8 files changed, 111 insertions, 6 deletions

diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
index fb4fe2f03..8d7ee00ed 100644
--- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
@@ -17,14 +17,17 @@
   local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}"
   with_items:
   - hawkular-metrics
+  become: false
 
 - local_action: slurp src="{{ local_tmp.stdout }}/hawkular-metrics.pwd"
   register: hawkular_metrics_pwd
   no_log: true
+  become: false
 
 - name: generate htpasswd file for hawkular metrics
   local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}"
   no_log: true
+  become: false
 
 - name: copy local generated passwords to target
   copy:
@@ -73,6 +76,8 @@
         {{ hawkular_secrets['hawkular-metrics.key'] }}
       tls.truststore.crt: >
         {{ hawkular_secrets['hawkular-cassandra.crt'] }}
+      ca.crt: >
+        {{ hawkular_secrets['ca.crt'] }}
   when: name not in metrics_secrets.stdout_lines
   changed_when: no
 
diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml
index 0b6fe7c9e..7928a0346 100644
--- a/roles/openshift_metrics/tasks/install_cassandra.yaml
+++ b/roles/openshift_metrics/tasks/install_cassandra.yaml
@@ -23,7 +23,7 @@
   changed_when: false
 
 - set_fact: openshift_metrics_cassandra_pvc_prefix="hawkular-metrics"
-  when: not openshift_metrics_cassandra_pvc_prefix or openshift_metrics_cassandra_pvc_prefix == ''
+  when: "not openshift_metrics_cassandra_pvc_prefix or openshift_metrics_cassandra_pvc_prefix == ''"
 
 - name: generate hawkular-cassandra persistent volume claims
   template:
@@ -35,6 +35,8 @@
       metrics-infra: hawkular-cassandra
     access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
     size: "{{ openshift_metrics_cassandra_pvc_size }}"
+    pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}"
+    storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}"
   with_sequence: count={{ openshift_metrics_cassandra_replicas }}
   when:
   - openshift_metrics_cassandra_storage_type != 'emptydir'
@@ -49,10 +51,9 @@
     obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}"
     labels:
       metrics-infra: hawkular-cassandra
-    annotations:
-      volume.beta.kubernetes.io/storage-class: dynamic
     access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
     size: "{{ openshift_metrics_cassandra_pvc_size }}"
+    pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}"
   with_sequence: count={{ openshift_metrics_cassandra_replicas }}
   when: openshift_metrics_cassandra_storage_type == 'dynamic'
   changed_when: false
diff --git a/roles/openshift_metrics/tasks/install_hosa.yaml b/roles/openshift_metrics/tasks/install_hosa.yaml
new file mode 100644
index 000000000..7c9bc26d0
--- /dev/null
+++ b/roles/openshift_metrics/tasks/install_hosa.yaml
@@ -0,0 +1,44 @@
+---
+- name: Generate Hawkular Agent (HOSA) Cluster Role
+  template:
+    src: hawkular_openshift_agent_role.j2
+    dest: "{{mktemp.stdout}}/templates/metrics-hawkular-openshift-agent-role.yaml"
+  changed_when: no
+
+- name: Generate Hawkular Agent (HOSA) Service Account
+  template:
+    src: hawkular_openshift_agent_sa.j2
+    dest: "{{mktemp.stdout}}/templates/metrics-hawkular-openshift-agent-sa.yaml"
+  changed_when: no
+
+- name: Generate Hawkular Agent (HOSA) Daemon Set
+  template:
+    src: hawkular_openshift_agent_ds.j2
+    dest: "{{mktemp.stdout}}/templates/metrics-hawkular-openshift-agent-ds.yaml"
+  vars:
+    node_selector: "{{openshift_metrics_hawkular_agent_nodeselector | default('') }}"
+  changed_when: no
+
+- name: Generate the Hawkular Agent (HOSA) Configmap
+  template:
+    src: hawkular_openshift_agent_cm.j2
+    dest: "{{mktemp.stdout}}/templates/metrics-hawkular-openshift-agent-cm.yaml"
+  changed_when: no
+
+- name: Generate role binding for the hawkular-openshift-agent service account
+  template:
+    src: rolebinding.j2
+    dest: "{{ mktemp.stdout }}/templates/metrics-hawkular-openshift-agent-rolebinding.yaml"
+  vars:
+    cluster: True
+    obj_name: hawkular-openshift-agent-rb
+    labels:
+      metrics-infra: hawkular-agent
+    roleRef:
+      kind: ClusterRole
+      name: hawkular-openshift-agent
+    subjects:
+      - kind: ServiceAccount
+        name: hawkular-openshift-agent
+        namespace: "{{openshift_metrics_hawkular_agent_namespace}}"
+  changed_when: no
diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml
index 74eb56713..fdf4ae57f 100644
--- a/roles/openshift_metrics/tasks/install_metrics.yaml
+++ b/roles/openshift_metrics/tasks/install_metrics.yaml
@@ -16,11 +16,19 @@
   include: install_heapster.yaml
   when: openshift_metrics_heapster_standalone | bool
 
