summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/lib_openshift/library/oc_adm_ca_server_cert.py6
-rw-r--r--roles/lib_openshift/library/oc_adm_manage_node.py (renamed from roles/lib_openshift/library/oadm_manage_node.py)20
-rw-r--r--roles/lib_openshift/library/oc_adm_policy_group.py6
-rw-r--r--roles/lib_openshift/library/oc_adm_policy_user.py6
-rw-r--r--roles/lib_openshift/library/oc_adm_registry.py21
-rw-r--r--roles/lib_openshift/library/oc_adm_router.py6
-rw-r--r--roles/lib_openshift/library/oc_configmap.py1577
-rw-r--r--roles/lib_openshift/library/oc_edit.py6
-rw-r--r--roles/lib_openshift/library/oc_env.py6
-rw-r--r--roles/lib_openshift/library/oc_group.py1560
-rw-r--r--roles/lib_openshift/library/oc_image.py1486
-rw-r--r--roles/lib_openshift/library/oc_label.py6
-rw-r--r--roles/lib_openshift/library/oc_obj.py6
-rw-r--r--roles/lib_openshift/library/oc_objectvalidator.py6
-rw-r--r--roles/lib_openshift/library/oc_process.py6
-rw-r--r--roles/lib_openshift/library/oc_project.py65
-rw-r--r--roles/lib_openshift/library/oc_pvc.py (renamed from roles/lib_openshift/library/oc_adm_registry.py.good)1464
-rw-r--r--roles/lib_openshift/library/oc_route.py6
-rw-r--r--roles/lib_openshift/library/oc_scale.py6
-rw-r--r--roles/lib_openshift/library/oc_secret.py6
-rw-r--r--roles/lib_openshift/library/oc_service.py6
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount.py6
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount_secret.py6
-rw-r--r--roles/lib_openshift/library/oc_user.py1714
-rw-r--r--roles/lib_openshift/library/oc_version.py6
-rw-r--r--roles/lib_openshift/library/oc_volume.py (renamed from roles/lib_openshift/library/oc_adm_registry.py.bak)1082
-rw-r--r--roles/lib_openshift/src/ansible/oc_adm_manage_node.py (renamed from roles/lib_openshift/src/ansible/oadm_manage_node.py)0
-rw-r--r--roles/lib_openshift/src/ansible/oc_configmap.py32
-rw-r--r--roles/lib_openshift/src/ansible/oc_group.py32
-rw-r--r--roles/lib_openshift/src/ansible/oc_image.py34
-rw-r--r--roles/lib_openshift/src/ansible/oc_pvc.py35
-rw-r--r--roles/lib_openshift/src/ansible/oc_user.py34
-rw-r--r--roles/lib_openshift/src/ansible/oc_volume.py41
-rw-r--r--roles/lib_openshift/src/class/oc_adm_manage_node.py (renamed from roles/lib_openshift/src/class/oadm_manage_node.py)0
-rw-r--r--roles/lib_openshift/src/class/oc_adm_registry.py8
-rw-r--r--roles/lib_openshift/src/class/oc_configmap.py187
-rw-r--r--roles/lib_openshift/src/class/oc_group.py148
-rw-r--r--roles/lib_openshift/src/class/oc_image.py91
-rw-r--r--roles/lib_openshift/src/class/oc_project.py59
-rw-r--r--roles/lib_openshift/src/class/oc_pvc.py167
-rw-r--r--roles/lib_openshift/src/class/oc_user.py227
-rw-r--r--roles/lib_openshift/src/class/oc_volume.py195
-rw-r--r--roles/lib_openshift/src/doc/configmap72
-rw-r--r--roles/lib_openshift/src/doc/group56
-rw-r--r--roles/lib_openshift/src/doc/image75
-rw-r--r--roles/lib_openshift/src/doc/manage_node6
-rw-r--r--roles/lib_openshift/src/doc/pvc76
-rw-r--r--roles/lib_openshift/src/doc/user128
-rw-r--r--roles/lib_openshift/src/doc/volume105
-rw-r--r--roles/lib_openshift/src/lib/base.py6
-rw-r--r--roles/lib_openshift/src/lib/group.py36
-rw-r--r--roles/lib_openshift/src/lib/pvc.py167
-rw-r--r--roles/lib_openshift/src/lib/user.py37
-rw-r--r--roles/lib_openshift/src/lib/volume.py7
-rw-r--r--roles/lib_openshift/src/sources.yml72
-rwxr-xr-xroles/lib_openshift/src/test/integration/group.yml229
