diff options
Diffstat (limited to 'roles/openshift_metrics')
42 files changed, 1910 insertions, 0 deletions
diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md new file mode 100644 index 000000000..ed698daca --- /dev/null +++ b/roles/openshift_metrics/README.md @@ -0,0 +1,111 @@ +OpenShift Metrics with Hawkular +==================== + +OpenShift Metrics Installation + +Requirements +------------ +This role has the following dependencies: + +- Java is required on the control node to generate keystores for the Java components +- httpd-tools is required on the control node to generate various passwords for the metrics components + +The following variables need to be set and will be validated: + +- `openshift_metrics_hawkular_hostname`: hostname used on the hawkular metrics route. + +- `openshift_metrics_project`: project (i.e. namespace) where the components will be + deployed. + + +Role Variables +-------------- + +For default values, see [`defaults/main.yaml`](defaults/main.yaml). + +- `openshift_metrics_image_prefix`: Specify prefix for metrics components; e.g for + "openshift/origin-metrics-deployer:v1.1", set prefix "openshift/origin-". + +- `openshift_metrics_image_version`: Specify version for metrics components; e.g. for + "openshift/origin-metrics-deployer:v1.1", set version "v1.1". + +- `openshift_metrics_hawkular_cert:` The certificate used for re-encrypting the route + to Hawkular metrics. The certificate must contain the hostname used by the route. + The default router certificate will be used if unspecified + +- `openshift_metrics_hawkular_key:` The key used with the Hawkular certificate + +- `openshift_metrics_hawkular_ca:` An optional certificate used to sign the Hawkular certificate. + +- `openshift_metrics_hawkular_replicas:` The number of replicas for Hawkular metrics. + +- `openshift_metrics_hawkular_route_annotations`: Dictionary with annotations for the Hawkular route. + +- `openshift_metrics_cassandra_replicas`: The number of Cassandra nodes to deploy for the + initial cluster. + +- `openshift_metrics_cassandra_storage_type`: Use `emptydir` for ephemeral storage (for + testing), `pv` to use persistent volumes (which need to be created before the + installation) or `dynamic` for dynamic persistent volumes. + +- `openshift_metrics_cassandra_pvc_prefix`: The name of persistent volume claims created + for cassandra will be this with a serial number appended to the end, starting + from 1. + +- `openshift_metrics_cassandra_pvc_size`: The persistent volume claim size for each of the + Cassandra nodes. + +- `openshift_metrics_heapster_standalone`: Deploy only heapster, without the Hawkular Metrics and + Cassandra components. + +- `openshift_metrics_heapster_allowed_users`: A comma-separated list of CN to accept. By + default, this is set to allow the OpenShift service proxy to connect. If you + override this, make sure to add `system:master-proxy` to the list in order to + allow horizontal pod autoscaling to function properly. + +- `openshift_metrics_startup_timeout`: How long in seconds we should wait until + Hawkular Metrics and Heapster starts up before attempting a restart. + +- `openshift_metrics_duration`: How many days metrics should be stored for. + +- `openshift_metrics_resolution`: How often metrics should be gathered. + +- `openshift_metrics_install_hawkular_agent`: Install the Hawkular OpenShift Agent (HOSA). HOSA can be used + to collect custom metrics from your pods. This component is currently in tech-preview and is not installed by default. + +## Additional variables to control resource limits +Each metrics component (hawkular, cassandra, heapster) can specify a cpu and memory limits and requests by setting +the corresponding role variable: +``` +openshift_metrics_<COMPONENT>_(limits|requests)_(memory|cpu): <VALUE> +``` +e.g +``` +openshift_metrics_cassandra_limits_memory: 1Gi +openshift_metrics_hawkular_requests_cpu: 100 +``` + +Dependencies +------------ +openshift_facts + + +Example Playbook +---------------- + +``` +- name: Configure openshift-metrics + hosts: oo_first_master + roles: + - role: openshift_metrics +``` + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Jose David MartÃn (j.david.nieto@gmail.com) diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml new file mode 100644 index 000000000..8da74430f --- /dev/null +++ b/roles/openshift_metrics/defaults/main.yaml @@ -0,0 +1,65 @@ +--- +openshift_metrics_start_cluster: True +openshift_metrics_install_metrics: False +openshift_metrics_startup_timeout: 500 + +openshift_metrics_hawkular_replicas: 1 +openshift_metrics_hawkular_limits_memory: 2.5G +openshift_metrics_hawkular_limits_cpu: null +openshift_metrics_hawkular_requests_memory: 1.5G +openshift_metrics_hawkular_requests_cpu: null +openshift_metrics_hawkular_cert: "" +openshift_metrics_hawkular_key: "" +openshift_metrics_hawkular_ca: "" +openshift_metrics_hawkular_nodeselector: "" +openshift_metrics_hawkular_route_annotations: {} + +openshift_metrics_cassandra_replicas: 1 +openshift_metrics_cassandra_storage_type: "{{ openshift_metrics_storage_kind | default('emptydir') }}" +openshift_metrics_cassandra_pvc_size: "{{ openshift_metrics_storage_volume_size | default('10Gi') }}" +openshift_metrics_cassandra_pv_selector: "{{ openshift_metrics_storage_labels | default('') }}" +openshift_metrics_cassandra_limits_memory: 2G +openshift_metrics_cassandra_limits_cpu: null +openshift_metrics_cassandra_requests_memory: 1G +openshift_metrics_cassandra_requests_cpu: null +openshift_metrics_cassandra_nodeselector: "" +openshift_metrics_cassandra_storage_group: 65534 + +openshift_metrics_heapster_standalone: False +openshift_metrics_heapster_limits_memory: 3.75G +openshift_metrics_heapster_limits_cpu: null +openshift_metrics_heapster_requests_memory: 0.9375G +openshift_metrics_heapster_requests_cpu: null +openshift_metrics_heapster_nodeselector: "" + +openshift_metrics_install_hawkular_agent: False +openshift_metrics_hawkular_agent_limits_memory: null +openshift_metrics_hawkular_agent_limits_cpu: null +openshift_metrics_hawkular_agent_requests_memory: null +openshift_metrics_hawkular_agent_requests_cpu: null +openshift_metrics_hawkular_agent_nodeselector: "" +openshift_metrics_hawkular_agent_namespace: "default" + +openshift_metrics_hawkular_hostname: "hawkular-metrics.{{openshift_master_default_subdomain}}" + +openshift_metrics_duration: 7 +openshift_metrics_resolution: 30s + +##### +# Caution should be taken for the following defaults before +# overriding the values here +##### + +openshift_metrics_master_url: https://kubernetes.default.svc +openshift_metrics_node_id: nodename +openshift_metrics_project: openshift-infra + +openshift_metrics_cassandra_pvc_prefix: "{{ openshift_metrics_storage_volume_name | default('metrics-cassandra') }}" +openshift_metrics_cassandra_pvc_access: "{{ openshift_metrics_storage_access_modes | default(['ReadWriteOnce']) }}" + +openshift_metrics_hawkular_user_write_access: False + +openshift_metrics_heapster_allowed_users: system:master-proxy + +openshift_metrics_cassandra_enable_prometheus_endpoint: True +openshift_metrics_hawkular_enable_prometheus_endpoint: True diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml new file mode 100644 index 000000000..ce7688581 --- /dev/null +++ b/roles/openshift_metrics/handlers/main.yml @@ -0,0 +1,30 @@ +--- +- name: restart master api + systemd: name={{ openshift.common.service_type }}-master-api state=restarted + when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + notify: Verify API Server + +- name: restart master controllers + systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + +- name: Verify API Server + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl --silent --tlsv1.2 + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} + {{ openshift.master.api_url }}/healthz/ready + args: + # Disables the following warning: + # Consider using get_url or uri module rather than running curl + warn: no + register: api_available_output + until: api_available_output.stdout == 'ok' + retries: 120 + delay: 1 + changed_when: false diff --git a/roles/openshift_metrics/meta/main.yaml b/roles/openshift_metrics/meta/main.yaml new file mode 100644 index 000000000..50214135c --- /dev/null +++ b/roles/openshift_metrics/meta/main.yaml @@ -0,0 +1,19 @@ +--- +galaxy_info: + author: OpenShift Development <dev@lists.openshift.redhat.com> + description: Deploy OpenShift metrics integration for the cluster + company: Red Hat, Inc. + license: license (Apache) + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + - name: Fedora + versions: + - all + categories: + - openshift +dependencies: +- { role: lib_openshift } +- { role: openshift_facts } diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml new file mode 100644 index 000000000..3dc15d58b --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -0,0 +1,11 @@ +--- +- name: generate ca certificate chain + command: > + {{ openshift.common.client_binary }} adm ca create-signer-cert + --config={{ mktemp.stdout }}/admin.kubeconfig + --key='{{ mktemp.stdout }}/ca.key' + --cert='{{ mktemp.stdout }}/ca.crt' + --serial='{{ mktemp.stdout }}/ca.serial.txt' + --name="metrics-signer@{{lookup('pipe','date +%s')}}" + +- include: generate_hawkular_certificates.yaml diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml new file mode 100644 index 000000000..31129a6ac --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -0,0 +1,119 @@ +--- +- name: generate hawkular-metrics certificates + include: setup_certificate.yaml + vars: + component: hawkular-metrics + hostnames: "hawkular-metrics,hawkular-metrics.{{ openshift_metrics_project }}.svc.cluster.local,{{ openshift_metrics_hawkular_hostname }}" + changed_when: no + +- name: generate hawkular-cassandra certificates + include: setup_certificate.yaml + vars: + component: hawkular-cassandra + hostnames: hawkular-cassandra + changed_when: no + +- name: generate password for hawkular metrics + local_action: copy dest="{{ local_tmp.stdout }}/{{ item }}.pwd" content="{{ 15 | oo_random_word }}" + with_items: + - hawkular-metrics + become: false + +- local_action: slurp src="{{ local_tmp.stdout }}/hawkular-metrics.pwd" + register: hawkular_metrics_pwd + no_log: true + become: false + +- name: generate htpasswd file for hawkular metrics + local_action: htpasswd path="{{ local_tmp.stdout }}/hawkular-metrics.htpasswd" name=hawkular password="{{ hawkular_metrics_pwd.content | b64decode }}" + become: false + +- name: copy local generated passwords to target + copy: + src: "{{ local_tmp.stdout }}/{{ item }}" + dest: "{{ mktemp.stdout }}/{{ item }}" + with_items: + - hawkular-metrics.pwd + - hawkular-metrics.htpasswd + +- name: read files for the hawkular-metrics secret + shell: > + printf '%s: ' '{{ item }}' + && base64 --wrap 0 '{{ mktemp.stdout }}/{{ item }}' + register: hawkular_secrets + with_items: + - ca.crt + - hawkular-metrics.pwd + - hawkular-metrics.htpasswd + - hawkular-metrics.crt + - hawkular-metrics.key + - hawkular-metrics.pem + - hawkular-cassandra.crt + - hawkular-cassandra.key + - hawkular-cassandra.pem + changed_when: false + +- set_fact: + hawkular_secrets: | + {{ hawkular_secrets.results|map(attribute='stdout')|join(' + ')|from_yaml }} + +- name: generate hawkular-metrics-certs secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-certs.yaml" + vars: + name: hawkular-metrics-certs + labels: + metrics-infra: hawkular-metrics-certs + annotations: + service.alpha.openshift.io/originating-service-name: hawkular-metrics + data: + tls.crt: > + {{ hawkular_secrets['hawkular-metrics.crt'] }} + tls.key: > + {{ hawkular_secrets['hawkular-metrics.key'] }} + tls.truststore.crt: > + {{ hawkular_secrets['hawkular-cassandra.crt'] }} + ca.crt: > + {{ hawkular_secrets['ca.crt'] }} + when: name not in metrics_secrets.stdout_lines + changed_when: no + +- name: generate hawkular-metrics-account secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_account.yaml" + vars: + name: hawkular-metrics-account + labels: + metrics-infra: hawkular-metrics + data: + hawkular-metrics.username: "{{ 'hawkular'|b64encode }}" + hawkular-metrics.htpasswd: "{{ hawkular_secrets['hawkular-metrics.htpasswd'] }}" + hawkular-metrics.password: > + {{ hawkular_secrets['hawkular-metrics.pwd'] }} + when: name not in metrics_secrets.stdout_lines + changed_when: no + +- name: generate cassandra secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-certs.yaml" + vars: + name: hawkular-cassandra-certs + labels: + metrics-infra: hawkular-cassandra-certs + annotations: + service.alpha.openshift.io/originating-service-name: hawkular-cassandra + data: + tls.crt: > + {{ hawkular_secrets['hawkular-cassandra.crt'] }} + tls.key: > + {{ hawkular_secrets['hawkular-cassandra.key'] }} + tls.peer.truststore.crt: > + {{ hawkular_secrets['hawkular-cassandra.crt'] }} + tls.client.truststore.crt: > + {{ hawkular_secrets['hawkular-metrics.crt'] }} + when: name not in metrics_secrets + changed_when: no diff --git a/roles/openshift_metrics/tasks/generate_heapster_secrets.yaml b/roles/openshift_metrics/tasks/generate_heapster_secrets.yaml new file mode 100644 index 000000000..e81d90ae7 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_heapster_secrets.yaml @@ -0,0 +1,14 @@ +--- +- name: generate heapster secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/heapster_secrets.yaml" + force: no + vars: + name: heapster-secrets + labels: + metrics-infra: heapster + data: + heapster.allowed-users: > + {{ openshift_metrics_heapster_allowed_users|b64encode }} + when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines" diff --git a/roles/openshift_metrics/tasks/generate_rolebindings.yaml b/roles/openshift_metrics/tasks/generate_rolebindings.yaml new file mode 100644 index 000000000..407d3196f --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_rolebindings.yaml @@ -0,0 +1,48 @@ +--- +- name: generate view role binding for the hawkular service account + template: + src: rolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-rolebinding.yaml" + vars: + obj_name: hawkular-view + labels: + metrics-infra: hawkular + roleRef: + name: view + subjects: + - kind: ServiceAccount + name: hawkular + changed_when: no + +- name: generate hawkular-metrics cluster role binding for the hawkular service account + template: + src: rolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cluster-rolebinding.yaml" + vars: + cluster: True + obj_name: hawkular-namespace-watcher + labels: + metrics-infra: hawkular + roleRef: + kind: ClusterRole + name: hawkular-metrics + subjects: + - kind: ServiceAccount + name: hawkular + namespace: "{{openshift_metrics_project}}" + changed_when: no + +- name: generate the hawkular cluster role + template: + src: hawkular_metrics_role.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cluster-role.yaml" + changed_when: no + +- name: Set hawkular cluster roles + oc_obj: + name: hawkular-metrics + namespace: "{{ openshift_metrics_project }}" + kind: clusterrole + files: + - "{{ mktemp.stdout }}/templates/hawkular-cluster-role.yaml" + delete_after: true diff --git a/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml b/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml new file mode 100644 index 000000000..874b89e52 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml @@ -0,0 +1,27 @@ +--- +- name: Generating serviceaccounts for hawkular metrics/cassandra + template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-sa.yaml + vars: + obj_name: "{{item.name}}" + labels: + metrics-infra: support + secrets: + - hawkular-{{item.secret}}-secrets + with_items: + - name: hawkular + secret: hawkular-metrics-secrets + - name: cassandra + secret: hawkular-cassandra-secrets + changed_when: no + +- name: Set serviceaccounts for hawkular metrics/cassandra + oc_obj: + name: "{{ item }}" + kind: serviceaccount + namespace: "{{ openshift_metrics_project }}" + files: + - "{{ mktemp.stdout }}/templates/metrics-{{ item }}-sa.yaml" + delete_after: true + with_items: + - hawkular + - cassandra diff --git a/roles/openshift_metrics/tasks/generate_services.yaml b/roles/openshift_metrics/tasks/generate_services.yaml new file mode 100644 index 000000000..47d3c5c2e --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_services.yaml @@ -0,0 +1,33 @@ +--- +- name: Generate service for hawkular-metrics + template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml + vars: + obj_name: hawkular-metrics + ports: + - {port: 