diff options
25 files changed, 384 insertions, 43 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index ab096b300..4df929277 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.0.47-1 ./ +3.0.49-1 ./ @@ -34,6 +34,7 @@ class Ohi(object): 'openshift_ansible', \ 'openshift_ansible.conf') + self.args = None self.parse_cli_args() self.parse_config_file() @@ -57,6 +58,7 @@ class Ohi(object): hosts = self.aws.get_host_list(clusters=self.args.cluster, host_type=self.args.host_type, + sub_host_type=self.args.sub_host_type, envs=self.args.env, version=version, cached=self.args.cache_only) @@ -104,6 +106,8 @@ class Ohi(object): parser.add_argument('-t', '--host-type', action="store", help="Which host type to use") + parser.add_argument('-s', '--sub-host-type', action="store", help="Which sub host type to use") + parser.add_argument('-l', '--user', action='store', default=None, help='username') parser.add_argument('--cache-only', action='store_true', default=False, diff --git a/bin/openshift_ansible/awsutil.py b/bin/openshift_ansible/awsutil.py index 945e6a20c..eba11e851 100644 --- a/bin/openshift_ansible/awsutil.py +++ b/bin/openshift_ansible/awsutil.py @@ -31,6 +31,7 @@ class AwsUtil(object): host_type_aliases -- a list of aliases to common host-types (e.g. ex-node) """ + self.alias_lookup = {} host_type_aliases = host_type_aliases or {} self.host_type_aliases = host_type_aliases @@ -40,7 +41,6 @@ class AwsUtil(object): def setup_host_type_alias_lookup(self): """Sets up the alias to host-type lookup table.""" - self.alias_lookup = {} for key, values in self.host_type_aliases.iteritems(): for value in values: self.alias_lookup[value] = key @@ -101,6 +101,20 @@ class AwsUtil(object): host_types.sort() return host_types + def get_sub_host_types(self): + """Searches for sub-host-type tags in the inventory and returns all sub-host-types found.""" + pattern = re.compile(r'^oo_subhosttype_(.*)') + + sub_host_types = [] + inv = self.get_inventory() + for key in inv.keys(): + matched = pattern.match(key) + if matched: + sub_host_types.append(matched.group(1)) + + sub_host_types.sort() + return sub_host_types + def get_security_groups(self): """Searches for security_groups in the inventory and returns all SGs found.""" pattern = re.compile(r'^security_group_(.*)') @@ -192,9 +206,15 @@ class AwsUtil(object): host_type = self.resolve_host_type(host_type) return "oo_hosttype_%s" % host_type + @staticmethod + def gen_sub_host_type_tag(sub_host_type): + """Generate the host type tag + """ + return "oo_subhosttype_%s" % sub_host_type + # This function uses all of these params to perform a filters on our host inventory. # pylint: disable=too-many-arguments - def get_host_list(self, clusters=None, host_type=None, envs=None, version=None, cached=False): + def get_host_list(self, clusters=None, host_type=None, sub_host_type=None, envs=None, version=None, cached=False): """Get the list of hosts from the inventory using host-type and environment """ retval = set([]) @@ -229,6 +249,9 @@ class AwsUtil(object): if host_type: retval.intersection_update(inv.get(self.gen_host_type_tag(host_type, version), [])) + if sub_host_type: + retval.intersection_update(inv.get(self.gen_sub_host_type_tag(sub_host_type), [])) + if version != 'all': retval.intersection_update(inv.get(AwsUtil.gen_version_tag(version), [])) diff --git a/openshift-ansible.spec b/openshift-ansible.spec index c92ea2843..c660e6674 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.0.47 +Version: 3.0.49 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -261,6 +261,73 @@ Atomic OpenShift Utilities includes %changelog +* Tue Mar 01 2016 Matt Woodson <mwoodson@redhat.com> 3.0.49-1 +- fixed error in awsutil.py (mwoodson@redhat.com) + +* Tue Mar 01 2016 Matt Woodson <mwoodson@redhat.com> 3.0.48-1 +- ohi: added subtype searching (mwoodson@redhat.com) +- make heal remote actions generic for all [HEAL] triggers (jdiaz@redhat.com) +- added extra steps to ensure docker starts up (mwoodson@redhat.com) +- role_removal: docker_storage; This is the old way, no longer used + (mwoodson@redhat.com) +- role: added