summaryrefslogtreecommitdiffstats
path: root/roles/openshift_metrics
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_metrics')
-rw-r--r--roles/openshift_metrics/defaults/main.yaml2
-rwxr-xr-xroles/openshift_metrics/files/import_jks_certs.sh59
-rw-r--r--roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml51
-rw-r--r--roles/openshift_metrics/tasks/import_jks_certs.yaml19
-rw-r--r--roles/openshift_metrics/tasks/main.yaml12
-rw-r--r--roles/openshift_metrics/templates/hawkular_cassandra_rc.j225
-rw-r--r--roles/openshift_metrics/templates/pvc.j22
-rw-r--r--roles/openshift_metrics/templates/secret.j26
-rw-r--r--roles/openshift_metrics/vars/default_images.yml3
-rw-r--r--roles/openshift_metrics/vars/openshift-enterprise.yml3
10 files changed, 55 insertions, 127 deletions
diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml
index 5921b7bb7..1d3db8a1a 100644
--- a/roles/openshift_metrics/defaults/main.yaml
+++ b/roles/openshift_metrics/defaults/main.yaml
@@ -1,8 +1,6 @@
---
openshift_metrics_start_cluster: True
openshift_metrics_install_metrics: True
-openshift_metrics_image_prefix: docker.io/openshift/origin-
-openshift_metrics_image_version: latest
openshift_metrics_startup_timeout: 500
openshift_metrics_hawkular_replicas: 1
diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh
index c8d5bb3d2..f977b6dd6 100755
--- a/roles/openshift_metrics/files/import_jks_certs.sh
+++ b/roles/openshift_metrics/files/import_jks_certs.sh
@@ -20,12 +20,8 @@ set -ex
function import_certs() {
dir=$CERT_DIR
- hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 -d)
- hawkular_cassandra_keystore_password=$(echo $CASSANDRA_KEYSTORE_PASSWD | base64 -d)
- hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d)
- hawkular_cassandra_truststore_password=$(echo $CASSANDRA_TRUSTSTORE_PASSWD | base64 -d)
-
- cassandra_alias=`keytool -noprompt -list -keystore $dir/hawkular-cassandra.truststore -storepass ${hawkular_cassandra_truststore_password} | sed -n '7~2s/,.*$//p'`
+ hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 --decode)
+ hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 --decode)
hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'`
if [ ! -f $dir/hawkular-metrics.keystore ]; then
@@ -39,56 +35,7 @@ function import_certs() {
-deststorepass $hawkular_metrics_keystore_password
fi
- if [ ! -f $dir/hawkular-cassandra.keystore ]; then
- echo "Creating the Hawkular Cassandra keystore from the PEM file"
- keytool -importkeystore -v \
- -srckeystore $dir/hawkular-cassandra.pkcs12 \
- -destkeystore $dir/hawkular-cassandra.keystore \
- -srcstoretype PKCS12 \
- -deststoretype JKS \
- -srcstorepass $hawkular_cassandra_keystore_password \
- -deststorepass $hawkular_cassandra_keystore_password
- fi
-
- if [[ ! ${cassandra_alias[*]} =~ hawkular-metrics ]]; then
- echo "Importing the Hawkular Certificate into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics \
- -file $dir/hawkular-metrics.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
-
- if [[ ! ${hawkular_alias[*]} =~ hawkular-cassandra ]]; then
- echo "Importing the Cassandra Certificate into the Hawkular Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
- -file $dir/hawkular-cassandra.crt \
- -keystore $dir/hawkular-metrics.truststore \
- -trustcacerts \
- -storepass $hawkular_metrics_truststore_password
- fi
-
- if [[ ! ${cassandra_alias[*]} =~ hawkular-cassandra ]]; then
- echo "Importing the Hawkular Cassandra Certificate into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
- -file $dir/hawkular-cassandra.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
-
- cert_alias_names=(ca metricca cassandraca)
-
- for cert_alias in ${cert_alias_names[*]}; do
- if [[ ! ${cassandra_alias[*]} =~ "$cert_alias" ]]; then
- echo "Importing the CA Certificate with alias $cert_alias into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias $cert_alias \
- -file ${dir}/ca.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
- done
+ cert_alias_names=(ca metricca)
for cert_alias in ${cert_alias_names[*]}; do
if [[ ! ${hawkular_alias[*]} =~ "$cert_alias" ]]; then
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
index 61a240a33..01fc1ef64 100644
--- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
@@ -13,9 +13,6 @@
hostnames: hawkular-cassandra
changed_when: no
-- slurp: src={{ mktemp.stdout }}/hawkular-cassandra-truststore.pwd
- register: cassandra_truststore_password
-
- slurp: src={{ mktemp.stdout }}/hawkular-metrics-truststore.pwd
register: hawkular_truststore_password
@@ -67,11 +64,8 @@
