From 7318e26c4f9d694dd5ed58df5927eea73060054d Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 16 Jun 2016 17:19:42 -0400 Subject: Pull in keynote demo changes --- roles/openshift_facts/library/openshift_facts.py | 4 +- roles/openshift_metrics/tasks/main.yaml | 168 +++++++++++++++++------ roles/openshift_metrics/vars/main.yaml | 15 +- 3 files changed, 133 insertions(+), 54 deletions(-) (limited to 'roles') diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 6fab996b2..f01f3510d 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1776,6 +1776,8 @@ class OpenShiftFacts(object): defaults['hosted'] = dict( metrics=dict( deploy=False, + deployer_prefix='registry.access.redhat.com/openshift3/', + deployer_version='3.3.0', duration=7, resolution='10s', storage=dict( @@ -1791,7 +1793,7 @@ class OpenShiftFacts(object): filesystem='ext4', volumeID='123'), host=None, - access_modes=['ReadWriteMany'], + access_modes=['ReadWriteOnce'], create_pv=True ) ), diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 43b85204a..d7d984118 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,64 +1,142 @@ --- -- name: Copy Configuration to temporary conf +- fail: + msg: This role required openshift_master_default_subdomain or openshift_master_metrics_url be set + when: openshift.master.metrics_public_url | default(openshift_master_metrics_public_url | default(openshift.master.default_subdomain | default(openshift_master_default_subdomain | default(none)))) is none + +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- set_fact: + openshift_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_metrics_kubeconfig }} + changed_when: False + +- name: Set hosted metrics facts + openshift_facts: + role: hosted + openshift_env: "{{ hostvars + | oo_merge_hostvars(vars, inventory_hostname) + | oo_openshift_env }}" + openshift_env_structures: + - 'openshift.hosted.metrics.*' + +- set_fact: + # Prefer the master facts over bare variables if present, prefer + # metrics_public_url over creating a default using default_subdomain + metrics_hostname: "{{ openshift.hosted.metrics.public_url + | default('hawkular-metrics.' ~ (openshift.master.default_subdomain + | default(openshift_master_default_subdomain ))) + | oo_hostname_from_url }}" + metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" + metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" + metrics_template_dir: "/usr/share/openshift/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" + cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}" + cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}" + +- name: Test if metrics-deployer service account exists command: > - cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{hawkular_tmp_conf}} + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace=openshift-infra + get serviceaccount metrics-deployer -o json + register: serviceaccount changed_when: false + failed_when: false - name: Create metrics-deployer Service Account shell: > - echo {{ deployer_service_account | to_json | quote }} | - {{ openshift.common.client_binary }} create - -n openshift-infra - --config={{hawkular_tmp_conf}} - -f - - register: deployer_create_service_account - failed_when: "'already exists' not in deployer_create_service_account.stderr and deployer_create_service_account.rc != 0" - changed_when: deployer_create_service_account.rc == 0 - -- name: Create metrics-deployer Secret - command: > + echo {{ metrics_deployer_sa | to_json | quote }} | {{ openshift.common.client_binary }} - secrets new metrics-deployer - nothing=/dev/null - --config={{hawkular_tmp_conf}} - -n openshift-infra - register: deployer_create_secret - failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0" - changed_when: deployer_create_secret.rc == 0 - -- name: Configure role/user permissions + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + create -f - + when: serviceaccount.rc == 1 + +- name: Test edit permissions command: > - {{ openshift.common.admin_binary }} {{item}} - --config={{hawkular_tmp_conf}} - with_items: "{{hawkular_permission_oc_commands}}" - register: hawkular_perm_task - failed_when: "'already exists' not in hawkular_perm_task.stderr and hawkular_perm_task.rc != 0" - changed_when: hawkular_perm_task.rc == 0 - -- name: Check openshift_master_default_subdomain - fail: - msg: "Default subdomain should be defined" - when: openshift.master.default_subdomain is not defined - -- name: Create Heapster and Hawkular/Cassandra Services - shell: > - {{ openshift.common.client_binary }} process -f \ - /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} \ - | {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f - - register: oex_heapster_services - failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}' + register: edit_rolebindings changed_when: false -- name: Clean temporary config file +- name: Add edit permission to the openshift-infra