diff options
| -rw-r--r-- | .tito/packages/openshift-ansible | 2 | ||||
| -rw-r--r-- | inventory/byo/hosts.aep.example | 2 | ||||
| -rw-r--r-- | inventory/byo/hosts.origin.example | 2 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 2 | ||||
| -rw-r--r-- | openshift-ansible.spec | 10 | ||||
| -rw-r--r-- | playbooks/common/openshift-master/config.yml | 6 | ||||
| -rw-r--r-- | roles/nuage_master/files/serviceaccount.sh | 63 | ||||
| -rw-r--r-- | roles/nuage_master/tasks/main.yaml | 4 | ||||
| -rw-r--r-- | roles/nuage_master/tasks/serviceaccount.yml | 51 | ||||
| -rw-r--r-- | roles/nuage_master/vars/main.yaml | 16 | ||||
| -rw-r--r-- | roles/openshift_cluster_metrics/tasks/main.yml | 1 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 2 | ||||
| -rw-r--r-- | roles/openshift_metrics/README.md | 2 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/main.yaml | 8 |
14 files changed, 94 insertions, 77 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index c85cab6b2..33914d91b 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.83-1 ./ +3.0.84-1 ./ diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index d1f3aaa58..d57cb4947 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -340,7 +340,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot # be used with 1.0 and 3.0. -# openshift_node_dnsmasq=False +# openshift_use_dnsmasq=False # Global Proxy Configuration # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 790e40b25..2a4b00964 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -345,7 +345,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot # be used with 1.0 and 3.0. -# openshift_node_dnsmasq=False +# openshift_use_dnsmasq=False # Global Proxy Configuration # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index b4dd180f9..2df6bd5e2 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -341,7 +341,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults # to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot # be used with 1.0 and 3.0. -# openshift_node_dnsmasq=False +# openshift_use_dnsmasq=False # Global Proxy Configuration # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 54de1ef5f..aa29e9958 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.83 +Version: 3.0.84 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -183,6 +183,12 @@ Atomic OpenShift Utilities includes %changelog +* Fri Apr 22 2016 Troy Dawson <tdawson@redhat.com> 3.0.84-1 +- Fix for docker not present (jdetiber@redhat.com) +- Reconcile roles in additive-only mode on upgrade (jliggitt@redhat.com) +- Set etcd_hostname and etcd_ip for masters w/ external etcd. + (abutcher@redhat.com) + * Thu Apr 21 2016 Troy Dawson <tdawson@redhat.com> 3.0.83-1 - a-o-i: Correct bug with default storage host (smunilla@redhat.com) - Only add new sccs (bleanhar@redhat.com) @@ -208,7 +214,7 @@ Atomic OpenShift Utilities includes - Fix router selector fact migration and match multiple selectors when counting nodes. (abutcher@redhat.com) - Fixing the spec for PR 1734 (bleanhar@redhat.com) -- Add openshift_node_dnsmasq (sdodson@redhat.com) +- Add openshift_use_dnsmasq (sdodson@redhat.com) - Promote portal_net to openshift.common, add kube_svc_ip (sdodson@redhat.com) - Add example inventories to docs, install docs by default (sdodson@redhat.com) - Fix use of JSON inventory vars with raw booleans. (dgoodwin@redhat.com) diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index c9d94bec5..0b0faaa22 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -42,6 +42,12 @@ - set_fact: openshift_hosted_metrics_deploy: "{{ lookup('oo_option', 'openshift_hosted_metrics_deploy') | default(false, true) }}" when: openshift_hosted_metrics_deploy is not defined + - set_fact: + openshift_hosted_metrics_duration: "{{ lookup('oo_option', 'openshift_hosted_metrics_duration') | default(7) }}" + when: openshift_hosted_metrics_duration is not defined + - set_fact: + openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default(10) }}" + when: openshift_hosted_metrics_resolution is not defined roles: - openshift_facts diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh deleted file mode 100644 index f6fdb8a8d..000000000 --- a/roles/nuage_master/files/serviceaccount.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -# Parse CLI options -for i in "$@"; do - case $i in - --master-cert-dir=*) - MASTER_DIR="${i#*=}" - CA_CERT=${MASTER_DIR}/ca.crt - CA_KEY=${MASTER_DIR}/ca.key - CA_SERIAL=${MASTER_DIR}/ca.serial.txt - ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig - ;; - --server=*) - SERVER="${i#*=}" - ;; - --output-cert-dir=*) - OUTDIR="${i#*=}" - CONFIG_FILE=${OUTDIR}/nuage.kubeconfig - ;; - esac -done - -# If any are missing, print the usage and exit -if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then - echo "Invalid syntax: $@" - echo "Usage:" - echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/" - echo "--master-cert-dir: Directory where the master's configuration is held" - echo "--server: Address of Kubernetes API server (default port is 8443)" - echo "--output-cert-dir: Directory to put artifacts in" - echo "" - echo "All options are required" - exit 1 -fi - -# Login as admin so that we can create the service account -oc login -u system:admin --config=$ADMIN_FILE || exit 1 -oc project default --config=$ADMIN_FILE - -ACCOUNT_CONFIG=' -{ - "apiVersion": "v1", - "kind": "ServiceAccount", - "metadata": { - "name": "nuage" - } -} -' - -# Create the account with the included info -echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f - - -# Add the cluser-reader role, which allows this service account read access to -# everything in the cluster except secrets -oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE - -# Generate certificates and a kubeconfig for the service account -oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage' - -# Verify the finalized kubeconfig -if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then - echo "Service account creation failed!" - exit 1 -fi diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index abeee3d71..c71f3072c 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -11,9 +11,7 @@ sudo: true yum: name={{ nuage_openshift_rpm }} state=present -- name: Run the service account creation script - sudo: true - script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }} +- include: serviceaccount.yml - name: Download the certs and keys sudo: true diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml new file mode 100644 index 000000000..5b4af5824 --- /dev/null +++ b/roles/nuage_master/tasks/serviceaccount.yml @@ -0,0 +1,51 @@ +--- +- name: Create temporary directory for admin kubeconfig + command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig + register: nuage_tmp_conf_mktemp + changed_when: False + +- set_fact: + nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}" + +- name: Copy Configuration to temporary conf + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}} + changed_when: false + +- name: Create Admin Service Account + shell: > + echo {{ nuage_service_account_config | to_json | quote }} | + {{ openshift.common.client_binary }} create + -n default + --config={{nuage_tmp_conf}} + -f - + register: osnuage_create_service_account + failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0" + changed_when: osnuage_create_service_account.rc == 0 + +- name: Configure role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{nuage_tmp_conf}} + with_items: "{{nuage_tasks}}" + register: osnuage_perm_task + failed_when: "'already exists' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0" + changed_when: osnuage_perm_task.rc == 0 + +- name: Generate the node client config + command: > + {{ openshift.common.admin_binary }} create-api-client-config + --certificate-authority={{ openshift_master_ca_cert }} + --client-dir={{ cert_output_dir }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.api_url }} + --signer-cert={{ openshift_master_ca_cert }} + --signer-key={{ openshift_master_ca_key }} + --signer-serial={{ openshift_master_ca_serial }} + --basename='nuage' + --user={{ nuage_service_account }} + +- name: Clean temporary configuration file + command: > + rm -f {{nuage_tmp_conf}} + changed_when: false diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index c4c15d65c..d3536eb33 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -1,4 +1,7 @@ openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" +openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" +openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" ca_cert: "{{ openshift_master_config_dir }}/ca.crt" admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig" cert_output_dir: /usr/share/nuage-openshift-monitor @@ -15,6 +18,17 @@ nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonSe nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt" nuage_master_crt_dir : /usr/share/nuage-openshift-monitor +nuage_service_account: system:serviceaccount:default:nuage + +nuage_service_account_config: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: nuage + +nuage_tasks: + - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }} + nuage_master_cspadminpasswd: '' -nuage_master_adminsusername: 'admin' +nuage_master_adminusername: 'admin' nuage_master_adminuserpasswd: 'admin' diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml index d45f62eca..1fc8a074a 100644 --- a/roles/openshift_cluster_metrics/tasks/main.yml +++ b/roles/openshift_cluster_metrics/tasks/main.yml @@ -28,7 +28,6 @@ cluster-reader system:serviceaccount:default:heapster register: oex_cluster_header_role - register: oex_cluster_header_role failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0" changed_when: false diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 49658a2ee..f733fd5a8 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1715,6 +1715,8 @@ class OpenShiftFacts(object): defaults['hosted'] = dict( metrics=dict( deploy=False, + duration=7, + resolution=10, storage=dict( kind=None, volume=dict( diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index 610917d7d..ec13d61d2 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -19,6 +19,8 @@ From this role: | openshift_hosted_metrics_storage_volume_name | metrics | Metrics volume within openshift_hosted_metrics_volume_dir | | openshift_hosted_metrics_storage_volume_size | 10Gi | Metrics volume size | | openshift_hosted_metrics_storage_nfs_options | *(rw,root_squash) | NFS options for configured exports. | +| openshift_hosted_metrics_duration | 7 | Metrics query duration | +| openshift_hosted_metrics_resolution | 10 | Metrics resolution | From openshift_common: diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 1a86cb1ea..ca29ad6e1 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -20,6 +20,7 @@ {{ openshift.common.client_binary }} secrets new metrics-deployer nothing=/dev/null + --config={{hawkular_tmp_conf}} -n openshift-infra register: deployer_create_secret failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0" @@ -43,8 +44,9 @@ shell: > {{ openshift.common.client_binary }} process -f \ /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }} | \ - {{ openshift.common.client_binary }} create -n openshift-infra -f - + HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }} USE_PERSISTENT_STORAGE={{ hawkular_persistence }} \ + METRIC_DURATION={{ openshift.hosted.metrics.duration }} METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} | + {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f - register: oex_heapster_services failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" changed_when: false @@ -52,4 +54,4 @@ - name: Clean temporary config file command: > rm -rf {{hawkular_tmp_conf}} - changed_when: false
\ No newline at end of file + changed_when: false |