-- find: paths={{ mktemp.stdout }}/templates patterns=*.yaml
+- name: Install Hawkular OpenShift Agent (HOSA)
+  include: install_hosa.yaml
+  when: openshift_metrics_install_hawkular_agent | default(false) | bool
+
+- find:
+    paths: "{{ mktemp.stdout }}/templates"
+    patterns: "^(?!metrics-hawkular-openshift-agent).*.yaml"
+    use_regex: true
   register: object_def_files
   changed_when: no
 
-- slurp: src={{item.path}}
+- slurp:
+    src: "{{item.path}}"
   register: object_defs
   with_items: "{{object_def_files.files}}"
   changed_when: no
@@ -34,6 +42,31 @@
     file_content: "{{ item.content | b64decode | from_yaml }}"
   with_items: "{{ object_defs.results }}"
 
+- find:
+    paths: "{{ mktemp.stdout }}/templates"
+    patterns: "^metrics-hawkular-openshift-agent.*.yaml"
+    use_regex: true
+  register: hawkular_agent_object_def_files
+  when: openshift_metrics_install_hawkular_agent | bool
+  changed_when: no
+
+- slurp:
+    src: "{{item.path}}"
+  register: hawkular_agent_object_defs
+  with_items: "{{ hawkular_agent_object_def_files.files }}"
+  when: openshift_metrics_install_hawkular_agent | bool
+  changed_when: no
+
+- name: Create Hawkular Agent objects
+  include: oc_apply.yaml
+  vars:
+    kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+    namespace: "{{ openshift_metrics_hawkular_agent_namespace }}"
+    file_name: "{{ item.source }}"
+    file_content: "{{ item.content | b64decode | from_yaml }}"
+  with_items: "{{ hawkular_agent_object_defs.results }}"
+  when: openshift_metrics_install_hawkular_agent | bool
+
 - include: update_master_config.yaml
 
 - command: >
diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml
index 5cefb273d..584e3be05 100644
--- a/roles/openshift_metrics/tasks/install_support.yaml
+++ b/roles/openshift_metrics/tasks/install_support.yaml
@@ -4,6 +4,7 @@
   register: htpasswd_check
   failed_when: no
   changed_when: no
+  become: false
 
 - fail: msg="'htpasswd' is unavailable. Please install httpd-tools on the control node"
   when: htpasswd_check.rc  == 1
@@ -13,6 +14,7 @@
   register: keytool_check
   failed_when: no
   changed_when: no
+  become: false
 
 - fail: msg="'keytool' is unavailable. Please install java-1.8.0-openjdk-headless on the control node"
   when: keytool_check.rc  == 1
diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml
index 5d8506a73..eaabdd20f 100644
--- a/roles/openshift_metrics/tasks/main.yaml
+++ b/roles/openshift_metrics/tasks/main.yaml
@@ -1,6 +1,7 @@
 ---
 - local_action: shell python -c 'import passlib' 2>/dev/null || echo not installed
   register: passlib_result
+  become: false
 
 - name: Check that python-passlib is available on the control host
   assert:
@@ -44,8 +45,12 @@
 
 - include: "{{ (openshift_metrics_install_metrics | bool) | ternary('install_metrics.yaml','uninstall_metrics.yaml') }}"
 
+- include: uninstall_hosa.yaml
+  when: not openshift_metrics_install_hawkular_agent | bool
+
 - name: Delete temp directory
   local_action: file path=local_tmp.stdout state=absent
   tags: metrics_cleanup
   changed_when: False
   check_mode: no
+  become: false
diff --git a/roles/openshift_metrics/tasks/oc_apply.yaml b/roles/openshift_metrics/tasks/oc_apply.yaml
index dd67703b4..1e1af40e8 100644
--- a/roles/openshift_metrics/tasks/oc_apply.yaml
+++ b/roles/openshift_metrics/tasks/oc_apply.yaml
@@ -14,7 +14,7 @@
   command: >
     {{ openshift.common.client_binary }} --config={{ kubeconfig }}
     apply -f {{ file_name }}
-    -n {{ openshift_metrics_project }}
+    -n {{namespace}}
   register: generation_apply
   failed_when: "'error' in generation_apply.stderr"
   changed_when: no
diff --git a/roles/openshift_metrics/tasks/uninstall_hosa.yaml b/roles/openshift_metrics/tasks/uninstall_hosa.yaml
new file mode 100644
index 000000000..42ed02460
--- /dev/null
+++ b/roles/openshift_metrics/tasks/uninstall_hosa.yaml
@@ -0,0 +1,15 @@
+---
+- name: remove Hawkular Agent (HOSA) components
+  command: >
+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_hawkular_agent_namespace }} --config={{ mktemp.stdout }}/admin.kubeconfig
+    delete --ignore-not-found --selector=metrics-infra=agent
+    all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings
+  register: delete_metrics
+  changed_when: delete_metrics.stdout != 'No resources found'
+
+- name: remove rolebindings
+  command: >
+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_hawkular_agent_namespace }} --config={{ mktemp.stdout }}/admin.kubeconfig
+    delete --ignore-not-found
+    clusterrolebinding/hawkular-openshift-agent-rb
+  changed_when: delete_metrics.stdout != 'No resources found'