summaryrefslogtreecommitdiffstats
path: root/roles/nuage_master
diff options
context:
space:
mode:
Diffstat (limited to 'roles/nuage_master')
-rw-r--r--roles/nuage_master/README.md8
-rw-r--r--roles/nuage_master/files/serviceaccount.sh63
-rw-r--r--roles/nuage_master/handlers/main.yaml18
-rw-r--r--roles/nuage_master/meta/main.yml16
-rw-r--r--roles/nuage_master/tasks/certificates.yml50
-rw-r--r--roles/nuage_master/tasks/main.yaml36
-rw-r--r--roles/nuage_master/templates/nuage-openshift-monitor.j223
-rw-r--r--roles/nuage_master/vars/main.yaml16
8 files changed, 230 insertions, 0 deletions
diff --git a/roles/nuage_master/README.md b/roles/nuage_master/README.md
new file mode 100644
index 000000000..de101dd19
--- /dev/null
+++ b/roles/nuage_master/README.md
@@ -0,0 +1,8 @@
+Nuage Master
+============
+Setup Nuage Kubernetes Monitor on the Master node
+
+
+Requirements
+------------
+This role assumes it has been deployed on RHEL/Fedora
diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh
new file mode 100644
index 000000000..f6fdb8a8d
--- /dev/null
+++ b/roles/nuage_master/files/serviceaccount.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+# Parse CLI options
+for i in "$@"; do
+ case $i in
+ --master-cert-dir=*)
+ MASTER_DIR="${i#*=}"
+ CA_CERT=${MASTER_DIR}/ca.crt
+ CA_KEY=${MASTER_DIR}/ca.key
+ CA_SERIAL=${MASTER_DIR}/ca.serial.txt
+ ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig
+ ;;
+ --server=*)
+ SERVER="${i#*=}"
+ ;;
+ --output-cert-dir=*)
+ OUTDIR="${i#*=}"
+ CONFIG_FILE=${OUTDIR}/nuage.kubeconfig
+ ;;
+ esac
+done
+
+# If any are missing, print the usage and exit
+if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then
+ echo "Invalid syntax: $@"
+ echo "Usage:"
+ echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/"
+ echo "--master-cert-dir: Directory where the master's configuration is held"
+ echo "--server: Address of Kubernetes API server (default port is 8443)"
+ echo "--output-cert-dir: Directory to put artifacts in"
+ echo ""
+ echo "All options are required"
+ exit 1
+fi
+
+# Login as admin so that we can create the service account
+oc login -u system:admin --config=$ADMIN_FILE || exit 1
+oc project default --config=$ADMIN_FILE
+
+ACCOUNT_CONFIG='
+{
+ "apiVersion": "v1",
+ "kind": "ServiceAccount",
+ "metadata": {
+ "name": "nuage"
+ }
+}
+'
+
+# Create the account with the included info
+echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f -
+
+# Add the cluser-reader role, which allows this service account read access to
+# everything in the cluster except secrets
+oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE
+
+# Generate certificates and a kubeconfig for the service account
+oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage'
+
+# Verify the finalized kubeconfig
+if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then
+ echo "Service account creation failed!"
+ exit 1
+fi
diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml
new file mode 100644
index 000000000..5d133cf16
--- /dev/null
+++ b/roles/nuage_master/handlers/main.yaml
@@ -0,0 +1,18 @@
+---
+- name: restart nuage-openshift-monitor
+ sudo: true
+ service: name=nuage-openshift-monitor state=restarted
+
+- name: restart master
+ service: name={{ openshift.common.service_type }}-master state=restarted
+ when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false))
+
+- name: restart master api
+ service: name={{ openshift.common.service_type }}-master-api state=restarted
+ when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native'
+
+# TODO: need to fix up ignore_errors here
+- name: restart master controllers
+ service: name={{ openshift.common.service_type }}-master-controllers state=restarted
+ when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native'
+ ignore_errors: yes
diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml
new file mode 100644
index 000000000..3f16dd819
--- /dev/null
+++ b/roles/nuage_master/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: Vishal Patil
+ description:
+ company: Nuage Networks
+ license: Apache License, Version 2.0
+ min_ansible_version: 1.8
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+ - system
+dependencies:
+- { role: nuage_ca }
diff --git a/roles/nuage_master/tasks/certificates.yml b/roles/nuage_master/tasks/certificates.yml
new file mode 100644
index 000000000..0d3c69467
--- /dev/null
+++ b/roles/nuage_master/tasks/certificates.yml
@@ -0,0 +1,50 @@
+---
+- name: Create a directory to hold the certificates
+ file: path="{{ nuage_mon_rest_server_crt_dir }}" state=directory
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the key
+ command: >
+ openssl genrsa -out "{{ nuage_ca_master_rest_server_key }}" 4096
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create the req file
+ command: >
+ openssl req -key "{{ nuage_ca_master_rest_server_key }}" -new -out "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -subj "/CN={{ ansible_nodename }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Generate the crt file
+ command: >