- hawkular-metrics.pwd
- hawkular-metrics.htpasswd
- hawkular-cassandra.crt
+ - hawkular-cassandra.key
- hawkular-cassandra.pem
- - hawkular-cassandra.keystore
- - hawkular-cassandra-keystore.pwd
- - hawkular-cassandra.truststore
- - hawkular-cassandra-truststore.pwd
changed_when: false
- set_fact:
@@ -136,38 +130,21 @@
- name: generate cassandra secret template
template:
src: secret.j2
- dest: "{{ mktemp.stdout }}/templates/cassandra_secrets.yaml"
+ dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-certs.yaml"
vars:
- name: hawkular-cassandra-secrets
+ name: hawkular-cassandra-certs
labels:
- metrics-infra: hawkular-cassandra
+ metrics-infra: hawkular-cassandra-certs
+ annotations:
+ service.alpha.openshift.io/originating-service-name: hawkular-cassandra
data:
- cassandra.keystore: >
- {{ hawkular_secrets['hawkular-cassandra.keystore'] }}
- cassandra.keystore.password: >
- {{ hawkular_secrets['hawkular-cassandra-keystore.pwd'] }}
- cassandra.keystore.alias: "{{ 'hawkular-cassandra'|b64encode }}"
- cassandra.truststore: >
- {{ hawkular_secrets['hawkular-cassandra.truststore'] }}
- cassandra.truststore.password: >
- {{ hawkular_secrets['hawkular-cassandra-truststore.pwd'] }}
- cassandra.pem: >
- {{ hawkular_secrets['hawkular-cassandra.pem'] }}
- when: name not in metrics_secrets
- changed_when: no
-
-- name: generate cassandra-certificate secret template
- template:
- src: secret.j2
- dest: "{{ mktemp.stdout }}/templates/cassandra_certificate.yaml"
- vars:
- name: hawkular-cassandra-certificate
- labels:
- metrics-infra: hawkular-cassandra
- data:
- cassandra.certificate: >
+ tls.crt: >
{{ hawkular_secrets['hawkular-cassandra.crt'] }}
- cassandra-ca.certificate: >
- {{ hawkular_secrets['hawkular-cassandra.pem'] }}
- when: name not in metrics_secrets.stdout_lines
+ tls.key: >
+ {{ hawkular_secrets['hawkular-cassandra.key'] }}
+ tls.peer.truststore.crt: >
+ {{ hawkular_secrets['hawkular-cassandra.crt'] }}
+ tls.client.truststore.crt: >
+ {{ hawkular_secrets['hawkular-metrics.crt'] }}
+ when: name not in metrics_secrets
changed_when: no
diff --git a/roles/openshift_metrics/tasks/import_jks_certs.yaml b/roles/openshift_metrics/tasks/import_jks_certs.yaml
index 2a67dad0e..e098145e9 100644
--- a/roles/openshift_metrics/tasks/import_jks_certs.yaml
+++ b/roles/openshift_metrics/tasks/import_jks_certs.yaml
@@ -1,12 +1,4 @@
---
-- stat: path="{{mktemp.stdout}}/hawkular-cassandra.keystore"
- register: cassandra_keystore
- check_mode: no
-
-- stat: path="{{mktemp.stdout}}/hawkular-cassandra.truststore"
- register: cassandra_truststore
- check_mode: no
-
- stat: path="{{mktemp.stdout}}/hawkular-metrics.keystore"
register: metrics_keystore
check_mode: no
@@ -19,9 +11,6 @@
- slurp: src={{ mktemp.stdout }}/hawkular-metrics-keystore.pwd
register: metrics_keystore_password
- - slurp: src={{ mktemp.stdout }}/hawkular-cassandra-keystore.pwd
- register: cassandra_keystore_password
-
- fetch:
dest: "{{local_tmp.stdout}}/"
src: "{{ mktemp.stdout }}/{{item}}"
@@ -29,18 +18,14 @@
changed_when: False
with_items:
- hawkular-metrics.pkcs12
- - hawkular-cassandra.pkcs12
- hawkular-metrics.crt
- - hawkular-cassandra.crt
- ca.crt
- local_action: command {{role_path}}/files/import_jks_certs.sh
environment:
CERT_DIR: "{{local_tmp.stdout}}"
METRICS_KEYSTORE_PASSWD: "{{metrics_keystore_password.content}}"
- CASSANDRA_KEYSTORE_PASSWD: "{{cassandra_keystore_password.content}}"
METRICS_TRUSTSTORE_PASSWD: "{{hawkular_truststore_password.content}}"
- CASSANDRA_TRUSTSTORE_PASSWD: "{{cassandra_truststore_password.content}}"
changed_when: False
- copy:
@@ -49,6 +34,4 @@
with_fileglob: "{{local_tmp.stdout}}/*.*store"
when: not metrics_keystore.stat.exists or
- not metrics_truststore.stat.exists or
- not cassandra_keystore.stat.exists or
- not cassandra_truststore.stat.exists
+ not metrics_truststore.stat.exists
diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml
index 1eebff3bf..c8d222c60 100644
--- a/roles/openshift_metrics/tasks/main.yaml
+++ b/roles/openshift_metrics/tasks/main.yaml
@@ -1,4 +1,16 @@
---
+
+- name: Set default image variables based on deployment_type
+ include_vars: "{{ item }}"
+ with_first_found:
+ - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+ - "default_images.yml"
+
+- name: Set metrics image facts
+ set_fact:
+ openshift_metrics_image_prefix: "{{ openshift_metrics_image_prefix | default(__openshift_metrics_image_prefix) }}"
+ openshift_metrics_image_version: "{{ openshift_metrics_image_version | default(__openshift_metrics_image_version) }}"
+