docker_storage_setup (mwoodson@redhat.com) +- Use inventory_hostname for openshift master certs to sync. + (abutcher@redhat.com) +- Adding a symlink to making loading the examples more convenient + (bleanhar@redhat.com) +- docs: Explain a bit more how to expand Atomic Host rootfs + (walters@verbum.org) +- a-o-i: Rename osm_default_subdomain (smunilla@redhat.com) +- Updating tito config for OSE 3.2 (bleanhar@redhat.com) +- Synchronize master kube configs (abutcher@redhat.com) +- added os_utils, os_reboot_server role; removed containerization stuff from + the updated (mwoodson@redhat.com) +- Add warnings to bin/cluster and READMEs (abutcher@redhat.com) +- Add host subnet length example. (abutcher@redhat.com) +- Upgrade -1510 to CentOS-7-x86_64-GenericCloud-1602. (cben@redhat.com) +- Pin down CentOS-7-x86_64-GenericCloud-1510.qcow2.xz version, which the + checksum currently expects (#1384). (cben@redhat.com) +- Change is_atomic to is_containerized (florian.lambert@enovance.com) +- Rename variable to openshift_master_default_subdomain with backwards + compatibility. (jstuever@redhat.com) +- lib_dyn: more updates to the lib_dyn module. Made the TTL more flexible + (mwoodson@redhat.com) +- remote heal action for OVS down (jdiaz@redhat.com) +- Pass registry claim to openshift_registry. (abutcher@redhat.com) +- Refactor - increase retries instead of delay in "Wait for Node Registration" + (david.mat@archimiddle.com) +- Better diagnostic messages when an OpenStack heat stack creation fails + (lhuard@amadeus.com) +- made some changes to lib_dyn update (mwoodson@redhat.com) +- Increase timeout on Wait for Node Registration (david.mat@archimiddle.com) +- Fix typo in oscp (agrimm@redhat.com) +- Add correct parsing of ec2_security_groups env variable + (david.mat@archimiddle.com) +- changed oso_host_monitoring to use the oo_ vars (twiest@redhat.com) +- Add quotes around src argument to support paths with spaces + (david.mat@archimiddle.com) +- Add missing is_atomic condition on upgrade package + (florian.lambert@enovance.com) +- configure debug_level for master and node from cli (jawed.khelil@amadeus.com) +- remove version requirement from etcd, shouldn't be needed anymore + (maxamillion@fedoraproject.org) +- Add ansible.cfg to .gitignore (jdetiber@redhat.com) +- added node-secgroup to master_nodes (j.david.nieto@gmail.com) +- Document setting the VPC subnet (puiterwijk@redhat.com) +- Update the AMIs used in README_AWS (puiterwijk@redhat.com) +- Add byo examples for network cidr and api/console ports. + (abutcher@redhat.com) +- Add openshift_docker roles to master/node scaleup. (abutcher@redhat.com) +- Fail when master.master_count descreases or master.ha changes. + (abutcher@redhat.com) +- Protected facts. (abutcher@redhat.com) +- Add modify_yaml module. (abutcher@redhat.com) +- Re-arrange scaleup playbooks. (abutcher@redhat.com) +- Move additional master configuration into a separate master playbook. + (abutcher@redhat.com) +- Generate each master's certificates separately. (abutcher@redhat.com) +- Add new_masters to scaleup playbook. (abutcher@redhat.com) + * Wed Feb 24 2016 Brenton Leanhardt <bleanhar@redhat.com> 3.0.47-1 - a-o-i: Double safety check on master_lb (smunilla@redhat.com) - a-o-i: Better method for identifying master_lb (smunilla@redhat.com) diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 9e7fa59cf..e6b10cab7 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -1,5 +1,5 @@ --- -etcd_service: "{{ 'etcd' if not openshift.common.is_containerized else 'etcd_container' }}" +etcd_service: "{{ 'etcd' if not openshift.common.is_containerized | bool else 'etcd_container' }}" etcd_interface: "{{ ansible_default_ipv4.interface }}" etcd_client_port: 2379 etcd_peer_port: 2380 diff --git a/roles/nuage_ca/files/openssl.cnf b/roles/nuage_ca/files/openssl.cnf new file mode 100644 index 000000000..7d1a29a79 --- /dev/null +++ b/roles/nuage_ca/files/openssl.cnf @@ -0,0 +1,3 @@ +[ clientauth ] +basicConstraints=CA:FALSE +extendedKeyUsage=critical,clientAuth diff --git a/roles/nuage_ca/files/serial.txt b/roles/nuage_ca/files/serial.txt new file mode 