-rwxr-xr-xroles/lib_openshift/src/test/integration/oc_adm_manage_node.yml (renamed from roles/lib_openshift/src/test/integration/oadm_manage_node.yml)8
-rwxr-xr-xroles/lib_openshift/src/test/integration/oc_configmap.yml95
-rwxr-xr-xroles/lib_openshift/src/test/integration/oc_user.yml240
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_adm_manage_node.py (renamed from roles/lib_openshift/src/test/unit/test_oadm_manage_node.py)14
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_configmap.py239
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_group.py253
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_image.py280
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_project.py200
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_pvc.py366
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_route.py2
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_user.py127
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_volume.py633
-rw-r--r--roles/nuage_master/tasks/main.yaml9
-rw-r--r--roles/nuage_master/tasks/serviceaccount.yml14
-rwxr-xr-xroles/openshift_examples/examples-sync.sh2
-rw-r--r--roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json15
-rw-r--r--roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-example.json333
-rw-r--r--roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json544
-rw-r--r--roles/openshift_excluder/README.md2
-rw-r--r--roles/openshift_excluder/tasks/adjust.yml23
-rw-r--r--roles/openshift_excluder/tasks/disable.yml28
-rw-r--r--roles/openshift_excluder/tasks/enable.yml9
-rw-r--r--roles/openshift_excluder/tasks/exclude.yml22
-rw-r--r--roles/openshift_excluder/tasks/install.yml4
-rw-r--r--roles/openshift_excluder/tasks/main.yml2
-rw-r--r--roles/openshift_excluder/tasks/status.yml84
-rw-r--r--roles/openshift_excluder/tasks/unexclude.yml19
-rw-r--r--roles/openshift_health_checker/action_plugins/openshift_health_check.py1
-rw-r--r--roles/openshift_health_checker/callback_plugins/zz_failure_summary.py34
-rwxr-xr-xroles/openshift_health_checker/library/aos_version.py1
-rwxr-xr-xroles/openshift_health_checker/library/check_yum_update.py1
-rw-r--r--roles/openshift_health_checker/library/docker_container.py2036
-rw-r--r--roles/openshift_health_checker/library/docker_info.py24
-rw-r--r--roles/openshift_health_checker/openshift_checks/__init__.py10
-rw-r--r--roles/openshift_health_checker/openshift_checks/docker_image_availability.py168
-rw-r--r--roles/openshift_health_checker/test/conftest.py5
-rw-r--r--roles/openshift_health_checker/test/openshift_check_test.py40
-rw-r--r--roles/openshift_hosted/defaults/main.yml6
-rw-r--r--roles/openshift_hosted/filter_plugins/filters.py13
-rw-r--r--roles/openshift_hosted/meta/main.yml18
-rw-r--r--roles/openshift_hosted/tasks/main.yml7
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml16
-rw-r--r--roles/openshift_hosted/tasks/router/router.yml24
-rw-r--r--roles/openshift_hosted/templates/registry_config.j22
-rw-r--r--roles/openshift_hosted/vars/main.yml10
-rw-r--r--roles/openshift_logging/README.md4
-rw-r--r--roles/openshift_logging/defaults/main.yml28
-rw-r--r--roles/openshift_logging/files/generate-jks.sh2
-rw-r--r--roles/openshift_logging/filter_plugins/openshift_logging.py13
-rw-r--r--roles/openshift_logging/meta/main.yaml1
-rw-r--r--roles/openshift_logging/tasks/generate_configmaps.yaml11
-rw-r--r--roles/openshift_logging/tasks/generate_jks.yaml10
