summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/etcd/defaults/main.yaml2
-rw-r--r--roles/nuage_ca/files/openssl.cnf3
-rw-r--r--roles/nuage_ca/files/serial.txt1
-rw-r--r--roles/nuage_ca/meta/main.yml16
-rw-r--r--roles/nuage_ca/tasks/main.yaml46
-rw-r--r--roles/nuage_ca/vars/main.yaml0
-rw-r--r--roles/nuage_common/defaults/main.yaml10
-rw-r--r--roles/nuage_master/meta/main.yml16
-rw-r--r--roles/nuage_master/tasks/certificates.yml50
-rw-r--r--roles/nuage_master/tasks/main.yaml6
-rw-r--r--roles/nuage_master/templates/nuage-openshift-monitor.j26
-rw-r--r--roles/nuage_master/vars/main.yaml11
-rw-r--r--roles/nuage_node/meta/main.yml16
-rw-r--r--roles/nuage_node/tasks/certificates.yml50
-rw-r--r--roles/nuage_node/tasks/main.yaml2
-rw-r--r--roles/nuage_node/templates/vsp-openshift.j210
-rw-r--r--roles/nuage_node/vars/main.yaml12
-rw-r--r--roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py2
-rw-r--r--roles/os_zabbix/vars/template_openshift_node.yml33
-rw-r--r--roles/os_zabbix/vars/template_ops_tools.yml31
21 files changed, 286 insertions, 39 deletions
diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml
index 9e7fa59cf..e6b10cab7 100644
--- a/roles/etcd/defaults/main.yaml
+++ b/roles/etcd/defaults/main.yaml
@@ -1,5 +1,5 @@
---
-etcd_service: "{{ 'etcd' if not openshift.common.is_containerized else 'etcd_container' }}"
+etcd_service: "{{ 'etcd' if not openshift.common.is_containerized | bool else 'etcd_container' }}"
etcd_interface: "{{ ansible_default_ipv4.interface }}"
etcd_client_port: 2379
etcd_peer_port: 2380
diff --git a/roles/nuage_ca/files/openssl.cnf b/roles/nuage_ca/files/openssl.cnf
new file mode 100644
index 000000000..7d1a29a79
--- /dev/null
+++ b/roles/nuage_ca/files/openssl.cnf
@@ -0,0 +1,3 @@
+[ clientauth ]
+basicConstraints=CA:FALSE
+extendedKeyUsage=critical,clientAuth
diff --git a/roles/nuage_ca/files/serial.txt b/roles/nuage_ca/files/serial.txt
new file mode 100644
index 000000000..4daddb72f
--- /dev/null
+++ b/roles/nuage_ca/files/serial.txt
@@ -0,0 +1 @@
+00
diff --git a/roles/nuage_ca/meta/main.yml b/roles/nuage_ca/meta/main.yml
new file mode 100644
index 000000000..2b06613f3
--- /dev/null
+++ b/roles/nuage_ca/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Vishal Patil
+ description:
+ company: Nuage Networks
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: nuage_common }
diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml
new file mode 100644
index 000000000..9cfa40b8a
--- /dev/null
+++ b/roles/nuage_ca/tasks/main.yaml
@@ -0,0 +1,46 @@
+---
+- name: Install openssl
+ action: "{{ ansible_pkg_mgr }} name=openssl state=present"
+ when: not openshift.common.is_atomic | bool
+
+- name: Create CA directory
+ file: path="{{ nuage_ca_dir }}" state=directory
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create certificate directory
+ file: path="{{ nuage_ca_master_crt_dir }}" state=directory
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Check if the CA key already exists
+ stat: path="{{ nuage_ca_key }}"
+ register: nuage_ca_key_check
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create CA key
+ command: openssl genrsa -out "{{ nuage_ca_key }}" 4096
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+ when: nuage_ca_key_check.stat.exists is defined and nuage_ca_key_check.stat.exists == False
+
+- name: Check if the CA crt already exists
+ stat: path="{{ nuage_ca_crt }}"
+ register: nuage_ca_crt_check
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create CA crt
+ command: openssl req -new -x509 -key "{{ nuage_ca_key }}" -out "{{ nuage_ca_crt }}" -subj "/CN=nuage-signer"
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+ when: nuage_ca_crt_check.stat.exists is defined and nuage_ca_crt_check.stat.exists == False
+
+- name: Create the serial file
+ copy: src=serial.txt dest="{{ nuage_ca_serial }}"
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy SSL config file
+ copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf"
+ run_once: true
+ delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_ca/vars/main.yaml b/roles/nuage_ca/vars/main.yaml
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/roles/nuage_ca/vars/main.yaml
diff --git a/roles/nuage_common/defaults/main.yaml b/roles/nuage_common/defaults/main.yaml
new file mode 100644
index 000000000..d285bdfa3
--- /dev/null
+++ b/roles/nuage_common/defaults/main.yaml
@@ -0,0 +1,10 @@
+nuage_ca_master: "{{ groups.oo_first_master.0 }}"
+nuage_ca_master_crt_dir: /usr/share/nuage-openshift-certificates
+
+nuage_ca_dir: /usr/share/nuage-openshift-ca
+nuage_ca_key: "{{ nuage_ca_dir }}/nuageMonCA.key"
+nuage_ca_crt: "{{ nuage_ca_dir }}/nuageMonCA.crt"
+nuage_ca_serial: "{{ nuage_ca_dir }}/nuageMonCA.serial.txt"
+