100644 index 000000000..4daddb72f --- /dev/null +++ b/roles/nuage_ca/files/serial.txt @@ -0,0 +1 @@ +00 diff --git a/roles/nuage_ca/meta/main.yml b/roles/nuage_ca/meta/main.yml new file mode 100644 index 000000000..2b06613f3 --- /dev/null +++ b/roles/nuage_ca/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Vishal Patil + description: + company: Nuage Networks + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: nuage_common } diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml new file mode 100644 index 000000000..9cfa40b8a --- /dev/null +++ b/roles/nuage_ca/tasks/main.yaml @@ -0,0 +1,46 @@ +--- +- name: Install openssl + action: "{{ ansible_pkg_mgr }} name=openssl state=present" + when: not openshift.common.is_atomic | bool + +- name: Create CA directory + file: path="{{ nuage_ca_dir }}" state=directory + run_once: true + delegate_to: "{{ nuage_ca_master }}" + +- name: Create certificate directory + file: path="{{ nuage_ca_master_crt_dir }}" state=directory + run_once: true + delegate_to: "{{ nuage_ca_master }}" + +- name: Check if the CA key already exists + stat: path="{{ nuage_ca_key }}" + register: nuage_ca_key_check + delegate_to: "{{ nuage_ca_master }}" + +- name: Create CA key + command: openssl genrsa -out "{{ nuage_ca_key }}" 4096 + run_once: true + delegate_to: "{{ nuage_ca_master }}" + when: nuage_ca_key_check.stat.exists is defined and nuage_ca_key_check.stat.exists == False + +- name: Check if the CA crt already exists + stat: path="{{ nuage_ca_crt }}" + register: nuage_ca_crt_check + delegate_to: "{{ nuage_ca_master }}" + +- name: Create CA crt + command: openssl req -new -x509 -key "{{ nuage_ca_key }}" -out "{{ nuage_ca_crt }}" -subj "/CN=nuage-signer" + run_once: true + delegate_to: "{{ nuage_ca_master }}" + when: nuage_ca_crt_check.stat.exists is defined and nuage_ca_crt_check.stat.exists == False + +- name: Create the serial file + copy: src=serial.txt dest="{{ nuage_ca_serial }}" + run_once: true + delegate_to: "{{ nuage_ca_master }}" + +- name: Copy SSL config file + copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf" + run_once: true + delegate_to: "{{ nuage_ca_master }}" diff --git a/roles/nuage_ca/vars/main.yaml b/roles/nuage_ca/vars/main.yaml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/roles/nuage_ca/vars/main.yaml diff --git a/roles/nuage_common/defaults/main.yaml b/roles/nuage_common/defaults/main.yaml new file mode 100644 index 000000000..d285bdfa3 --- /dev/null +++ b/roles/nuage_common/defaults/main.yaml @@ -0,0 +1,10 @@ +nuage_ca_master: "{{ groups.oo_first_master.0 }}" +nuage_ca_master_crt_dir: /usr/share/nuage-openshift-certificates + +nuage_ca_dir: /usr/share/nuage-openshift-ca +nuage_ca_key: "{{ nuage_ca_dir }}/nuageMonCA.key" +nuage_ca_crt: "{{ nuage_ca_dir }}/nuageMonCA.crt" +nuage_ca_serial: "{{ nuage_ca_dir }}/nuageMonCA.serial.txt" + +nuage_master_mon_dir: /usr/share/nuage-openshift-monitor +nuage_node_plugin_dir: /usr/share/vsp-openshift diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml new file mode 100644 index 000000000..3f16dd819 --- /dev/null +++ b/roles/nuage_master/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Vishal Patil + description: + company: Nuage Networks + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: nuage_ca } diff --git a/roles/nuage_master/tasks/certificates.yml b/roles/nuage_master/tasks/certificates.yml new file mode 100644 index 000000000..0d3c69467 --- /dev/null +++ b/roles/nuage_master/tasks/certificates.yml @@ -0,0 +1,50 @@ +--- +- name: Create a directory to hold the certificates + file: path="{{ nuage_mon_rest_server_crt_dir }}" state=directory + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the key + command: > + openssl genrsa -out "{{ nuage_ca_master_rest_server_key }}" 4096 + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the req file + command: > + openssl req -key "{{ nuage_ca_master_rest_server_key }}" -new -out "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -subj "/CN={{ ansible_nodename }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Generate the crt file + command: > + openssl x509 -req -in "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_rest_server_crt }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Remove the req file + file: path="{{ nuage_mon_rest_server_crt_dir }}/restServer.req" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Copy nuage CA crt + shell: cp "{{ nuage_ca_crt }}" "{{ nuage_mon_rest_server_crt_dir }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Archive the certificate dir + shell: "cd {{ nuage_mon_rest_server_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *" + delegate_to: "{{ nuage_ca_master }}" + +- name: Create a temp directory for the certificates + local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX" + register: mktemp + +- name: Download the certificates + fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes + delegate_to: "{{ nuage_ca_master }}" + +- name: Extract the certificates + unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_master_crt_dir }} + +- name: Delete the certificates after copy + file: path="{{ nuage_mon_rest_server_crt_dir }}" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Delete the temp directory + file: path="{{ mktemp.stdout }}" state=absent + delegate_to: "{{ nuage_ca_master }}" diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index 20d105b9e..abeee3d71 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -5,7 +5,7 @@ - name: Create the log directory sudo: true - file: path={{ nuage_openshift_monitor_log_dir }} state=directory + file: path={{ nuage_mon_rest_server_logdir }} state=directory - name: Install Nuage Openshift Monitor sudo: true @@ -23,7 +23,9 @@ - nuage.crt - nuage.key - nuage.kubeconfig - + +- include: certificates.yml + - name: Create nuage-openshift-monitor.yaml sudo: true template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644 diff --git a/roles/nuage_master/templates/nuage-openshift-monitor.j2 b/roles/nuage_master/templates/nuage-openshift-monitor.j2 index db8c3d85e..e50e225e1 100644 --- a/roles/nuage_master/templates/nuage-openshift-monitor.j2 +++ b/roles/nuage_master/templates/nuage-openshift-monitor.j2 @@ -16,4 +16,8 @@ enterpriseName: {{ enterprise }} # Name of the domain in which pods will reside domainName: {{ domain }} # Location where logs should be saved -log_dir: {{ nuage_openshift_monitor_log_dir }} +log_dir: {{ nuage_mon_rest_server_logdir }} +# Monitor rest server paramters +nuageMonServer: + URL: {{ nuage_mon_rest_server_url }} + certificateDirectory: {{ cert_output_dir }} diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index c489feabe..4b57273e4 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -4,4 +4,13 @@ admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig" cert_output_dir: /usr/share/nuage-openshift-monitor kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml -master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" +master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" +nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}" +nuage_mon_rest_server_url: "0.0.0.0:{{ nuage_mon_rest_server_port }}" +nuage_mon_rest_server_logdir: "{{ nuage_openshift_monitor_log_dir | default('/var/log/nuage-openshift-monitor') }}" + +nuage_mon_rest_server_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}" +nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.key" +nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt" + +nuage_master_crt_dir : /usr/share/nuage-openshift-monitor diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml new file mode 100644 index 000000000..3f16dd819 --- /dev/null +++ b/roles/nuage_node/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Vishal Patil + description: + company: Nuage Networks + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: nuage_ca } diff --git a/roles/nuage_node/tasks/certificates.yml b/roles/nuage_node/tasks/certificates.yml new file mode 100644 index 000000000..0fe6f7bac --- /dev/null +++ b/roles/nuage_node/tasks/certificates.yml @@ -0,0 +1,50 @@ +--- +- name: Create a directory to hold the certificates + file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=directory + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the key + command: > + openssl genrsa -out "{{ nuage_ca_master_plugin_key }}" 4096 + delegate_to: "{{ nuage_ca_master }}" + +- name: Create the req file + command: > + openssl req -key "{{ nuage_ca_master_plugin_key }}" -new -out "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -subj "/CN=nuage-client" + delegate_to: "{{ nuage_ca_master }}" + +- name: Generate the crt file + command: > + openssl x509 -req -in "{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_plugin_crt }}" -extensions clientauth -extfile "{{ nuage_ca_dir }}"/openssl.cnf + delegate_to: "{{ nuage_ca_master }}" + +- name: Remove the req file + file: path="{{ nuage_plugin_rest_client_crt_dir }}/restClient.req" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Copy nuage CA crt + shell: cp "{{ nuage_ca_crt }}" "{{ nuage_plugin_rest_client_crt_dir }}" + delegate_to: "{{ nuage_ca_master }}" + +- name: Archive the certificate dir + shell: "cd {{ nuage_plugin_rest_client_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *" + delegate_to: "{{ nuage_ca_master }}" + +- name: Create a temp directory for the certificates + local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX" + register: mktemp + +- name: Download the certificates + fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes + delegate_to: "{{ nuage_ca_master }}" + +- name: Extract the certificates + unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_plugin_crt_dir }} + +- name: Delete the certificates after copy + file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=absent + delegate_to: "{{ nuage_ca_master }}" + +- name: Delete the temp directory + file: path="{{ mktemp.stdout }}" state=absent + delegate_to: "{{ nuage_ca_master }}" diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index c1e49902d..d7dd53802 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -29,6 +29,8 @@ - nuage.key - nuage.kubeconfig +- include: certificates.yml + - name: Set the vsp-openshift.yaml sudo: true template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644 diff --git a/roles/nuage_node/templates/vsp-openshift.j2 b/roles/nuage_node/templates/vsp-openshift.j2 index 98d6c3a9c..6c10b9c24 100644 --- a/roles/nuage_node/templates/vsp-openshift.j2 +++ b/roles/nuage_node/templates/vsp-openshift.j2 @@ -10,5 +10,15 @@ enterpriseName: {{ enterprise }} domainName: {{ domain }} # IP address and port number of master API server masterApiServer: {{ api_server }} +# REST server URL +nuageMonRestServer: {{ nuage_mon_rest_server_url }} # Bridge name for the docker bridge dockerBridgeName: {{ docker_bridge }} +# Certificate for connecting to the kubemon REST API +nuageMonClientCert: {{ rest_client_cert }} +# Key to the certificate in restClientCert +nuageMonClientKey: {{ rest_client_key }} +# CA certificate for verifying the master's rest server +nuageMonServerCA: {{ rest_server_ca_cert }} +# Nuage vport mtu size +interfaceMTU: {{ vport_mtu }} diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml index 4975d17ed..5acc65ef4 100644 --- a/roles/nuage_node/vars/main.yaml +++ b/roles/nuage_node/vars/main.yaml @@ -6,4 +6,16 @@ client_cert: "{{ vsp_openshift_dir }}/nuage.crt" client_key: "{{ vsp_openshift_dir }}/nuage.key" ca_cert: "{{ vsp_openshift_dir }}/ca.crt" api_server: "{{ openshift_node_master_api_url }}" +nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}" +nuage_mon_rest_server_url: "https://{{ openshift_master_cluster_hostname }}:{{ nuage_mon_rest_server_port }}" docker_bridge: "docker0" +rest_client_cert: "{{ vsp_openshift_dir }}/nuageMonClient.crt" +rest_client_key: "{{ vsp_openshift_dir }}/nuageMonClient.key" +rest_server_ca_cert: "{{ vsp_openshift_dir }}/nuageMonCA.crt" +vport_mtu: "{{ nuage_interface_mtu | default('1460') }}" + +nuage_plugin_rest_client_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}" +nuage_ca_master_plugin_key: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.key" +nuage_ca_master_plugin_crt: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.crt" + +nuage_plugin_crt_dir : /usr/share/vsp-openshift diff --git