/roles/openshift_examples/files/examples/v1.1/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.1/db-templates/mongodb-ephemeral-template.json @@ -48,8 +48,7 @@ }, "spec": { "strategy": { - "type": "Recreate", - "resources": {} + "type": "Recreate" }, "triggers": [ { @@ -62,7 +61,7 @@ "from": { "kind": "ImageStreamTag", "name": "mongodb:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -87,19 +86,26 @@ { "name": "mongodb", "image": "mongodb", - "readinessProbe": { - "tcpSocket":{ - "port": 27017 - }, - "initialDelaySeconds": 15, - "timeoutSeconds": 1 - }, "ports": [ { "containerPort": 27017, "protocol": "TCP" } ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, "env": [ { "name": "MONGODB_USER", @@ -118,7 +124,11 @@ "value": "${MONGODB_ADMIN_PASSWORD}" } ], - "resources": {}, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -152,34 +162,51 @@ ], "parameters": [ { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "mongodb", "required": true }, { "name": "MONGODB_USER", - "description": "Username for MongoDB user that will be used for accessing the database", + "displayName": "MongoDB User", + "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "MONGODB_PASSWORD", - "description": "Password for the MongoDB user", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "MONGODB_DATABASE", - "description": "Database name", + "displayName": "MongoDB Database Name", + "description": "Name of the MongoDB database accessed.", "value": "sampledb", "required": true }, { "name": "MONGODB_ADMIN_PASSWORD", - "description": "Password for the database admin user", + "displayName": "MongoDB Admin Password", + "description": "Password for the database admin user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.1/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.1/db-templates/mongodb-persistent-template.json index e90ed6fa8..672eaaa09 100644 --- a/roles/openshift_examples/files/examples/v1.1/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.1/db-templates/mongodb-persistent-template.json @@ -65,8 +65,7 @@ }, "spec": { "strategy": { - "type": "Recreate", - "resources": {} + "type": "Recreate" }, "triggers": [ { @@ -79,7 +78,7 @@ "from": { "kind": "ImageStreamTag", "name": "mongodb:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -104,19 +103,26 @@ { "name": "mongodb", "image": "mongodb", - "readinessProbe": { - "tcpSocket":{ - "port": 27017 - }, - "initialDelaySeconds": 15, - "timeoutSeconds": 1 - }, "ports": [ { "containerPort": 27017, "protocol": "TCP" } ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, "env": [ { "name": "MONGODB_USER", @@ -135,7 +141,11 @@ "value": "${MONGODB_ADMIN_PASSWORD}" } ], - "resources": {}, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -169,41 +179,59 @@ ], "parameters": [ { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "mongodb", "required": true }, { "name": "MONGODB_USER", - "description": "Username for MongoDB user that will be used for accessing the database", + "displayName": "MongoDB User", + "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "MONGODB_PASSWORD", - "description": "Password for the MongoDB user", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "MONGODB_DATABASE", - "description": "Database name", + "displayName": "MongoDB Database Name", + "description": "Name of the MongoDB database accessed.", "value": "sampledb", "required": true }, { "name": "MONGODB_ADMIN_PASSWORD", - "description": "Password for the database admin user", + "displayName": "MongoDB Admin Password", + "description": "Password for the database admin user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "VOLUME_CAPACITY", - "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "512Mi", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.1/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.1/db-templates/mysql-ephemeral-template.json index 84911d2d6..f4c118052 100644 --- a/roles/openshift_examples/files/examples/v1.1/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.1/db-templates/mysql-ephemeral-template.json @@ -48,8 +48,7 @@ }, "spec": { "strategy": { - "type": "Recreate", - "resources": {} + "type": "Recreate" }, "triggers": [ { @@ -62,7 +61,7 @@ "from": { "kind": "ImageStreamTag", "name": "mysql:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -93,6 +92,21 @@ "protocol": "TCP" } ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, "env": [ { "name": "MYSQL_USER", @@ -107,7 +121,11 @@ "value": "${MYSQL_DATABASE}" } ], - "resources": {}, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -141,28 +159,44 @@ ], "parameters": [ { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "mysql", "required": true }, { "name": "MYSQL_USER", - "description": "Username for MySQL user that will be used for accessing the database", + "displayName": "MySQL User", + "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "MYSQL_PASSWORD", - "description": "Password for the MySQL user", + "displayName": "MySQL Password", + "description": "Password for the MySQL user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "MYSQL_DATABASE", - "description": "Database name", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", "value": "sampledb", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.1/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.1/db-templates/mysql-persistent-template.json index 6e19f48f5..d94262dde 100644 --- a/roles/openshift_examples/files/examples/v1.1/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.1/db-templates/mysql-persistent-template.json @@ -65,8 +65,7 @@ }, "spec": { "strategy": { - "type": "Recreate", - "resources": {} + "type": "Recreate" }, "triggers": [ { @@ -79,7 +78,7 @@ "from": { "kind": "ImageStreamTag", "name": "mysql:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -110,6 +109,21 @@ "protocol": "TCP" } ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, "env": [ { "name": "MYSQL_USER", @@ -124,7 +138,11 @@ "value": "${MYSQL_DATABASE}" } ], - "resources": {}, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -158,34 +176,51 @@ ], "parameters": [ { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "mysql", "required": true }, { "name": "MYSQL_USER", - "description": "Username for MySQL user that will be used for accessing the database", + "displayName": "MySQL User", + "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "MYSQL_PASSWORD", - "description": "Password for the MySQL user", + "displayName": "MySQL Password", + "description": "Password for the MySQL user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "MYSQL_DATABASE", - "description": "Database name", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", "value": "sampledb", "required": true }, { "name": "VOLUME_CAPACITY", - "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "512Mi", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.1/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.1/db-templates/postgresql-ephemeral-template.json index 9ee9364a9..c14f3c3df 100644 --- a/roles/openshift_examples/files/examples/v1.1/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.1/db-templates/postgresql-ephemeral-template.json @@ -48,8 +48,7 @@ }, "spec": { "strategy": { - "type": "Recreate", - "resources": {} + "type": "Recreate" }, "triggers": [ { @@ -62,7 +61,7 @@ "from": { "kind": "ImageStreamTag", "name": "postgresql:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -93,6 +92,20 @@ "protocol": "TCP" } ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, "env": [ { "name": "POSTGRESQL_USER", @@ -107,7 +120,11 @@ "value": "${POSTGRESQL_DATABASE}" } ], - "resources": {}, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -141,28 +158,44 @@ ], "parameters": [ { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "postgresql", "required": true }, { "name": "POSTGRESQL_USER", - "description": "Username for PostgreSQL user that will be used for accessing the database", + "displayName": "PostgreSQL User", + "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "POSTGRESQL_PASSWORD", - "description": "Password for the PostgreSQL user", + "displayName": "PostgreSQL Password", + "description": "Password for the PostgreSQL user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "POSTGRESQL_DATABASE", - "description": "Database name", + "displayName": "PostgreSQL Database Name", + "description": "Name of the PostgreSQL database accessed.", "value": "sampledb", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.1/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.1/db-templates/postgresql-persistent-template.json index 91cd7453e..5713411ad 100644 --- a/roles/openshift_examples/files/examples/v1.1/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.1/db-templates/postgresql-persistent-template.json @@ -65,8 +65,7 @@ }, "spec": { "strategy": { - "type": "Recreate", - "resources": {} + "type": "Recreate" }, "triggers": [ { @@ -79,7 +78,7 @@ "from": { "kind": "ImageStreamTag", "name": "postgresql:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -110,6 +109,20 @@ "protocol": "TCP" } ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, "env": [ { "name": "POSTGRESQL_USER", @@ -124,7 +137,11 @@ "value": "${POSTGRESQL_DATABASE}" } ], - "resources": {}, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -158,34 +175,51 @@ ], "parameters": [ { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "postgresql", "required": true }, { "name": "POSTGRESQL_USER", - "description": "Username for PostgreSQL user that will be used for accessing the database", + "displayName": "PostgreSQL User", + "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "POSTGRESQL_PASSWORD", - "description": "Password for the PostgreSQL user", + "displayName": "PostgreSQL Password", + "description": "Password for the PostgreSQL user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "POSTGRESQL_DATABASE", - "description": "Database name", + "displayName": "PostgreSQL Database Name", + "description": "Name of the PostgreSQL database accessed.", "value": "sampledb", "required": true }, { "name": "VOLUME_CAPACITY", - "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "512Mi", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.1/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.1/image-streams/image-streams-centos7.json index a327c0215..719aee772 100644 --- a/roles/openshift_examples/files/examples/v1.1/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v1.1/image-streams/image-streams-centos7.json @@ -14,6 +14,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run Ruby applications", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "2.2" @@ -63,6 +70,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run NodeJS applications", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "0.10" @@ -97,6 +111,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run Perl applications", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "5.20" @@ -147,6 +168,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run PHP applications", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "5.6" @@ -196,6 +224,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run Python applications", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "3.4" @@ -260,9 +295,16 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run Java applications on Wildfly", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"jee,java", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" + }, "from": { "kind": "ImageStreamTag", - "name": "8.1" + "name": "10.0" } }, { @@ -279,6 +321,36 @@ "kind": "DockerImage", "name": "openshift/wildfly-81-centos7:latest" } + }, + { + "name": "9.0", + "annotations": { + "description": "Build and run Java applications on Wildfly 9.0", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:9.0,jee,java", + "version": "9.0", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-90-centos7:latest" + } + }, + { + "name": "10.0", + "annotations": { + "description": "Build and run Java applications on Wildfly 10.0", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:10.0,jee,java", + "version": "10.0", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-100-centos7:latest" + } } ] } @@ -294,6 +366,11 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Provides a MySQL database", + "iconClass": "icon-mysql-database", + "tags": "mysql" + }, "from": { "kind": "ImageStreamTag", "name": "5.6" @@ -301,6 +378,12 @@ }, { "name": "5.5", + "annotations": { + "description": "Provides a MySQL v5.5 database", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.5" + }, "from": { "kind": "DockerImage", "name": "openshift/mysql-55-centos7:latest" @@ -308,6 +391,12 @@ }, { "name": "5.6", + "annotations": { + "description": "Provides a MySQL v5.6 database", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.6" + }, "from": { "kind": "DockerImage", "name": "centos/mysql-56-centos7:latest" @@ -327,6 +416,11 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Provides a PostgreSQL database", + "iconClass": "icon-postgresql", + "tags": "postgresql" + }, "from": { "kind": "ImageStreamTag", "name": "9.4" @@ -334,6 +428,12 @@ }, { "name": "9.2", + "annotations": { + "description": "Provides a PostgreSQL v9.2 database", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.2" + }, "from": { "kind": "DockerImage", "name": "openshift/postgresql-92-centos7:latest" @@ -341,6 +441,12 @@ }, { "name": "9.4", + "annotations": { + "description": "Provides a PostgreSQL v9.4 database", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.4" + }, "from": { "kind": "DockerImage", "name": "centos/postgresql-94-centos7:latest" @@ -360,6 +466,11 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Provides a MongoDB database", + "iconClass": "icon-mongodb", + "tags": "mongodb" + }, "from": { "kind": "ImageStreamTag", "name": "2.6" @@ -367,6 +478,12 @@ }, { "name": "2.4", + "annotations": { + "description": "Provides a MongoDB v2.4 database", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "2.4" + }, "from": { "kind": "DockerImage", "name": "openshift/mongodb-24-centos7:latest" @@ -374,6 +491,12 @@ }, { "name": "2.6", + "annotations": { + "description": "Provides a MongoDB v2.6 database", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "2.6" + }, "from": { "kind": "DockerImage", "name": "centos/mongodb-26-centos7:latest" @@ -393,6 +516,11 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Provides a Jenkins server", + "iconClass": "icon-jenkins", + "tags": "jenkins" + }, "from": { "kind": "ImageStreamTag", "name": "1" @@ -400,6 +528,12 @@ }, { "name": "1", + "annotations": { + "description": "Provides a Jenkins server", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "1.x" + }, "from": { "kind": "DockerImage", "name": "openshift/jenkins-1-centos7:latest" diff --git a/roles/openshift_examples/files/examples/v1.1/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v1.1/image-streams/image-streams-rhel7.json index 3f5f713b4..00635ec78 100644 --- a/roles/openshift_examples/files/examples/v1.1/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v1.1/image-streams/image-streams-rhel7.json @@ -14,6 +14,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run Ruby applications", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby,ruby", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "2.2" @@ -63,6 +70,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run NodeJS applications", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "0.10" @@ -97,6 +111,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run Perl applications", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "5.20" @@ -147,6 +168,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run PHP applications", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "5.6" @@ -196,6 +224,13 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Build and run Python applications", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, "from": { "kind": "ImageStreamTag", "name": "3.4" @@ -260,6 +295,11 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Provides a MySQL database", + "iconClass": "icon-mysql-database", + "tags": "mysql" + }, "from": { "kind": "ImageStreamTag", "name": "5.6" @@ -267,6 +307,12 @@ }, { "name": "5.5", + "annotations": { + "description": "Provides a MySQL v5.5 database", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.5" + }, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/openshift3/mysql-55-rhel7:latest" @@ -274,6 +320,12 @@ }, { "name": "5.6", + "annotations": { + "description": "Provides a MySQL v5.6 database", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.6" + }, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/mysql-56-rhel7:latest" @@ -293,6 +345,11 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Provides a PostgreSQL database", + "iconClass": "icon-postgresql", + "tags": "postgresql" + }, "from": { "kind": "ImageStreamTag", "name": "9.4" @@ -300,6 +357,12 @@ }, { "name": "9.2", + "annotations": { + "description": "Provides a PostgreSQL v9.2 database", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.2" + }, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/openshift3/postgresql-92-rhel7:latest" @@ -307,6 +370,12 @@ }, { "name": "9.4", + "annotations": { + "description": "Provides a PostgreSQL v9.4 database", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.4" + }, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/postgresql-94-rhel7:latest" @@ -326,6 +395,11 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Provides a MongoDB database", + "iconClass": "icon-mongodb", + "tags": "mongodb" + }, "from": { "kind": "ImageStreamTag", "name": "2.6" @@ -333,6 +407,12 @@ }, { "name": "2.4", + "annotations": { + "description": "Provides a MongoDB v2.4 database", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "2.4" + }, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/openshift3/mongodb-24-rhel7:latest" @@ -340,6 +420,12 @@ }, { "name": "2.6", + "annotations": { + "description": "Provides a MongoDB v2.6 database", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "2.6" + }, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/mongodb-26-rhel7:latest" @@ -359,6 +445,11 @@ "tags": [ { "name": "latest", + "annotations": { + "description": "Provides a Jenkins server", + "iconClass": "icon-jenkins", + "tags": "jenkins" + }, "from": { "kind": "ImageStreamTag", "name": "1" @@ -366,6 +457,12 @@ }, { "name": "1", + "annotations": { + "description": "Provides a Jenkins server", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "1.x" + }, "from": { "kind": "DockerImage", "name": "registry.access.redhat.com/openshift3/jenkins-1-rhel7:latest" diff --git a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml index be999bd1a..99f2df4fa 100644 --- a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml @@ -52,8 +52,6 @@ objects: value: ${IMAGE_PREFIX} - name: IMAGE_VERSION value: ${IMAGE_VERSION} - - name: PUBLIC_MASTER_URL - value: ${PUBLIC_MASTER_URL} - name: MASTER_URL value: ${MASTER_URL} - name: REDEPLOY @@ -79,11 +77,11 @@ objects: secretName: metrics-deployer parameters: - - description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set prefix "openshift/origin-"' + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' name: IMAGE_PREFIX value: "registry.access.redhat.com/openshift3/" - - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set version "v1.1"' + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION value: "3.1.1" - @@ -109,7 +107,7 @@ parameters: - description: "The persistent volume size for each of the Cassandra nodes" name: CASSANDRA_PV_SIZE - value: "1Gi" + value: "10Gi" - description: "How many days metrics should be stored for." name: METRIC_DURATION diff --git a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/origin/logging-deployer.yaml index 4c798e148..9257b1f28 100644 --- a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/origin/logging-deployer.yaml @@ -69,6 +69,8 @@ objects: value: ${ES_OPS_RECOVER_EXPECTED_NODES} - name: ES_OPS_RECOVER_AFTER_TIME value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: logging-deployer @@ -148,4 +150,7 @@ parameters: description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." name: ES_OPS_RECOVER_AFTER_TIME value: "5m" - +- + description: "The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" diff --git a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/origin/metrics-deployer.yaml index 3e9bcde5b..30d79acee 100644 --- a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/origin/metrics-deployer.yaml @@ -52,8 +52,6 @@ objects: value: ${IMAGE_PREFIX} - name: IMAGE_VERSION value: ${IMAGE_VERSION} - - name: PUBLIC_MASTER_URL - value: ${PUBLIC_MASTER_URL} - name: MASTER_URL value: ${MASTER_URL} - name: REDEPLOY @@ -79,11 +77,11 @@ objects: secretName: metrics-deployer parameters: - - description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set prefix "openshift/origin-"' + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' name: IMAGE_PREFIX - value: "docker.io/openshift/origin-" + value: "openshift/origin-" - - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set version "v1.1"' + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION value: "latest" - @@ -109,7 +107,7 @@ parameters: - description: "The persistent volume size for each of the Cassandra nodes" name: CASSANDRA_PV_SIZE - value: "1Gi" + value: "10Gi" - description: "How many days metrics should be stored for." name: METRIC_DURATION diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/cakephp-mysql.json index 52143da2d..922e5bed8 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/cakephp-mysql.json @@ -5,7 +5,7 @@ "name": "cakephp-mysql-example", "annotations": { "description": "An example CakePHP application with a MySQL database", - "tags": "instant-app,php,cakephp,mysql", + "tags": "quickstart,php,cakephp,mysql", "iconClass": "icon-php" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "cakephp-mysql-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "cakephp-mysql-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "php:5.6" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "cakephp-mysql-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -113,7 +113,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -123,7 +123,7 @@ "type": "Rolling", "recreateParams": { "pre": { - "failurePolicy": "Abort", + "failurePolicy": "Retry", "execNewPod": { "command": [ "./migrate-database.sh" @@ -143,7 +143,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "cakephp-mysql-example:latest" + "name": "${NAME}:latest" } } }, @@ -153,13 +153,13 @@ ], "replicas": 1, "selector": { - "name": "cakephp-mysql-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "labels": { - "name": "cakephp-mysql-example" + "name": "${NAME}" } }, "spec": { @@ -172,6 +172,22 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health.php", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -209,7 +225,12 @@ "name": "OPCACHE_REVALIDATE_FREQ", "value": "${OPCACHE_REVALIDATE_FREQ}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -261,7 +282,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "mysql:5.6" } } @@ -291,20 +312,39 @@ "containerPort": 3306 } ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DATABASE_USER}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DATABASE_NAME}" + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] } - ] + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${DATABASE_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DATABASE_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } + } } ] } @@ -314,76 +354,111 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "cakephp-mysql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the CakePHP container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_MYSQL_LIMIT", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/cakephp-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", "value": "mysql" }, { "name": "DATABASE_ENGINE", - "description": "Database engine: postgresql, mysql or sqlite (default)", + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default).", "value": "mysql" }, { "name": "DATABASE_NAME", - "description": "Database name", + "displayName": "Database Name", "value": "default" }, { "name": "DATABASE_USER", - "description": "Database user name", + "displayName": "Database User", "value": "cakephp" }, { "name": "DATABASE_PASSWORD", - "description": "Database user password", + "displayName": "Database Password", "generate": "expression", "from": "[a-zA-Z0-9]{16}" }, { "name": "CAKEPHP_SECRET_TOKEN", - "description": "Set this to a long random string", + "displayName": "CakePHP secret token", + "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" }, { "name": "CAKEPHP_SECURITY_SALT", - "description": "Security salt for session hash", + "displayName": "CakePHP Security Salt", + "description": "Security salt for session hash.