project to metrics-deployer SA + command: > + {{ openshift.common.admin_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-role-to-user edit + system:serviceaccount:openshift-infra:metrics-deployer + when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" + +- name: Test cluster-reader permissions command: > - rm -rf {{hawkular_tmp_conf}} + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}' + register: cluster_reader_clusterrolebindings changed_when: false +- name: Add cluster-reader permission to the openshift-infra project to heapster SA + command: > + {{ openshift.common.admin_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-cluster-role-to-user cluster-reader + system:serviceaccount:openshift-infra:heapster + when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout" + +# TODO: extend this to allow user passed in certs or generating cert with +# OpenShift CA +- name: Create metrics-deployer secret + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + secrets new metrics-deployer nothing=/dev/null + register: metrics_deployer_secret + changed_when: metrics_deployer_secret.rc == 0 + failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr" + +- debug: var=openshift.hosted.metrics.deployer_prefix +- debug: var=openshift.hosted.metrics.deployer_version + + +- name: Deploy Metrics + shell: > + {{ openshift.common.client_binary }} process -f + {{ metrics_template_dir }}/metrics-deployer.yaml -v + HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{ + metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }},IMAGE_PREFIX={{ openshift.hosted.metrics.deployer_prefix }},IMAGE_VERSION={{ openshift.hosted.metrics.deployer_version }} + | {{ openshift.common.client_binary }} --namespace openshift-infra + --config={{ openshift_metrics_kubeconfig }} + create -f - + register: deploy_metrics + failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0" + changed_when: deploy_metrics.rc == 0 + +# TODO: re-enable this once the metrics deployer validation issue is fixed +# when using dynamically provisioned volumes - name: "Wait for image pull and deployer pod" - shell: "{{ openshift.common.client_binary }} get pods -n openshift-infra | grep metrics-deployer.*Completed" + shell: > + {{ openshift.common.client_binary }} + --namespace openshift-infra + --config={{ openshift_metrics_kubeconfig }} + get pods | grep metrics-deployer.*Completed register: result until: result.rc == 0 retries: 60 delay: 10 +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml index 82d9d29f7..bd542382f 100644 --- a/roles/openshift_metrics/vars/main.yaml +++ b/roles/openshift_metrics/vars/main.yaml @@ -2,13 +2,13 @@ hawkular_permission_oc_commands: - policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra - policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster -deployer_service_account: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: metrics-deployer - secrets: - - name: metrics-deployer +metrics_deployer_sa: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: metrics-deployer + secrets: + - name: metrics-deployer hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig @@ -16,4 +16,3 @@ hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}true{% else %}false{% endif %}" hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" - -- cgit v1.2.3 From bb364ba9ceb3c82132aebf69541ee0b3d608533c Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 22 Aug 2016 14:23:53 -0400 Subject: Add Enterprise 3.3 template --- .../enterprise/metrics-deployer.yaml | 38 +++++++++++++++++++--- .../origin/metrics-deployer.yaml | 4 +-- 2 files changed, 36 insertions(+), 6 deletions(-) (limited to 'roles') diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml index 032f94a18..afd47ec7c 100644 --- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml @@ -34,9 +34,11 @@ objects: metadata: generateName: metrics-deployer- spec: + securityContext: {} containers: - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} name: deployer + securityContext: {} volumeMounts: - name: secret mountPath: /secret @@ -48,6 +50,10 @@ objects: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: IMAGE_PREFIX value: ${IMAGE_PREFIX} - name: IMAGE_VERSION @@ -58,8 +64,12 @@ objects: value: ${MODE} - name: REDEPLOY value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} - name: USE_PERSISTENT_STORAGE value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} - name: HAWKULAR_METRICS_HOSTNAME value: ${HAWKULAR_METRICS_HOSTNAME} - name: CASSANDRA_NODES @@ -68,6 +78,10 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION value: ${METRIC_RESOLUTION} dnsPolicy: ClusterFirst @@ -87,7 +101,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "3.2.1" + value: "3.3.0" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL @@ -97,17 +111,25 @@ parameters: name: HAWKULAR_METRICS_HOSTNAME required: true - - description: "Can be set to: 