a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml index b3b60bf9b..9c8f1071a 100644 --- a/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/logging-deployer.yaml @@ -86,7 +86,7 @@ parameters: - description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' name: IMAGE_VERSION - value: "3.1.0" + value: "3.1.1" - description: "If true, set up to use a second ES cluster for ops logs." name: ENABLE_OPS_CLUSTER diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 0f25881f1..7b2715bb0 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1090,7 +1090,7 @@ def set_container_facts_if_unset(facts): if 'ovs_image' not in facts['node']: facts['node']['ovs_image'] = ovs_image - if facts['common']['is_containerized']: + if bool(strtobool(str(facts['common']['is_containerized']))): facts['common']['admin_binary'] = '/usr/local/bin/oadm' facts['common']['client_binary'] = '/usr/local/bin/oc' diff --git a/roles/os_zabbix/vars/template_openshift_node.yml b/roles/os_zabbix/vars/template_openshift_node.yml index e6daee8e4..66bd3a147 100644 --- a/roles/os_zabbix/vars/template_openshift_node.yml +++ b/roles/os_zabbix/vars/template_openshift_node.yml @@ -59,7 +59,7 @@ g_template_openshift_node: url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc' priority: high - - name: '[HEAL] OVS may not be running on {HOST.NAME}' + - name: '[Heal] OVS may not be running on {HOST.NAME}' expression: '{Template Openshift Node:openshift.node.ovs.pids.count.last(#1)}<>4 and {Template Openshift Node:openshift.node.ovs.pids.count.last(#2)}<>4' url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc' priority: high @@ -68,34 +68,3 @@ g_template_openshift_node: expression: '{Template Openshift Node:openshift.node.ovs.ports.count.last()}=0' url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc' priority: high - - zactions: - - name: '[HEAL] OVS may not be running on {HOST.NAME}' - status: disabled - escalation_time: 60 - conditions_filter: - calculation_type: "and/or" - conditions: - - conditiontype: maintenance status - operator: not in - - conditiontype: trigger name - operator: like - value: "[HEAL] OVS may not be running on" - - conditiontype: trigger value - operator: "=" - value: PROBLEM - operations: - - esc_step_from: 1 - esc_step_to: 1 - esc_period: 0 - operationtype: remote command - opcommand: - command: 'ssh -i /etc/openshift_tools/scriptrunner_id_rsa {{ ozb_scriptrunner_user }}@{{ ozb_scriptrunner_bastion_host }} remote-healer --host \"{HOST.NAME}\" --trigger \"{TRIGGER.NAME}\" --trigger-val \"{TRIGGER.VALUE}\"' - execute_on: "zabbix server" - type: 'custom script' - target_hosts: - - target_type: 'zabbix server' - opconditions: - - conditiontype: 'event acknowledged' - operator: '=' - value: 'not acknowledged' diff --git a/roles/os_zabbix/vars/template_ops_tools.yml b/roles/os_zabbix/vars/template_ops_tools.yml index d1b8a2514..a0a5a4d03 100644 --- a/roles/os_zabbix/vars/template_ops_tools.yml +++ b/roles/os_zabbix/vars/template_ops_tools.yml @@ -21,3 +21,34 @@ g_template_ops_tools: expression: '{Template Operations Tools:disc.ops.runner.command.exitcode[{#OSO_COMMAND}].last()}<>0' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_ops_runner_command.asciidoc' priority: average + + zactions: + - name: 'Remote command for [Heal] triggers' + status: enabled + escalation_time: 60 + conditions_filter: + calculation_type: "and/or" + conditions: + - conditiontype: maintenance status + operator: not in + - conditiontype: trigger name + operator: like + value: "[Heal]" + - conditiontype: trigger value + operator: "=" + value: PROBLEM + operations: + - esc_step_from: 1 + esc_step_to: 1 + esc_period: 0 + operationtype: remote command + opcommand: + command: 'ssh -i /etc/openshift_tools/scriptrunner_id_rsa {{ ozb_scriptrunner_user }}@{{ ozb_scriptrunner_bastion_host }} remote-healer --host \"{HOST.NAME}\" --trigger \"{TRIGGER.NAME}\" --trigger-val \"{TRIGGER.VALUE}\"' + execute_on: "zabbix server" + type: 'custom script' + target_hosts: + - target_type: 'zabbix server' + opconditions: + - conditiontype: 'event acknowledged' + operator: '=' + value: 'not acknowledged' |