+nuage_master_mon_dir: /usr/share/nuage-openshift-monitor
+nuage_node_plugin_dir: /usr/share/vsp-openshift
diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml
new file mode 100644
index 000000000..3f16dd819
--- /dev/null
+++ b/roles/nuage_master/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Vishal Patil
+ description:
+ company: Nuage Networks
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: nuage_ca }
diff --git a/roles/nuage_master/tasks/certificates.yml b/roles/nuage_master/tasks/certificates.yml
new file mode 100644
index 000000000..0d3c69467
--- /dev/null
+++ b/roles/nuage_master/tasks/certificates.yml
@@ -0,0 +1,50 @@
+---
+- name: Create a directory to hold the certificates
+ file: path="{{ nuage_mon_rest_server_crt_dir }}" state=directory
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the key
+ command: >
+ openssl genrsa -out "{{ nuage_ca_master_rest_server_key }}" 4096
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the req file
+ command: >
+ openssl req -key "{{ nuage_ca_master_rest_server_key }}" -new -out "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -subj "/CN={{ ansible_nodename }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Generate the crt file
+ command: >
+ openssl x509 -req -in "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_rest_server_crt }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Remove the req file
+ file: path="{{ nuage_mon_rest_server_crt_dir }}/restServer.req" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy nuage CA crt
+ shell: cp "{{ nuage_ca_crt }}" "{{ nuage_mon_rest_server_crt_dir }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Archive the certificate dir
+ shell: "cd {{ nuage_mon_rest_server_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create a temp directory for the certificates
+ local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX"
+ register: mktemp
+
+- name: Download the certificates
+ fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Extract the certificates
+ unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_master_crt_dir }}
+
+- name: Delete the certificates after copy
+ file: path="{{ nuage_mon_rest_server_crt_dir }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Delete the temp directory
+ file: path="{{ mktemp.stdout }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index 20d105b9e..abeee3d71 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -5,7 +5,7 @@
- name: Create the log directory
sudo: true
- file: path={{ nuage_openshift_monitor_log_dir }} state=directory
+ file: path={{ nuage_mon_rest_server_logdir }} state=directory
- name: Install Nuage Openshift Monitor
sudo: true
@@ -23,7 +23,9 @@
- nuage.crt
- nuage.key
- nuage.kubeconfig
-
+
+- include: certificates.yml
+
- name: Create nuage-openshift-monitor.yaml
sudo: true
template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644
diff --git a/roles/nuage_master/templates/nuage-openshift-monitor.j2 b/roles/nuage_master/templates/nuage-openshift-monitor.j2
index db8c3d85e..e50e225e1 100644
--- a/roles/nuage_master/templates/nuage-openshift-monitor.j2
+++ b/roles/nuage_master/templates/nuage-openshift-monitor.j2
@@ -16,4 +16,8 @@ enterpriseName: {{ enterprise }}
# Name of the domain in which pods will reside
domainName: {{ domain }}
# Location where logs should be saved
-log_dir: {{ nuage_openshift_monitor_log_dir }}
+log_dir: {{ nuage_mon_rest_server_logdir }}
+# Monitor rest server paramters
+nuageMonServer:
+ URL: {{ nuage_mon_rest_server_url }}
+ certificateDirectory: {{ cert_output_dir }}
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
index c489feabe..4b57273e4 100644
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -4,4 +4,13 @@ admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
cert_output_dir: /usr/share/nuage-openshift-monitor
kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig
kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml
-master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml"
+master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml"
+nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}"
+nuage_mon_rest_server_url: "0.0.0.0:{{ nuage_mon_rest_server_port }}"
+nuage_mon_rest_server_logdir: "{{ nuage_openshift_monitor_log_dir | default('/var/log/nuage-openshift-monitor') }}"
+
+nuage_mon_rest_server_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}"
+nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.key"
+nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt"
+
+nuage_master_crt_dir : /usr/share/nuage-openshift-monitor
diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml
new file mode 100644
index 000000000..3f16dd819
--- /dev/null
+++ b/roles/nuage_node/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Vishal Patil