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "description": "Security cipher seed for session hash", + "displayName": "CakePHP Security Cipher Seed", + "description": "Security cipher seed for session hash.", "generate": "expression", "from": "[0-9]{30}" }, { "name": "OPCACHE_REVALIDATE_FREQ", - "description": "The How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", + "displayName": "OPcache Revalidation Frequency", + "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", "value": "2" } ] diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/cakephp.json index b77dc0c51..780faec55 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/cakephp.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/cakephp.json @@ -5,7 +5,7 @@ "name": "cakephp-example", "annotations": { "description": "An example CakePHP application with no database", - "tags": "instant-app,php,cakephp", + "tags": "quickstart,php,cakephp", "iconClass": "icon-php" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "cakephp-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "cakephp-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "cakephp-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "php:5.6" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "cakephp-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -113,7 +113,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -132,7 +132,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "cakephp-example:latest" + "name": "${NAME}:latest" } } }, @@ -142,13 +142,13 @@ ], "replicas": 1, "selector": { - "name": "cakephp-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "labels": { - "name": "cakephp-example" + "name": "${NAME}" } }, "spec": { @@ -161,6 +161,22 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -198,7 +214,12 @@ "name": "OPCACHE_REVALIDATE_FREQ", "value": "${OPCACHE_REVALIDATE_FREQ}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -208,70 +229,99 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "cakephp-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/cakephp-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name" + "displayName": "Database Service Name" }, { "name": "DATABASE_ENGINE", - "description": "Database engine: postgresql, mysql or sqlite (default)" + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default)." }, { "name": "DATABASE_NAME", - "description": "Database name" + "displayName": "Database Name" }, { "name": "DATABASE_USER", - "description": "Database user name" + "displayName": "Database User" }, { "name": "DATABASE_PASSWORD", - "description": "Database user password" + "displayName": "Database Password" }, { "name": "CAKEPHP_SECRET_TOKEN", - "description": "Set this to a long random string", + "displayName": "CakePHP Secret Token", + "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" }, { "name": "CAKEPHP_SECURITY_SALT", - "description": "Security salt for session hash", + "displayName": "CakePHP Security Salt", + "description": "Security salt for session hash.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "description": "Security cipher seed for session hash", + "displayName": "CakePHP Security Cipher Seed", + "description": "Security cipher seed for session hash.", "generate": "expression", "from": "[0-9]{30}" }, { "name": "OPCACHE_REVALIDATE_FREQ", - "description": "The How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", + "displayName": "OPcache Revalidation Frequency", + "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", "value": "2" } ] diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/dancer-mysql.json index edc6a1f3f..c0fc02ae4 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/dancer-mysql.json @@ -5,7 +5,7 @@ "name": "dancer-mysql-example", "annotations": { "description": "An example Dancer application with a MySQL database", - "tags": "instant-app,perl,dancer,mysql", + "tags": "quickstart,perl,dancer,mysql", "iconClass": "icon-perl" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "dancer-mysql-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "dancer-mysql-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "perl:5.20" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "dancer-mysql-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -113,7 +113,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -129,7 +129,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "dancer-mysql-example:latest" + "name": "${NAME}:latest" } } }, @@ -139,13 +139,13 @@ ], "replicas": 1, "selector": { - "name": "dancer-mysql-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "labels": { - "name": "dancer-mysql-example" + "name": "${NAME}" } }, "spec": { @@ -158,6 +158,22 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -183,7 +199,12 @@ "name": "PERL_APACHE2_RELOAD", "value": "${PERL_APACHE2_RELOAD}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -235,7 +256,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "mysql:5.6" } } @@ -265,6 +286,20 @@ "containerPort": 3306 } ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, "env": [ { "name": "MYSQL_USER", @@ -275,10 +310,15 @@ "value": "${DATABASE_PASSWORD}" }, { - "name": "MYSQL_DATABASE", - "value": "${DATABASE_NAME}" + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } + } } ] } @@ -288,71 +328,103 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dancer-mysql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Perl Dancer container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_MYSQL_LIMIT", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/dancer-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "ADMIN_USERNAME", - "description": "administrator username", + "displayName": "Administrator Username", "generate": "expression", "from": "admin[A-Z0-9]{3}" }, { "name": "ADMIN_PASSWORD", - "description": "administrator password", + "displayName": "Administrator Password", "generate": "expression", "from": "[a-zA-Z0-9]{8}" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", "value": "database" }, { "name": "DATABASE_USER", - "description": "database username", + "displayName": "Database Username", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { "name": "DATABASE_PASSWORD", - "description": "database password", + "displayName": "Database Password", "generate": "expression", "from": "[a-zA-Z0-9]{8}" }, { "name": "DATABASE_NAME", - "description": "database name", + "displayName": "Database Name", "value": "sampledb" }, { "name": "PERL_APACHE2_RELOAD", - "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules", + "displayName": "Perl Module Reload", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", "value": "" }, { "name": "SECRET_KEY_BASE", - "description": "Your secret key for verifying the integrity of signed cookies", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", "generate": "expression", "from": "[a-z0-9]{127}" } diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/dancer.json index 409252d82..1ea5a21a0 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/dancer.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/dancer.json @@ -5,7 +5,7 @@ "name": "dancer-example", "annotations": { "description": "An example Dancer application with no database", - "tags": "instant-app,perl,dancer", + "tags": "quickstart,perl,dancer", "iconClass": "icon-perl" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "dancer-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "dancer-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "dancer-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "dancer-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dancer-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "dancer-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "perl:5.20" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "dancer-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -113,7 +113,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "dancer-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -132,7 +132,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "dancer-example:latest" + "name": "${NAME}:latest" } } }, @@ -142,13 +142,13 @@ ], "replicas": 1, "selector": { - "name": "dancer-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "dancer-example", + "name": "${NAME}", "labels": { - "name": "dancer-example" + "name": "${NAME}" } }, "spec": { @@ -161,12 +161,33 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, "env": [ { "name": "PERL_APACHE2_RELOAD", "value": "${PERL_APACHE2_RELOAD}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -176,38 +197,64 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dancer-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/dancer-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "SECRET_KEY_BASE", - "description": "Your secret key for verifying the integrity of signed cookies", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", "generate": "expression", "from": "[a-z0-9]{127}" }, { "name": "PERL_APACHE2_RELOAD", - "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules", + "displayName": "Perl Module Reload", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", "value": "" } ] diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/django-postgresql.json index c4c55ddd8..844201e7c 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/django-postgresql.json @@ -5,7 +5,7 @@ "name": "django-psql-example", "annotations": { "description": "An example Django application with a PostgreSQL database", - "tags": "instant-app,python,django,postgresql", + "tags": "quickstart,python,django,postgresql", "iconClass": "icon-python" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "django-psql-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "django-psql-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "django-psql-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "python:3.4" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "django-psql-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -106,14 +106,17 @@ "secret": "${GITHUB_WEBHOOK_SECRET}" } } - ] + ], + "postCommit": { + "script": "./manage.py test" + } } }, { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -132,7 +135,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "django-psql-example:latest" + "name": "${NAME}:latest" } } }, @@ -142,13 +145,13 @@ ], "replicas": 1, "selector": { - "name": "django-psql-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "labels": { - "name": "django-psql-example" + "name": "${NAME}" } }, "spec": { @@ -161,6 +164,22 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -190,7 +209,12 @@ "name": "DJANGO_SECRET_KEY", "value": "${DJANGO_SECRET_KEY}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -242,7 +266,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "postgresql:9.4" } } @@ -285,7 +309,26 @@ "name": "POSTGRESQL_DATABASE", "value": "${DATABASE_NAME}" } - ] + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } } ] } @@ -295,62 +338,95 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "django-psql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Django container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/django-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", "value": "postgresql" }, { "name": "DATABASE_ENGINE", - "description": "Database engine: postgresql, mysql or sqlite (default)", + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default).", "value": "postgresql" }, { "name": "DATABASE_NAME", - "description": "Database name", + "displayName": "Database Name", "value": "default" }, { "name": "DATABASE_USER", - "description": "Database user name", + "displayName": "Database Username", "value": "django" }, { "name": "DATABASE_PASSWORD", - "description": "Database user password", + "displayName": "Database User Password", "generate": "expression", "from": "[a-zA-Z0-9]{16}" }, { "name": "APP_CONFIG", - "description": "Relative path to Gunicorn configuration file (optional)" + "displayName": "Application Configuration File Path", + "description": "Relative path to Gunicorn configuration file (optional)." }, { "name": "DJANGO_SECRET_KEY", - "description": "Set this to a long random string", + "displayName": "Djange Secret Key", + "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" } diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/django.json index 75b6798b5..38ef694f8 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/django.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/django.json @@ -5,7 +5,7 @@ "name": "django-example", "annotations": { "description": "An example Django application with no database", - "tags": "instant-app,python,django", + "tags": "quickstart,python,django", "iconClass": "icon-python" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "django-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "django-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "django-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "django-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "django-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "django-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "python:3.4" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "django-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -106,14 +106,17 @@ "secret": "${GITHUB_WEBHOOK_SECRET}" } } - ] + ], + "postCommit": { + "script": "./manage.py test" + } } }, { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "django-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -132,7 +135,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "django-example:latest" + "name": "${NAME}:latest" } } }, @@ -142,13 +145,13 @@ ], "replicas": 1, "selector": { - "name": "django-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "django-example", + "name": "${NAME}", "labels": { - "name": "django-example" + "name": "${NAME}" } }, "spec": { @@ -161,6 +164,22 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -190,7 +209,12 @@ "name": "DJANGO_SECRET_KEY", "value": "${DJANGO_SECRET_KEY}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -200,56 +224,83 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "django-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/django-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name" + "displayName": "Database Service Name" }, { "name": "DATABASE_ENGINE", - "description": "Database engine: postgresql, mysql or sqlite (default)" + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default)." }, { "name": "DATABASE_NAME", - "description": "Database name" + "displayName": "Database Name" }, { "name": "DATABASE_USER", - "description": "Database user name" + "displayName": "Database Username" }, { "name": "DATABASE_PASSWORD", - "description": "Database user password" + "displayName": "Database User Password" }, { "name": "APP_CONFIG", - "description": "Relative path to Gunicorn configuration file (optional)" + "displayName": "Application Configuration File Path", + "description": "Relative path to Gunicorn configuration file (optional)." }, { "name": "DJANGO_SECRET_KEY", - "description": "Set this to a long random string", + "displayName": "Django Secret Key", + "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" } diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/jenkins-ephemeral-template.json index 0b016373f..e464b5971 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/jenkins-ephemeral-template.json @@ -65,8 +65,7 @@ }, "spec": { "strategy": { - "type": "Recreate", - "resources": {} + "type": "Recreate" }, "triggers": [ { @@ -79,7 +78,7 @@ "from": { "kind": "ImageStreamTag", "name": "jenkins:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -104,13 +103,33 @@ { "name": "jenkins", "image": "${JENKINS_IMAGE}", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, "env": [ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" } ], - "resources": {}, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${JENKINS_SERVICE_NAME}-data", @@ -143,13 +162,27 @@ ], "parameters": [ { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "JENKINS_SERVICE_NAME", - "description": "Jenkins service name", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", "value": "jenkins" }, { "name": "JENKINS_PASSWORD", - "description": "Password for the Jenkins user", + "displayName": "Jenkins Password", + "description": "Password for the Jenkins user.", "generate": "expression", "value": "password" } diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/jenkins-persistent-template.json index 98f0cea95..6c143fc70 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/jenkins-persistent-template.json @@ -82,8 +82,7 @@ }, "spec": { "strategy": { - "type": "Recreate", - "resources": {} + "type": "Recreate" }, "triggers": [ { @@ -96,7 +95,7 @@ "from": { "kind": "ImageStreamTag", "name": "jenkins:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -121,13 +120,33 @@ { "name": "jenkins", "image": "${JENKINS_IMAGE}", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, "env": [ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" } ], - "resources": {}, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${JENKINS_SERVICE_NAME}-data", @@ -160,19 +179,34 @@ ], "parameters": [ { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "JENKINS_SERVICE_NAME", - "description": "Jenkins service name", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", "value": "jenkins" }, { "name": "JENKINS_PASSWORD", - "description": "Password for the Jenkins user", + "displayName": "Jenkins Password", + "description": "Password for the Jenkins user.", "generate": "expression", "value": "password" }, { "name": "VOLUME_CAPACITY", - "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "512Mi", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/nodejs-mongodb.json index 21f943da7..3298ef40c 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/nodejs-mongodb.json @@ -5,7 +5,7 @@ "name": "nodejs-mongodb-example", "annotations": { "description": "An example Node.js application with a MongoDB database", - "tags": "instant-app,nodejs,mongodb", + "tags": "quickstart,nodejs,mongodb", "iconClass": "icon-nodejs" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "nodejs-mongodb-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "nodejs-mongodb-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "nodejs:0.10" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "nodejs-mongodb-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -119,7 +119,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -138,7 +138,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "nodejs-mongodb-example:latest" + "name": "${NAME}:latest" } } }, @@ -148,13 +148,13 @@ ], "replicas": 1, "selector": { - "name": "nodejs-mongodb-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "labels": { - "name": "nodejs-mongodb-example" + "name": "${NAME}" } }, "spec": { @@ -188,7 +188,28 @@ "name": "MONGODB_ADMIN_PASSWORD", "value": "${DATABASE_ADMIN_PASSWORD}" } - ] + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -240,7 +261,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "mongodb:2.6" } } @@ -287,7 +308,26 @@ "name": "MONGODB_ADMIN_PASSWORD", "value": "${DATABASE_ADMIN_PASSWORD}" } - ] + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p ${DATABASE_ADMIN_PASSWORD} -n 1 --noheaders"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_MONGODB_LIMIT}" + } + } } ] } @@ -297,60 +337,94 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "nodejs-mongodb-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Node.js container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_MONGODB_LIMIT", + "displayName": "Memory Limit (MongoDB)", + "description": "Maximum amount of memory the MongoDB container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/nodejs-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "GENERIC_WEBHOOK_SECRET", - "description": "A secret string used to configure the Generic webhook", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", "value": "mongodb" }, { "name": "DATABASE_USER", - "description": "Username for MongoDB user that will be used for accessing the database", + "displayName": "MongoDB Username", + "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { "name": "DATABASE_PASSWORD", - "description": "Password for the MongoDB user", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}" }, { "name": "DATABASE_NAME", - "description": "Database name", + "displayName": "Database Name", "value": "sampledb" }, { "name": "DATABASE_ADMIN_PASSWORD", - "description": "Password for the database admin user", + "displayName": "Database Administrator Password", + "description": "Password for the database admin user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}" } diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/nodejs.json index 1e301c076..82df67c4e 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/nodejs.