summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.pylintrc3
-rw-r--r--CONTRIBUTING.md18
-rw-r--r--roles/openshift_logging/defaults/main.yml12
-rw-r--r--roles/openshift_logging/tasks/generate_routes.yaml20
-rw-r--r--roles/openshift_logging/templates/route_reencrypt.j28
-rw-r--r--roles/openshift_node/tasks/main.yml6
6 files changed, 65 insertions, 2 deletions
diff --git a/.pylintrc b/.pylintrc
index a32bd3d68..ab842843a 100644
--- a/.pylintrc
+++ b/.pylintrc
@@ -18,7 +18,8 @@ persistent=no
load-plugins=
# Use multiple processes to speed up Pylint.
-jobs=1
+# Zero means use the total number of CPUs.
+jobs=0
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 83c844e28..dafa73bad 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -85,6 +85,24 @@ parallel
pip install tox detox
```
+---
+
+Note: before running `tox` or `detox`, ensure that the only virtualenvs within
+the repository root are the ones managed by `tox`, those in a `.tox`
+subdirectory.
+
+Use this command to list paths that are likely part of a virtualenv not managed
+by `tox`:
+
+```
+$ find . -path '*/bin/python' | grep -vF .tox
+```
+
+Extraneous virtualenvs cause tools such as `pylint` to take a very long time
+going through files that are part of the virtualenv.
+
+---
+
List the test environments available:
```
tox -l
diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml
index 73849f46a..dc1e66d55 100644
--- a/roles/openshift_logging/defaults/main.yml
+++ b/roles/openshift_logging/defaults/main.yml
@@ -27,6 +27,18 @@ openshift_logging_kibana_proxy_cpu_limit: null
openshift_logging_kibana_proxy_memory_limit: null
openshift_logging_kibana_replica_count: 1
+#The absolute path on the control node to the cert file to use
+#for the public facing kibana certs
+openshift_logging_kibana_cert: ""
+
+#The absolute path on the control node to the key file to use
+#for the public facing kibana certs
+openshift_logging_kibana_key: ""
+
+#The absolute path on the control node to the CA file to use
+#for the public facing kibana certs
+openshift_logging_kibana_ca: ""
+
openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default(kibana-ops.{{openshift.common.dns_domain}}) }}"
openshift_logging_kibana_ops_cpu_limit: null
openshift_logging_kibana_ops_memory_limit: null
diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml
index 60694f67e..3c462378b 100644
--- a/roles/openshift_logging/tasks/generate_routes.yaml
+++ b/roles/openshift_logging/tasks/generate_routes.yaml
@@ -1,4 +1,20 @@
---
+- set_fact: kibana_key={{ lookup('file', openshift_logging_kibana_key) | b64encode }}
+ when: "{{ openshift_logging_kibana_key | trim | length > 0 }}"
+ changed_when: false
+
+- set_fact: kibana_cert={{ lookup('file', openshift_logging_kibana_cert)| b64encode }}
+ when: "{{openshift_logging_kibana_cert | trim | length > 0}}"
+ changed_when: false
+
+- set_fact: kibana_ca={{ lookup('file', openshift_logging_kibana_ca)| b64encode }}
+ when: "{{openshift_logging_kibana_ca | trim | length > 0}}"
+ changed_when: false
+
+- set_fact: kibana_ca={{key_pairs | entry_from_named_pair('ca_file') }}
+ when: kibana_ca is not defined
+ changed_when: false
+
- name: Generating logging routes
template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml
tags: routes
@@ -6,7 +22,9 @@
obj_name: "{{route_info.name}}"
route_host: "{{route_info.host}}"
service_name: "{{route_info.name}}"
- tls_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
+ tls_key: "{{kibana_key | default('') | b64decode}}"
+ tls_cert: "{{kibana_cert | default('') | b64decode}}"
+ tls_ca_cert: "{{kibana_ca | b64decode}}"
tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
labels:
component: support
diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2
index 8be30a2c4..341ffdd84 100644
--- a/roles/openshift_logging/templates/route_reencrypt.j2
+++ b/roles/openshift_logging/templates/route_reencrypt.j2
@@ -11,6 +11,14 @@ metadata:
spec:
host: {{ route_host }}
tls:
+{% if tls_key is defined and tls_key | length > 0 %}
+ key: |
+{{ tls_key|indent(6, true) }}
+{% if tls_cert is defined and tls_cert | length > 0 %}
+ certificate: |
+{{ tls_cert|indent(6, true) }}
+{% endif %}
+{% endif %}
caCertificate: |
{% for line in tls_ca_cert.split('\n') %}
{{ line }}
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 3e888b77f..691227915 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -60,6 +60,12 @@
state: present
when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool
+- name: Install conntrack-tools package
+ package:
+ name: "conntrack-tools"
+ state: present
+ when: not openshift.common.is_containerized | bool
+
- name: Install the systemd units
include: systemd_units.yml