+ description:
+ company: Nuage Networks
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: nuage_ca }
diff --git a/roles/nuage_node/tasks/certificates.yml b/roles/nuage_node/tasks/certificates.yml
new file mode 100644
index 000000000..0fe6f7bac
--- /dev/null
+++ b/roles/nuage_node/tasks/certificates.yml
@@ -0,0 +1,50 @@
+---
+- name: Create a directory to hold the certificates
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=directory
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the key
+ command: >
+ openssl genrsa -out "{{ nuage_ca_master_plugin_key }}" 4096
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the req file
+ command: >
+ openssl req -key "{{ nuage_ca_master_plugin_key }}" -new -out "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -subj "/CN=nuage-client"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Generate the crt file
+ command: >
+ openssl x509 -req -in "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_plugin_crt }}" -extensions clientauth -extfile "{{ nuage_ca_dir }}"/openssl.cnf
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Remove the req file
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy nuage CA crt
+ shell: cp "{{ nuage_ca_crt }}" "{{ nuage_plugin_rest_client_crt_dir }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Archive the certificate dir
+ shell: "cd {{ nuage_plugin_rest_client_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create a temp directory for the certificates
+ local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX"
+ register: mktemp
+
+- name: Download the certificates
+ fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Extract the certificates
+ unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_plugin_crt_dir }}
+
+- name: Delete the certificates after copy
+ file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Delete the temp directory
+ file: path="{{ mktemp.stdout }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml
index c1e49902d..d7dd53802 100644
--- a/roles/nuage_node/tasks/main.yaml
+++ b/roles/nuage_node/tasks/main.yaml
@@ -29,6 +29,8 @@
- nuage.key
- nuage.kubeconfig
+- include: certificates.yml
+
- name: Set the vsp-openshift.yaml
sudo: true
template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644
diff --git a/roles/nuage_node/templates/vsp-openshift.j2 b/roles/nuage_node/templates/vsp-openshift.j2
index 98d6c3a9c..6c10b9c24 100644
--- a/roles/nuage_node/templates/vsp-openshift.j2
+++ b/roles/nuage_node/templates/vsp-openshift.j2
@@ -10,5 +10,15 @@ enterpriseName: {{ enterprise }}
domainName: {{ domain }}
# IP address and port number of master API server
masterApiServer: {{ api_server }}
+# REST server URL
+nuageMonRestServer: {{ nuage_mon_rest_server_url }}
# Bridge name for the docker bridge
dockerBridgeName: {{ docker_bridge }}
+# Certificate for connecting to the kubemon REST API
+nuageMonClientCert: {{ rest_client_cert }}
+# Key to the certificate in restClientCert
+nuageMonClientKey: {{ rest_client_key }}
+# CA certificate for verifying the master's rest server
+nuageMonServerCA: {{ rest_server_ca_cert }}
+# Nuage vport mtu size
+interfaceMTU: {{ vport_mtu }}
diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml
index 4975d17ed..5acc65ef4 100644
--- a/roles/nuage_node/vars/main.yaml
+++ b/roles/nuage_node/vars/main.yaml
@@ -6,4 +6,16 @@ client_cert: "{{ vsp_openshift_dir }}/nuage.crt"
client_key: "{{ vsp_openshift_dir }}/nuage.key"
ca_cert: "{{ vsp_openshift_dir }}/ca.crt"
api_server: "{{ openshift_node_master_api_url }}"
+nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}"
+nuage_mon_rest_server_url: "https://{{ openshift_master_cluster_hostname }}:{{ nuage_mon_rest_server_port }}"
docker_bridge: "docker0"
+rest_client_cert: "{{ vsp_openshift_dir }}/nuageMonClient.crt"
+rest_client_key: "{{ vsp_openshift_dir }}/nuageMonClient.key"
+rest_server_ca_cert: "{{ vsp_openshift_dir }}/nuageMonCA.crt"
+vport_mtu: "{{ nuage_interface_mtu | default('1460') }}"
+
+nuage_plugin_rest_client_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}"
+nuage_ca_master_plugin_key: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.key"
+nuage_ca_master_plugin_crt: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.crt"
+
+nuage_plugin_crt_dir : /usr/share/vsp-openshift
diff --git a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml
index b3b60bf9b..9c8f1071a 100644
--- a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml
+++ b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml
@@ -86,7 +86,7 @@ parameters:
-
description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"'
name: IMAGE_VERSION
- value: "3.1.0"
+ value: "3.1.1"
-
description: "If true, set up to use a second ES cluster for ops logs."