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/nodejs.json @@ -5,7 +5,7 @@ "name": "nodejs-example", "annotations": { "description": "An example Node.js application with no database", - "tags": "instant-app,nodejs", + "tags": "quickstart,nodejs", "iconClass": "icon-nodejs" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "nodejs-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "nodejs-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "nodejs-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "nodejs:0.10" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "nodejs-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -119,7 +119,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -138,7 +138,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "nodejs-example:latest" + "name": "${NAME}:latest" } } }, @@ -148,13 +148,13 @@ ], "replicas": 1, "selector": { - "name": "nodejs-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "labels": { - "name": "nodejs-example" + "name": "${NAME}" } }, "spec": { @@ -167,6 +167,27 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -188,7 +209,12 @@ "name": "MONGODB_ADMIN_PASSWORD", "value": "${MONGODB_ADMIN_PASSWORD}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -198,54 +224,82 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "nodejs-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/nodejs-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "GENERIC_WEBHOOK_SECRET", - "description": "A secret string used to configure the Generic webhook", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name" + "displayName": "Database Service Name" }, { "name": "MONGODB_USER", - "description": "Username for MongoDB user that will be used for accessing the database" + "displayName": "MongoDB Username", + "description": "Username for MongoDB user that will be used for accessing the database." }, { "name": "MONGODB_PASSWORD", - "description": "Password for the MongoDB user" + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user." }, { "name": "MONGODB_DATABASE", - "description": "Database name" + "displayName": "Database Name" }, { "name": "MONGODB_ADMIN_PASSWORD", - "description": "Password for the database admin user" + "displayName": "Database Administrator Password", + "description": "Password for the database admin user." } ] } diff --git a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/rails-postgresql.json index 5dcbbc729..6292cf3e7 100644 --- a/roles/openshift_examples/files/examples/v1.1/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.1/quickstart-templates/rails-postgresql.json @@ -5,7 +5,7 @@ "name": "rails-postgresql-example", "annotations": { "description": "An example Rails application with a PostgreSQL database", - "tags": "instant-app,ruby,rails,postgresql", + "tags": "quickstart,ruby,rails,postgresql", "iconClass": "icon-ruby" } }, @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "rails-postgresql-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "rails-postgresql-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "ruby:2.2" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "rails-postgresql-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -106,14 +106,17 @@ "secret": "${GITHUB_WEBHOOK_SECRET}" } } - ] + ], + "postCommit": { + "script": "bundle exec rake test" + } } }, { "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -128,7 +131,7 @@ "command": [ "./migrate-database.sh" ], - "containerName": "rails-postgresql-example" + "containerName": "${NAME}" } } } @@ -143,7 +146,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "rails-postgresql-example:latest" + "name": "${NAME}:latest" } } }, @@ -153,13 +156,13 @@ ], "replicas": 1, "selector": { - "name": "rails-postgresql-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "labels": { - "name": "rails-postgresql-example" + "name": "${NAME}" } }, "spec": { @@ -172,6 +175,22 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 5, + "httpGet": { + "path": "/articles", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 10, + "httpGet": { + "path": "/articles", + "port": 8080 + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -202,10 +221,6 @@ "value": "${POSTGRESQL_SHARED_BUFFERS}" }, { - "name": "SECRET_KEY_BASE", - "value": "${SECRET_KEY_BASE}" - }, - { "name": "APPLICATION_DOMAIN", "value": "${APPLICATION_DOMAIN}" }, @@ -221,7 +236,12 @@ "name": "RAILS_ENV", "value": "${RAILS_ENV}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } } ] } @@ -273,7 +293,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "postgresql:9.4" } } @@ -303,6 +323,20 @@ "containerPort": 5432 } ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, "env": [ { "name": "POSTGRESQL_USER", @@ -324,7 +358,12 @@ "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } - ] + ], + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } } ] } @@ -334,80 +373,114 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "rails-postgresql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Rails container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { "name": "SOURCE_REPOSITORY_URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/rails-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Rails service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "SECRET_KEY_BASE", - "description": "Your secret key for verifying the integrity of signed cookies", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", "generate": "expression", "from": "[a-z0-9]{127}" }, { "name": "APPLICATION_USER", - "description": "The application user that is used within the sample application to authorize access on pages", + "displayName": "Application Username", + "description": "The application user that is used within the sample application to authorize access on pages.", "value": "openshift" }, { "name": "APPLICATION_PASSWORD", - "description": "The application password that is used within the sample application to authorize access on pages", + "displayName": "Application Password", + "description": "The application password that is used within the sample application to authorize access on pages.", "value": "secret" }, { "name": "RAILS_ENV", - "description": "Environment under which the sample application will run. Could be set to production, development or test", + "displayName": "Rails Environment", + "description": "Environment under which the sample application will run. Could be set to production, development or test.", "value": "production" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", "value": "postgresql" }, { "name": "DATABASE_USER", - "description": "database username", + "displayName": "Database Username", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { "name": "DATABASE_PASSWORD", - "description": "database password", + "displayName": "Database Password", "generate": "expression", "from": "[a-zA-Z0-9]{8}" }, { "name": "DATABASE_NAME", - "description": "database name", + "displayName": "Database Name", "value": "root" }, { "name": "POSTGRESQL_MAX_CONNECTIONS", - "description": "database max connections", + "displayName": "Maximum Database Connections", "value": "100" }, { "name": "POSTGRESQL_SHARED_BUFFERS", - "description": "database shared buffers", + "displayName": "Shared Buffer Amount", "value": "12MB" } ] diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/README.md b/roles/openshift_examples/files/examples/v1.2/db-templates/README.md index b39abf8b9..609f4dec9 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/README.md @@ -9,7 +9,7 @@ the Web Console or the CLI. The examples can also be tweaked to create new templates. -## Ephemeral x Persistent +## Ephemeral vs Persistent For each supported database, there are two template files. diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json index 2d0760fdd..227c8d30e 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json @@ -61,7 +61,7 @@ "from": { "kind": "ImageStreamTag", "name": "mongodb:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -96,7 +96,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p ${MONGODB_ADMIN_PASSWORD} -n 1 --noheaders"] + "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"] } }, "livenessProbe": { @@ -163,44 +163,50 @@ "parameters": [ { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "The name of the OpenShift Service exposed for the database", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "mongodb", "required": true }, { "name": "MONGODB_USER", - "displayName": "MongoDB user", - "description": "Username for MongoDB user that will be used for accessing the database", + "displayName": "MongoDB User", + "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB password", - "description": "Password for the MongoDB user", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "MONGODB_DATABASE", - "displayName": "MongoDB database name", - "description": "Name of the MongoDB database accessed", + "displayName": "MongoDB Database Name", + "description": "Name of the MongoDB database accessed.", "value": "sampledb", "required": true }, { "name": "MONGODB_ADMIN_PASSWORD", - "displayName": "MongoDB admin password", - "description": "Password for the database admin user", + "displayName": "MongoDB Admin Password", + "description": "Password for the database admin user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json index da22a8d1b..672eaaa09 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json @@ -78,7 +78,7 @@ "from": { "kind": "ImageStreamTag", "name": "mongodb:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -113,7 +113,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p ${MONGODB_ADMIN_PASSWORD} -n 1 --noheaders"] + "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p $MONGODB_ADMIN_PASSWORD -n 1 --noheaders"] } }, "livenessProbe": { @@ -180,52 +180,58 @@ "parameters": [ { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "The name of the OpenShift Service exposed for the database", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "mongodb", "required": true }, { "name": "MONGODB_USER", - "displayName": "MongoDB user", - "description": "Username for MongoDB user that will be used for accessing the database", + "displayName": "MongoDB User", + "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB password", - "description": "Password for the MongoDB user", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "MONGODB_DATABASE", - "displayName": "MongoDB database name", - "description": "Name of the MongoDB database accessed", + "displayName": "MongoDB Database Name", + "description": "Name of the MongoDB database accessed.", "value": "sampledb", "required": true }, { "name": "MONGODB_ADMIN_PASSWORD", - "displayName": "MongoDB admin password", - "description": "Password for the database admin user", + "displayName": "MongoDB Admin Password", + "description": "Password for the database admin user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "VOLUME_CAPACITY", - "displayName": "Volume capacity", - "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "512Mi", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json index 5c042e7ea..f4c118052 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json @@ -61,7 +61,7 @@ "from": { "kind": "ImageStreamTag", "name": "mysql:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -97,7 +97,7 @@ "initialDelaySeconds": 5, "exec": { "command": [ "/bin/sh", "-i", "-c", - "MYSQL_PWD='${MYSQL_PASSWORD}' mysql -h 127.0.0.1 -u ${MYSQL_USER} -D ${MYSQL_DATABASE} -e 'SELECT 1'"] + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] } }, "livenessProbe": { @@ -160,37 +160,43 @@ "parameters": [ { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "The name of the OpenShift Service exposed for the database", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "mysql", "required": true }, { "name": "MYSQL_USER", - "displayName": "MySQL user", - "description": "Username for MySQL user that will be used for accessing the database", + "displayName": "MySQL User", + "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL password", - "description": "Password for the MySQL user", + "displayName": "MySQL Password", + "description": "Password for the MySQL user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "MYSQL_DATABASE", - "displayName": "MySQL database name", - "description": "Name of the MySQL database accessed", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", "value": "sampledb", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json index d565179a5..d94262dde 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json @@ -78,7 +78,7 @@ "from": { "kind": "ImageStreamTag", "name": "mysql:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -114,7 +114,7 @@ "initialDelaySeconds": 5, "exec": { "command": [ "/bin/sh", "-i", "-c", - "MYSQL_PWD='${MYSQL_PASSWORD}' mysql -h 127.0.0.1 -u ${MYSQL_USER} -D ${MYSQL_DATABASE} -e 'SELECT 1'"] + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] } }, "livenessProbe": { @@ -177,44 +177,50 @@ "parameters": [ { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "The name of the OpenShift Service exposed for the database", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "mysql", "required": true }, { "name": "MYSQL_USER", - "displayName": "MySQL user", - "description": "Username for MySQL user that will be used for accessing the database", + "displayName": "MySQL User", + "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL password", - "description": "Password for the MySQL user", + "displayName": "MySQL Password", + "description": "Password for the MySQL user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "MYSQL_DATABASE", - "displayName": "MySQL database name", - "description": "Name of the MySQL database accessed", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", "value": "sampledb", "required": true }, { "name": "VOLUME_CAPACITY", - "displayName": "Volume capacity", - "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "512Mi", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json index 8105e487b..c14f3c3df 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json @@ -61,7 +61,7 @@ "from": { "kind": "ImageStreamTag", "name": "postgresql:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -96,7 +96,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 5, "exec": { - "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'"] } }, "livenessProbe": { @@ -159,37 +159,43 @@ "parameters": [ { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "The name of the OpenShift Service exposed for the database", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "postgresql", "required": true }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL user", - "description": "Username for PostgreSQL user that will be used for accessing the database", + "displayName": "PostgreSQL User", + "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL password", - "description": "Password for the PostgreSQL user", + "displayName": "PostgreSQL Password", + "description": "Password for the PostgreSQL user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "POSTGRESQL_DATABASE", - "displayName": "PostgreSQL database name", - "description": "Name of the PostgreSQL database accessed", + "displayName": "PostgreSQL Database Name", + "description": "Name of the PostgreSQL database accessed.", "value": "sampledb", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json index 5d7c525c0..5713411ad 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json @@ -78,7 +78,7 @@ "from": { "kind": "ImageStreamTag", "name": "postgresql:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -113,7 +113,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 5, "exec": { - "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'"] } }, "livenessProbe": { @@ -138,10 +138,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -176,44 +176,50 @@ "parameters": [ { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "The name of the OpenShift Service exposed for the database", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", "value": "postgresql", "required": true }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL user", - "description": "Username for PostgreSQL user that will be used for accessing the database", + "displayName": "PostgreSQL User", + "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", "required": true }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL password", - "description": "Password for the PostgreSQL user", + "displayName": "PostgreSQL Password", + "description": "Password for the PostgreSQL user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true }, { "name": "POSTGRESQL_DATABASE", - "displayName": "PostgreSQL database name", - "description": "Name of the PostgreSQL database accessed", + "displayName": "PostgreSQL Database Name", + "description": "Name of the PostgreSQL database accessed.", "value": "sampledb", "required": true }, { "name": "VOLUME_CAPACITY", - "displayName": "Volume capacity", - "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "512Mi", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index 4c798e148..9257b1f28 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -69,6 +69,8 @@ objects: value: ${ES_OPS_RECOVER_EXPECTED_NODES} - name: ES_OPS_RECOVER_AFTER_TIME value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: logging-deployer @@ -148,4 +150,7 @@ parameters: description: "Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." name: ES_OPS_RECOVER_AFTER_TIME value: "5m" - +- + description: "The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json index 9e0ae218d..922e5bed8 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "cakephp-mysql-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "cakephp-mysql-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "php:5.6" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "cakephp-mysql-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -113,7 +113,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -123,7 +123,7 @@ "type": "Rolling", "recreateParams": { "pre": { - "failurePolicy": "Abort", + "failurePolicy": "Retry", "execNewPod": { "command": [ "./migrate-database.sh" @@ -143,7 +143,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "cakephp-mysql-example:latest" + "name": "${NAME}:latest" } } }, @@ -153,13 +153,13 @@ ], "replicas": 1, "selector": { - "name": "cakephp-mysql-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "cakephp-mysql-example", + "name": "${NAME}", "labels": { - "name": "cakephp-mysql-example" + "name": "${NAME}" } }, "spec": { @@ -172,6 +172,22 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health.php", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -266,7 +282,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "mysql:5.6" } } @@ -296,24 +312,38 @@ "containerPort": 3306 } ], - "env": [ - { - "name": "MYSQL_USER", - "value": "${DATABASE_USER}" - }, - { - "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" - }, - { - "name": "MYSQL_DATABASE", - "value": "${DATABASE_NAME}" + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${DATABASE_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DATABASE_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } ], "resources": { - "limits": { - "memory": "${MEMORY_MYSQL_LIMIT}" - } + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } } } ] @@ -324,101 +354,110 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "cakephp-mysql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the CakePHP container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the CakePHP container can use.", "value": "512Mi" }, { "name": "MEMORY_MYSQL_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the MySQL container can use", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/cakephp-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application domain", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "Database service name", + "displayName": "Database Service Name", "value": "mysql" }, { "name": "DATABASE_ENGINE", - "displayName": "Database engine", - "description": "Database engine: postgresql, mysql or sqlite (default)", + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default).", "value": "mysql" }, { "name": "DATABASE_NAME", - "displayName": "Database name", - "description": "Database name", + "displayName": "Database Name", "value": "default" }, { "name": "DATABASE_USER", - "displayName": "Database user", - "description": "Database user name", + "displayName": "Database User", "value": "cakephp" }, { "name": "DATABASE_PASSWORD", - "displayName": "Database password", - "description": "Database user password", + "displayName": "Database Password", "generate": "expression", "from": "[a-zA-Z0-9]{16}" }, { "name": "CAKEPHP_SECRET_TOKEN", "displayName": "CakePHP secret token", - "description": "Set this to a long random string", + "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" }, { "name": "CAKEPHP_SECURITY_SALT", - "displayName": "CakePHP security salt", - "description": "Security salt for session hash", + "displayName": "CakePHP Security Salt", + "description": "Security salt for session hash.