-rw-r--r--roles/openshift_logging/tasks/generate_pvcs.yaml6
-rw-r--r--roles/openshift_logging/tasks/generate_routes.yaml57
-rw-r--r--roles/openshift_logging/tasks/generate_secrets.yaml6
-rw-r--r--roles/openshift_logging/tasks/install_elasticsearch.yaml26
-rw-r--r--roles/openshift_logging/tasks/main.yaml24
-rw-r--r--roles/openshift_logging/templates/elasticsearch.yml.j210
-rw-r--r--roles/openshift_logging/templates/es-storage-emptydir.partial1
-rw-r--r--roles/openshift_logging/templates/es-storage-hostpath.partial2
-rw-r--r--roles/openshift_logging/templates/es-storage-pvc.partial2
-rw-r--r--roles/openshift_logging/templates/es.j27
-rw-r--r--roles/openshift_logging/templates/pvc.j22
-rw-r--r--roles/openshift_logging/vars/default_images.yml3
-rw-r--r--roles/openshift_logging/vars/main.yaml2
-rw-r--r--roles/openshift_logging/vars/openshift-enterprise.yml3
-rw-r--r--roles/openshift_manage_node/tasks/main.yml2
-rw-r--r--roles/openshift_master/tasks/main.yml2
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j218
-rw-r--r--roles/openshift_metrics/defaults/main.yaml4
-rwxr-xr-xroles/openshift_metrics/files/import_jks_certs.sh55
-rw-r--r--roles/openshift_metrics/handlers/main.yml26
-rw-r--r--roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml51
-rw-r--r--roles/openshift_metrics/tasks/import_jks_certs.yaml19
-rw-r--r--roles/openshift_metrics/tasks/install_cassandra.yaml9
-rw-r--r--roles/openshift_metrics/tasks/install_metrics.yaml2
-rw-r--r--roles/openshift_metrics/tasks/main.yaml12
-rw-r--r--roles/openshift_metrics/tasks/update_master_config.yaml9
-rw-r--r--roles/openshift_metrics/templates/hawkular_cassandra_rc.j225
-rw-r--r--roles/openshift_metrics/templates/pvc.j24
-rw-r--r--roles/openshift_metrics/templates/secret.j26
-rw-r--r--roles/openshift_metrics/vars/default_images.yml3
-rw-r--r--roles/openshift_metrics/vars/main.yaml1
-rw-r--r--roles/openshift_metrics/vars/openshift-enterprise.yml3
-rw-r--r--roles/openshift_node/tasks/main.yml2
-rw-r--r--roles/openshift_node/templates/node.yaml.v1.j29
-rw-r--r--roles/openshift_node/templates/openshift.docker.node.service4
-rw-r--r--roles/openshift_node_upgrade/tasks/main.yml21
-rw-r--r--roles/openshift_node_upgrade/templates/openshift.docker.node.service2
-rw-r--r--roles/openshift_projects/meta/main.yml15
-rw-r--r--roles/openshift_projects/tasks/main.yml47
-rw-r--r--roles/openshift_projects/vars/main.yml2
-rw-r--r--roles/openshift_serviceaccounts/meta/main.yml16
-rw-r--r--roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml38
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml28
-rw-r--r--roles/openshift_serviceaccounts/templates/serviceaccount.j24
152 files changed, 15425 insertions, 2670 deletions
diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
index 4ecfd2bff..af1d13fe1 100644
--- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
@@ -1058,9 +1058,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oadm_manage_node.py b/roles/lib_openshift/library/oc_adm_manage_node.py
index 8bb0538c0..0050ccf62 100644
--- a/roles/lib_openshift/library/oadm_manage_node.py
+++ b/roles/lib_openshift/library/oc_adm_manage_node.py
@@ -54,7 +54,7 @@ from ansible.module_utils.basic import AnsibleModule
DOCUMENTATION = '''
---
-module: oadm_manage_node
+module: oc_adm_manage_node
short_description: Module to manage openshift nodes
description:
- Manage openshift nodes programmatically.