name: ENABLE_OPS_CLUSTER
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 0f25881f1..7b2715bb0 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1090,7 +1090,7 @@ def set_container_facts_if_unset(facts):
if 'ovs_image' not in facts['node']:
facts['node']['ovs_image'] = ovs_image
- if facts['common']['is_containerized']:
+ if bool(strtobool(str(facts['common']['is_containerized']))):
facts['common']['admin_binary'] = '/usr/local/bin/oadm'
facts['common']['client_binary'] = '/usr/local/bin/oc'
diff --git a/roles/os_zabbix/vars/template_openshift_node.yml b/roles/os_zabbix/vars/template_openshift_node.yml
index e6daee8e4..66bd3a147 100644
--- a/roles/os_zabbix/vars/template_openshift_node.yml
+++ b/roles/os_zabbix/vars/template_openshift_node.yml
@@ -59,7 +59,7 @@ g_template_openshift_node:
url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc'
priority: high
- - name: '[HEAL] OVS may not be running on {HOST.NAME}'
+ - name: '[Heal] OVS may not be running on {HOST.NAME}'
expression: '{Template Openshift Node:openshift.node.ovs.pids.count.last(#1)}<>4 and {Template Openshift Node:openshift.node.ovs.pids.count.last(#2)}<>4'
url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc'
priority: high
@@ -68,34 +68,3 @@ g_template_openshift_node:
expression: '{Template Openshift Node:openshift.node.ovs.ports.count.last()}=0'
url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc'
priority: high
-
- zactions:
- - name: '[HEAL] OVS may not be running on {HOST.NAME}'
- status: disabled
- escalation_time: 60
- conditions_filter:
- calculation_type: "and/or"
- conditions:
- - conditiontype: maintenance status
- operator: not in
- - conditiontype: trigger name
- operator: like
- value: "[HEAL] OVS may not be running on"
- - conditiontype: trigger value
- operator: "="
- value: PROBLEM
- operations:
- - esc_step_from: 1
- esc_step_to: 1
- esc_period: 0
- operationtype: remote command
- opcommand:
- command: 'ssh -i /etc/openshift_tools/scriptrunner_id_rsa {{ ozb_scriptrunner_user }}@{{ ozb_scriptrunner_bastion_host }} remote-healer --host \"{HOST.NAME}\" --trigger \"{TRIGGER.NAME}\" --trigger-val \"{TRIGGER.VALUE}\"'
- execute_on: "zabbix server"
- type: 'custom script'
- target_hosts:
- - target_type: 'zabbix server'
- opconditions:
- - conditiontype: 'event acknowledged'
- operator: '='
- value: 'not acknowledged'
diff --git a/roles/os_zabbix/vars/template_ops_tools.yml b/roles/os_zabbix/vars/template_ops_tools.yml
index d1b8a2514..a0a5a4d03 100644
--- a/roles/os_zabbix/vars/template_ops_tools.yml
+++ b/roles/os_zabbix/vars/template_ops_tools.yml
@@ -21,3 +21,34 @@ g_template_ops_tools:
expression: '{Template Operations Tools:disc.ops.runner.command.exitcode[{#OSO_COMMAND}].last()}<>0'
url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_ops_runner_command.asciidoc'
priority: average
+
+ zactions:
+ - name: 'Remote command for [Heal] triggers'
+ status: enabled
+ escalation_time: 60
+ conditions_filter:
+ calculation_type: "and/or"
+ conditions:
+ - conditiontype: maintenance status
+ operator: not in
+ - conditiontype: trigger name
+ operator: like
+ value: "[Heal]"
+ - conditiontype: trigger value
+ operator: "="
+ value: PROBLEM
+ operations:
+ - esc_step_from: 1
+ esc_step_to: 1
+ esc_period: 0
+ operationtype: remote command
+ opcommand:
+ command: 'ssh -i /etc/openshift_tools/scriptrunner_id_rsa {{ ozb_scriptrunner_user }}@{{ ozb_scriptrunner_bastion_host }} remote-healer --host \"{HOST.NAME}\" --trigger \"{TRIGGER.NAME}\" --trigger-val \"{TRIGGER.VALUE}\"'
+ execute_on: "zabbix server"
+ type: 'custom script'
+ target_hosts:
+ - target_type: 'zabbix server'
+ opconditions:
+ - conditiontype: 'event acknowledged'
+ operator: '='
+ value: 'not acknowledged'
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 15:40:07 +0000