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process)" + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" name: MODE value: "deploy" - description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" name: REDEPLOY value: "false" +- + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" - description: "Set to true for persistent storage, set to false to use non persistent storage" name: USE_PERSISTENT_STORAGE value: "true" +- + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" - description: "The number of Cassandra Nodes to deploy for the initial cluster" name: CASSANDRA_NODES @@ -121,6 +143,14 @@ parameters: name: METRIC_DURATION value: "7" - - description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION - value: "10s" + value: "15s" diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml index ab62ae76f..ac5098c8a 100644 --- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml @@ -151,6 +151,6 @@ parameters: name: HEAPSTER_NODE_ID value: "nodename" - - description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION - value: "10s" + value: "15s" -- cgit v1.2.3 From b1ce2cc8803cc5ac87a6bfcb22554ba8662c3009 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 2 Aug 2016 12:29:20 -0400 Subject: Add logic to detect existing installs However, due to testing constraints we're only supporting 'greenfield' installs right now. --- roles/openshift_metrics/handlers/main.yml | 31 ++++++++ roles/openshift_metrics/tasks/install.yml | 114 ++++++++++++++++++++++++++++++ roles/openshift_metrics/tasks/main.yaml | 112 ++++++++--------------------- roles/openshift_metrics/vars/main.yaml | 2 + 4 files changed, 175 insertions(+), 84 deletions(-) create mode 100644 roles/openshift_metrics/handlers/main.yml create mode 100644 roles/openshift_metrics/tasks/install.yml (limited to 'roles') diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml new file mode 100644 index 000000000..edb7369de --- /dev/null +++ b/roles/openshift_metrics/handlers/main.yml @@ -0,0 +1,31 @@ +--- +- name: restart master + service: name={{ openshift.common.service_type }}-master state=restarted + when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool)) + notify: Verify API Server + +- name: restart master api + service: name={{ openshift.common.service_type }}-master-api state=restarted + when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + notify: Verify API Server + +- name: restart master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + +- name: Verify API Server + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} + {{ openshift.master.api_url }}/healthz/ready + register: api_available_output + until: api_available_output.stdout == 'ok' + retries: 120 + delay: 1 + changed_when: false diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml new file mode 100644 index 000000000..1f30e292b --- /dev/null +++ b/roles/openshift_metrics/tasks/install.yml @@ -0,0 +1,114 @@ +--- + +- name: Test if metrics-deployer service account exists + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace=openshift-infra + get serviceaccount metrics-deployer -o json + register: serviceaccount + changed_when: false + failed_when: false + +- name: Create metrics-deployer Service Account + shell: > + echo {{ metrics_deployer_sa | to_json | quote }} | + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + create -f - + when: serviceaccount.rc == 1 + +- name: Test edit permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}' + register: edit_rolebindings + changed_when: false + +- name: Add edit permission to the openshift-infra project to metrics-deployer SA + command: > + {{ openshift.common.admin_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-role-to-user edit + system:serviceaccount:openshift-infra:metrics-deployer + when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" + +- name: Test cluster-reader permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}' + register: cluster_reader_clusterrolebindings + changed_when: false + +- name: Add cluster-reader permission to the openshift-infra project to heapster SA + command: > + {{ openshift.common.admin_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-cluster-role-to-user cluster-reader + system:serviceaccount:openshift-infra:heapster + when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout" + +- name: Create metrics-deployer secret + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + secrets new metrics-deployer nothing=/dev/null + register: metrics_deployer_secret + changed_when: metrics_deployer_secret.rc == 0 + failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr" + +# TODO: extend this to allow user passed in certs or generating cert with +# OpenShift CA +- name: Build metrics deployer command + set_fact: + deployer_cmd: "{{ openshift.common.client_binary }} process -f \ + {{ metrics_template_dir }}/metrics-deployer.yaml -v \ + HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }},IMAGE_PREFIX={{ openshift.hosted.metrics.deployer_prefix }},IMAGE_VERSION={{ openshift.hosted.metrics.deployer_version }},MODE={{ deployment_mode }} \ + | {{ openshift.common.client_binary }} --namespace openshift-infra \ + --config={{ openshift_metrics_kubeconfig }} \ + create -f -" + +- name: Deploy Metrics + shell: "{{ deployer_cmd }}" + register: deploy_metrics + failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0" + changed_when: deploy_metrics.rc == 0 + +- set_fact: + deployer_pod: "{{ deploy_metrics.stdout[1:2] }}" + +# TODO: re-enable this once the metrics deployer validation issue is fixed +# when using dynamically provisioned volumes +- name: "Wait for image pull and deployer pod" + shell: > + {{ openshift.common.client_binary }} + --namespace openshift-infra + --config={{ openshift_metrics_kubeconfig }} + get {{ deploy_metrics.stdout }} + register: deploy_result + until: "{{ 'Completed' in deploy_result.stdout }}" + failed_when: "{{ 'Completed' not in deploy_result.stdout }}" + retries: 60 + delay: 10 + +- name: Configure master for metrics + modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: assetConfig.metricsPublicURL + yaml_value: "https://{{ metrics_hostname }}/hawkular/metrics" + notify: restart master + +- name: Store metrics public_url + openshift_facts: + role: master + local_facts: + metrics_public_url: "https://{{ metrics_hostname }}/hawkular/metrics" + when: deploy_result | changed diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index d7d984118..b20cd4b0e 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -8,7 +8,8 @@ register: mktemp changed_when: False -- set_fact: +- name: Record kubeconfig tmp dir + set_fact: openshift_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" - name: Copy the admin client config(s) @@ -32,108 +33,51 @@ | default('hawkular-metrics.' ~ (openshift.master.default_subdomain | default(openshift_master_default_subdomain ))) | oo_hostname_from_url }}" - metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" + metrics_persistence: True + #"{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" metrics_template_dir: "/usr/share/openshift/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}" cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}" -- name: Test if metrics-deployer service account exists - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} - --namespace=openshift-infra - get serviceaccount metrics-deployer -o json - register: serviceaccount - changed_when: false - failed_when: false -- name: Create metrics-deployer Service Account +- name: Check for existing metrics pods shell: > - echo {{ metrics_deployer_sa | to_json | quote }} | - {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} - --namespace openshift-infra - create -f - - when: serviceaccount.rc == 1 - -- name: Test edit permissions - command: > {{ openshift.common.client_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace openshift-infra - get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}' - register: edit_rolebindings + get pods -l {{ item }} | grep -q Running + register: metrics_pods_status + with_items: + - metrics-infra=hawkular-metrics + - metrics-infra=heapster + - metrics-infra=hawkular-cassandra + failed_when: false changed_when: false -- name: Add edit permission to the openshift-infra project to metrics-deployer SA - command: > - {{ openshift.common.admin_binary }} - --config={{ openshift_metrics_kubeconfig }} - --namespace openshift-infra - policy add-role-to-user edit - system:serviceaccount:openshift-infra:metrics-deployer - when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" - -- name: Test cluster-reader permissions - command: > +- name: Check for previous deployer + shell: > {{ openshift.common.client_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace openshift-infra - get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}' - register: cluster_reader_clusterrolebindings + get pods -l metrics-infra=deployer --sort-by='{.metadata.creationTimestamp}' | tail -1 | grep metrics-deployer- + register: metrics_deployer_status + failed_when: false changed_when: false -- name: Add cluster-reader permission to the openshift-infra project to heapster SA - command: > - {{ openshift.common.admin_binary }} - --config={{ openshift_metrics_kubeconfig }} - --namespace openshift-infra - policy add-cluster-role-to-user cluster-reader - system:serviceaccount:openshift-infra:heapster - when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout" - -# TODO: extend this to allow user passed in certs or generating cert with -# OpenShift CA -- name: Create metrics-deployer secret - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} - --namespace openshift-infra - secrets new metrics-deployer nothing=/dev/null - register: metrics_deployer_secret - changed_when: metrics_deployer_secret.rc == 0 - failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr" +- name: Record current deployment status + set_fact: + greenfield: "{{ not metrics_deployer_status.rc == 0 }}" + failed_error: "{{ True if 'Error' in metrics_deployer_status.stdout else False }}" + metrics_running: "{{ metrics_pods_status.results | oo_collect(attribute='rc') == [0,0,0] }}" -- debug: var=openshift.hosted.metrics.deployer_prefix -- debug: var=openshift.hosted.metrics.deployer_version +- name: Set deployment mode + set_fact: + deployment_mode: "{{ 'refresh' if (failed_error | bool or metrics_upgrade | bool) else 'deploy' }}" - -- name: Deploy Metrics - shell: > - {{ openshift.common.client_binary }} process -f - {{ metrics_template_dir }}/metrics-deployer.yaml -v - HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{ - metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }},IMAGE_PREFIX={{ openshift.hosted.metrics.deployer_prefix }},IMAGE_VERSION={{ openshift.hosted.metrics.deployer_version }} - | {{ openshift.common.client_binary }} --namespace openshift-infra - --config={{ openshift_metrics_kubeconfig }} - create -f - - register: deploy_metrics - failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0" - changed_when: deploy_metrics.rc == 0 - -# TODO: re-enable this once the metrics deployer validation issue is fixed -# when using dynamically provisioned volumes -- name: "Wait for image pull and deployer pod" - shell: > - {{ openshift.common.client_binary }} - --namespace openshift-infra - --config={{ openshift_metrics_kubeconfig }} - get pods | grep metrics-deployer.*Completed - register: result - until: result.rc == 0 - retries: 60 - delay: 10 +# TODO: handle non greenfield deployments in the future +- include: install.yml + when: greenfield - name: Delete temp directory file: diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml index bd542382f..0331bcb89 100644 --- a/roles/openshift_metrics/vars/main.yaml +++ b/roles/openshift_metrics/vars/main.yaml @@ -16,3 +16,5 @@ hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}true{% else %}false{% endif %}" hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" + +metrics_upgrade: openshift.hosted.metrics.upgrade | default(False) -- cgit v1.2.3 From c0067ca0646c99dc428f09f3e68eacfab683394f Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 8 Aug 2016 08:39:31 -0400 Subject: add selectors for metrics and logging --- roles/openshift_facts/library/openshift_facts.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'roles') diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index f01f3510d..b67ef491f 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -477,6 +477,14 @@ def set_selectors(facts): facts['hosted']['registry'] = {} if 'selector' not in facts['hosted']['registry'] or facts['hosted']['registry']['selector'] in [None, 'None']: facts['hosted']['registry']['selector'] = selector + if 'metrics' not in facts['hosted']: + facts['hosted']['metrics'] = {} + if 'selector' not in facts['hosted']['metrics'] or facts['hosted']['metrics']['selector'] in [None, 'None']: + facts['hosted']['metrics']['selector'] = None + if 'logging' not in facts['hosted']: + facts['hosted']['logging'] = {} + if 'selector' not in facts['hosted']['logging'] or facts['hosted']['logging']['selector'] in [None, 'None']: + facts['hosted']['logging']['selector'] = None return facts -- cgit v1.2.3 From 7c36172fb08e19abcd08b7be0aa7de68f5f166ad Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 22 Aug 2016 15:07:22 -0400 Subject: Fix registry volume --- roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'roles') diff --git a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml index 6bf859e82..60eefd71a 100644 --- a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml +++ b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml @@ -5,10 +5,11 @@ - name: Determine if volume is already attached to dc/docker-registry command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\} --output-version=v1" changed_when: false + failed_when: false register: registry_volumes_output - set_fact: - volume_attached: "{{ registry_volume_claim in registry_volumes_output.stdout }}" + volume_attached: "{{ registry_volume_claim in (registry_volumes_output).stdout | default(['']) }}" - name: Add volume to dc/docker-registry command: > -- cgit v1.2.3 From 85c6743a011884abfcdb2ded665e46f46023522e Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 17 Aug 2016 13:54:57 -0400 Subject: Add ability to disable pvc creation --- roles/openshift_facts/library/openshift_facts.