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "displayName": "CakePHP security cipher seed", - "description": "Security cipher seed for session hash", + "displayName": "CakePHP Security Cipher Seed", + "description": "Security cipher seed for session hash.", "generate": "expression", "from": "[0-9]{30}" }, { "name": "OPCACHE_REVALIDATE_FREQ", - "displayName": "OPcache revalidation frequency", + "displayName": "OPcache Revalidation Frequency", "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", "value": "2" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json index d29c446e5..780faec55 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "cakephp-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "cakephp-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "cakephp-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "php:5.6" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "cakephp-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -113,7 +113,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -132,7 +132,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "cakephp-example:latest" + "name": "${NAME}:latest" } } }, @@ -142,13 +142,13 @@ ], "replicas": 1, "selector": { - "name": "cakephp-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "cakephp-example", + "name": "${NAME}", "labels": { - "name": "cakephp-example" + "name": "${NAME}" } }, "spec": { @@ -161,6 +161,22 @@ "containerPort": 8080 } ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, "env": [ { "name": "DATABASE_SERVICE_NAME", @@ -213,89 +229,98 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "cakephp-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/cakephp-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application domain", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "Database service name" + "displayName": "Database Service Name" }, { "name": "DATABASE_ENGINE", - "displayName": "Database engine", - "description": "Database engine: postgresql, mysql or sqlite (default)" + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default)." }, { "name": "DATABASE_NAME", - "displayName": "Database name", - "description": "Database name" + "displayName": "Database Name" }, { "name": "DATABASE_USER", - "displayName": "Database user", - "description": "Database user name" + "displayName": "Database User" }, { "name": "DATABASE_PASSWORD", - "displayName": "Database password", - "description": "Database user password" + "displayName": "Database Password" }, { "name": "CAKEPHP_SECRET_TOKEN", - "displayName": "CakePHP secret token", - "description": "Set this to a long random string", + "displayName": "CakePHP Secret Token", + "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" }, { "name": "CAKEPHP_SECURITY_SALT", - "displayName": "CakePHP security salt", - "description": "Security salt for session hash", + "displayName": "CakePHP Security Salt", + "description": "Security salt for session hash.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "displayName": "CakePHP security cipher seed", - "description": "Security cipher seed for session hash", + "displayName": "CakePHP Security Cipher Seed", + "description": "Security cipher seed for session hash.", "generate": "expression", "from": "[0-9]{30}" }, { "name": "OPCACHE_REVALIDATE_FREQ", - "displayName": "OPcache revalidation frequency", + "displayName": "OPcache Revalidation Frequency", "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", "value": "2" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json index 2e5c8021f..c0fc02ae4 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "dancer-mysql-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "dancer-mysql-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "perl:5.20" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "dancer-mysql-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -113,7 +113,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -129,7 +129,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "dancer-mysql-example:latest" + "name": "${NAME}:latest" } } }, @@ -139,13 +139,13 @@ ], "replicas": 1, "selector": { - "name": "dancer-mysql-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "dancer-mysql-example", + "name": "${NAME}", "labels": { - "name": "dancer-mysql-example" + "name": "${NAME}" } }, "spec": { @@ -256,7 +256,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "mysql:5.6" } } @@ -328,89 +328,103 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dancer-mysql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the Perl Dancer container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Perl Dancer container can use.", "value": "512Mi" }, { "name": "MEMORY_MYSQL_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the MySQL container can use", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/dancer-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application domain", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "ADMIN_USERNAME", - "displayName": "Administrator username", - "description": "administrator username", + "displayName": "Administrator Username", "generate": "expression", "from": "admin[A-Z0-9]{3}" }, { "name": "ADMIN_PASSWORD", - "description": "administrator password", + "displayName": "Administrator Password", "generate": "expression", "from": "[a-zA-Z0-9]{8}" }, { "name": "DATABASE_SERVICE_NAME", - "description": "Database service name", + "displayName": "Database Service Name", "value": "database" }, { "name": "DATABASE_USER", - "description": "database username", + "displayName": "Database Username", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { "name": "DATABASE_PASSWORD", - "description": "database password", + "displayName": "Database Password", "generate": "expression", "from": "[a-zA-Z0-9]{8}" }, { "name": "DATABASE_NAME", - "description": "database name", + "displayName": "Database Name", "value": "sampledb" }, { "name": "PERL_APACHE2_RELOAD", - "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules", + "displayName": "Perl Module Reload", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", "value": "" }, { "name": "SECRET_KEY_BASE", - "description": "Your secret key for verifying the integrity of signed cookies", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", "generate": "expression", "from": "[a-z0-9]{127}" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json index 83b010e95..1ea5a21a0 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "dancer-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "dancer-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "dancer-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "dancer-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dancer-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "dancer-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "perl:5.20" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "dancer-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -113,7 +113,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "dancer-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -132,7 +132,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "dancer-example:latest" + "name": "${NAME}:latest" } } }, @@ -142,13 +142,13 @@ ], "replicas": 1, "selector": { - "name": "dancer-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "dancer-example", + "name": "${NAME}", "labels": { - "name": "dancer-example" + "name": "${NAME}" } }, "spec": { @@ -197,51 +197,64 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dancer-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/dancer-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application domain", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "SECRET_KEY_BASE", - "displayName": "Secret key", - "description": "Your secret key for verifying the integrity of signed cookies", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", "generate": "expression", "from": "[a-z0-9]{127}" }, { "name": "PERL_APACHE2_RELOAD", - "displayName": "Perl module reload", - "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules", + "displayName": "Perl Module Reload", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", "value": "" } ] diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json index 5bf3235c6..844201e7c 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "django-psql-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "django-psql-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "django-psql-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "python:3.4" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "django-psql-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -116,7 +116,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -135,7 +135,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "django-psql-example:latest" + "name": "${NAME}:latest" } } }, @@ -145,13 +145,13 @@ ], "replicas": 1, "selector": { - "name": "django-psql-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "django-psql-example", + "name": "${NAME}", "labels": { - "name": "django-psql-example" + "name": "${NAME}" } }, "spec": { @@ -266,7 +266,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "postgresql:9.4" } } @@ -338,86 +338,95 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "django-psql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the Django container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Django container can use.", "value": "512Mi" }, { "name": "MEMORY_POSTGRESQL_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the PostgreSQL container can use", + "displayName": "Memory Limit (PostgreSQL)", + "description": "Maximum amount of memory the PostgreSQL container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/django-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application hostname", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "Database service name", + "displayName": "Database Service Name", "value": "postgresql" }, { "name": "DATABASE_ENGINE", - "displayName": "Database engine", - "description": "Database engine: postgresql, mysql or sqlite (default)", + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default).", "value": "postgresql" }, { "name": "DATABASE_NAME", - "displayName": "Database name", - "description": "Database name", + "displayName": "Database Name", "value": "default" }, { "name": "DATABASE_USER", - "displayName": "Database user name", - "description": "Database user name", + "displayName": "Database Username", "value": "django" }, { "name": "DATABASE_PASSWORD", - "displayName": "Database user password", - "description": "Database user password", + "displayName": "Database User Password", "generate": "expression", "from": "[a-zA-Z0-9]{16}" }, { "name": "APP_CONFIG", - "displayName": "Application configuration file path", - "description": "Relative path to Gunicorn configuration file (optional)" + "displayName": "Application Configuration File Path", + "description": "Relative path to Gunicorn configuration file (optional)." }, { "name": "DJANGO_SECRET_KEY", - "displayName": "Djange secret key", - "description": "Set this to a long random string", + "displayName": "Djange Secret Key", + "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json index 1ddc9e088..38ef694f8 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "django-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "django-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "django-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "django-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "django-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "django-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "python:3.4" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "django-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -116,7 +116,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "django-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -135,7 +135,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "django-example:latest" + "name": "${NAME}:latest" } } }, @@ -145,13 +145,13 @@ ], "replicas": 1, "selector": { - "name": "django-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "django-example", + "name": "${NAME}", "labels": { - "name": "django-example" + "name": "${NAME}" } }, "spec": { @@ -224,74 +224,83 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "django-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/django-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application hostname", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "Database service name" + "displayName": "Database Service Name" }, { "name": "DATABASE_ENGINE", - "displayName": "Database engine", - "description": "Database engine: postgresql, mysql or sqlite (default)" + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default)." }, { "name": "DATABASE_NAME", - "displayName": "Database name", - "description": "Database name" + "displayName": "Database Name" }, { "name": "DATABASE_USER", - "displayName": "Database user name", - "description": "Database user name" + "displayName": "Database Username" }, { "name": "DATABASE_PASSWORD", - "displayName": "Database user password", - "description": "Database user password" + "displayName": "Database User Password" }, { "name": "APP_CONFIG", - "displayName": "Application configuration file path", - "description": "Relative path to Gunicorn configuration file (optional)" + "displayName": "Application Configuration File Path", + "description": "Relative path to Gunicorn configuration file (optional)." }, { "name": "DJANGO_SECRET_KEY", - "displayName": "Djange secret key", - "description": "Set this to a long random string", + "displayName": "Django Secret Key", + "description": "Set this to a long random string.", "generate": "expression", "from": "[\\w]{50}" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index 024d7bfef..e464b5971 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -78,7 +78,7 @@ "from": { "kind": "ImageStreamTag", "name": "jenkins:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -103,6 +103,22 @@ { "name": "jenkins", "image": "${JENKINS_IMAGE}", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, "env": [ { "name": "JENKINS_PASSWORD", @@ -147,20 +163,26 @@ "parameters": [ { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "JENKINS_SERVICE_NAME", - "displayName": "Jenkins service name", - "description": "The name of the OpenShift Service exposed for the Jenkins container", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", "value": "jenkins" }, { "name": "JENKINS_PASSWORD", - "displayName": "Jenkins password", - "description": "Password for the Jenkins user", + "displayName": "Jenkins Password", + "description": "Password for the Jenkins user.", "generate": "expression", "value": "password" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index 4388350cb..6c143fc70 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -95,7 +95,7 @@ "from": { "kind": "ImageStreamTag", "name": "jenkins:latest", - "namespace": "openshift" + "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" } @@ -120,6 +120,22 @@ { "name": "jenkins", "image": "${JENKINS_IMAGE}", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, "env": [ { "name": "JENKINS_PASSWORD", @@ -164,27 +180,33 @@ "parameters": [ { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "JENKINS_SERVICE_NAME", - "displayName": "Jenkins service name", - "description": "The name of the OpenShift Service exposed for the Jenkins container", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", "value": "jenkins" }, { "name": "JENKINS_PASSWORD", - "displayName": "Jenkins password", - "description": "Password for the Jenkins user", + "displayName": "Jenkins Password", + "description": "Password for the Jenkins user.", "generate": "expression", "value": "password" }, { "name": "VOLUME_CAPACITY", - "displayName": "Volume capacity", - "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", "value": "512Mi", "required": true } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json index d5a1be659..3298ef40c 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "nodejs-mongodb-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "nodejs-mongodb-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "nodejs:0.10" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "nodejs-mongodb-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -119,7 +119,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -138,7 +138,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "nodejs-mongodb-example:latest" + "name": "${NAME}:latest" } } }, @@ -148,13 +148,13 @@ ], "replicas": 1, "selector": { - "name": "nodejs-mongodb-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "nodejs-mongodb-example", + "name": "${NAME}", "labels": { - "name": "nodejs-mongodb-example" + "name": "${NAME}" } }, "spec": { @@ -261,7 +261,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "mongodb:2.6" } } @@ -337,83 +337,94 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "nodejs-mongodb-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the Node.js container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Node.js container can use.", "value": "512Mi" }, { "name": "MEMORY_MONGODB_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the MongoDB container can use", + "displayName": "Memory Limit (MongoDB)", + "description": "Maximum amount of memory the MongoDB container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/nodejs-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application hostname", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "GENERIC_WEBHOOK_SECRET", - "displayName": "Generic webhook secret", - "description": "A secret string used to configure the Generic webhook", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "Database service name", + "displayName": "Database Service Name", "value": "mongodb" }, { "name": "DATABASE_USER", - "displayName": "MongoDB user name", - "description": "Username for MongoDB user that will be used for accessing the database", + "displayName": "MongoDB Username", + "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { "name": "DATABASE_PASSWORD", - "displayName": "MongoDB password", - "description": "Password for the MongoDB user", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}" }, { "name": "DATABASE_NAME", - "displayName": "Database name", - "description": "Database name", + "displayName": "Database Name", "value": "sampledb" }, { "name": "DATABASE_ADMIN_PASSWORD", - "displayName": "Database administrator password", - "description": "Password for the database admin user", + "displayName": "Database Administrator Password", + "description": "Password for the database admin user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}" } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json index ef36a88bd..82df67c4e 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "nodejs-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "nodejs-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "nodejs-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "nodejs:0.10" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "nodejs-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -119,7 +119,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -138,7 +138,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "nodejs-example:latest" + "name": "${NAME}:latest" } } }, @@ -148,13 +148,13 @@ ], "replicas": 1, "selector": { - "name": "nodejs-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "nodejs-example", + "name": "${NAME}", "labels": { - "name": "nodejs-example" + "name": "${NAME}" } }, "spec": { @@ -224,71 +224,82 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "nodejs-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/nodejs-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application hostname", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "GENERIC_WEBHOOK_SECRET", - "displayName": "Generic webhook secret", - "description": "A secret string used to configure the Generic webhook", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "Database service name" + "displayName": "Database Service