443, targetPort: https-endpoint} + selector: + name: "{{obj_name}}" + labels: + metrics-infra: "{{obj_name}}" + name: "{{obj_name}}" + changed_when: no + +- name: Generate services for cassandra + template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml + vars: + obj_name: hawkular-{{item}} + ports: + - {name: cql-port, port: 9042, targetPort: cql-port} + - {name: thrift-port, port: 9160, targetPort: thrift-port} + - {name: tcp-port, port: 7000, targetPort: tcp-port} + - {name: ssl-port, port: 7001, targetPort: ssl-port} + selector: + type: hawkular-cassandra + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra + headless: "{{ item == 'cassandra-nodes' }}" + with_items: + - cassandra + - cassandra-nodes + changed_when: no diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml new file mode 100644 index 000000000..48584bd64 --- /dev/null +++ b/roles/openshift_metrics/tasks/install_cassandra.yaml @@ -0,0 +1,60 @@ +--- +- shell: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get rc hawkular-cassandra-{{node}} -o jsonpath='{.spec.replicas}' || echo 0 + vars: + node: "{{ item }}" + register: cassandra_replica_count + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + changed_when: false + failed_when: false + +- name: generate hawkular-cassandra replication controllers + template: + src: hawkular_cassandra_rc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-rc{{ item }}.yaml" + vars: + node: "{{ item }}" + master: "{{ (item == '1')|string|lower }}" + replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}" + node_selector: "{{openshift_metrics_cassandra_nodeselector | default('') }}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + changed_when: false + +- set_fact: openshift_metrics_cassandra_pvc_prefix="hawkular-metrics" + when: "not openshift_metrics_cassandra_pvc_prefix or openshift_metrics_cassandra_pvc_prefix == ''" + +- name: generate hawkular-cassandra persistent volume claims + template: + src: pvc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" + vars: + obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}" + labels: + metrics-infra: hawkular-cassandra + access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}" + size: "{{ openshift_metrics_cassandra_pvc_size }}" + pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}" + storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + when: + - openshift_metrics_cassandra_storage_type != 'emptydir' + - openshift_metrics_cassandra_storage_type != 'dynamic' + changed_when: false + +- name: generate hawkular-cassandra persistent volume claims (dynamic) + template: + src: pvc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" + vars: + obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}" + labels: + metrics-infra: hawkular-cassandra + access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}" + size: "{{ openshift_metrics_cassandra_pvc_size }}" + pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}" + storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + when: openshift_metrics_cassandra_storage_type == 'dynamic' + changed_when: false diff --git a/roles/openshift_metrics/tasks/install_hawkular.yaml b/roles/openshift_metrics/tasks/install_hawkular.yaml new file mode 100644 index 000000000..b63f5ca8c --- /dev/null +++ b/roles/openshift_metrics/tasks/install_hawkular.yaml @@ -0,0 +1,56 @@ +--- +- command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get rc hawkular-metrics -o jsonpath='{.spec.replicas}' + register: hawkular_metrics_replica_count + failed_when: false + changed_when: false + +- name: generate hawkular-metrics replication controller + template: + src: hawkular_metrics_rc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_rc.yaml" + vars: + replica_count: "{{hawkular_metrics_replica_count.stdout | default(0)}}" + node_selector: "{{openshift_metrics_hawkular_nodeselector | default('') }}" + changed_when: false + +- name: read hawkular-metrics route destination ca certificate + slurp: src={{ mktemp.stdout }}/ca.crt + register: metrics_route_dest_ca_cert + changed_when: false + +- block: + - set_fact: hawkular_key={{ lookup('file', openshift_metrics_hawkular_key) }} + when: openshift_metrics_hawkular_key | exists + changed_when: false + + - set_fact: hawkular_cert={{ lookup('file', openshift_metrics_hawkular_cert) }} + when: openshift_metrics_hawkular_cert | exists + changed_when: false + + - set_fact: hawkular_ca={{ lookup('file', openshift_metrics_hawkular_ca) }} + when: openshift_metrics_hawkular_ca | exists + changed_when: false + + - name: generate the hawkular-metrics route + template: + src: route.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-route.yaml" + vars: + name: hawkular-metrics + annotations: "{{ openshift_metrics_hawkular_route_annotations }}" + labels: + metrics-infra: hawkular-metrics + host: "{{ openshift_metrics_hawkular_hostname }}" + to: + kind: Service + name: hawkular-metrics + tls: + termination: reencrypt + key: "{{ hawkular_key | default('') }}" + certificate: "{{ hawkular_cert | default('') }}" + ca_certificate: "{{ hawkular_ca | default('') }}" + destination_ca_certificate: "{{ metrics_route_dest_ca_cert.content | b64decode }}" + changed_when: false diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml new file mode 100644 index 000000000..0eb852d91 --- /dev/null +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -0,0 +1,69 @@ +--- +- command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get rc heapster -o jsonpath='{.spec.replicas}' + register: heapster_replica_count + failed_when: false + changed_when: no + +- name: Generate heapster replication controller + template: src=heapster.j2 dest={{mktemp.stdout}}/templates/metrics-heapster-rc.yaml + vars: + replica_count: "{{heapster_replica_count.stdout | default(0)}}" + node_selector: "{{openshift_metrics_heapster_nodeselector | default('') }}" + changed_when: no + +- set_fact: + heapster_sa_secrets: ["heapster-secrets"] + +- set_fact: + heapster_sa_secrets: "{{ heapster_sa_secrets + [item] }}" + with_items: + - hawkular-metrics-certs + - hawkular-metrics-account + when: not openshift_metrics_heapster_standalone | bool + +- name: Generating serviceaccount for heapster + template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-sa.yaml + vars: + obj_name: heapster + labels: + metrics-infra: support + secrets: "{{ heapster_sa_secrets }}" + changed_when: no + +- name: Generate service for heapster + template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml + vars: + obj_name: heapster + ports: + - {port: 80, targetPort: http-endpoint} + selector: + name: "{{obj_name}}" + annotations: + service.alpha.openshift.io/serving-cert-secret-name: heapster-certs + labels: + metrics-infra: "{{obj_name}}" + name: "{{obj_name}}" + changed_when: no + +- name: generate cluster-reader role binding for the heapster service account + template: + src: rolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/heapster-rolebinding.yaml" + vars: + cluster: True + obj_name: heapster-cluster-reader + labels: + metrics-infra: heapster + roleRef: + kind: ClusterRole + name: cluster-reader + subjects: + - kind: ServiceAccount + name: heapster + namespace: "{{ openshift_metrics_project }}" + changed_when: no + +- include: generate_heapster_secrets.yaml diff --git a/roles/openshift_metrics/tasks/install_hosa.yaml b/roles/openshift_metrics/tasks/install_hosa.yaml new file mode 100644 index 000000000..7c9bc26d0 --- /dev/null +++ b/roles/openshift_metrics/tasks/install_hosa.yaml @@ -0,0 +1,44 @@ +--- +- name: Generate Hawkular Agent (HOSA) Cluster Role + template: + src: hawkular_openshift_agent_role.j2 + dest: "{{mktemp.stdout}}/templates/metrics-hawkular-openshift-agent-role.yaml" + changed_when: no + +- name: Generate Hawkular Agent (HOSA) Service Account + template: + src: hawkular_openshift_agent_sa.j2 + dest: "{{mktemp.stdout}}/templates/metrics-hawkular-openshift-agent-sa.yaml" + changed_when: no + +- name: Generate Hawkular Agent (HOSA) Daemon Set + template: + src: hawkular_openshift_agent_ds.j2 + dest: "{{mktemp.stdout}}/templates/metrics-hawkular-openshift-agent-ds.yaml" + vars: + node_selector: "{{openshift_metrics_hawkular_agent_nodeselector | default('') }}" + changed_when: no + +- name: Generate the Hawkular Agent (HOSA) Configmap + template: + src: hawkular_openshift_agent_cm.j2 + dest: "{{mktemp.stdout}}/templates/metrics-hawkular-openshift-agent-cm.yaml" + changed_when: no + +- name: Generate role binding for the hawkular-openshift-agent service account + template: + src: rolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/metrics-hawkular-openshift-agent-rolebinding.yaml" + vars: + cluster: True + obj_name: hawkular-openshift-agent-rb + labels: + metrics-infra: hawkular-agent + roleRef: + kind: ClusterRole + name: hawkular-openshift-agent + subjects: + - kind: ServiceAccount + name: hawkular-openshift-agent + namespace: "{{openshift_metrics_hawkular_agent_namespace}}" + changed_when: no diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml new file mode 100644 index 000000000..fdf4ae57f --- /dev/null +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -0,0 +1,90 @@ +--- +- include: pre_install.yaml + +- name: Install Metrics + include: "{{ role_path }}/tasks/install_{{ include_file }}.yaml" + with_items: + - support + - heapster + - hawkular + - cassandra + loop_control: + loop_var: include_file + when: not openshift_metrics_heapster_standalone | bool + +- name: Install Heapster Standalone + include: install_heapster.yaml + when: openshift_metrics_heapster_standalone | bool + +- name: Install Hawkular OpenShift Agent (HOSA) + include: install_hosa.yaml + when: openshift_metrics_install_hawkular_agent | default(false) | bool + +- find: + paths: "{{ mktemp.stdout }}/templates" + patterns: "^(?!metrics-hawkular-openshift-agent).*.yaml" + use_regex: true + register: object_def_files + changed_when: no + +- slurp: + src: "{{item.path}}" + register: object_defs + with_items: "{{object_def_files.files}}" + changed_when: no + +- name: Create objects + include: oc_apply.yaml + vars: + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + namespace: "{{ openshift_metrics_project }}" + file_name: "{{ item.source }}" + file_content: "{{ item.content | b64decode | from_yaml }}" + with_items: "{{ object_defs.results }}" + +- find: + paths: "{{ mktemp.stdout }}/templates" + patterns: "^metrics-hawkular-openshift-agent.*.yaml" + use_regex: true + register: hawkular_agent_object_def_files + when: openshift_metrics_install_hawkular_agent | bool + changed_when: no + +- slurp: + src: "{{item.path}}" + register: hawkular_agent_object_defs + with_items: "{{ hawkular_agent_object_def_files.files }}" + when: openshift_metrics_install_hawkular_agent | bool + changed_when: no + +- name: Create Hawkular Agent objects + include: oc_apply.yaml + vars: + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + namespace: "{{ openshift_metrics_hawkular_agent_namespace }}" + file_name: "{{ item.source }}" + file_content: "{{ item.content | b64decode | from_yaml }}" + with_items: "{{ hawkular_agent_object_defs.results }}" + when: openshift_metrics_install_hawkular_agent | bool + +- include: update_master_config.yaml + +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra + -o name + -n {{openshift_metrics_project}} + register: existing_metrics_rc + changed_when: no + +- name: Scaling down cluster to recognize changes + include: stop_metrics.yaml + when: existing_metrics_rc.stdout_lines | length > 0 + +- name: Scaling up cluster + include: start_metrics.yaml + tags: openshift_metrics_start_cluster + when: + - openshift_metrics_start_cluster | default(true) | bool diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml new file mode 100644 index 000000000..584e3be05 --- /dev/null +++ b/roles/openshift_metrics/tasks/install_support.yaml @@ -0,0 +1,25 @@ +--- +- name: Check control node to see if htpasswd is installed + local_action: command which htpasswd + register: htpasswd_check + failed_when: no + changed_when: no + become: false + +- fail: msg="'htpasswd' is unavailable. Please install httpd-tools on the control node" + when: htpasswd_check.rc == 1 + +- name: Check control node to see if keytool is installed + local_action: command which keytool + register: keytool_check + failed_when: no + changed_when: no + become: false + +- fail: msg="'keytool' is unavailable. Please install java-1.8.0-openjdk-headless on the control node" + when: keytool_check.rc == 1 + +- include: generate_certificates.yaml +- include: generate_serviceaccounts.yaml +- include: generate_services.yaml +- include: generate_rolebindings.yaml diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml new file mode 100644 index 000000000..10509fc1e --- /dev/null +++ b/roles/openshift_metrics/tasks/main.yaml @@ -0,0 +1,62 @@ +--- +- local_action: shell python -c 'import passlib' 2>/dev/null || echo not installed + register: passlib_result + become: false + +- name: Check that python-passlib is available on the control host + assert: + that: + - "'not installed' not in passlib_result.stdout" + msg: "python-passlib rpm must be installed on control host" + +- name: Set default image variables based on deployment_type + include_vars: "{{ item }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + +- name: Set metrics image facts + set_fact: + openshift_metrics_image_prefix: "{{ openshift_metrics_image_prefix | default(__openshift_metrics_image_prefix) }}" + openshift_metrics_image_version: "{{ openshift_metrics_image_version | default(__openshift_metrics_image_version) }}" + +- name: Create temp directory for doing work in on target + command: mktemp -td openshift-metrics-ansible-XXXXXX + register: mktemp + changed_when: False + +- name: Create temp directory for all our templates + file: path={{mktemp.stdout}}/templates state=directory mode=0755 + changed_when: False + when: openshift_metrics_install_metrics | bool + +- name: Create temp directory local on control node + local_action: command mktemp -d + register: local_tmp + changed_when: False + become: false + +- name: Copy the admin client config(s) + command: > + cp {{ openshift.common.config_base}}/master/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + check_mode: no + tags: metrics_init + +- include: install_metrics.yaml + when: + - openshift_metrics_install_metrics | bool + +- include: uninstall_metrics.yaml + when: + - not openshift_metrics_install_metrics | bool + +- include: uninstall_hosa.yaml + when: not openshift_metrics_install_hawkular_agent | bool + +- name: Delete temp directory + local_action: file path=local_tmp.stdout state=absent + tags: metrics_cleanup + changed_when: False + check_mode: no + become: false diff --git a/roles/openshift_metrics/tasks/oc_apply.yaml b/roles/openshift_metrics/tasks/oc_apply.yaml new file mode 100644 index 000000000..1e1af40e8 --- /dev/null +++ b/roles/openshift_metrics/tasks/oc_apply.yaml @@ -0,0 +1,32 @@ +--- +- name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}} + command: > + {{ openshift.common.client_binary }} + --config={{ kubeconfig }} + get {{file_content.kind}} {{file_content.metadata.name}} + -o jsonpath='{.metadata.resourceVersion}' + -n {{namespace}} + register: generation_init + failed_when: false + changed_when: no + +- name: Applying {{file_name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + apply -f {{ file_name }} + -n {{namespace}} + register: generation_apply + failed_when: "'error' in generation_apply.stderr" + changed_when: no + +- name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + get {{file_content.kind}} {{file_content.metadata.name}} + -o jsonpath='{.metadata.resourceVersion}' + -n {{namespace}} + register: version_changed + vars: + init_version: "{{ (generation_init is defined) | ternary(generation_init.stdout, '0') }}" + failed_when: "'error' in version_changed.stderr" + changed_when: version_changed.stdout | int > init_version | int diff --git a/roles/openshift_metrics/tasks/pre_install.yaml b/roles/openshift_metrics/tasks/pre_install.yaml new file mode 100644 index 000000000..d6756f9b9 --- /dev/null +++ b/roles/openshift_metrics/tasks/pre_install.yaml @@ -0,0 +1,21 @@ +--- +- name: Check that hawkular_metrics_hostname is set + fail: msg='the openshift_metrics_hawkular_hostname variable is required' + when: openshift_metrics_hawkular_hostname is not defined + +- name: Check the value of openshift_metrics_cassandra_storage_type + fail: + msg: > + openshift_metrics_cassandra_storage_type ({{ openshift_metrics_cassandra_storage_type }}) + is invalid, must be one of: emptydir, pv, dynamic + when: + - openshift_metrics_cassandra_storage_type not in openshift_metrics_cassandra_storage_types + - not (openshift_metrics_heapster_standalone | bool) + +- name: list existing secrets + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get secrets -o name + register: metrics_secrets + changed_when: false diff --git a/roles/openshift_metrics/tasks/setup_certificate.yaml b/roles/openshift_metrics/tasks/setup_certificate.yaml new file mode 100644 index 000000000..2d880f4d6 --- /dev/null +++ b/roles/openshift_metrics/tasks/setup_certificate.yaml @@ -0,0 +1,43 @@ +--- +- name: generate {{ component }} keys + command: > + {{ openshift.common.client_binary }} adm ca create-server-cert + --config={{ mktemp.stdout }}/admin.kubeconfig + --key='{{ mktemp.stdout }}/{{ component }}.key' + --cert='{{ mktemp.stdout }}/{{ component }}.crt' + --hostnames='{{ hostnames }}' + --signer-cert='{{ mktemp.stdout }}/ca.crt' + --signer-key='{{ mktemp.stdout }}/ca.key' + --signer-serial='{{ mktemp.stdout }}/ca.serial.txt' + +- slurp: src={{item}} + register: component_certs + with_items: + - '{{ mktemp.stdout | quote }}/{{ component|quote }}.key' + - '{{ mktemp.stdout | quote }}/{{ component|quote }}.crt' + +- name: generate {{ component }} certificate + copy: + dest: '{{ mktemp.stdout }}/{{ component }}.pem' + content: "{{ component_certs.results | map(attribute='content') | map('b64decode') | join('') }}" + +- name: generate random password for the {{ component }} keystore + copy: + content: "{{ 15 | oo_random_word }}" + dest: '{{ mktemp.stdout }}/{{ component }}-keystore.pwd' + +- slurp: src={{ mktemp.stdout | quote }}/{{ component|quote }}-keystore.pwd + register: keystore_password + +- name: create the {{ component }} pkcs12 from the pem file + command: > + openssl pkcs12 -export + -in '{{ mktemp.stdout }}/{{ component }}.pem' + -out '{{ mktemp.stdout }}/{{ component }}.pkcs12' + -name '{{ component }}' -noiter -nomaciter + -password 'pass:{{keystore_password.content | b64decode }}' + +- name: generate random password for the {{ component }} truststore + copy: + content: "{{ 15 | oo_random_word }}" + dest: '{{ mktemp.stdout | quote }}/{{ component|quote }}-truststore.pwd' diff --git a/roles/openshift_metrics/tasks/start_metrics.yaml b/roles/openshift_metrics/tasks/start_metrics.yaml new file mode 100644 index 000000000..2037e8dc3 --- /dev/null +++ b/roles/openshift_metrics/tasks/start_metrics.yaml @@ -0,0 +1,66 @@ +--- +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=hawkular-cassandra + -o name + -n {{openshift_metrics_project}} + register: metrics_cassandra_rc + changed_when: no + +- name: Start Hawkular Cassandra + oc_scale: + kind: rc + name: "{{object.split('/')[1]}}" + kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig" + namespace: "{{openshift_metrics_project}}" + replicas: 1 + with_items: "{{metrics_cassandra_rc.stdout_lines}}" + loop_control: + loop_var: object + when: metrics_cassandra_rc is defined + changed_when: metrics_cassandra_rc | length > 0 + +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=hawkular-metrics + -o name + -n {{openshift_metrics_project}} + register: metrics_metrics_rc + changed_when: no + +- name: Start Hawkular Metrics + oc_scale: + kind: rc + name: "{{object.split('/')[1]}}" + kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig" + namespace: "{{openshift_metrics_project}}" + replicas: "{{openshift_metrics_hawkular_replicas}}" + with_items: "{{metrics_metrics_rc.stdout_lines}}" + loop_control: + loop_var: object + changed_when: metrics_metrics_rc | length > 0 + +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=heapster + -o name + -n {{openshift_metrics_project}} + register: metrics_heapster_rc + changed_when: no + +- name: Start Heapster + oc_scale: + kind: rc + name: "{{object.split('/')[1]}}" + kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig" + namespace: "{{openshift_metrics_project}}" + replicas: 1 + with_items: "{{metrics_heapster_rc.stdout_lines}}" + loop_control: + loop_var: object diff --git a/roles/openshift_metrics/tasks/stop_metrics.yaml b/roles/openshift_metrics/tasks/stop_metrics.yaml new file mode 100644 index 000000000..9a2ce9267 --- /dev/null +++ b/roles/openshift_metrics/tasks/stop_metrics.yaml @@ -0,0 +1,66 @@ +--- +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=heapster + -o name + -n {{openshift_metrics_project}} + register: metrics_heapster_rc + changed_when: "'No resources found' not in metrics_heapster_rc.stderr" + check_mode: no + +- name: Stop Heapster + oc_scale: + kind: rc + name: "{{object.split('/')[1]}}" + kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig" + namespace: "{{openshift_metrics_project}}" + replicas: 0 + with_items: "{{metrics_heapster_rc.stdout_lines}}" + loop_control: + loop_var: object + +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=hawkular-metrics + -o name + -n {{openshift_metrics_project}} + register: metrics_hawkular_rc + changed_when: "'No resources found' not in metrics_hawkular_rc.stderr" + +- name: Stop Hawkular Metrics + oc_scale: + kind: rc + name: "{{object.split('/')[1]}}" + kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig" + namespace: "{{openshift_metrics_project}}" + replicas: 0 + with_items: "{{metrics_hawkular_rc.stdout_lines}}" + loop_control: + loop_var: object + changed_when: metrics_hawkular_rc | length > 0 + +- command: > + {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -o name + -l metrics-infra=hawkular-cassandra + -n {{openshift_metrics_project}} + register: metrics_cassandra_rc + changed_when: "'No resources found' not in metrics_cassandra_rc.stderr" + +- name: Stop Hawkular Cassandra + oc_scale: + kind: rc + name: "{{object.split('/')[1]}}" + kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig" + namespace: "{{openshift_metrics_project}}" + replicas: 0 + with_items: "{{metrics_cassandra_rc.stdout_lines}}" + loop_control: + loop_var: object + when: metrics_cassandra_rc is defined + changed_when: metrics_cassandra_rc | length > 0 diff --git a/roles/openshift_metrics/tasks/uninstall_hosa.yaml b/roles/openshift_metrics/tasks/uninstall_hosa.yaml new file mode 100644 index 000000000..42ed02460 --- /dev/null +++ b/roles/openshift_metrics/tasks/uninstall_hosa.yaml @@ -0,0 +1,15 @@ +--- +- name: remove Hawkular Agent (HOSA) components + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_hawkular_agent_namespace }} --config={{ mktemp.stdout }}/admin.kubeconfig + delete --ignore-not-found --selector=metrics-infra=agent + all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings + register: delete_metrics + changed_when: delete_metrics.stdout != 'No resources found' + +- name: remove rolebindings + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_hawkular_agent_namespace }} --config={{ mktemp.stdout }}/admin.kubeconfig + delete --ignore-not-found + clusterrolebinding/hawkular-openshift-agent-rb + changed_when: delete_metrics.stdout != 'No resources found' diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml new file mode 100644 index 000000000..403b1252c --- /dev/null +++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml @@ -0,0 +1,20 @@ +--- +- name: stop metrics + include: stop_metrics.yaml + +- name: remove metrics components + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig + delete --ignore-not-found --selector=metrics-infra + all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings,clusterrole + register: delete_metrics + changed_when: delete_metrics.stdout != 'No resources found' + +- name: remove rolebindings + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig + delete --ignore-not-found + rolebinding/hawkular-view + clusterrolebinding/heapster-cluster-reader + clusterrolebinding/hawkular-metrics + changed_when: delete_metrics.stdout != 'No resources found' diff --git a/roles/openshift_metrics/tasks/update_master_config.yaml b/roles/openshift_metrics/tasks/update_master_config.yaml new file mode 100644 index 000000000..5059d8d94 --- /dev/null +++ b/roles/openshift_metrics/tasks/update_master_config.yaml @@ -0,0 +1,11 @@ +--- +- name: Adding metrics