diff options
| -rw-r--r-- | inventory/byo/hosts.origin.example | 10 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 8 | ||||
| -rw-r--r-- | playbooks/adhoc/openshift_hosted_logging_efk.yaml | 4 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/openshift_hosted.yml | 26 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/redeploy-certificates/router.yml | 31 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/post_control_plane.yml | 14 | ||||
| -rw-r--r-- | roles/openshift_logging/README.md | 2 | ||||
| -rw-r--r-- | roles/openshift_logging/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_logging/templates/kibana.j2 | 4 | ||||
| -rw-r--r-- | roles/openshift_metrics/defaults/main.yaml | 3 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/install_cassandra.yaml | 1 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/install_hawkular.yaml | 1 | ||||
| -rw-r--r-- | roles/openshift_metrics/tasks/install_heapster.yaml | 1 | ||||
| -rw-r--r-- | roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 | 6 | ||||
| -rw-r--r-- | roles/openshift_metrics/templates/hawkular_metrics_rc.j2 | 6 | ||||
| -rw-r--r-- | roles/openshift_metrics/templates/heapster.j2 | 6 |
16 files changed, 78 insertions, 47 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index f24cfc737..83cfc617f 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -468,18 +468,18 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # pods are deleted # # Other Logging Options -- Common items you may wish to reconfigure, for the complete -# list of options please see roles/openshift_hosted_logging/README.md +# list of options please see roles/openshift_logging/README.md # # Configure loggingPublicURL in the master config for aggregate logging, defaults # to https://kibana.{{ openshift_master_default_subdomain }} #openshift_master_logging_public_url=https://kibana.example.com # Configure the number of elastic search nodes, unless you're using dynamic provisioning # this value must be 1 -#openshift_hosted_logging_elasticsearch_cluster_size=1 -#openshift_hosted_logging_hostname=logging.apps.example.com +#openshift_logging_es_cluster_size=1 +#openshift_logging_kibana_hostname=logging.apps.example.com # Configure the prefix and version for the deployer image -#openshift_hosted_logging_deployer_prefix=registry.example.com:8888/openshift3/ -#openshift_hosted_logging_deployer_version=3.3.0 +#openshift_logging_image_prefix=registry.example.com:8888/openshift3/ +#openshift_logging_image_version=3.3.0 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index b48776304..12f957170 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -475,11 +475,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_logging_public_url=https://kibana.example.com # Configure the number of elastic search nodes, unless you're using dynamic provisioning # this value must be 1 -#openshift_hosted_logging_elasticsearch_cluster_size=1 -#openshift_hosted_logging_hostname=logging.apps.example.com +#openshift_logging_es_cluster_size=1 +#openshift_logging_kibana_hostname=logging.apps.example.com # Configure the prefix and version for the deployer image -#openshift_hosted_logging_deployer_prefix=registry.example.com:8888/openshift3/ -#openshift_hosted_logging_deployer_version=3.3.0 +#openshift_logging_image_prefix=registry.example.com:8888/openshift3/ +#openshift_logging_image_version=3.3.0 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' diff --git a/playbooks/adhoc/openshift_hosted_logging_efk.yaml b/playbooks/adhoc/openshift_hosted_logging_efk.yaml index 0b30a221d..e83351272 100644 --- a/playbooks/adhoc/openshift_hosted_logging_efk.yaml +++ b/playbooks/adhoc/openshift_hosted_logging_efk.yaml @@ -1,7 +1,7 @@ --- - hosts: masters[0] roles: - - role: openshift_hosted_logging + - role: openshift_logging openshift_hosted_logging_cleanup: no - name: Update master-config for publicLoggingURL @@ -11,6 +11,6 @@ logging_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" tasks: - include_role: - name: openshift_hosted_logging + name: openshift_logging tasks_from: update_master_config when: openshift_hosted_logging_deploy | default(false) | bool diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index 3c4a99887..7b58eebc3 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -27,21 +27,21 @@ logging_elasticsearch_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}" roles: - role: openshift_hosted - - role: openshift_hosted_metrics + - role: openshift_metrics when: openshift_hosted_metrics_deploy | default(false) | bool - - role: openshift_hosted_logging + - role: openshift_logging when: openshift_hosted_logging_deploy | default(false) | bool - openshift_hosted_logging_hostname: "{{ logging_hostname }}" - openshift_hosted_logging_ops_hostname: "{{ logging_ops_hostname }}" - openshift_hosted_logging_master_public_url: "{{ logging_master_public_url }}" - openshift_hosted_logging_elasticsearch_cluster_size: "{{ logging_elasticsearch_cluster_size }}" - openshift_hosted_logging_elasticsearch_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" - openshift_hosted_logging_elasticsearch_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}" - openshift_hosted_logging_elasticsearch_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" - openshift_hosted_logging_elasticsearch_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}" - openshift_hosted_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" - openshift_hosted_logging_elasticsearch_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs' ] else '' }}" - openshift_hosted_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) =='dynamic' else '' }}" + openshift_logging_kibana_hostname: "{{ logging_hostname }}" + openshift_logging_kibana_ops_hostname: "{{ logging_ops_hostname }}" + openshift_logging_master_public_url: "{{ logging_master_public_url }}" + openshift_logging_es_cluster_size: "{{ logging_elasticsearch_cluster_size }}" + openshift_logging_es_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" + openshift_logging_es_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}" + openshift_logging_es_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" + openshift_logging_es_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}" + openshift_logging_es_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" + openshift_logging_es_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs' ] else '' }}" + openshift_logging_es_ops_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) =='dynamic' else '' }}" - role: cockpit-ui when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool) diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml index 03d64685d..a9e9f0915 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml @@ -44,25 +44,26 @@ when: l_router_dc.rc == 0 and 'OPENSHIFT_CA_DATA' in router_env_vars and 'OPENSHIFT_CERT_DATA' in router_env_vars and 'OPENSHIFT_KEY_DATA' in router_env_vars - block: - - name: Generate router certificate + - name: Delete existing router certificate secret command: > - {{ openshift.common.client_binary }} adm ca create-server-cert - --hostnames=router.default.svc,router.default.svc.cluster.local - --signer-cert={{ openshift.common.config_base }}/master/service-signer.crt - --signer-key={{ openshift.common.config_base }}/master/service-signer.key - --signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt - --cert={{ mktemp.stdout }}/tls.crt - --key={{ mktemp.stdout }}/tls.key + {{ openshift.common.client_binary }} delete secret/router-certs + --config={{ mktemp.stdout }}/admin.kubeconfig + -n default - - name: Update router certificates secret - shell: > - {{ openshift.common.client_binary }} secret new router-certs - {{ mktemp.stdout }}/tls.crt - {{ mktemp.stdout }}/tls.key - --type=kubernetes.io/tls + - name: Remove router service annotations + command: > + {{ openshift.common.client_binary }} annotate service/router + service.alpha.openshift.io/serving-cert-secret-name- + service.alpha.openshift.io/serving-cert-signed-by- + --config={{ mktemp.stdout }}/admin.kubeconfig + -n default + + - name: Add serving-cert-secret annotation to router service + command: > + {{ openshift.common.client_binary }} annotate service/router + service.alpha.openshift.io/serving-cert-secret-name=router-certs --config={{ mktemp.stdout }}/admin.kubeconfig -n default - -o json | oc replace -f - when: l_router_dc.rc == 0 and 'router-certs' in router_secrets - name: Redeploy router diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 2bbcbe1f8..9771d5445 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -26,21 +26,26 @@ registry_url: "{{ openshift.master.registry_url }}" openshift_hosted_templates_import_command: replace pre_tasks: + + # TODO: remove temp_skip_router_registry_upgrade variable. This is a short term hack + # to allow ops to use this control plane upgrade, without triggering router/registry + # upgrade which has not yet been synced with their process. - name: Collect all routers command: > {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json register: all_routers failed_when: false changed_when: false + when: temp_skip_router_registry_upgrade is not defined - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}" - when: all_routers.rc == 0 + when: all_routers.rc == 0 and temp_skip_router_registry_upgrade is not defined - set_fact: haproxy_routers=[] - when: all_routers.rc != 0 + when: all_routers.rc != 0 and temp_skip_router_registry_upgrade is not defined - name: Update router image to current version - when: all_routers.rc == 0 + when: all_routers.rc == 0 and temp_skip_router_registry_upgrade is not defined command: > {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -n {{ item['namespace'] }} -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' @@ -53,9 +58,10 @@ register: _default_registry failed_when: false changed_when: false + when: temp_skip_router_registry_upgrade is not defined - name: Update registry image to current version - when: _default_registry.rc == 0 + when: _default_registry.rc == 0 and temp_skip_router_registry_upgrade is not defined command: > {{ oc_cmd }} patch dc/docker-registry -n default -p '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 8651e06e7..9394977c0 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -25,7 +25,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_image_version`: The image version for the logging images to use. Defaults to 'latest'. - `openshift_logging_use_ops`: If 'True', set up a second ES and Kibana cluster for infrastructure logs. Defaults to 'False'. - `master_url`: The URL for the Kubernetes master, this does not need to be public facing but should be accessible from within the cluster. Defaults to 'https://kubernetes.default.svc.cluster.local'. -- `public_master_url`: The public facing URL for the Kubernetes master, this is used for Authentication redirection. Defaults to 'https://localhost:8443'. +- `openshift_logging_master_public_url`: The public facing URL for the Kubernetes master, this is used for Authentication redirection. Defaults to 'https://localhost:8443'. - `openshift_logging_namespace`: The namespace that Aggregated Logging will be installed in. Defaults to 'logging'. - `openshift_logging_curator_default_days`: The default minimum age (in days) Curator uses for deleting log records. Defaults to '30'. - `openshift_logging_curator_run_hour`: The hour of the day that Curator will run at. Defaults to '0'. diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 919c53787..ead59c029 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -3,7 +3,7 @@ openshift_logging_image_prefix: docker.io/openshift/origin- openshift_logging_image_version: latest openshift_logging_use_ops: False master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" -public_master_url: "https://{{openshift.common.public_hostname}}:8443" +openshift_logging_master_public_url: "https://{{openshift.common.public_hostname}}:8443" openshift_logging_namespace: logging openshift_logging_install_logging: True diff --git a/roles/openshift_logging/templates/kibana.j2 b/roles/openshift_logging/templates/kibana.j2 index b42f62850..3a9e03768 100644 --- a/roles/openshift_logging/templates/kibana.j2 +++ b/roles/openshift_logging/templates/kibana.j2 @@ -93,10 +93,10 @@ spec: value: {{master_url}} - name: "OAP_PUBLIC_MASTER_URL" - value: {{public_master_url}} + value: {{openshift_logging_master_public_url}} - name: "OAP_LOGOUT_REDIRECT" - value: {{public_master_url}}/console/logout + value: {{openshift_logging_master_public_url}}/console/logout - name: "OAP_MASTER_CA_FILE" value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml index b99adf779..dd5a20d5b 100644 --- a/roles/openshift_metrics/defaults/main.yaml +++ b/roles/openshift_metrics/defaults/main.yaml @@ -13,6 +13,7 @@ openshift_metrics_hawkular_requests_cpu: null openshift_metrics_hawkular_cert: "" openshift_metrics_hawkular_key: "" openshift_metrics_hawkular_ca: "" +openshift_metrics_hawkular_nodeselector: "" openshift_metrics_cassandra_replicas: 1 openshift_metrics_cassandra_storage_type: emptydir @@ -21,12 +22,14 @@ openshift_metrics_cassandra_limits_memory: 2G openshift_metrics_cassandra_limits_cpu: null openshift_metrics_cassandra_requests_memory: 1G openshift_metrics_cassandra_requests_cpu: null +openshift_metrics_cassandra_nodeselector: "" openshift_metrics_heapster_standalone: False openshift_metrics_heapster_limits_memory: 3.75G openshift_metrics_heapster_limits_cpu: null openshift_metrics_heapster_requests_memory: 0.9375G openshift_metrics_heapster_requests_cpu: null +openshift_metrics_heapster_nodeselector: "" openshift_metrics_duration: 7 openshift_metrics_resolution: 15s diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml index a9340acc3..9e25071af 100644 --- a/roles/openshift_metrics/tasks/install_cassandra.yaml +++ b/roles/openshift_metrics/tasks/install_cassandra.yaml @@ -18,6 +18,7 @@ node: "{{ item }}" master: "{{ (item == '1')|string|lower }}" replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}" + node_selector: "{{openshift_metrics_cassandra_nodeselector | default('') }}" with_sequence: count={{ openshift_metrics_cassandra_replicas }} changed_when: false diff --git a/roles/openshift_metrics/tasks/install_hawkular.yaml b/roles/openshift_metrics/tasks/install_hawkular.yaml index 00f7b2554..1ba11efa8 100644 --- a/roles/openshift_metrics/tasks/install_hawkular.yaml +++ b/roles/openshift_metrics/tasks/install_hawkular.yaml @@ -13,6 +13,7 @@ dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_rc.yaml" vars: replica_count: "{{hawkular_metrics_replica_count.stdout | default(0)}}" + node_selector: "{{openshift_metrics_hawkular_nodeselector | default('') }}" changed_when: false - name: read hawkular-metrics route destination ca certificate diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml index 39df797ab..44bab8ace 100644 --- a/roles/openshift_metrics/tasks/install_heapster.yaml +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -11,4 +11,5 @@ template: src=heapster.j2 dest={{mktemp.stdout}}/templates/metrics-heapster-rc.yaml vars: replica_count: "{{heapster_replica_count.stdout | default(0)}}" + node_selector: "{{openshift_metrics_heapster_nodeselector | default('') }}" changed_when: no diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index abd4ff939..876cb1915 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -19,6 +19,12 @@ spec: type: hawkular-cassandra spec: serviceAccount: cassandra +{% if node_selector is iterable and node_selector | length > 0 %} + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} containers: - image: "{{ openshift_metrics_image_prefix }}metrics-cassandra:{{ openshift_metrics_image_version }}" name: hawkular-cassandra-{{ node }} diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index f78621674..d39f1b43a 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -17,6 +17,12 @@ spec: name: hawkular-metrics spec: serviceAccount: hawkular +{% if node_selector is iterable and node_selector | length > 0 %} + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} containers: - image: {{openshift_metrics_image_prefix}}metrics-hawkular-metrics:{{openshift_metrics_image_version}} name: hawkular-metrics diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index eeca03be0..7c837db4d 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -18,6 +18,12 @@ spec: name: heapster spec: serviceAccountName: heapster +{% if node_selector is iterable and node_selector | length > 0 %} + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} containers: - name: heapster image: {{openshift_metrics_image_prefix}}metrics-heapster:{{openshift_metrics_image_version}} |