diff options
Diffstat (limited to 'playbooks')
3 files changed, 0 insertions, 203 deletions
diff --git a/playbooks/byo/openshift-cluster/check-cert-expiry.yaml b/playbooks/byo/openshift-cluster/check-cert-expiry.yaml deleted file mode 100644 index 39efdbd36..000000000 --- a/playbooks/byo/openshift-cluster/check-cert-expiry.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# check-cert-expiry.yaml - A utility for cluster ops to scan through -# (critical) certificates for the ongoing operations of a cluster. - -# We do not support all Ansible versions. This is our safety net. -- include: ../../common/openshift-cluster/verify_ansible_version.yml - -- name: Generate the l_oo_all_hosts group - hosts: localhost - connection: local - become: no - gather_facts: no - tasks: - - include_vars: cluster_hosts.yml - - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - -# This may seem redundant, running `include_vars` again on the list of -# hosts in the group 'l_oo_all_hosts' which we just created. But the -# fact of the matter is that if we don't re-run include_vars on the -# new host group we created, then they will not have access to those -# same group variables they were birthed from. -# -# Go ahead and try to 'debug: var=g_all_hosts' later on (without this -# play) and you'll find that the result is UNDEFINED VARIABLE. -- name: Inject cluster hosts variables into l_oo_all_hosts - hosts: l_oo_all_hosts - gather_facts: no - tasks: - - include_vars: cluster_hosts.yml - -# This is where the actual business gets started: -- include: ../../common/openshift-cluster/check-cert-expiry.yaml diff --git a/playbooks/common/openshift-cluster/check-cert-expiry.yaml b/playbooks/common/openshift-cluster/check-cert-expiry.yaml deleted file mode 100644 index b585fd849..000000000 --- a/playbooks/common/openshift-cluster/check-cert-expiry.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# --- -# # This must be evaluated after cluster_hosts.yml has been evaluated on -# # 'localhost' to generate l_oo_all_hosts and then subsequently -# # evaluated again on the generated hosts group (l_oo_all_hosts). -# - include: evaluate_groups.yml -# tags: -# - always - -# # Initialize cluster facts for oo_all_hosts using the openshift_facts -# # role followed by the 'common' role -# - include: initialize_facts.yml -# tags: -# - always - -# # Get the version to install from the first master, then synchronize -# # that variable across all in oo_all_hosts -# - include: initialize_openshift_version.yml -# tags: -# - always - -# # Earlier 'initialize_facts' included the openshift_facts role and -# # used the openshift_facts module with the 'role' parameter set to -# # 'common'. Now we're applying the openshift_facts role AGAIN but just -# # to the subset of oo_all_hosts which require configuring. -# - name: Load openshift_facts -# hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config -# roles: -# - openshift_facts - -- hosts: all - become: yes - gather_facts: no - tasks: - - name: Check cert expirys on host - openshift_cert_expiry: - warning_days: 1500 - register: check_results - - name: Generate html - become: no - run_once: yes - template: - src: templates/cert-expiry-table.html.j2 - dest: /tmp/cert-table.html - delegate_to: localhost diff --git a/playbooks/common/openshift-cluster/templates/cert-expiry-table.html.j2 b/playbooks/common/openshift-cluster/templates/cert-expiry-table.html.j2 deleted file mode 100644 index f74d7f1ce..000000000 --- a/playbooks/common/openshift-cluster/templates/cert-expiry-table.html.j2 +++ /dev/null @@ -1,124 +0,0 @@ -<!DOCTYPE html> -<html> - <head> - <meta charset="UTF-8" /> - <title>OCP Certificate Expiry Report</title> - {# For fancy icons and a pleasing font #} - <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" /> - <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700" rel="stylesheet" /> - <style type="text/css"> - body { - font-family: 'Source Sans Pro', sans-serif; - margin-left: 50px; - margin-right: 50px; - margin-bottom: 20px; - padding-top: 70px; - } - table { - border-collapse: collapse; - margin-bottom: 20px; - } - table, th, td { - border: 1px solid black; - } - th, td { - padding: 5px; - } - .cert-kind { - margin-top: 5px; - margin-bottom: 5px; - } - footer { - font-size: small; - text-align: center; - } - tr.odd { - background-color: #f2f2f2; - } - </style> - </head> - <body> - <nav class="navbar navbar-default navbar-fixed-top"> - <div class="container-fluid"> - <div class="navbar-header"> - <a class="navbar-brand" href="#">OCP Certificate Expiry Report</a> - </div> - <div class="collapse navbar-collapse"> - <p class="navbar-text navbar-right"> - <a href="https://docs.openshift.com/container-platform/latest/install_config/redeploying_certificates.html" - target="_blank" - class="navbar-link"> - <i class="glyphicon glyphicon-book"></i> Redeploying Certificates - </a> - </p> - </div> - </div> - </nav> - - {# Each host has a header and table to itself #} - {% for host in play_hosts %} - <h1>{{ host }}</h1> - - <p> - {{ hostvars[host].check_results.msg }} - </p> - <ul> - <li><b>Expirations checked at:</b> {{ hostvars[host].check_results.check_results.meta.checked_at_time }}</li> - <li><b>Warn after date:</b> {{ hostvars[host].check_results.check_results.meta.warn_after_date }}</li> - </ul> - - <table border="1" width="100%"> - {# These are hard-coded right now, but should be grabbed dynamically from the registered results #} - {%- for kind in ['ocp_certs', 'etcd', 'kubeconfigs', 'router', 'registry'] -%} - <tr> - <th colspan="6" style="text-align:center"><h2 class="cert-kind">{{ kind }}</h2></th> - </tr> - - <tr> - <th> </th> - <th style="width:33%">Certificate Common/Alt Name(s)</th> - <th>Health</th> - <th>Days Remaining</th> - <th>Expiration Date</th> - <th>Path</th> - </tr> - - {# A row for each certificate examined #} - {%- for v in hostvars[host].check_results.check_results[kind] -%} - - {# Let's add some flair and show status visually with fancy icons #} - {% if v.health == 'ok' %} - {% set health_icon = 'glyphicon glyphicon-ok' %} - {% elif v.health == 'warning' %} - {% set health_icon = 'glyphicon glyphicon-alert' %} - {% else %} - {% set health_icon = 'glyphicon glyphicon-remove' %} - {% endif %} - - <tr class="{{ loop.cycle('odd', 'even') }}"> - <td style="text-align:center"><i class="{{ health_icon }}"></i></td> - <td style="width:33%">{{ v.cert_cn }}</td> - <td>{{ v.health }}</td> - <td>{{ v.days_remaining }}</td> - <td>{{ v.expiry }}</td> - <td>{{ v.path }}</td> - </tr> - {% endfor %} - {# end row generation per cert of this type #} - {% endfor %} - {# end generation for each kind of cert block #} - </table> - <hr /> - {% endfor %} - {# end section generation for each host #} - - <footer> - <p> - Expiration report generated by <a href="https://github.com/openshift/openshift-ansible" target="_blank">openshift-ansible</a> - </p> - <p> - Status icons from bootstrap/glyphicon - </p> - </footer> - </body> -</html> |