Name" }, { "name": "MONGODB_USER", - "displayName": "MongoDB user name", - "description": "Username for MongoDB user that will be used for accessing the database" + "displayName": "MongoDB Username", + "description": "Username for MongoDB user that will be used for accessing the database." }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB password", - "description": "Password for the MongoDB user" + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user." }, { "name": "MONGODB_DATABASE", - "displayName": "Database name", - "description": "Database name" + "displayName": "Database Name" }, { "name": "MONGODB_ADMIN_PASSWORD", - "displayName": "Database administrator password", - "description": "Password for the database admin user" + "displayName": "Database Administrator Password", + "description": "Password for the database admin user." } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json index 7599f70aa..6292cf3e7 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json @@ -17,7 +17,7 @@ "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "annotations": { "description": "Exposes and load balances the application pods" } @@ -31,7 +31,7 @@ } ], "selector": { - "name": "rails-postgresql-example" + "name": "${NAME}" } } }, @@ -39,13 +39,13 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example" + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", "to": { "kind": "Service", - "name": "rails-postgresql-example" + "name": "${NAME}" } } }, @@ -53,7 +53,7 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "annotations": { "description": "Keeps track of changes in the application image" } @@ -63,7 +63,7 @@ "kind": "BuildConfig", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to build the application" } @@ -82,7 +82,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "ruby:2.2" } } @@ -90,7 +90,7 @@ "output": { "to": { "kind": "ImageStreamTag", - "name": "rails-postgresql-example:latest" + "name": "${NAME}:latest" } }, "triggers": [ @@ -116,7 +116,7 @@ "kind": "DeploymentConfig", "apiVersion": "v1", "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "annotations": { "description": "Defines how to deploy the application server" } @@ -131,7 +131,7 @@ "command": [ "./migrate-database.sh" ], - "containerName": "rails-postgresql-example" + "containerName": "${NAME}" } } } @@ -146,7 +146,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "rails-postgresql-example:latest" + "name": "${NAME}:latest" } } }, @@ -156,13 +156,13 @@ ], "replicas": 1, "selector": { - "name": "rails-postgresql-example" + "name": "${NAME}" }, "template": { "metadata": { - "name": "rails-postgresql-example", + "name": "${NAME}", "labels": { - "name": "rails-postgresql-example" + "name": "${NAME}" } }, "spec": { @@ -293,7 +293,7 @@ ], "from": { "kind": "ImageStreamTag", - "namespace": "openshift", + "namespace": "${NAMESPACE}", "name": "postgresql:9.4" } } @@ -373,107 +373,114 @@ ], "parameters": [ { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "rails-postgresql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { "name": "MEMORY_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the Rails container can use", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Rails container can use.", "value": "512Mi" }, { "name": "MEMORY_POSTGRESQL_LIMIT", - "displayName": "Memory limit", - "description": "Maximum amount of memory the PostgreSQL container can use", + "displayName": "Memory Limit (PostgreSQL)", + "description": "Maximum amount of memory the PostgreSQL container can use.", "value": "512Mi" }, { "name": "SOURCE_REPOSITORY_URL", - "displayName": "Source repository URL", - "description": "The URL of the repository with your application source code", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", "value": "https://github.com/openshift/rails-ex.git" }, { "name": "SOURCE_REPOSITORY_REF", - "displayName": "Source repository reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch" + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { "name": "CONTEXT_DIR", - "displayName": "Context directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository" + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." }, { "name": "APPLICATION_DOMAIN", - "displayName": "Application hostname", + "displayName": "Application Hostname", "description": "The exposed hostname that will route to the Rails service, if left blank a value will be defaulted.", "value": "" }, { "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub webhook secret", - "description": "A secret string used to configure the GitHub webhook", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", "generate": "expression", "from": "[a-zA-Z0-9]{40}" }, { "name": "SECRET_KEY_BASE", - "displayName": "Secret key", - "description": "Your secret key for verifying the integrity of signed cookies", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", "generate": "expression", "from": "[a-z0-9]{127}" }, { "name": "APPLICATION_USER", - "displayName": "Application user name", - "description": "The application user that is used within the sample application to authorize access on pages", + "displayName": "Application Username", + "description": "The application user that is used within the sample application to authorize access on pages.", "value": "openshift" }, { "name": "APPLICATION_PASSWORD", - "displayName": "Application password", - "description": "The application password that is used within the sample application to authorize access on pages", + "displayName": "Application Password", + "description": "The application password that is used within the sample application to authorize access on pages.", "value": "secret" }, { "name": "RAILS_ENV", - "displayName": "Rails environment", - "description": "Environment under which the sample application will run. Could be set to production, development or test", + "displayName": "Rails Environment", + "description": "Environment under which the sample application will run. Could be set to production, development or test.", "value": "production" }, { "name": "DATABASE_SERVICE_NAME", - "displayName": "Database service name", - "description": "Database service name", + "displayName": "Database Service Name", "value": "postgresql" }, { "name": "DATABASE_USER", - "displayName": "Database user name", - "description": "database username", + "displayName": "Database Username", "generate": "expression", "from": "user[A-Z0-9]{3}" }, { "name": "DATABASE_PASSWORD", - "displayName": "Database password", - "description": "database password", + "displayName": "Database Password", "generate": "expression", "from": "[a-zA-Z0-9]{8}" }, { "name": "DATABASE_NAME", - "displayName": "Database name", - "description": "database name", + "displayName": "Database Name", "value": "root" }, { "name": "POSTGRESQL_MAX_CONNECTIONS", - "displayName": "Maximum database connections", - "description": "database max connections", + "displayName": "Maximum Database Connections", "value": "100" }, { "name": "POSTGRESQL_SHARED_BUFFERS", - "displayName": "Shared buffer amount", - "description": "database shared buffers", + "displayName": "Shared Buffer Amount", "value": "12MB" } ] diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 596e4f894..0d31d4ddf 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -26,6 +26,44 @@ from distutils.util import strtobool from distutils.version import LooseVersion import struct import socket +from dbus import SystemBus, Interface +from dbus.exceptions import DBusException + + +def migrate_docker_facts(facts): + """ Apply migrations for docker facts """ + params = { + 'common': ( + 'additional_registries', + 'insecure_registries', + 'blocked_registries', + 'options' + ), + 'node': ( + 'log_driver', + 'log_options' + ) + } + if 'docker' not in facts: + facts['docker'] = {} + for role in params.keys(): + if role in facts: + for param in params[role]: + old_param = 'docker_' + param + if old_param in facts[role]: + facts['docker'][param] = facts[role].pop(old_param) + + if 'node' in facts and 'portal_net' in facts['node']: + facts['docker']['hosted_registry_insecure'] = True + facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net') + return facts + +def migrate_local_facts(facts): + """ Apply migrations of local facts """ + migrated_facts = copy.deepcopy(facts) + return migrate_docker_facts(migrated_facts) + + def first_ip(network): """ Return the first IPv4 address in network @@ -296,9 +334,10 @@ def normalize_provider_facts(provider, metadata): facts = dict(name=provider, metadata=metadata, network=dict(interfaces=[], ipv6_enabled=False)) + if provider == 'gce': facts = normalize_gce_facts(metadata, facts) - elif provider == 'ec2': + elif provider == 'aws': facts = normalize_aws_facts(metadata, facts) elif provider == 'openstack': facts = normalize_openstack_facts(metadata, facts) @@ -657,18 +696,13 @@ def set_deployment_facts_if_unset(facts): data_dir = '/var/lib/openshift' facts['common']['data_dir'] = data_dir - # remove duplicate and empty strings from registry lists - for cat in ['additional', 'blocked', 'insecure']: - key = 'docker_{0}_registries'.format(cat) - if key in facts['common']: - facts['common'][key] = list(set(facts['common'][key]) - set([''])) - - + if 'docker' in facts: + deployment_type = facts['common']['deployment_type'] if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']: - addtl_regs = facts['common'].get('docker_additional_registries', []) + addtl_regs = facts['docker'].get('additional_registries', []) ent_reg = 'registry.access.redhat.com' if ent_reg not in addtl_regs: - facts['common']['docker_additional_registries'] = addtl_regs + [ent_reg] + facts['docker']['additional_registries'] = addtl_regs + [ent_reg] for role in ('master', 'node'): if role in facts: @@ -713,8 +747,9 @@ def set_version_facts_if_unset(facts): """ if 'common' in facts: deployment_type = facts['common']['deployment_type'] - facts['common']['version'] = version = get_openshift_version(facts) + version = get_openshift_version(facts) if version is not None: + facts['common']['version'] = version if deployment_type == 'origin': version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0') version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1') @@ -775,7 +810,7 @@ def set_sdn_facts_if_unset(facts, system_facts): if 'common' in facts: use_sdn = facts['common']['use_openshift_sdn'] if not (use_sdn == '' or isinstance(use_sdn, bool)): - use_sdn = bool(strtobool(str(use_sdn))) + use_sdn = safe_get_bool(use_sdn) facts['common']['use_openshift_sdn'] = use_sdn if 'sdn_network_plugin_name' not in facts['common']: plugin = 'redhat/openshift-ovs-subnet' if use_sdn else '' @@ -882,6 +917,101 @@ def get_current_config(facts): return current_config +def build_kubelet_args(facts): + """ Build node kubelet_args """ + cloud_cfg_path = os.path.join(facts['common']['config_base'], + 'cloudprovider') + if 'node' in facts: + kubelet_args = {} + if 'cloudprovider' in facts: + if facts['cloudprovider']['kind'] == 'aws': + kubelet_args['cloud-provider'] = ['aws'] + kubelet_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + kubelet_args['cloud-provider'] = ['openstack'] + kubelet_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if kubelet_args != {}: + facts = merge_facts({'node': {'kubelet_args': kubelet_args}}, facts, [], []) + return facts + +def build_controller_args(facts): + """ Build master controller_args """ + cloud_cfg_path = os.path.join(facts['common']['config_base'], + 'cloudprovider') + if 'master' in facts: + controller_args = {} + if 'cloudprovider' in facts: + if facts['cloudprovider']['kind'] == 'aws': + controller_args['cloud-provider'] = ['aws'] + controller_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + controller_args['cloud-provider'] = ['openstack'] + controller_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if controller_args != {}: + facts = merge_facts({'master': {'controller_args': controller_args}}, facts, [], []) + return facts + +def build_api_server_args(facts): + """ Build master api_server_args """ + cloud_cfg_path = os.path.join(facts['common']['config_base'], + 'cloudprovider') + if 'master' in facts: + api_server_args = {} + if 'cloudprovider' in facts: + if facts['cloudprovider']['kind'] == 'aws': + api_server_args['cloud-provider'] = ['aws'] + api_server_args['cloud-config'] = [cloud_cfg_path + '/aws.conf'] + if facts['cloudprovider']['kind'] == 'openstack': + api_server_args['cloud-provider'] = ['openstack'] + api_server_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if api_server_args != {}: + facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, [], []) + return facts + +def is_service_running(service): + """ Queries systemd through dbus to see if the service is running """ + service_running = False + bus = SystemBus() + systemd = bus.get_object('org.freedesktop.systemd1', '/org/freedesktop/systemd1') + manager = Interface(systemd, dbus_interface='org.freedesktop.systemd1.Manager') + try: + service_unit = service if service.endswith('.service') else manager.GetUnit('{0}.service'.format(service)) + service_proxy = bus.get_object('org.freedesktop.systemd1', str(service_unit)) + service_properties = Interface(service_proxy, dbus_interface='org.freedesktop.DBus.Properties') + service_load_state = service_properties.Get('org.freedesktop.systemd1.Unit', 'LoadState') + service_active_state = service_properties.Get('org.freedesktop.systemd1.Unit', 'ActiveState') + if service_load_state == 'loaded' and service_active_state == 'active': + service_running = True + except DBusException: + pass + + return service_running + +def get_version_output(binary, version_cmd): + """ runs and returns the version output for a command """ + cmd = [] + for item in (binary, version_cmd): + if isinstance(item, list): + cmd.extend(item) + else: + cmd.append(item) + + if os.path.isfile(cmd[0]): + _, output, _ = module.run_command(cmd) + return output + +def get_docker_version_info(): + """ Parses and returns the docker version info """ + result = None + if is_service_running('docker'): + version_info = yaml.safe_load(get_version_output('/usr/bin/docker', 'version')) + if 'Server' in version_info: + result = { + 'api_version': version_info['Server']['API version'], + 'version': version_info['Server']['Version'] + } + return result + def get_openshift_version(facts, cli_image=None): """ Get current version of openshift on the host @@ -904,7 +1034,7 @@ def get_openshift_version(facts, cli_image=None): _, output, _ = module.run_command(['/usr/bin/openshift', 'version']) version = parse_openshift_version(output) - if 'is_containerized' in facts['common'] and facts['common']['is_containerized']: + if 'is_containerized' in facts['common'] and safe_get_bool(facts['common']['is_containerized']): container = None if 'master' in facts: if 'cluster_method' in facts['master']: @@ -923,9 +1053,10 @@ def get_openshift_version(facts, cli_image=None): if version is None and cli_image is not None: # Assume we haven't installed the environment yet and we need - # to query the latest image - exit_code, output, _ = module.run_command(['docker', 'run', '--rm', cli_image, 'version']) - version = parse_openshift_version(output) + # to query the latest image, but only if docker is installed + if 'docker' in facts and 'version' in facts['docker']: + exit_code, output, _ = module.run_command(['docker', 'run', '--rm', cli_image, 'version']) + version = parse_openshift_version(output) return version @@ -1032,7 +1163,7 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw # ha (bool) can not change unless it has been passed # as a protected fact to overwrite. if key == 'ha': - if bool(value) != bool(new[key]): + if safe_get_bool(value) != safe_get_bool(new[key]): module.fail_json(msg='openshift_facts received a different value for openshift.master.ha') else: facts[key] = value @@ -1048,7 +1179,6 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw facts[key] = copy.deepcopy(new[key]) return facts - def save_local_facts(filename, facts): """ Save local facts @@ -1097,7 +1227,17 @@ def get_local_facts_from_file(filename): return local_facts +def safe_get_bool(fact): + """ Get a boolean fact safely. + + Args: + facts: fact to convert + Returns: + bool: given fact as a bool + """ + return bool(strtobool(str(fact))) +# pylint: disable=too-many-statements def set_container_facts_if_unset(facts): """ Set containerized facts. @@ -1114,24 +1254,44 @@ def set_container_facts_if_unset(facts): node_image = 'openshift3/node' ovs_image = 'openshift3/openvswitch' etcd_image = 'registry.access.redhat.com/rhel7/etcd' + pod_image = 'openshift3/ose-pod' + router_image = 'openshift3/ose-haproxy-router' + registry_image = 'openshift3/ose-docker-registry' + deployer_image = 'openshift3/ose-deployer' elif deployment_type == 'atomic-enterprise': master_image = 'aep3_beta/aep' cli_image = master_image node_image = 'aep3_beta/node' ovs_image = 'aep3_beta/openvswitch' etcd_image = 'registry.access.redhat.com/rhel7/etcd' + pod_image = 'aep3_beta/aep-pod' + router_image = 'aep3_beta/aep-haproxy-router' + registry_image = 'aep3_beta/aep-docker-registry' + deployer_image = 'aep3_beta/aep-deployer' else: master_image = 'openshift/origin' cli_image = master_image node_image = 'openshift/node' ovs_image = 'openshift/openvswitch' etcd_image = 'registry.access.redhat.com/rhel7/etcd' + pod_image = 'openshift/origin-pod' + router_image = 'openshift/origin-haproxy-router' + registry_image = 'openshift/origin-docker-registry' + deployer_image = 'openshift/origin-deployer' facts['common']['is_atomic'] = os.path.isfile('/run/ostree-booted') if 'is_containerized' not in facts['common']: facts['common']['is_containerized'] = facts['common']['is_atomic'] if 'cli_image' not in facts['common']: facts['common']['cli_image'] = cli_image + if 'pod_image' not in facts['common']: + facts['common']['pod_image'] = pod_image + if 'router_image' not in facts['common']: + facts['common']['router_image'] = router_image + if 'registry_image' not in facts['common']: + facts['common']['registry_image'] = registry_image + if 'deployer_image' not in facts['common']: + facts['common']['deployer_image'] = deployer_image if 'etcd' in facts and 'etcd_image' not in facts['etcd']: facts['etcd']['etcd_image'] = etcd_image if 'master' in facts and 'master_image' not in facts['master']: @@ -1142,11 +1302,13 @@ def set_container_facts_if_unset(facts): if 'ovs_image' not in facts['node']: facts['node']['ovs_image'] = ovs_image - if bool(strtobool(str(facts['common']['is_containerized']))): + if safe_get_bool(facts['common']['is_containerized']): facts['common']['admin_binary'] = '/usr/local/bin/oadm' facts['common']['client_binary'] = '/usr/local/bin/oc' - base_version = get_openshift_version(facts, cli_image).split('-')[0] - facts['common']['image_tag'] = "v" + base_version + openshift_version = get_openshift_version(facts, cli_image) + if openshift_version is not None: + base_version = openshift_version.split('-')[0] + facts['common']['image_tag'] = "v" + base_version return facts @@ -1212,13 +1374,20 @@ class OpenShiftFacts(object): Raises: OpenShiftFactsUnsupportedRoleError: """ - known_roles = ['common', 'master', 'node', 'etcd', 'hosted'] + known_roles = ['cloudprovider', + 'common', + 'docker', + 'etcd', + 'hosted', + 'master', + 'node'] # Disabling too-many-arguments, this should be cleaned up as a TODO item. # pylint: disable=too-many-arguments def __init__(self, role, filename, local_facts, additive_facts_to_overwrite=None, openshift_env=None, + openshift_env_structures=None, protected_facts_to_overwrite=None): self.changed = False self.filename = filename @@ -1231,12 +1400,14 @@ class OpenShiftFacts(object): self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, openshift_env, + openshift_env_structures, protected_facts_to_overwrite) def generate_facts(self, local_facts, additive_facts_to_overwrite, openshift_env, + openshift_env_structures, protected_facts_to_overwrite): """ Generate facts @@ -1253,10 +1424,17 @@ class OpenShiftFacts(object): local_facts = self.init_local_facts(local_facts, additive_facts_to_overwrite, openshift_env, + openshift_env_structures, protected_facts_to_overwrite) roles = local_facts.keys() - defaults = self.get_defaults(roles) + + if 'common' in local_facts and 'deployment_type' in local_facts['common']: + deployment_type = local_facts['common']['deployment_type'] + else: + deployment_type = 'origin' + + defaults = self.get_defaults(roles, deployment_type) provider_facts = self.init_provider_facts() facts = apply_provider_facts(defaults, provider_facts) facts = merge_facts(facts, @@ -1274,16 +1452,19 @@ class OpenShiftFacts(object): facts = set_identity_providers_if_unset(facts) facts = set_sdn_facts_if_unset(facts, self.system_facts) facts = set_deployment_facts_if_unset(facts) + facts = set_container_facts_if_unset(facts) + facts = build_kubelet_args(facts) + facts = build_controller_args(facts) + facts = build_api_server_args(facts) facts = set_version_facts_if_unset(facts) facts = set_manageiq_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) - facts = set_container_facts_if_unset(facts) - if not facts['common']['is_containerized']: + if not safe_get_bool(facts['common']['is_containerized']): facts = set_installed_variant_rpm_facts(facts) return dict(openshift=facts) - def get_defaults(self, roles): + def get_defaults(self, roles, deployment_type): """ Get default fact values Args: @@ -1292,8 +1473,7 @@ class OpenShiftFacts(object): Returns: dict: The generated default facts """ - defaults = dict() - + defaults = {} ip_addr = self.system_facts['default_ipv4']['address'] exit_code, output, _ = module.run_command(['hostname', '-f']) hostname_f = output.strip() if exit_code == 0 else '' @@ -1301,33 +1481,65 @@ class OpenShiftFacts(object): self.system_facts['fqdn']] hostname = choose_hostname(hostname_values, ip_addr) - common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, - deployment_type='origin', hostname=hostname, - public_hostname=hostname) - common['client_binary'] = 'oc' - common['admin_binary'] = 'oadm' - common['dns_domain'] = 'cluster.local' - common['install_examples'] = True - defaults['common'] = common + defaults['common'] = dict(use_openshift_sdn=True, ip=ip_addr, + public_ip=ip_addr, + deployment_type=deployment_type, + hostname=hostname, + public_hostname=hostname, + client_binary='oc', admin_binary='oadm', + dns_domain='cluster.local', + install_examples=True, + debug_level=2) if 'master' in roles: - master = dict(api_use_ssl=True, api_port='8443', controllers_port='8444', - console_use_ssl=True, console_path='/console', - console_port='8443', etcd_use_ssl=True, etcd_hosts='', - etcd_port='4001', portal_net='172.30.0.0/16', - embedded_etcd=True, embedded_kube=True, - embedded_dns=True, dns_port='53', - bind_addr='0.0.0.0', session_max_seconds=3600, - session_name='ssn', session_secrets_file='', - access_token_max_seconds=86400, - auth_token_max_seconds=500, - oauth_grant_method='auto') - defaults['master'] = master + scheduler_predicates = [ + {"name": "MatchNodeSelector"}, + {"name": "PodFitsResources"}, + {"name": "PodFitsPorts"}, + {"name": "NoDiskConflict"}, + {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}} + ] + scheduler_priorities = [ + {"name": "LeastRequestedPriority", "weight": 1}, + {"name": "SelectorSpreadPriority", "weight": 1}, + {"name": "Zone", "weight" : 2, "argument": {"serviceAntiAffinity" : {"label": "zone"}}} + ] + + defaults['master'] = dict(api_use_ssl=True, api_port='8443', + controllers_port='8444', + console_use_ssl=True, + console_path='/console', + console_port='8443', etcd_use_ssl=True, + etcd_hosts='', etcd_port='4001', + portal_net='172.30.0.0/16', + embedded_etcd=True, embedded_kube=True, + embedded_dns=True, dns_port='53', + bind_addr='0.0.0.0', + session_max_seconds=3600, + session_name='ssn', + session_secrets_file='', + access_token_max_seconds=86400, + auth_token_max_seconds=500, + oauth_grant_method='auto', + scheduler_predicates=scheduler_predicates, + scheduler_priorities=scheduler_priorities) if 'node' in roles: - node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16', - iptables_sync_period='5s', set_node_ip=False) - defaults['node'] = node + defaults['node'] = dict(labels={}, annotations={}, + iptables_sync_period='5s', + local_quota_per_fsgroup="", + set_node_ip=False) + + if 'docker' in roles: + docker = dict(disable_push_dockerhub=False) + version_info = get_docker_version_info() + if version_info is not None: + docker['api_version'] = version_info['api_version'] + docker['version'] = version_info['version'] + defaults['docker'] = docker + + if 'cloudprovider' in roles: + defaults['cloudprovider'] = dict(kind=None) defaults['hosted'] = dict( registry=dict( @@ -1382,7 +1594,7 @@ class OpenShiftFacts(object): metadata['instance'].pop('serviceAccounts', None) elif (virt_type == 'xen' and virt_role == 'guest' and re.match(r'.