+ openssl x509 -req -in "{{ nuage_mon_rest_server_crt_dir }}/restServer.req" -CA "{{ nuage_ca_crt }}" -CAkey "{{ nuage_ca_key }}" -CAserial "{{ nuage_ca_serial }}" -out "{{ nuage_ca_master_rest_server_crt }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Remove the req file
+ file: path="{{ nuage_mon_rest_server_crt_dir }}/restServer.req" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Copy nuage CA crt
+ shell: cp "{{ nuage_ca_crt }}" "{{ nuage_mon_rest_server_crt_dir }}"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Archive the certificate dir
+ shell: "cd {{ nuage_mon_rest_server_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *"
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Create a temp directory for the certificates
+ local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX"
+ register: mktemp
+
+- name: Download the certificates
+ fetch: src="/tmp/{{ ansible_nodename }}.tgz" dest="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" flat=yes
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Extract the certificates
+ unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_master_crt_dir }}
+
+- name: Delete the certificates after copy
+ file: path="{{ nuage_mon_rest_server_crt_dir }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
+
+- name: Delete the temp directory
+ file: path="{{ mktemp.stdout }}" state=absent
+ delegate_to: "{{ nuage_ca_master }}"
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
new file mode 100644
index 000000000..abeee3d71
--- /dev/null
+++ b/roles/nuage_master/tasks/main.yaml
@@ -0,0 +1,36 @@
+---
+- name: Create directory /usr/share/nuage-openshift-monitor
+ sudo: true
+ file: path=/usr/share/nuage-openshift-monitor state=directory
+
+- name: Create the log directory
+ sudo: true
+ file: path={{ nuage_mon_rest_server_logdir }} state=directory
+
+- name: Install Nuage Openshift Monitor
+ sudo: true
+ yum: name={{ nuage_openshift_rpm }} state=present
+
+- name: Run the service account creation script
+ sudo: true
+ script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }}
+
+- name: Download the certs and keys
+ sudo: true
+ fetch: src={{ cert_output_dir }}/{{ item }} dest=/tmp/{{ item }} flat=yes
+ with_items:
+ - ca.crt
+ - nuage.crt
+ - nuage.key
+ - nuage.kubeconfig
+
+- include: certificates.yml
+
+- name: Create nuage-openshift-monitor.yaml
+ sudo: true
+ template: src=nuage-openshift-monitor.j2 dest=/usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml owner=root mode=0644
+ notify:
+ - restart master
+ - restart master api
+ - restart master controllers
+ - restart nuage-openshift-monitor
diff --git a/roles/nuage_master/templates/nuage-openshift-monitor.j2 b/roles/nuage_master/templates/nuage-openshift-monitor.j2
new file mode 100644
index 000000000..e50e225e1
--- /dev/null
+++ b/roles/nuage_master/templates/nuage-openshift-monitor.j2
@@ -0,0 +1,23 @@
+# .kubeconfig that includes the nuage service account
+kubeConfig: {{ kube_config }}
+# name of the nuage service account, or another account with 'cluster-reader'
+# permissions
+# Openshift master config file
+masterConfig: {{ master_config_yaml }}
+# URL of the VSD Architect
+vsdApiUrl: {{ vsd_api_url }}
+# API version to query against. Usually "v3_2"
+vspVersion: {{ vsp_version }}
+# File containing a VSP license to install. Only necessary if no license has
+# been installed on the VSD Architect before, only valid for standalone vsd install
+# licenseFile: "/path/to/base_vsp_license.txt"
+# Name of the enterprise in which pods will reside
+enterpriseName: {{ enterprise }}
+# Name of the domain in which pods will reside
+domainName: {{ domain }}
+# Location where logs should be saved
+log_dir: {{ nuage_mon_rest_server_logdir }}
+# Monitor rest server paramters
+nuageMonServer:
+ URL: {{ nuage_mon_rest_server_url }}
+ certificateDirectory: {{ cert_output_dir }}
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
new file mode 100644
index 000000000..4b57273e4
--- /dev/null
+++ b/roles/nuage_master/vars/main.yaml
@@ -0,0 +1,16 @@
+openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
+ca_cert: "{{ openshift_master_config_dir }}/ca.crt"
+admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig"
+cert_output_dir: /usr/share/nuage-openshift-monitor
+kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig
+kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml
+master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml"
+nuage_mon_rest_server_port: "{{ nuage_openshift_monitor_rest_server_port | default('9443') }}"
+nuage_mon_rest_server_url: "0.0.0.0:{{ nuage_mon_rest_server_port }}"
+nuage_mon_rest_server_logdir: "{{ nuage_openshift_monitor_log_dir | default('/var/log/nuage-openshift-monitor') }}"
+
+nuage_mon_rest_server_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}"
+nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.key"
+nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt"
+
+nuage_master_crt_dir : /usr/share/nuage-openshift-monitor
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 14:54:33 +0000