route information to metricsPublicURL + modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: assetConfig.metricsPublicURL + yaml_value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics" + notify: + - restart master api + - restart master controllers + tags: + - update_master_config diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 new file mode 100644 index 000000000..6f341bcfb --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -0,0 +1,136 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: hawkular-cassandra-{{ node }} + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra + type: hawkular-cassandra +spec: + selector: + name: hawkular-cassandra-{{ node }} + replicas: {{replica_count}} + template: + version: v1 + metadata: + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra-{{ node }} + type: hawkular-cassandra + spec: + serviceAccount: cassandra + securityContext: + supplementalGroups: + - {{openshift_metrics_cassandra_storage_group}} +{% if node_selector is iterable and node_selector | length > 0 %} + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} + containers: + - image: "{{ openshift_metrics_image_prefix }}metrics-cassandra:{{ openshift_metrics_image_version }}" + imagePullPolicy: Always + name: hawkular-cassandra-{{ node }} + ports: + - name: cql-port + containerPort: 9042 + - name: thift-port + containerPort: 9160 + - name: tcp-port + containerPort: 7000 + - name: ssl-port + containerPort: 7001 + command: + - "/opt/apache-cassandra/bin/cassandra-docker.sh" + - "--cluster_name=hawkular-metrics" + - "--data_volume=/cassandra_data" + - "--internode_encryption=all" + - "--require_node_auth=true" + - "--enable_client_encryption=true" + - "--require_client_auth=true" + env: + - name: CASSANDRA_MASTER + value: "{{ master }}" + - name: CASSANDRA_DATA_VOLUME + value: "/cassandra_data" + - name: JVM_OPTS + value: "-Dcassandra.commitlog.ignorereplayerrors=true" + - name: ENABLE_PROMETHEUS_ENDPOINT + value: "{{ openshift_metrics_cassandra_enable_prometheus_endpoint }}" + - name: TRUSTSTORE_NODES_AUTHORITIES + value: "/hawkular-cassandra-certs/tls.peer.truststore.crt" + - name: TRUSTSTORE_CLIENT_AUTHORITIES + value: "/hawkular-cassandra-certs/tls.client.truststore.crt" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MEMORY_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: 1m + volumeMounts: + - name: cassandra-data + mountPath: "/cassandra_data" + - name: hawkular-cassandra-certs + mountPath: "/hawkular-cassandra-certs" +{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none) + or (openshift_metrics_cassandra_limits_memory is defined and openshift_metrics_cassandra_limits_memory is not none) + or (openshift_metrics_cassandra_requests_cpu is defined and openshift_metrics_cassandra_requests_cpu is not none) + or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_cassandra_limits_cpu is not none + or openshift_metrics_cassandra_limits_memory is not none) +%} + limits: +{% if openshift_metrics_cassandra_limits_cpu is not none %} + cpu: "{{openshift_metrics_cassandra_limits_cpu}}" +{% endif %} +{% if openshift_metrics_cassandra_limits_memory is not none %} + memory: "{{openshift_metrics_cassandra_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_cassandra_requests_cpu is not none + or openshift_metrics_cassandra_requests_memory is not none) +%} + requests: +{% if openshift_metrics_cassandra_requests_cpu is not none %} + cpu: "{{openshift_metrics_cassandra_requests_cpu}}" +{% endif %} +{% if openshift_metrics_cassandra_requests_memory is not none %} + memory: "{{openshift_metrics_cassandra_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} + readinessProbe: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-docker-ready.sh" + lifecycle: + preStop: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-prestop.sh" + postStart: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-poststart.sh" + terminationGracePeriodSeconds: 1800 + volumes: + - name: cassandra-data +{% if openshift_metrics_cassandra_storage_type == 'emptydir' %} + emptyDir: {} +{% else %} + persistentVolumeClaim: + claimName: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ node }}" +{% endif %} + - name: hawkular-cassandra-certs + secret: + secretName: hawkular-cassandra-certs diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 new file mode 100644 index 000000000..59f7fb44a --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -0,0 +1,128 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: hawkular-metrics + labels: + metrics-infra: hawkular-metrics + name: hawkular-metrics +spec: + selector: + name: hawkular-metrics + replicas: {{replica_count}} + template: + version: v1 + metadata: + labels: + metrics-infra: hawkular-metrics + name: hawkular-metrics + spec: + serviceAccount: hawkular +{% if node_selector is iterable and node_selector | length > 0 %} + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} + containers: + - image: {{openshift_metrics_image_prefix}}metrics-hawkular-metrics:{{openshift_metrics_image_version}} + imagePullPolicy: Always + name: hawkular-metrics + ports: + - name: http-endpoint + containerPort: 8080 + - name: https-endpoint + containerPort: 8443 + - name: ping + containerPort: 8888 + command: + - "/opt/hawkular/scripts/hawkular-metrics-wrapper.sh" + - "-b" + - 0.0.0.0 + - "-Dhawkular.metrics.cassandra.nodes=hawkular-cassandra" + - "-Dhawkular.metrics.cassandra.use-ssl" + - "-Dhawkular.metrics.openshift.auth-methods=openshift-oauth,htpasswd" + - "-Dhawkular.metrics.openshift.htpasswd-file=/hawkular-account/hawkular-metrics.htpasswd" + - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization" + - "-Dhawkular.metrics.default-ttl={{openshift_metrics_duration}}" + - "-Dhawkular.metrics.admin-tenant=_hawkular_admin" + - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra" + - "-Dhawkular-alerts.cassandra-use-ssl" + - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd" + - "-Dhawkular.alerts.openshift.htpasswd-file=/hawkular-account/hawkular-metrics.htpasswd" + - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization" + - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" + - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" + - "-Dcom.datastax.driver.FORCE_NIO=true" + - "-DKUBERNETES_MASTER_URL={{openshift_metrics_master_url}}" + - "-DUSER_WRITE_ACCESS={{openshift_metrics_hawkular_user_write_access}}" + - "-Dhawkular.metrics.jmx-reporting-enabled" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MASTER_URL + value: "{{ openshift_metrics_master_url }}" + - name: JGROUPS_PASSWORD + value: "{{ 17 | oo_random_word }}" + - name: TRUSTSTORE_AUTHORITIES + value: "/hawkular-metrics-certs/tls.truststore.crt" + - name: ENABLE_PROMETHEUS_ENDPOINT + value: "{{ openshift_metrics_hawkular_enable_prometheus_endpoint }}" + - name: OPENSHIFT_KUBE_PING_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPENSHIFT_KUBE_PING_LABELS + value: "metrics-infra=hawkular-metrics,name=hawkular-metrics" + - name: STARTUP_TIMEOUT + value: "{{ openshift_metrics_startup_timeout }}" + volumeMounts: + - name: hawkular-metrics-certs + mountPath: "/hawkular-metrics-certs" + - name: hawkular-metrics-account + mountPath: "/hawkular-account" +{% if ((openshift_metrics_hawkular_limits_cpu is defined and openshift_metrics_hawkular_limits_cpu is not none) + or (openshift_metrics_hawkular_limits_memory is defined and openshift_metrics_hawkular_limits_memory is not none) + or (openshift_metrics_hawkular_requests_cpu is defined and openshift_metrics_hawkular_requests_cpu is not none) + or (openshift_metrics_hawkular_requests_memory is defined and openshift_metrics_hawkular_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_hawkular_limits_cpu is not none + or openshift_metrics_hawkular_limits_memory is not none) +%} + limits: +{% if openshift_metrics_hawkular_limits_cpu is not none %} + cpu: "{{openshift_metrics_hawkular_limits_cpu}}" +{% endif %} +{% if openshift_metrics_hawkular_limits_memory is not none %} + memory: "{{openshift_metrics_hawkular_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_hawkular_requests_cpu is not none + or openshift_metrics_hawkular_requests_memory is not none) +%} + requests: +{% if openshift_metrics_hawkular_requests_cpu is not none %} + cpu: "{{openshift_metrics_hawkular_requests_cpu}}" +{% endif %} +{% if openshift_metrics_hawkular_requests_memory is not none %} + memory: "{{openshift_metrics_hawkular_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} + readinessProbe: + exec: + command: + - "/opt/hawkular/scripts/hawkular-metrics-readiness.py" + livenessProbe: + exec: + command: + - "/opt/hawkular/scripts/hawkular-metrics-liveness.py" + volumes: + - name: hawkular-metrics-certs + secret: + secretName: hawkular-metrics-certs + - name: hawkular-metrics-account + secret: + secretName: hawkular-metrics-account diff --git a/roles/openshift_metrics/templates/hawkular_metrics_role.j2 b/roles/openshift_metrics/templates/hawkular_metrics_role.j2 new file mode 100644 index 000000000..6c9dbf5d6 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_metrics_role.j2 @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ClusterRole +metadata: + name: hawkular-metrics + labels: + metrics-infra: hawkular-metrics +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - list + - get + - watch diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_cm.