*\.amazon$', product_version)): - provider = 'ec2' + provider = 'aws' metadata_url = 'http://169.254.169.254/latest/meta-data/' metadata = get_provider_metadata(metadata_url) elif re.search(r'OpenStack', product_name): @@ -1424,13 +1636,55 @@ class OpenShiftFacts(object): ) return provider_facts - # Disabling too-many-branches. This should be cleaned up as a TODO item. - #pylint: disable=too-many-branches + @staticmethod + def split_openshift_env_fact_keys(openshift_env_fact, openshift_env_structures): + """ Split openshift_env facts based on openshift_env structures. + + Args: + openshift_env_fact (string): the openshift_env fact to split + ex: 'openshift_cloudprovider_openstack_auth_url' + openshift_env_structures (list): a list of structures to determine fact keys + ex: ['openshift.cloudprovider.openstack.*'] + Returns: + list: a list of keys that represent the fact + ex: ['openshift', 'cloudprovider', 'openstack', 'auth_url'] + """ + # By default, we'll split an openshift_env fact by underscores. + fact_keys = openshift_env_fact.split('_') + + # Determine if any of the provided variable structures match the fact. + matching_structure = None + if openshift_env_structures != None: + for structure in openshift_env_structures: + if re.match(structure, openshift_env_fact): + matching_structure = structure + # Fact didn't match any variable structures so return the default fact keys. + if matching_structure is None: + return fact_keys + + final_keys = [] + structure_keys = matching_structure.split('.') + for structure_key in structure_keys: + # Matched current key. Add to final keys. + if structure_key == fact_keys[structure_keys.index(structure_key)]: + final_keys.append(structure_key) + # Wildcard means we will be taking everything from here to the end of the fact. + elif structure_key == '*': + final_keys.append('_'.join(fact_keys[structure_keys.index(structure_key):])) + # Shouldn't have gotten here, return the fact keys. + else: + return fact_keys + return final_keys + + # Disabling too-many-branches and too-many-locals. + # This should be cleaned up as a TODO item. + #pylint: disable=too-many-branches, too-many-locals def init_local_facts(self, facts=None, additive_facts_to_overwrite=None, openshift_env=None, + openshift_env_structures=None, protected_facts_to_overwrite=None): - """ Initialize the provider facts + """ Initialize the local facts Args: facts (dict): local facts to set @@ -1456,8 +1710,8 @@ class OpenShiftFacts(object): for fact, value in openshift_env.iteritems(): oo_env_facts = dict() current_level = oo_env_facts - keys = fact.split('_')[1:] - if keys[0] != self.role: + keys = self.split_openshift_env_fact_keys(fact, openshift_env_structures)[1:] + if len(keys) > 0 and keys[0] != self.role: continue for key in keys: if key == keys[-1]: @@ -1472,15 +1726,23 @@ class OpenShiftFacts(object): local_facts = get_local_facts_from_file(self.filename) - for arg in ['labels', 'annotations']: - if arg in facts_to_set and isinstance(facts_to_set[arg], - basestring): - facts_to_set[arg] = module.from_json(facts_to_set[arg]) + migrated_facts = migrate_local_facts(local_facts) - new_local_facts = merge_facts(local_facts, + new_local_facts = merge_facts(migrated_facts, facts_to_set, additive_facts_to_overwrite, protected_facts_to_overwrite) + + if 'docker' in new_local_facts: + # remove duplicate and empty strings from registry lists + for cat in ['additional', 'blocked', 'insecure']: + key = '{0}_registries'.format(cat) + if key in new_local_facts['docker']: + val = new_local_facts['docker'][key] + if isinstance(val, basestring): + val = [x.strip() for x in val.split(',')] + new_local_facts['docker'][key] = list(set(val) - set([''])) + for facts in new_local_facts.values(): keys_to_delete = [] if isinstance(facts, dict): @@ -1577,6 +1839,7 @@ def main(): local_facts=dict(default=None, type='dict', required=False), additive_facts_to_overwrite=dict(default=[], type='list', required=False), openshift_env=dict(default={}, type='dict', required=False), + openshift_env_structures=dict(default=[], type='list', required=False), protected_facts_to_overwrite=dict(default=[], type='list', required=False), ), supports_check_mode=True, @@ -1587,6 +1850,7 @@ def main(): local_facts = module.params['local_facts'] additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] openshift_env = module.params['openshift_env'] + openshift_env_structures = module.params['openshift_env_structures'] protected_facts_to_overwrite = module.params['protected_facts_to_overwrite'] fact_file = '/etc/ansible/facts.d/openshift.fact' @@ -1596,6 +1860,7 @@ def main(): local_facts, additive_facts_to_overwrite, openshift_env, + openshift_env_structures, protected_facts_to_overwrite) file_params = module.params.copy() diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 0dbac1b54..36def57c8 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -15,7 +15,7 @@ - set_fact: l_is_atomic: "{{ ostree_output.rc == 0 }}" - set_fact: - l_is_containerized: "{{ l_is_atomic or containerized | default(false) | bool }}" + l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" - name: Ensure PyYaml is installed action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" @@ -25,4 +25,11 @@ openshift_facts: role: common local_facts: - is_containerized: "{{ containerized | default(None) }}" + # TODO: Deprecate deployment_type in favor of openshift_deployment_type + deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}" + cluster_id: "{{ openshift_cluster_id | default('default') }}" + hostname: "{{ openshift_hostname | default(None) }}" + ip: "{{ openshift_ip | default(None) }}" + is_containerized: "{{ l_is_containerized | default(None) }}" + public_hostname: "{{ openshift_public_hostname | default(None) }}" + public_ip: "{{ openshift_public_ip | default(None) }}" diff --git a/roles/openshift_hosted_logging/README.md b/roles/openshift_hosted_logging/README.md new file mode 100644 index 000000000..b3f363571 --- /dev/null +++ b/roles/openshift_hosted_logging/README.md @@ -0,0 +1,10 @@ +###Required vars: + +- openshift_hosted_logging_hostname: kibana.example.com +- openshift_hosted_logging_elasticsearch_cluster_size: 1 +- openshift_hosted_logging_master_public_url: https://localhost:8443 + +###Optional vars: +- openshift_hosted_logging_secret_vars: (defaults to nothing=/dev/null) kibana.crt=/etc/origin/master/ca.crt kibana.key=/etc/origin/master/ca.key ca.crt=/etc/origin/master/ca.crt ca.key=/etc/origin/master/ca.key +- openshift_hosted_logging_fluentd_replicas: (defaults to 1) 3 +- openshift_hosted_logging_cleanup: (defaults to no) Set this to 'yes' in order to cleanup logging components instead of deploying. diff --git a/roles/openshift_hosted_logging/files/logging-deployer-sa.yaml b/roles/openshift_hosted_logging/files/logging-deployer-sa.yaml new file mode 100644 index 000000000..334c9402b --- /dev/null +++ b/roles/openshift_hosted_logging/files/logging-deployer-sa.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: logging-deployer +secrets: +- name: logging-deployer diff --git a/roles/openshift_hosted_logging/meta/main.yaml b/roles/openshift_hosted_logging/meta/main.yaml new file mode 100644 index 000000000..b695bde87 --- /dev/null +++ b/roles/openshift_hosted_logging/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: openshift_common } diff --git a/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml b/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml new file mode 100644 index 000000000..8331f0389 --- /dev/null +++ b/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml @@ -0,0 +1,59 @@ +--- + - name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + + - name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + + - name: "Checking for logging project" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging" + register: logging_project + failed_when: "'FAILED' in logging_project.stderr" + + - name: "Changing projects" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging" + + + - name: "Cleanup any previous logging infrastructure" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --ignore-not-found all --selector logging-infra={{ item }}" + with_items: + - kibana + - fluentd + - elasticsearch + ignore_errors: yes + + - name: "Cleanup existing support infrastructure" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --ignore-not-found all,sa,oauthclient --selector logging-infra=support" + ignore_errors: yes + + - name: "Cleanup existing secrets" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete secret logging-fluentd logging-elasticsearch logging-es-proxy logging-kibana logging-kibana-proxy logging-kibana-ops-proxy" + ignore_errors: yes + register: clean_result + failed_when: clean_result.rc == 1 and 'not found' not in clean_result.stderr + + - name: "Cleanup existing logging deployers" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete pods --all" + + + - name: "Cleanup logging project" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete project logging" + + + - name: "Remove deployer template" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete template logging-deployer-template -n openshift" + register: delete_ouput + failed_when: delete_ouput.rc == 1 and 'exists' not in delete_ouput.stderr + + + - name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False + + - debug: msg="Success!" diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml new file mode 100644 index 000000000..d8a5b62a0 --- /dev/null +++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml @@ -0,0 +1,105 @@ +--- + - fail: msg="This role requires the following vars to be defined. openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, openshift_hosted_logging_elasticsearch_cluster_size" + when: "openshift_hosted_logging_hostname is not defined or + openshift_hosted_logging_elasticsearch_cluster_size is not defined or + openshift_hosted_logging_master_public_url is not defined" + + - name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + + - name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + + - name: "Create logging project" + command: {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging + + - name: "Changing projects" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging" + + - name: "Creating logging deployer secret" + command: " {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }}" + register: secret_output + failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" + + - name: "Copy serviceAccount file" + copy: dest=/tmp/logging-deployer-sa.yaml + src={{role_path}}/files/logging-deployer-sa.yaml + force=yes + + - name: "Create logging-deployer service account" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /tmp/logging-deployer-sa.yaml" + register: deployer_output + failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr" + + - name: "Set permissions for logging-deployer service account" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer" + register: permiss_output + failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" + + - name: "Set permissions for fluentd" + command: {{ openshift.common.admin_binary}} policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd + register: fluentd_output + failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" + + - name: "Set additional permissions for fluentd" + command: {{ openshift.common.admin_binary}} policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd + register: fluentd2_output + failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" + + - name: "Create deployer template" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift" + register: template_output + failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" + + - name: "Process the deployer template" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-template -n openshift -v {{ oc_process_values }} | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" + + - name: "Wait for image pull and deployer pod" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods | grep logging-deployer.*Completed" + register: result + until: result.rc == 0 + retries: 15 + delay: 10 + + - name: "Process support template" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-support-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" + + - name: "Set insecured registry" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig annotate is --all openshift.io/image.insecureRepository=true --overwrite" + when: "target_registry is defined and insecure_registry == 'true'" + + - name: "Wait for imagestreams to become available" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get is | grep logging-fluentd" + register: result + until: result.rc == 0 + failed_when: result.rc == 1 and 'not found' not in result.stderr + retries: 20 + delay: 10 + + - name: "Wait for replication controllers to become available" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get rc | grep logging-fluentd-1" + register: result + until: result.rc == 0 + failed_when: result.rc == 1 and 'not found' not in result.stderr + retries: 20 + delay: 10 + + + - name: "Scale fluentd deployment config" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }}" + + + - name: "Scale fluentd replication controller" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale rc/logging-fluentd-1 --replicas={{ fluentd_replicas | default('1') }}" + + - debug: msg="Logging components deployed. Note persistant volume for elasticsearch must be setup manually" + + - name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_hosted_logging/tasks/main.yaml b/roles/openshift_hosted_logging/tasks/main.yaml new file mode 100644 index 000000000..42568597a --- /dev/null +++ b/roles/openshift_hosted_logging/tasks/main.yaml @@ -0,0 +1,8 @@ +--- +- name: Cleanup logging deployment + include: "{{ role_path }}/tasks/cleanup_logging.yaml" + when: openshift_hosted_logging_cleanup | default(false) | bool + +- name: Deploy logging + include: "{{ role_path }}/tasks/deploy_logging.yaml" + when: not openshift_hosted_logging_cleanup | default(false) | bool diff --git a/roles/openshift_hosted_logging/vars/main.yaml b/roles/openshift_hosted_logging/vars/main.yaml new file mode 100644 index 000000000..586c2ab91 --- /dev/null +++ b/roles/openshift_hosted_logging/vars/main.yaml @@ -0,0 +1,6 @@ +kh_kv: "KIBANA_HOSTNAME={{ openshift_hosted_logging_hostname | quote }}" +es_cs_kv: "ES_CLUSTER_SIZE={{ openshift_hosted_logging_elasticsearch_cluster_size | quote }}" +pmu_kv: "PUBLIC_MASTER_URL={{ openshift_hosted_logging_master_public_url | quote }}" +ip_kv: "{{ 'IMAGE_PREFIX=' ~ target_registry | quote if target_registry is defined else '' }}" +oc_process_values: "{{ kh_kv }},{{ es_cs_kv }},{{ pmu_kv }},{{ ip_kv }}" +openshift_master_config_dir: "{{ openshift.common.config_base }}/master" diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index d2ff1b4b7..2a651df65 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -18,7 +18,7 @@ failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0" changed_when: osmiq_create_mi_project.rc == 0 -- name: Create Service Account +- name: Create Admin Service Account shell: > echo {{ manageiq_service_account | to_json | quote }} | {{ openshift.common.client_binary }} create @@ -29,6 +29,17 @@ failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" changed_when: osmiq_create_service_account.rc == 0 +- name: Create Image Inspector Service Account + shell: > + echo {{ manageiq_image_inspector_service_account | to_json | quote }} | + {{ openshift.common.client_binary }} create + -n management-infra + --config={{manage_iq_tmp_conf}} + -f - + register: osmiq_create_service_account + failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" + changed_when: osmiq_create_service_account.rc == 0 + - name: Create Cluster Role shell: > echo {{ manageiq_cluster_role | to_json | quote }} | diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 77e1c304b..69ee2cb4c 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -15,6 +15,12 @@ manageiq_service_account: metadata: name: management-admin +manageiq_image_inspector_service_account: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: inspector-admin + manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig manage_iq_tasks: @@ -22,3 +28,5 @@ manage_iq_tasks: - policy add-role-to-user -n management-infra management-infra-admin -z management-admin - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin + - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin + - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index 4d1216aae..70c7ef4e4 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,23 +1,24 @@ --- - name: restart master service: name={{ openshift.common.service_type }}-master state=restarted - when: (not openshift_master_ha | bool) and (not (master_service_status_changed | default(false) | bool)) + when: (openshift.master.ha is defined and not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool)) notify: Verify API Server - name: restart master api service: name={{ openshift.common.service_type }}-master-api state=restarted - when: (openshift_master_ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + when: (openshift.master.ha is defined and openshift_master_ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server - name: restart master controllers service: name={{ openshift.common.service_type }}-master-controllers state=restarted - when: (openshift_master_ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + when: (openshift.master.ha is defined and openshift_master_ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl -k --silent {{ openshift.master.api_url }}/healthz/ready + curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' retries: 120 diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 8db99fc2a..7ab913eea 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -12,5 +12,7 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } -- { role: openshift_cli } +- role: openshift_docker +- role: openshift_cli +- role: openshift_cloud_provider +- role: openshift_master_facts diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 759cda7d0..23994cdcf 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -23,71 +23,6 @@ msg: "Pacemaker based HA is not supported at this time when used with containerized installs" when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and openshift.common.is_containerized | bool -- name: Set master facts - openshift_facts: - role: master - local_facts: - cluster_method: "{{ openshift_master_cluster_method | default(None) }}" - cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" - cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" - debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}" - api_port: "{{ openshift_master_api_port | default(None) }}" - api_url: "{{ openshift_master_api_url | default(None) }}" - api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}" - public_api_url: "{{ openshift_master_public_api_url | default(None) }}" - console_path: "{{ openshift_master_console_path | default(None) }}" - console_port: "{{ openshift_master_console_port | default(None) }}" - console_url: "{{ openshift_master_console_url | default(None) }}" - console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" - public_console_url: "{{ openshift_master_public_console_url | default(None) }}" - logging_public_url: "{{ openshift_master_logging_public_url | default(None) }}" - metrics_public_url: "{{ openshift_master_metrics_public_url | default(None) }}" - logout_url: "{{ openshift_master_logout_url | default(None) }}" - extension_scripts: "{{ openshift_master_extension_scripts | default(None) }}" - extension_stylesheets: "{{ openshift_master_extension_stylesheets | default(None) }}" - extensions: "{{ openshift_master_extensions | default(None) }}" - oauth_template: "{{ openshift_master_oauth_template | default(None) }}" - etcd_hosts: "{{ openshift_master_etcd_hosts | default(None) }}" - etcd_port: "{{ openshift_master_etcd_port | default(None) }}" - etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" - etcd_urls: "{{ openshift_master_etcd_urls | default(None) }}" - embedded_etcd: "{{ openshift_master_embedded_etcd | default(None) }}" - embedded_kube: "{{ openshift_master_embedded_kube | default(None) }}" - embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}" - dns_port: "{{ openshift_master_dns_port | default(None) }}" - bind_addr: "{{ openshift_master_bind_addr | default(None) }}" - pod_eviction_timeout: "{{ openshift_master_pod_eviction_timeout | default(None) }}" - portal_net: "{{ openshift_master_portal_net | default(None) }}" - session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}" - session_name: "{{ openshift_master_session_name | default(None) }}" - session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}" - session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(None) }}" - session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(None) }}" - access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}" - auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}" - identity_providers: "{{ openshift_master_identity_providers | default(None) }}" - registry_url: "{{ oreg_url | default(None) }}" - oauth_grant_method: "{{ openshift_master_oauth_grant_method | default(None) }}" - sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}" - sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" - default_subdomain: "{{ openshift_master_default_subdomain | default(osm_default_subdomain) | default(None) }}" - custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" - default_node_selector: "{{ osm_default_node_selector | default(None) }}" - project_request_message: "{{ osm_project_request_message | default(None) }}" - project_request_template: "{{ osm_project_request_template | default(None) }}" - mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}" - mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}" - uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}" - router_selector: "{{ openshift_router_selector | default(None) }}" - registry_selector: "{{ openshift_registry_selector | default(None) }}" - api_server_args: "{{ osm_api_server_args | default(None) }}" - controller_args: "{{ osm_controller_args | default(None) }}" - infra_nodes: "{{ openshift_infra_nodes | default(None) }}" - disabled_features: "{{ osm_disabled_features | default(None) }}" - master_count: "{{ openshift_master_count | default(None) }}" - controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" - master_image: "{{ osm_image | default(None) }}" - - name: Install Master package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_version }} state=present" when: not openshift.common.is_containerized | bool @@ -97,13 +32,6 @@ docker pull {{ openshift.master.master_image }}:{{ openshift_version }} when: openshift.common.is_containerized | bool -- name: Install Master docker service file - template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" - src: docker/master.docker.service.j2 - register: install_result - when: openshift.common.is_containerized | bool and not openshift_master_ha | bool - - name: Create openshift.common.data_dir file: path: "{{ openshift.common.data_dir }}" @@ -137,9 +65,9 @@ - restart master controllers - name: Create the scheduler config - template: + copy: + content: "{{ scheduler_config | to_nice_json }}" dest: "{{ openshift_master_scheduler_conf }}" - src: scheduler.json.j2 backup: true notify: - restart master @@ -168,54 +96,8 @@ when: item.kind == 'HTPasswdPasswordIdentityProvider' with_items: openshift.master.identity_providers -- name: Init HA Service Info - set_fact: - ha_suffix: "" - ha_svcdir: "/usr/lib/systemd/system" - -- name: Set HA Service Info for containerized installs - set_fact: - ha_suffix: ".docker" - ha_svcdir: "/etc/systemd/system" - when: openshift.common.is_containerized | bool - -# workaround for missing systemd unit files for controllers/api -- name: Create the systemd unit files - template: - src: "{{ ha_svc_template_path }}/atomic-openshift-master-{{ item }}.service.j2" - dest: "{{ ha_svcdir }}/{{ openshift.common.service_type }}-master-{{ item }}.service" - when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - with_items: - - api - - controllers - register: create_unit_files - -- command: systemctl daemon-reload - when: create_unit_files | changed -# end workaround for missing systemd unit files - -- name: Create the master api service env file - template: - src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api - when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - notify: - - restart master api - -- name: Create the master controllers service env file - template: - src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers - when: openshift_master_ha | bool and openshift_master_cluster_method == "native" - notify: - - restart master controllers - -- name: Create the master service env file - template: - src: "atomic-openshift-master.j2" - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master - notify: - - restart master +- name: Install the systemd units + include: systemd_units.yml - name: Create session secrets file template: @@ -282,7 +164,8 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl -k --silent {{ openshift.master.api_url }}/healthz/ready + curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' retries: 120 @@ -319,6 +202,9 @@ changed_when: false register: _ansible_ssh_user_gid +- set_fact: + client_users: "{{ [ansible_ssh_user, 'root'] | unique }}" + - name: Create the client config dir(s) file: path: "~{{ item }}/.kube" @@ -326,9 +212,7 @@ mode: 0700 owner: "{{ item }}" group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" - with_items: - - root - - "{{ ansible_ssh_user }}" + with_items: client_users # TODO: Update this file if the contents of the source file are not present in # the dest file, will need to make sure to ignore things that could be added @@ -336,9 +220,7 @@ command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config args: creates: ~{{ item }}/.kube/config - with_items: - - root - - "{{ ansible_ssh_user }}" + with_items: client_users - name: Update the permissions on the admin client config(s) file: @@ -347,6 +229,4 @@ mode: 0700 owner: "{{ item }}" group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" - with_items: - - root - - "{{ ansible_ssh_user }}" + with_items: client_users diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml new file mode 100644 index 000000000..a81270bab --- /dev/null +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -0,0 +1,69 @@ +# This file is included both in the openshift_master role and in the upgrade +# playbooks. For that reason the ha_svc variables are use set_fact instead of +# the vars directory on the role. + +- name: Init HA Service Info + set_fact: + containerized_svc_dir: "/usr/lib/systemd/system" + ha_svc_template_path: "native-cluster" + +- name: Set HA Service Info for containerized installs + set_fact: + containerized_svc_dir: "/etc/systemd/system" + ha_svc_template_path: "docker-cluster" + when: openshift.common.is_containerized | bool + +# workaround for missing systemd unit files +- name: Create the systemd unit files + template: + src: "docker/master.docker.service.j2" + dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service" + when: openshift.common.is_containerized | bool and (openshift.master.ha is not defined or not openshift.master.ha | bool) + register: create_master_unit_file + +- command: systemctl daemon-reload + when: create_master_unit_file | changed + +- name: Create the ha systemd unit files + template: + src: "{{ ha_svc_template_path }}/atomic-openshift-master-{{ item }}.service.j2" + dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master-{{ item }}.service" + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + with_items: + - api + - controllers + register: create_ha_unit_files + +- command: systemctl daemon-reload + when: create_ha_unit_files | changed +# end workaround for missing systemd unit files + +- name: Create the master api service env file + template: + src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + notify: + - restart master api + +- name: Create the master controllers service env file + template: + src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + notify: + - restart master controllers + +- name: Install Master docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" + src: docker/master.docker.service.j2 + register: install_result + when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool + +- name: Create the master service env file + template: + src: "atomic-openshift-master.j2" + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master + notify: + - restart master diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 8602a492e..7f1576682 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,9 +1,14 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} CONFIG_FILE={{ openshift_master_config_file }} -{% if openshift.common.is_containerized %} +{% if openshift.common.is_containerized | bool %} IMAGE_VERSION={{ openshift_version }} {% endif %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% endif %} + # Proxy configuration # Origin uses standard HTTP_PROXY environment variables. Be sure to set # NO_PROXY for your master diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 index 9c1f5a300..5e6577d95 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 @@ -1,26 +1,26 @@ [Unit] Description=Atomic OpenShift Master API Documentation=https://github.com/openshift/origin -After=network.target -After=etcd.service +After=etcd_container.service +Wants=etcd_container.service Before={{ openshift.common.service_type }}-node.service -Requires=network.target -Requires=docker.service +After=docker.service PartOf=docker.service +Requires=docker.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api LimitNOFILE=131072 LimitCORE=infinity WorkingDirectory={{ openshift.common.data_dir }} -SyslogIdentifier=atomic-openshift-master-api +SyslogIdentifier={{ openshift.common.service_type }}-master-api Restart=always [Install] -WantedBy=multi-user.target +WantedBy=docker.service WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 index 915c0cb8c..04c84a84a 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 @@ -1,9 +1,9 @@ [Unit] Description=Atomic OpenShift Master Controllers Documentation=https://github.com/openshift/origin -After=network.target +Wants={{ openshift.common.service_type }}-master-api.service After={{ openshift.common.service_type }}-master-api.service -Before={{ openshift.common.service_type }}-node.service +After=docker.service Requires=docker.service PartOf=docker.service @@ -11,7 +11,7 @@ PartOf=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers LimitNOFILE=131072 @@ -21,5 +21,4 @@ SyslogIdentifier={{ openshift.common.service_type }}-master-controllers Restart=on-failure [Install] -WantedBy=multi-user.target -WantedBy={{ openshift.common.service_type }}-node.service +WantedBy=docker.service diff --git a/roles/openshift_master/templates/docker/master.docker.service.j2 b/roles/openshift_master/templates/docker/master.docker.service.j2 index f88262567..6bd0dcf56 100644 --- a/roles/openshift_master/templates/docker/master.docker.service.j2 +++ b/roles/openshift_master/templates/docker/master.docker.service.j2 @@ -1,16 +1,17 @@ [Unit] After=docker.service -Before={{ openshift.common.service_type }}-node.service Requires=docker.service PartOf=docker.service +After=etcd_container.service +Wants=etcd_container.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master Restart=always [Install] -WantedBy=multi-user.target +WantedBy=docker.service diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index f953de404..fa2323a2c 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -1,9 +1,14 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }} CONFIG_FILE={{ openshift_master_config_file }} -{% if openshift.common.is_containerized %} +{% if openshift.common.is_containerized | bool %} IMAGE_VERSION={{ openshift_version }} {% endif %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% endif %} + # Proxy configuration # Origin uses standard HTTP_PROXY environment variables. Be sure to set # NO_PROXY for your master diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 index ba19fb348..e61418eb6 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.service.j2 @@ -1,10 +1,10 @@ [Unit] Description=Atomic OpenShift Master API Documentation=https://github.com/openshift/origin -After=network.target +After=network-online.target After=etcd.service Before={{ openshift.common.service_type }}-node.service -Requires=network.target +Requires=network-online.target [Service] Type=notify diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 30da9d396..632dfbb8a 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -1,9 +1,14 @@ OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }} CONFIG_FILE={{ openshift_master_config_file }} -{% if openshift.common.is_containerized %} +{% if openshift.common.is_containerized | bool %} IMAGE_VERSION={{ openshift_version }} {% endif %} +{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} +AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% endif %} + # Proxy configuration # Origin uses standard HTTP_PROXY environment variables. Be sure to set # NO_PROXY for your master diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 index b393bb9ff..ba4c1e0e8 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 @@ -1,10 +1,10 @@ [Unit] Description=Atomic OpenShift Master Controllers Documentation=https://github.com/openshift/origin -After=network.target +After=network-online.target After={{ openshift.common.service_type }}-master-api.service -Before={{ openshift.common.service_type }}-node.service -Requires=network.target +Wants={{ openshift.common.service_type }}-master-api.service +Requires=network-online.target [Service] {% if openshift.common.version_gte_3_1_1_or_1_1_1 | bool %} @@ -23,4 +23,3 @@ Restart=on-failure [Install] WantedBy=multi-user.target -WantedBy={{ openshift.common.service_type }}-node.service diff --git a/roles/openshift_master/templates/scheduler.json.j2 b/roles/openshift_master/templates/scheduler.json.j2 deleted file mode 100644 index cb5f43bb2..000000000 --- a/roles/openshift_master/templates/scheduler.json.j2 +++ /dev/null @@ -1,15 +0,0 @@ -{ - "kind": "Policy", - "apiVersion": "v1", - "predicates": [ - {"name": "MatchNodeSelector"}, - {"name": "PodFitsResources"}, - {"name": "PodFitsPorts"}, - {"name": "NoDiskConflict"}, - {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}} - ],"priorities": [ - {"name": "LeastRequestedPriority", "weight": 1}, - {"name": "ServiceSpreadingPriority", "weight": 1}, - {"name": "Zone", "weight" : 2, "argument": {"serviceAntiAffinity" : {"label": "zone"}}} - ] -} diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 6b5a73238..198f9235d 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -8,8 +8,11 @@ openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/sessio openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" openshift_version: "{{ openshift_pkg_version | default(openshift_image_tag) | default(openshift.common.image_tag) | default('') }}" -ha_svc_template_path: "{{ 'docker-cluster' if openshift.common.is_containerized | bool else 'native-cluster' }}" -ha_svc_svc_dir: "{{ '/etc/systemd/system' if openshift.common.is_containerized | bool else '/usr/lib/systemd/system' }}" +scheduler_config: + kind: Policy + apiVersion: v1 + predicates: "{{ openshift.master.scheduler_predicates }}" + priorities: "{{ openshift.master.scheduler_priorities }}" openshift_master_valid_grant_methods: - auto diff --git a/roles/openshift_master_facts/meta/main.yml b/roles/openshift_master_facts/meta/main.yml new file mode 100644 index 000000000..9dbf719f8 --- /dev/null +++ b/roles/openshift_master_facts/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Master Facts + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_facts diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml new file mode 100644 index 000000000..2a3e38af4 --- /dev/null +++ b/roles/openshift_master_facts/tasks/main.yml @@ -0,0 +1,67 @@ +--- +- name: Set master facts + openshift_facts: + role: master + local_facts: + cluster_method: "{{ openshift_master_cluster_method | default(None) }}" + cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" + cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" + debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}" + api_port: "{{ openshift_master_api_port | default(None) }}" + api_url: "{{ openshift_master_api_url | default(None) }}" + api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}" + public_api_url: "{{ openshift_master_public_api_url | default(None) }}" + console_path: "{{ openshift_master_console_path | default(None) }}" + console_port: "{{ openshift_master_console_port | default(None) }}" + console_url: "{{ openshift_master_console_url | default(None) }}" + console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" + public_console_url: "{{ openshift_master_public_console_url | default(None) }}" + logging_public_url: "{{ openshift_master_logging_public_url | default(None) }}" + metrics_public_url: "{{ openshift_master_metrics_public_url | default(None) }}" + logout_url: "{{ openshift_master_logout_url | default(None) }}" + extension_scripts: "{{ openshift_master_extension_scripts | default(None) }}" + extension_stylesheets: "{{ openshift_master_extension_stylesheets | default(None) }}" + extensions: "{{ openshift_master_extensions | default(None) }}" + oauth_template: "{{ openshift_master_oauth_template | default(None) }}" + etcd_hosts: "{{ openshift_master_etcd_hosts | default(None) }}" + etcd_port: "{{ openshift_master_etcd_port | default(None) }}" + etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" + etcd_urls: "{{ openshift_master_etcd_urls | default(None) }}" + embedded_etcd: "{{ openshift_master_embedded_etcd | default(None) }}" + embedded_kube: "{{ openshift_master_embedded_kube | default(None) }}" + embedded_dns: "{{ openshift_master_embedded_dns | default(None) }}" + dns_port: "{{ openshift_master_dns_port | default(None) }}" + bind_addr: "{{ openshift_master_bind_addr | default(None) }}" + pod_eviction_timeout: "{{ openshift_master_pod_eviction_timeout | default(None) }}" + portal_net: "{{ openshift_master_portal_net | default(None) }}" + session_max_seconds: "{{ openshift_master_session_max_seconds | default(None) }}" + session_name: "{{ openshift_master_session_name | default(None) }}" + session_secrets_file: "{{ openshift_master_session_secrets_file | default(None) }}" + session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(None) }}" + session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(None) }}" + access_token_max_seconds: "{{ openshift_master_access_token_max_seconds | default(None) }}" + auth_token_max_seconds: "{{ openshift_master_auth_token_max_seconds | default(None) }}" + identity_providers: "{{ openshift_master_identity_providers | default(None) }}" + registry_url: "{{ oreg_url | default(None) }}" + oauth_grant_method: "{{ openshift_master_oauth_grant_method | default(None) }}" + sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}" + sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" + default_subdomain: "{{ openshift_master_default_subdomain | default(osm_default_subdomain) | default(None) }}" + custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" + default_node_selector: "{{ osm_default_node_selector | default(None) }}" + project_request_message: "{{ osm_project_request_message | default(None) }}" + project_request_template: "{{ osm_project_request_template | default(None) }}" + mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}" + mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}" + uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}" + router_selector: "{{ openshift_router_selector | default(None) }}" + registry_selector: "{{ openshift_registry_selector | default(None) }}" + api_server_args: "{{ osm_api_server_args | default(None) }}" + controller_args: "{{ osm_controller_args | default(None) }}" + infra_nodes: "{{ openshift_infra_nodes | default(None) }}" + disabled_features: "{{ osm_disabled_features | default(None) }}" + master_count: "{{ openshift_master_count | default(None) }}" + controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" + master_image: "{{ osm_image | default(None) }}" + scheduler_predicates: "{{ openshift_master_scheduler_predicates | default(None) }}" + scheduler_priorities: "{{ openshift_master_scheduler_priorities | default(None) }}" diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 3fec4b1dd..1a1dc8ede 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -3,8 +3,6 @@ service: name={{ openshift.common.service_type }}-node state=restarted when: not (node_service_status_changed | default(false) | bool) -- name: restart docker - service: name=docker state=restarted - - name: restart openvswitch service: name=openvswitch state=restarted + when: not (ovs_service_status_changed | default(false) | bool) diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index c92008a77..84ba9ac2e 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -12,4 +12,6 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_common } +- role: openshift_docker +- role: openshift_cloud_provider +- role: openshift_common diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 2d3960cd8..80b3e710d 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -11,10 +11,8 @@ with_items: - role: common local_facts: - hostname: "{{ openshift_hostname | default(none) }}" - public_hostname: "{{ openshift_public_hostname | default(none) }}" - deployment_type: "{{ openshift_deployment_type }}" # TODO: Replace this with a lookup or filter plugin. + # TODO: Move this to the node role dns_ip: "{{ openshift_dns_ip | default(openshift_master_cluster_vip | default(None if openshift.common.version_gte_3_1_or_1_1 | bool else openshift_node_first_master_ip | default(None, true), true), true) }}" @@ -25,7 +23,6 @@ iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" - portal_net: "{{ openshift_master_portal_net | default(None) }}" registry_url: "{{ oreg_url | default(none) }}" schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" @@ -34,6 +31,7 @@ node_image: "{{ osn_image | default(None) }}" ovs_image: "{{ osn_ovs_image | default(None) }}" proxy_mode: "{{ openshift_node_proxy_mode | default('iptables') }}" + local_quota_per_fsgroup: "{{ openshift_node_local_quota_per_fsgroup | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. @@ -55,36 +53,21 @@ docker pull {{ openshift.node.ovs_image }}:{{ openshift_version }} when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool -- name: Install Node docker service file - template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" - src: openshift.docker.node.service - register: install_node_result - when: openshift.common.is_containerized | bool - -- name: Create the openvswitch service env file - template: - src: openvswitch.sysconfig.j2 - dest: /etc/sysconfig/openvswitch - when: openshift.common.is_containerized | bool - register: install_ovs_sysconfig - -- name: Install OpenvSwitch docker service file - template: - dest: "/etc/systemd/system/openvswitch.service" - src: openvswitch.docker.service - when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - notify: - - restart openvswitch +- name: Install the systemd units + include: systemd_units.yml - name: Reload systemd units command: systemctl daemon-reload - when: openshift.common.is_containerized and ( ( install_node_result | changed ) + when: openshift.common.is_containerized | bool and ( ( install_node_result | changed ) or ( install_ovs_sysconfig | changed ) ) - name: Start and enable openvswitch docker service service: name=openvswitch.service enabled=yes state=started when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + register: ovs_start_result + +- set_fact: + ovs_service_status_changed: "{{ ovs_start_result | changed }}" # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config @@ -98,19 +81,18 @@ notify: - restart node -- name: Configure Node settings +- name: Configure AWS Cloud Provider Settings lineinfile: dest: /etc/sysconfig/{{ openshift.common.service_type }}-node regexp: "{{ item.regex }}" line: "{{ item.line }}" create: true with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" - - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift_node_config_file }}" - - regex: '^IMAGE_VERSION=' - line: "IMAGE_VERSION={{ openshift_version }}" + - regex: '^AWS_ACCESS_KEY_ID=' + line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}" + - regex: '^AWS_SECRET_ACCESS_KEY=' + line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}" + when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws" notify: - restart node @@ -124,7 +106,8 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl -k --silent {{ openshift_node_master_api_url }}/healthz/ready + curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt + {{ openshift_node_master_api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' retries: 120 @@ -134,7 +117,7 @@ - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started - register: start_result + register: node_start_result - set_fact: - node_service_status_changed: "{{ start_result | changed }}" + node_service_status_changed: "{{ node_start_result | changed }}" diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml new file mode 100644 index 000000000..be4b4ed61 --- /dev/null +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -0,0 +1,40 @@ +# This file is included both in the openshift_master role and in the upgrade +# playbooks. + +- name: Install Node docker service file + template: + dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" + src: openshift.docker.node.service + register: install_node_result + when: openshift.common.is_containerized | bool + +- name: Create the openvswitch service env file + template: + src: openvswitch.sysconfig.j2 + dest: /etc/sysconfig/openvswitch + when: openshift.common.is_containerized | bool + register: install_ovs_sysconfig + +- name: Install OpenvSwitch docker service file + template: + dest: "/etc/systemd/system/openvswitch.service" + src: openvswitch.docker.service + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + notify: + - restart openvswitch + +- name: Configure Node settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + create: true + with_items: + - regex: '^OPTIONS=' + line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}" + - regex: '^CONFIG_FILE=' + line: "CONFIG_FILE={{ openshift_node_config_file }}" + - regex: '^IMAGE_VERSION=' + line: "IMAGE_VERSION={{ openshift_version }}" + notify: + - restart node diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 67975d372..28cb1ea26 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -38,3 +38,6 @@ volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes proxyArguments: proxy-mode: - {{ openshift.node.proxy_mode }} +volumeConfig: + localQuota: + perFSGroup: {{ openshift.node.local_quota_per_fsgroup }} diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index 83b697f73..a8accca47 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -1,20 +1,22 @@ [Unit] -After=docker.service After={{ openshift.common.service_type }}-master.service +After=docker.service After=openvswitch.service +PartOf=docker.service +Requires=docker.service {% if openshift.common.use_openshift_sdn %} Requires=openvswitch.service {% endif %} -Requires=docker.service -PartOf=docker.service +Wants={{ openshift.common.service_type }}-master.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log {{ openshift.node.node_image }}:${IMAGE_VERSION} +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node +SyslogIdentifier={{ openshift.common.service_type }}-node Restart=always [Install] -WantedBy=multi-user.target +WantedBy=docker.service diff --git a/roles/openshift_node/templates/openvswitch.docker.service b/roles/openshift_node/templates/openvswitch.docker.service index 7af2b7431..8052a3a39 100644 --- a/roles/openshift_node/templates/openvswitch.docker.service +++ b/roles/openshift_node/templates/openvswitch.docker.service @@ -9,7 +9,8 @@ ExecStartPre=-/usr/bin/docker rm -f openvswitch ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 5 ExecStop=/usr/bin/docker stop openvswitch +SyslogIdentifier=openvswitch Restart=always [Install] -WantedBy=multi-user.target +WantedBy=docker.service diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index f34fa7b74..5dd28d52a 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -9,7 +9,8 @@ - name: create the service account shell: > echo {{ lookup('template', '../templates/serviceaccount.j2') - | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }} create -f - + | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }} + -n {{ openshift_serviceaccounts_namespace }} create -f - when: item.1.rc != 0 with_together: - openshift_serviceaccounts_names diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index fdd7bd3f1..fe7f83cbb 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -1,8 +1,6 @@ --- - name: Install nfs-utils - yum: - pkg: nfs-utils - state: present + action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" - name: Configure NFS lineinfile: diff --git a/roles/os_firewall/meta/main.yml b/roles/os_firewall/meta/main.yml index 8592371e8..c93335b7b 100644 --- a/roles/os_firewall/meta/main.yml +++ b/roles/os_firewall/meta/main.yml @@ -11,4 +11,5 @@ galaxy_info: - 7 categories: - system -dependencies: [] +dependencies: +- { role: openshift_facts } diff --git a/roles/os_zabbix/vars/template_heartbeat.yml b/roles/os_zabbix/vars/template_heartbeat.yml index 8dbe0d0d6..ec953c79b 100644 --- a/roles/os_zabbix/vars/template_heartbeat.yml +++ b/roles/os_zabbix/vars/template_heartbeat.yml @@ -11,3 +11,8 @@ g_template_heartbeat: expression: '{Template Heartbeat:heartbeat.ping.nodata(20m)}=1' priority: avg url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_node_heartbeat.asciidoc' + + - name: 'Heartbeat.ping has failed (60 min) on {HOST.NAME}' + expression: '{Template Heartbeat:heartbeat.ping.nodata(60m)}=1' + priority: high + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_node_heartbeat.asciidoc' diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml index e36f23a2b..a38db9f65 100644 --- a/roles/os_zabbix/vars/template_openshift_master.yml +++ b/roles/os_zabbix/vars/template_openshift_master.yml @@ -6,261 +6,314 @@ g_template_openshift_master: applications: - Openshift Master key: openshift.master.app.create + + - key: openshift.master.app.build.create + description: "check the app create with a build process" + value_type: int + applications: + - Openshift Master + + - key: openshift.master.app.create.time + description: "check the time it takes app create with a build process" + value_type: float + applications: + - Openshift Master + + - key: openshift.master.app.build.time + description: "check the time it takes app build" + value_type: float + applications: + - Openshift Master - key: openshift.master.process.count description: Shows number of master processes running - type: int + value_type: int applications: - Openshift Master - key: openshift.master.api.ping description: "Verify that the Openshift API is up (uses the cluster API URL)" - type: int + value_type: int applications: - Openshift Master - key: openshift.master.local.api.ping description: "Verify that the Openshift API is up on the host (uses the API URL as the https://127.0.0.1)" - type: int + value_type: int applications: - Openshift Master - key: openshift.master.api.healthz description: "Checks the healthz check of the master's api: https://<cluster_api_url>/healthz" - type: int + value_type: int data_type: bool applications: - Openshift Master - key: openshift.master.local.api.healthz description: "Checks the healthz check of the master's api: https://127.0.0.1/healthz" - type: int + value_type: int data_type: bool applications: - Openshift Master - key: openshift.master.user.count description: Shows number of users in a cluster - type: int + value_type: int applications: - Openshift Master - key: openshift.master.pod.running.count description: Shows number of pods running - type: int + value_type: int applications: - Openshift Master - key: openshift.master.pod.user.running.count description: Shows number of user pods running (non infrastructure pods) - type: int + value_type: int applications: - Openshift Master - key: openshift.master.pod.total.count description: Shows total number of pods (running and non running) - type: int + value_type: int applications: - Openshift Master - key: openshift.master.node.count description: Shows the total number of nodes found in the Openshift Cluster - type: int + value_type: int applications: - Openshift Master - key: openshift.project.count description: Shows number of projects on a cluster - type: int + value_type: int + applications: + - Openshift Master + + - key: openshift.master.pv.space.total + description: Shows the total space of pv + value_type: int + applications: + - Openshift Master + + - key: openshift.master.pv.space.available + description: Shows the available space of pv + value_type: int applications: - Openshift Master - key: openshift.master.pv.total.count description: Total number of Persistent Volumes in the Openshift Cluster - type: int + value_type: int applications: - Openshift Master - key: openshift.master.pv.available.count description: Total number of Available Persistent Volumes in the Openshift Cluster - type: int + value_type: int applications: - Openshift Master - key: openshift.master.pv.released.count description: Total number of Released Persistent Volumes in the Openshift Cluster - type: int + value_type: int applications: - Openshift Master - key: openshift.master.pv.bound.count description: Total number of Bound Persistent Volumes in the Openshift Cluster - type: int + value_type: int applications: - Openshift Master - key: openshift.master.pv.failed.count description: Total number of Failed Persistent Volumes in the Openshift Cluster - type: int + value_type: int applications: - Openshift Master - key: openshift.master.skydns.port.open description: State of the SkyDNS port open and listening - type: int + value_type: int applications: - Openshift Master - key: openshift.master.skydns.query description: SkyDNS can be queried or not - type: int + value_type: int applications: - Openshift Master - key: openshift.master.etcd.create.success description: Show number of successful create actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.create.fail description: Show number of failed create actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.delete.success description: Show number of successful delete actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.delete.fail description: Show number of failed delete actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.get.success description: Show number of successful get actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.get.fail description: Show number of failed get actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.set.success description: Show number of successful set actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.set.fail description: Show number of failed set actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.update.success description: Show number of successful update actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.update.fail description: Show number of failed update actions - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.watchers description: Show number of etcd watchers - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.etcd.ping description: etcd ping - type: int + value_type: int applications: - Openshift Etcd - key: openshift.master.metric.ping description: "This check verifies that the https://master/metrics check is alive and communicating properly." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.nodesnotready.count description: "This check shows how many nodes in a cluster are in NotReady state." - type: int + value_type: int applications: - Openshift Master - key: openshift.master.nodesnotschedulable.count description: "This check shows how many nodes in a cluster are not schedulable." - type: int + value_type: int applications: - Openshift Master - key: openshift.master.apiserver.latency.summary.pods.quantile.list.5 description: "Value from https://master/metrics. This is the time, in miliseconds, that 50% of the pod operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.apiserver.latency.summary.pods.quantile.list.9 description: "Value from https://master/metrics. This is the time, in miliseconds, that 90% of the pod operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.apiserver.latency.summary.pods.quantile.list.99 description: "Value from https://master/metrics. This is the time, in miliseconds, that 99% of the pod operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.apiserver.latency.summary.pods.quantile.watchlist.5 description: "Value from https://master/metrics. This is the time, in miliseconds, that 50% of the pod operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.apiserver.latency.summary.pods.quantile.watchlist.9 description: "Value from https://master/metrics. This is the time, in miliseconds, that 90% of the pod operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.apiserver.latency.summary.pods.quantile.watchlist.99 description: "Value from https://master/metrics. This is the time, in miliseconds, that 99% of the pod operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.scheduler.e2e.scheduling.latency.quantile.5 description: "Value from https://master/metrics. This is the time, in miliseconds, that 50% of the end to end scheduling operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.scheduler.e2e.scheduling.latency.quantile.9 description: "Value from https://master/metrics. This is the time, in miliseconds, that 90% of the end to end scheduling operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics - key: openshift.master.scheduler.e2e.scheduling.latency.quantile.99 description: "Value from https://master/metrics. This is the time, in miliseconds, that 99% of the end to end scheduling operations have taken to completed." - type: int + value_type: int applications: - Openshift Master Metrics + zdiscoveryrules: + - name: disc.pv + key: disc.pv + lifetime: 1 + description: "Dynamically register the Persistent Volumes" + + zitemprototypes: + - discoveryrule_key: disc.pv + name: "disc.pv.count.{#OSO_PV}" + key: "disc.pv.count[{#OSO_PV}]" + value_type: int + description: "Number of PV's of this size" + applications: + - Openshift Master + + - discoveryrule_key: disc.pv + name: "disc.pv.available.{#OSO_PV}" + key: "disc.pv.available[{#OSO_PV}]" + value_type: int + description: "Number of PV's of this size that are available" + applications: + - Openshift Master + ztriggers: - name: 'Openshift Master process not running on {HOST.NAME}' expression: '{Template Openshift Master:openshift.master.process.count.max(#3)}<1' @@ -295,6 +348,13 @@ g_template_openshift_master: - 'Openshift Master process not running on {HOST.NAME}' priority: avg + - name: 'Application creation with build has failed on {HOST.NAME}' + expression: '{Template Openshift Master:openshift.master.app.build.create.last(#1)}=1 and {Template Openshift Master:openshift.master.app.build.create.last(#2)}=1' + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_create_app.asciidoc' + dependencies: + - 'Openshift Master process not running on {HOST.NAME}' + priority: avg + - name: 'Application creation has failed multiple times in the last hour on {HOST.NAME}' expression: '{Template Openshift Master:openshift.master.app.create.sum(1h)}>3' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_create_app.asciidoc' @@ -303,6 +363,14 @@ g_template_openshift_master: description: The application create loop has failed 4 or more times in the last hour priority: avg + - name: 'Application with build creation has failed multiple times in the last 2 hour on {HOST.NAME}' + expression: '{Template Openshift Master:openshift.master.app.build.create.sum(2h)}>3' + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_create_app.asciidoc' + dependencies: + - 'Openshift Master process not running on {HOST.NAME}' + description: The application create loop has failed 4 or more times in the last hour + priority: avg + - name: 'Openshift Master API health check is failing on {HOST.NAME}' expression: '{Template Openshift Master:openshift.master.api.healthz.max(#3)}<1' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_master.asciidoc' diff --git a/roles/os_zabbix/vars/template_openshift_node.yml b/roles/os_zabbix/vars/template_openshift_node.yml index 66bd3a147..9f84a2cdf 100644 --- a/roles/os_zabbix/vars/template_openshift_node.yml +++ b/roles/os_zabbix/vars/template_openshift_node.yml @@ -4,37 +4,37 @@ g_template_openshift_node: zitems: - key: openshift.node.process.count description: Shows number of OpenShift Node processes running - type: int + value_type: int applications: - Openshift Node - key: openshift.node.ovs.pids.count description: Shows number of ovs process ids running - type: int + value_type: int applications: - Openshift Node - key: openshift.node.ovs.ports.count description: Shows number of OVS ports defined - type: int + value_type: int applications: - Openshift Node - key: openshift.node.ovs.stray.rules description: Number of OVS stray rules found/removed - type: int + value_type: int applications: - Openshift Node - key: openshift.node.registry-pods.healthy_pct description: Shows the percentage of healthy registries in the cluster - type: int + value_type: int applications: - Openshift Node - key: openshift.node.registry.service.ping description: Ping docker-registry service from node - type: int + value_type: int applications: - Openshift Node |