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b67ef491f..bd8010705 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1802,7 +1802,8 @@ class OpenShiftFacts(object): volumeID='123'), host=None, access_modes=['ReadWriteOnce'], - create_pv=True + create_pv=True, + create_pvc=False ) ), registry=dict( @@ -1817,7 +1818,8 @@ class OpenShiftFacts(object): options='*(rw,root_squash)'), host=None, access_modes=['ReadWriteMany'], - create_pv=True + create_pv=True, + create_pvc=True ) ), router=dict() -- cgit v1.2.3 From 7999e06a0ea70fb9e7967fd14bf4a96748b3b4da Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 17 Aug 2016 17:02:41 -0400 Subject: Add metrics exports to nfs role, move exports to /etc/exports.d/openshift-ansible.exports --- roles/openshift_storage_nfs/tasks/main.yml | 17 ++++++++++++++++- roles/openshift_storage_nfs/templates/exports.j2 | 1 + 2 files changed, 17 insertions(+), 1 deletion(-) (limited to 'roles') diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index fe7f83cbb..2928fbb1e 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -30,11 +30,26 @@ - name: Configure exports template: - dest: /etc/exports + dest: /etc/exports.d/openshift-ansible.exports src: exports.j2 notify: - restart nfs-server +# Now that we're putting our exports in our own file clean up the old ones +- name: register exports + command: cat /etc/exports.d/openshift-ansible.exports + register: exports_out + +- name: remove exports from /etc/exports + lineinfile: + dest: /etc/exports + line: "{{ item }}" + state: absent + with_items: "{{ exports_out.stdout_lines | default([]) }}" + when: exports_out.rc == 0 + notify: + - restart nfs-server + - name: Enable and start services service: name: "{{ item }}" diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2 index c1e1994b0..d6d936b72 100644 --- a/roles/openshift_storage_nfs/templates/exports.j2 +++ b/roles/openshift_storage_nfs/templates/exports.j2 @@ -1 +1,2 @@ {{ openshift.hosted.registry.storage.nfs.directory }}/{{ openshift.hosted.registry.storage.volume.name }} {{ openshift.hosted.registry.storage.nfs.options }} +{{ openshift.hosted.metrics.storage.nfs.directory }}/{{ openshift.hosted.metrics.storage.volume.name }} {{ openshift.hosted.metrics.storage.nfs.options }} -- cgit v1.2.3 From 6765f1f398c1a3b8d72e1a07085c953f5a1ad810 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 19 Aug 2016 13:53:08 -0400 Subject: Rely on IMAGE_PREFIX and IMAGE_VERSION defaults from the templates themselves --- roles/openshift_facts/library/openshift_facts.py | 2 -- roles/openshift_metrics/tasks/install.yml | 2 +- roles/openshift_metrics/tasks/main.yaml | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'roles') diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index bd8010705..ff4d9c946 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1784,8 +1784,6 @@ class OpenShiftFacts(object): defaults['hosted'] = dict( metrics=dict( deploy=False, - deployer_prefix='registry.access.redhat.com/openshift3/', - deployer_version='3.3.0', duration=7, resolution='10s', storage=dict( diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml index 1f30e292b..2fbb7d606 100644 --- a/roles/openshift_metrics/tasks/install.yml +++ b/roles/openshift_metrics/tasks/install.yml @@ -71,7 +71,7 @@ set_fact: deployer_cmd: "{{ openshift.common.client_binary }} process -f \ {{ metrics_template_dir }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }},IMAGE_PREFIX={{ openshift.hosted.metrics.deployer_prefix }},IMAGE_VERSION={{ openshift.hosted.metrics.deployer_version }},MODE={{ deployment_mode }} \ + HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \ | {{ openshift.common.client_binary }} --namespace openshift-infra \ --config={{ openshift_metrics_kubeconfig }} \ create -f -" diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index b20cd4b0e..8a6712468 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -39,6 +39,8 @@ metrics_template_dir: "/usr/share/openshift/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}" cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}" + image_prefix: "{{ ',IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer_prefix if 'deployer_prefix' in openshift.hosted.metrics else '' }}" + image_version: "{{ ',IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer_version if 'deployer_version' in openshift.hosted.metrics else '' }}" - name: Check for existing metrics pods -- cgit v1.2.3 From 3f2d71a1bfb589778733dd8eb0ccd6b1dac31d79 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Wed, 24 Aug 2016 14:33:48 -0400 Subject: Refactor volume directory creation --- roles/openshift_storage_nfs/tasks/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index 2928fbb1e..08d0b8540 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -20,13 +20,14 @@ - name: Ensure export directories exist file: - path: "{{ openshift.hosted.registry.storage.nfs.directory }}/{{ item }}" + path: "{{ item.storage.nfs.directory }}/{{ item.storage.volume.name }}" state: directory mode: 0777 owner: nfsnobody group: nfsnobody with_items: - - "{{ openshift.hosted.registry.storage.volume.name }}" + - "{{ openshift.hosted.registry }}" + - "{{ openshift.hosted.metrics }}" - name: Configure exports template: -- cgit v1.2.3