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_cm.j2 new file mode 100644 index 000000000..bf472c066 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_cm.j2 @@ -0,0 +1,54 @@ +id: hawkular-openshift-agent +kind: ConfigMap +apiVersion: v1 +name: Hawkular OpenShift Agent Configuration +metadata: + name: hawkular-openshift-agent-configuration + labels: + metrics-infra: agent + namespace: {{openshift_metrics_hawkular_agent_namespace}} +data: + config.yaml: | + kubernetes: + tenant: ${POD:namespace_name} + hawkular_server: + url: https://hawkular-metrics.openshift-infra.svc.cluster.local + credentials: + username: secret:openshift-infra/hawkular-metrics-account/hawkular-metrics.username + password: secret:openshift-infra/hawkular-metrics-account/hawkular-metrics.password + ca_cert_file: secret:openshift-infra/hawkular-metrics-certs/ca.crt + emitter: + status_enabled: false + collector: + minimum_collection_interval: 10s + default_collection_interval: 30s + metric_id_prefix: pod/${POD:uid}/custom/ + tags: + metric_name: ${METRIC:name} + description: ${METRIC:description} + units: ${METRIC:units} + namespace_id: ${POD:namespace_uid} + namespace_name: ${POD:namespace_name} + node_name: ${POD:node_name} + pod_id: ${POD:uid} + pod_ip: ${POD:ip} + pod_name: ${POD:name} + pod_namespace: ${POD:namespace_name} + hostname: ${POD:hostname} + host_ip: ${POD:host_ip} + labels: ${POD:labels} + type: pod + collector: hawkular_openshift_agent + custom_metric: true + hawkular-openshift-agent: | + endpoints: + - type: prometheus + protocol: "http" + port: 8080 + path: /metrics + collection_interval: 30s + metrics: + - name: hawkular_openshift_agent_metric_data_points_collected_total + - name: hawkular_openshift_agent_monitored_endpoints + - name: hawkular_openshift_agent_monitored_pods + - name: hawkular_openshift_agent_monitored_metrics diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 new file mode 100644 index 000000000..d65eaf9ae --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 @@ -0,0 +1,91 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: hawkular-openshift-agent + labels: + name: hawkular-openshift-agent + metrics-infra: agent + namespace: {{openshift_metrics_hawkular_agent_namespace}} +spec: + selector: + matchLabels: + name: hawkular-openshift-agent + template: + metadata: + labels: + name: hawkular-openshift-agent + metrics-infra: agent + spec: + serviceAccount: hawkular-openshift-agent +{% if node_selector is iterable and node_selector | length > 0 %} + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} + containers: + - image: {{openshift_metrics_image_prefix}}metrics-hawkular-openshift-agent:{{openshift_metrics_image_version}} + imagePullPolicy: Always + name: hawkular-openshift-agent +{% if ((openshift_metrics_hawkular_agent_limits_cpu is defined and openshift_metrics_hawkular_agent_limits_cpu is not none) + or (openshift_metrics_hawkular_agent_limits_memory is defined and openshift_metrics_hawkular_agent_limits_memory is not none) + or (openshift_metrics_hawkular_agent_requests_cpu is defined and openshift_metrics_hawkular_agent_requests_cpu is not none) + or (openshift_metrics_hawkular_agent_requests_memory is defined and openshift_metrics_hawkular_agent_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_hawkular_agent_limits_cpu is not none + or openshift_metrics_hawkular_agent_limits_memory is not none) +%} + limits: +{% if openshift_metrics_hawkular_agent_limits_cpu is not none %} + cpu: "{{openshift_metrics_hawkular_agent_limits_cpu}}" +{% endif %} +{% if openshift_metrics_hawkular_agent_limits_memory is not none %} + memory: "{{openshift_metrics_hawkular_agent_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_hawkular_agent_requests_cpu is not none + or openshift_metrics_hawkular_agent_requests_memory is not none) +%} + requests: +{% if openshift_metrics_hawkular_agent_requests_cpu is not none %} + cpu: "{{openshift_metrics_hawkular_agent_requests_cpu}}" +{% endif %} +{% if openshift_metrics_hawkular_agent_requests_memory is not none %} + memory: "{{openshift_metrics_hawkular_agent_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} + + livenessProbe: + httpGet: + scheme: HTTP + path: /health + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + command: + - "hawkular-openshift-agent" + - "-config" + - "/hawkular-openshift-agent-configuration/config.yaml" + - "-v" + - "3" + env: + - name: K8S_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K8S_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: hawkular-openshift-agent-configuration + mountPath: "/hawkular-openshift-agent-configuration" + volumes: + - name: hawkular-openshift-agent-configuration + configMap: + name: hawkular-openshift-agent-configuration + - name: hawkular-openshift-agent + configMap: + name: hawkular-openshift-agent-configuration diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_role.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_role.j2 new file mode 100644 index 000000000..24b8cd801 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_role.j2 @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ClusterRole +metadata: + name: hawkular-openshift-agent + labels: + metrics-infra: agent +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + - nodes + - pods + - projects + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_sa.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_sa.j2 new file mode 100644 index 000000000..ec604d73c --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_sa.j2 @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hawkular-openshift-agent + labels: + metrics-infra: agent + namespace: {{openshift_metrics_hawkular_agent_namespace}} diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 new file mode 100644 index 000000000..d8c7763ea --- /dev/null +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -0,0 +1,110 @@ +apiVersion: "v1" +kind: "ReplicationController" +metadata: + name: heapster + labels: + metrics-infra: heapster + name: heapster +spec: + selector: + name: heapster + replicas: {{replica_count}} + template: + version: v1 + metadata: + name: heapster + labels: + metrics-infra: heapster + name: heapster + spec: + serviceAccountName: heapster +{% if node_selector is iterable and node_selector | length > 0 %} + nodeSelector: +{% for key, value in node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} + containers: + - name: heapster + image: {{openshift_metrics_image_prefix}}metrics-heapster:{{openshift_metrics_image_version}} + imagePullPolicy: Always + ports: + - containerPort: 8082 + name: "http-endpoint" + command: + - "heapster-wrapper.sh" + - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users" + - "--source=kubernetes.summary_api:${MASTER_URL}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" + - "--tls_cert=/heapster-certs/tls.crt" + - "--tls_key=/heapster-certs/tls.key" + - "--tls_client_ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + - "--allowed_users=%allowed_users%" + - "--metric_resolution={{openshift_metrics_resolution}}" +{% if not openshift_metrics_heapster_standalone %} + - "--wrapper.username_file=/hawkular-account/hawkular-metrics.username" + - "--wrapper.password_file=/hawkular-account/hawkular-metrics.password" + - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status" + - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{openshift_metrics_node_id}}&caCert=/hawkular-metrics-certs/tls.crt&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" +{% endif %} + env: + - name: STARTUP_TIMEOUT + value: "{{ openshift_metrics_startup_timeout }}" +{% if ((openshift_metrics_heapster_limits_cpu is defined and openshift_metrics_heapster_limits_cpu is not none) + or (openshift_metrics_heapster_limits_memory is defined and openshift_metrics_heapster_limits_memory is not none) + or (openshift_metrics_heapster_requests_cpu is defined and openshift_metrics_heapster_requests_cpu is not none) + or (openshift_metrics_heapster_requests_memory is defined and openshift_metrics_heapster_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_heapster_limits_cpu is not none + or openshift_metrics_heapster_limits_memory is not none) +%} + limits: +{% if openshift_metrics_heapster_limits_cpu is not none %} + cpu: "{{openshift_metrics_heapster_limits_cpu}}" +{% endif %} +{% if openshift_metrics_heapster_limits_memory is not none %} + memory: "{{openshift_metrics_heapster_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_heapster_requests_cpu is not none + or openshift_metrics_heapster_requests_memory is not none) +%} + requests: +{% if openshift_metrics_heapster_requests_cpu is not none %} + cpu: "{{openshift_metrics_heapster_requests_cpu}}" +{% endif %} +{% if openshift_metrics_heapster_requests_memory is not none %} + memory: "{{openshift_metrics_heapster_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} + volumeMounts: + - name: heapster-secrets + mountPath: "/secrets" + - name: heapster-certs + mountPath: "/heapster-certs" +{% if not openshift_metrics_heapster_standalone %} + - name: hawkular-metrics-certs + mountPath: "/hawkular-metrics-certs" + - name: hawkular-metrics-account + mountPath: "/hawkular-account" + readinessProbe: + exec: + command: + - "/opt/heapster-readiness.sh" +{% endif %} + volumes: + - name: heapster-secrets + secret: + secretName: heapster-secrets + - name: heapster-certs + secret: + secretName: heapster-certs +{% if not openshift_metrics_heapster_standalone %} + - name: hawkular-metrics-certs + secret: + secretName: hawkular-metrics-certs + - name: hawkular-metrics-account + secret: + secretName: hawkular-metrics-account +{% endif %} diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2 new file mode 100644 index 000000000..b4e6a1503 --- /dev/null +++ b/roles/openshift_metrics/templates/pvc.j2 @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "{{obj_name}}" +{% if labels is not defined %} + labels: + metrics-infra: support +{% elif labels %} + labels: +{% for key, value in labels.iteritems() %} + {{ key }}: {{ value }} +{% endfor %} +{% endif %} +{% if annotations is defined and annotations %} + annotations: +{% for key,value in annotations.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: +{% if pv_selector is defined and pv_selector is mapping %} + selector: + matchLabels: +{% for key,value in pv_selector.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} + accessModes: +{% for mode in access_modes %} + - {{ mode }} +{% endfor %} + resources: + requests: + storage: {{size}} +{% if storage_class_name is defined %} + storageClassName: {{ storage_class_name }} +{% endif %} diff --git a/roles/openshift_metrics/templates/rolebinding.j2 b/roles/openshift_metrics/templates/rolebinding.j2 new file mode 100644 index 000000000..5230f0780 --- /dev/null +++ b/roles/openshift_metrics/templates/rolebinding.j2 @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: {% if cluster is defined and cluster %}Cluster{% endif %}RoleBinding +metadata: + name: {{obj_name}} +{% if labels is defined %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +{% endif %} +roleRef: +{% if 'kind' in roleRef %} + kind: {{ roleRef.kind }} +{% endif %} + name: {{ roleRef.name }} +subjects: +{% for sub in subjects %} + - kind: {{ sub.kind }} + name: {{ sub.name }} +{% if 'namespace' in sub %} + namespace: {{ sub.namespace }} +{% endif %} +{% endfor %} diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2 new file mode 100644 index 000000000..253d6ecf5 --- /dev/null +++ b/roles/openshift_metrics/templates/route.j2 @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Route +metadata: + name: {{ name }} +{% if annotations is defined %} + annotations: {{ annotations | to_yaml }} +{% endif %} +{% if labels is defined and labels %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +{% endif %} +spec: + host: {{ host }} + to: + kind: {{ to.kind }} + name: {{ to.name }} +{% if tls is defined %} + tls: + termination: {{ tls.termination }} +{% if tls.ca_certificate is defined and tls.ca_certificate | length > 0 %} + caCertificate: | +{{ tls.ca_certificate|indent(6, true) }} +{% endif %} +{% if tls.key is defined and tls.key | length > 0 %} + key: | +{{ tls.key|indent(6, true) }} +{% endif %} +{% if tls.certificate is defined and tls.certificate | length > 0 %} + certificate: | +{{ tls.certificate|indent(6, true) }} +{% endif %} +{% if tls.termination == 'reencrypt' %} + destinationCACertificate: | +{{ tls.destination_ca_certificate|indent(6, true) }} +{% endif %} +{% endif %} diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2 new file mode 100644 index 000000000..5b9dba122 --- /dev/null +++ b/roles/openshift_metrics/templates/secret.j2 @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ name }}" +{% if annotations is defined%} + annotations: +{% for key, value in annotations.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +data: +{% for k, v in data.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2 new file mode 100644 index 000000000..ce0bc2eec --- /dev/null +++ b/roles/openshift_metrics/templates/service.j2 @@ -0,0 +1,38 @@ +apiVersion: "v1" +kind: "Service" +metadata: + name: "{{obj_name}}" +{% if annotations is defined%} + annotations: +{% for key, value in annotations.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: +{% if headless is defined and headless %} + portalIP: None + clusterIP: None +{% endif %} + ports: +{% for port in ports %} + - +{% for key, value in port.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% if port.targetPort is undefined %} + clusterIP: "None" +{% endif %} +{% endfor %} +{% if service_targetPort is defined %} + targetPort: {{service_targetPort}} +{% endif %} + selector: + {% for key, value in selector.iteritems() %} + {{key}}: {{value}} + {% endfor %} diff --git a/roles/openshift_metrics/templates/serviceaccount.j2 b/roles/openshift_metrics/templates/serviceaccount.j2 new file mode 100644 index 000000000..b22acc594 --- /dev/null +++ b/roles/openshift_metrics/templates/serviceaccount.j2 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{obj_name}} +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +{% if secrets is defined %} +secrets: +{% for name in secrets %} +- name: {{ name }} +{% endfor %} +{% endif %} diff --git a/roles/openshift_metrics/vars/default_images.yml b/roles/openshift_metrics/vars/default_images.yml new file mode 100644 index 000000000..8704ddfa0 --- /dev/null +++ b/roles/openshift_metrics/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_metrics_image_prefix: "docker.io/openshift/origin-" +__openshift_metrics_image_version: "latest" diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml new file mode 100644 index 000000000..47aa76dd2 --- /dev/null +++ b/roles/openshift_metrics/vars/main.yaml @@ -0,0 +1,11 @@ +--- +# +# These vars are generally considered private and not expected to be altered +# by end users +# + +openshift_metrics_cassandra_storage_types: +- emptydir +- pv +- dynamic +- nfs diff --git a/roles/openshift_metrics/vars/openshift-enterprise.yml b/roles/openshift_metrics/vars/openshift-enterprise.yml new file mode 100644 index 000000000..5a1728de5 --- /dev/null +++ b/roles/openshift_metrics/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_metrics_image_prefix: "registry.access.redhat.com/openshift3/" +__openshift_metrics_image_version: "v3.7" |