diff options
| -rw-r--r-- | .pylintrc | 3 | ||||
| -rw-r--r-- | CONTRIBUTING.md | 18 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/redeploy-certificates/masters.yml | 8 | ||||
| -rw-r--r-- | roles/openshift_logging/defaults/main.yml | 24 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/generate_routes.yaml | 20 | ||||
| -rw-r--r-- | roles/openshift_logging/templates/route_reencrypt.j2 | 8 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/main.yml | 6 |
7 files changed, 79 insertions, 8 deletions
@@ -18,7 +18,8 @@ persistent=no load-plugins= # Use multiple processes to speed up Pylint. -jobs=1 +# Zero means use the total number of CPUs. +jobs=0 # Allow loading of arbitrary C extensions. Extensions are imported into the # active Python interpreter and may run arbitrary code. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 83c844e28..dafa73bad 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -85,6 +85,24 @@ parallel pip install tox detox ``` +--- + +Note: before running `tox` or `detox`, ensure that the only virtualenvs within +the repository root are the ones managed by `tox`, those in a `.tox` +subdirectory. + +Use this command to list paths that are likely part of a virtualenv not managed +by `tox`: + +``` +$ find . -path '*/bin/python' | grep -vF .tox +``` + +Extraneous virtualenvs cause tools such as `pylint` to take a very long time +going through files that are part of the virtualenv. + +--- + List the test environments available: ``` tox -l diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml index f653a111f..c30889d64 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml @@ -36,6 +36,14 @@ - "openshift-master.crt" - "openshift-master.key" - "openshift-master.kubeconfig" + - name: Remove generated etcd client certificates + file: + path: "{{ openshift.common.config_base }}/master/{{ item }}" + state: absent + with_items: + - "master.etcd-client.crt" + - "master.etcd-client.key" + when: groups.oo_etcd_to_config | default([]) | length == 0 roles: - role: openshift_master_certificates openshift_master_etcd_hosts: "{{ hostvars diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 73849f46a..bdb168921 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -1,9 +1,9 @@ --- -openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default(docker.io/openshift/origin-) }}" -openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default(latest) }}" +openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" +openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" openshift_logging_use_ops: False openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" -openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default(https://{{openshift.common.public_hostname}}:8443) }}" +openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://{{openshift.common.public_hostname}}:8443') }}" openshift_logging_namespace: logging openshift_logging_install_logging: True @@ -27,7 +27,19 @@ openshift_logging_kibana_proxy_cpu_limit: null openshift_logging_kibana_proxy_memory_limit: null openshift_logging_kibana_replica_count: 1 -openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default(kibana-ops.{{openshift.common.dns_domain}}) }}" +#The absolute path on the control node to the cert file to use +#for the public facing kibana certs +openshift_logging_kibana_cert: "" + +#The absolute path on the control node to the key file to use +#for the public facing kibana certs +openshift_logging_kibana_key: "" + +#The absolute path on the control node to the CA file to use +#for the public facing kibana certs +openshift_logging_kibana_ca: "" + +openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.{{openshift.common.dns_domain}}') }}" openshift_logging_kibana_ops_cpu_limit: null openshift_logging_kibana_ops_memory_limit: null openshift_logging_kibana_ops_proxy_debug: false @@ -54,7 +66,7 @@ openshift_logging_es_memory_limit: 1024Mi openshift_logging_es_pv_selector: null openshift_logging_es_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_pvc_dynamic | default(False) }}" openshift_logging_es_pvc_size: "{{ openshift_hosted_logging_elasticsearch_pvc_size | default('') }}" -openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default(logging-es) }}" +openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default('logging-es') }}" openshift_logging_es_recover_after_time: 5m openshift_logging_es_storage_group: 65534 @@ -72,7 +84,7 @@ openshift_logging_es_ops_memory_limit: 1024Mi openshift_logging_es_ops_pv_selector: None openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}" -openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default(logging-es-ops) }}" +openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}" openshift_logging_es_ops_recover_after_time: 5m openshift_logging_es_ops_storage_group: 65534 diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml index 60694f67e..3c462378b 100644 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ b/roles/openshift_logging/tasks/generate_routes.yaml @@ -1,4 +1,20 @@ --- +- set_fact: kibana_key={{ lookup('file', openshift_logging_kibana_key) | b64encode }} + when: "{{ openshift_logging_kibana_key | trim | length > 0 }}" + changed_when: false + +- set_fact: kibana_cert={{ lookup('file', openshift_logging_kibana_cert)| b64encode }} + when: "{{openshift_logging_kibana_cert | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ca={{ lookup('file', openshift_logging_kibana_ca)| b64encode }} + when: "{{openshift_logging_kibana_ca | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ca={{key_pairs | entry_from_named_pair('ca_file') }} + when: kibana_ca is not defined + changed_when: false + - name: Generating logging routes template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml tags: routes @@ -6,7 +22,9 @@ obj_name: "{{route_info.name}}" route_host: "{{route_info.host}}" service_name: "{{route_info.name}}" - tls_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" + tls_key: "{{kibana_key | default('') | b64decode}}" + tls_cert: "{{kibana_cert | default('') | b64decode}}" + tls_ca_cert: "{{kibana_ca | b64decode}}" tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" labels: component: support diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2 index 8be30a2c4..341ffdd84 100644 --- a/roles/openshift_logging/templates/route_reencrypt.j2 +++ b/roles/openshift_logging/templates/route_reencrypt.j2 @@ -11,6 +11,14 @@ metadata: spec: host: {{ route_host }} tls: +{% if tls_key is defined and tls_key | length > 0 %} + key: | +{{ tls_key|indent(6, true) }} +{% if tls_cert is defined and tls_cert | length > 0 %} + certificate: | +{{ tls_cert|indent(6, true) }} +{% endif %} +{% endif %} caCertificate: | {% for line in tls_ca_cert.split('\n') %} {{ line }} diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 3e888b77f..691227915 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -60,6 +60,12 @@ state: present when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool +- name: Install conntrack-tools package + package: + name: "conntrack-tools" + state: present + when: not openshift.common.is_containerized | bool + - name: Install the systemd units include: systemd_units.yml |