- name: Create temp directory for doing work in on target
command: mktemp -td openshift-metrics-ansible-XXXXXX
register: mktemp
diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
index 504476dc4..889317847 100644
--- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
@@ -48,11 +48,6 @@ spec:
- "--require_node_auth=true"
- "--enable_client_encryption=true"
- "--require_client_auth=true"
- - "--keystore_file=/secret/cassandra.keystore"
- - "--keystore_password_file=/secret/cassandra.keystore.password"
- - "--truststore_file=/secret/cassandra.truststore"
- - "--truststore_password_file=/secret/cassandra.truststore.password"
- - "--cassandra_pem_file=/secret/cassandra.pem"
env:
- name: CASSANDRA_MASTER
value: "{{ master }}"
@@ -60,6 +55,10 @@ spec:
value: "/cassandra_data"
- name: JVM_OPTS
value: "-Dcassandra.commitlog.ignorereplayerrors=true"
+ - name: TRUSTSTORE_NODES_AUTHORITIES
+ value: "/hawkular-cassandra-certs/tls.peer.truststore.crt"
+ - name: TRUSTSTORE_CLIENT_AUTHORITIES
+ value: "/hawkular-cassandra-certs/tls.client.truststore.crt"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
@@ -76,12 +75,12 @@ spec:
volumeMounts:
- name: cassandra-data
mountPath: "/cassandra_data"
- - name: hawkular-cassandra-secrets
- mountPath: "/secret"
-{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none)
+ - name: hawkular-cassandra-certs
+ mountPath: "/hawkular-cassandra-certs"
+{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none)
or (openshift_metrics_cassandra_limits_memory is defined and openshift_metrics_cassandra_limits_memory is not none)
or (openshift_metrics_cassandra_requests_cpu is defined and openshift_metrics_cassandra_requests_cpu is not none)
- or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none))
+ or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none))
%}
resources:
{% if (openshift_metrics_cassandra_limits_cpu is not none
@@ -95,8 +94,8 @@ spec:
memory: "{{openshift_metrics_cassandra_limits_memory}}"
{% endif %}
{% endif %}
-{% if (openshift_metrics_cassandra_requests_cpu is not none
- or openshift_metrics_cassandra_requests_memory is not none)
+{% if (openshift_metrics_cassandra_requests_cpu is not none
+ or openshift_metrics_cassandra_requests_memory is not none)
%}
requests:
{% if openshift_metrics_cassandra_requests_cpu is not none %}
@@ -129,6 +128,6 @@ spec:
persistentVolumeClaim:
claimName: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ node }}"
{% endif %}
- - name: hawkular-cassandra-secrets
+ - name: hawkular-cassandra-certs
secret:
- secretName: hawkular-cassandra-secrets
+ secretName: hawkular-cassandra-certs
diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2
index 885dd368d..c2e56ba21 100644
--- a/roles/openshift_metrics/templates/pvc.j2
+++ b/roles/openshift_metrics/templates/pvc.j2
@@ -4,7 +4,7 @@ metadata:
name: "{{obj_name}}"
{% if labels is not defined %}
labels:
- logging-infra: support
+ metrics-infra: support
{% elif labels %}
labels:
{% for key, value in labels.iteritems() %}
diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2
index 370890c7d..5b9dba122 100644
--- a/roles/openshift_metrics/templates/secret.j2
+++ b/roles/openshift_metrics/templates/secret.j2
@@ -2,6 +2,12 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ name }}"
+{% if annotations is defined%}
+ annotations:
+{% for key, value in annotations.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
labels:
{% for k, v in labels.iteritems() %}
{{ k }}: {{ v }}
diff --git a/roles/openshift_metrics/vars/default_images.yml b/roles/openshift_metrics/vars/default_images.yml
new file mode 100644
index 000000000..678c4104c
--- /dev/null
+++ b/roles/openshift_metrics/vars/default_images.yml
@@ -0,0 +1,3 @@
+---
+__openshift_metrics_image_prefix: "{{ openshift_hosted_metrics_deployer_prefix | default('docker.io/openshift/origin-') }}"
+__openshift_metrics_image_version: "{{ openshift_hosted_metrics_deployer_version | default('latest') }}"
diff --git a/roles/openshift_metrics/vars/openshift-enterprise.yml b/roles/openshift_metrics/vars/openshift-enterprise.yml
new file mode 100644
index 000000000..f28c3ce48
--- /dev/null
+++ b/roles/openshift_metrics/vars/openshift-enterprise.yml
@@ -0,0 +1,3 @@
+---
+__openshift_metrics_image_prefix: "{{ openshift_hosted_metrics_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}"
+__openshift_metrics_image_version: "{{ openshift_hosted_metrics_deployer_version | default(openshift_release | default ('3.5.0') ) }}"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 00:39:35 +0000