@@ -126,13 +126,13 @@ extends_documentation_fragment: []
EXAMPLES = '''
- name: oadm manage-node --schedulable=true --selector=ops_node=new
- oadm_manage_node:
+ oc_adm_manage_node:
selector: ops_node=new
schedulable: True
register: schedout
- name: oadm manage-node my-k8s-node-5 --evacuate
- oadm_manage_node:
+ oc_adm_manage_node:
node: my-k8s-node-5
evacuate: True
force: True
@@ -1050,9 +1050,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
@@ -1369,7 +1369,7 @@ class OpenShiftCLIConfig(object):
# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: class/oadm_manage_node.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: class/oc_adm_manage_node.py -*- -*- -*-
class ManageNodeException(Exception):
@@ -1578,9 +1578,9 @@ class ManageNode(OpenShiftCLI):
return {'changed': changed, 'results': results, 'state': "present"}
-# -*- -*- -*- End included fragment: class/oadm_manage_node.py -*- -*- -*-
+# -*- -*- -*- End included fragment: class/oc_adm_manage_node.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: ansible/oadm_manage_node.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: ansible/oc_adm_manage_node.py -*- -*- -*-
def main():
@@ -1618,4 +1618,4 @@ def main():
if __name__ == "__main__":
main()
-# -*- -*- -*- End included fragment: ansible/oadm_manage_node.py -*- -*- -*-
+# -*- -*- -*- End included fragment: ansible/oc_adm_manage_node.py -*- -*- -*-
diff --git a/roles/lib_openshift/library/oc_adm_policy_group.py b/roles/lib_openshift/library/oc_adm_policy_group.py
index 49ff22584..3d1dc1c96 100644
--- a/roles/lib_openshift/library/oc_adm_policy_group.py
+++ b/roles/lib_openshift/library/oc_adm_policy_group.py
@@ -1036,9 +1036,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_adm_policy_user.py b/roles/lib_openshift/library/oc_adm_policy_user.py
index bed05044c..83f2165a3 100644
--- a/roles/lib_openshift/library/oc_adm_policy_user.py
+++ b/roles/lib_openshift/library/oc_adm_policy_user.py
@@ -1036,9 +1036,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py
index c398c5551..3a892971b 100644
--- a/roles/lib_openshift/library/oc_adm_registry.py
+++ b/roles/lib_openshift/library/oc_adm_registry.py
@@ -1154,9 +1154,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
@@ -2061,7 +2061,7 @@ class Service(Yedit):
# -*- -*- -*- Begin included fragment: lib/volume.py -*- -*- -*-
class Volume(object):
- ''' Class to model an openshift volume object'''
+ ''' Class to represent an openshift volume object'''
volume_mounts_path = {"pod": "spec.containers[0].volumeMounts",
"dc": "spec.template.spec.containers[0].volumeMounts",
"rc": "spec.template.spec.containers[0].volumeMounts",
@@ -2093,6 +2093,11 @@ class Volume(object):
elif volume_type == 'hostpath':
volume['hostPath'] = {}
volume['hostPath']['path'] = volume_info['path']
+ elif volume_type == 'configmap':
+ volume['configMap'] = {}
+ volume['configMap']['name'] = volume_info['configmap_name']
+ volume_mount = {'mountPath': volume_info['path'],
+ 'name': volume_info['name']}
return (volume, volume_mount)
@@ -2235,8 +2240,8 @@ class Registry(OpenShiftCLI):
''' prepared_registry property '''
if not self.__prepared_registry:
results = self.prepare_registry()
- if not results:
- raise RegistryException('Could not perform registry preparation.')
+ if not results or ('returncode' in results and results['returncode'] != 0):
+ raise RegistryException('Could not perform registry preparation. {}'.format(results))
self.__prepared_registry = results
return self.__prepared_registry
@@ -2301,8 +2306,8 @@ class Registry(OpenShiftCLI):
# probably need to parse this
# pylint thinks results is a string
# pylint: disable=no-member
- if results['returncode'] != 0 and 'items' in results['results']:
- return results
+ if results['returncode'] != 0 and 'items' not in results['results']:
+ raise RegistryException('Could not perform registry preparation. {}'.format(results))
service = None
deploymentconfig = None
diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py
index ab06a5141..e666e0d09 100644
--- a/roles/lib_openshift/library/oc_adm_router.py
+++ b/roles/lib_openshift/library/oc_adm_router.py
@@ -1179,9 +1179,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_configmap.py b/roles/lib_openshift/library/oc_configmap.py
new file mode 100644
index 000000000..90d38c7a9
--- /dev/null
+++ b/roles/lib_openshift/library/oc_configmap.py
@@ -0,0 +1,1577 @@
+#!/usr/bin/env python
+# pylint: disable=missing-docstring
+# flake8: noqa: T001
+# ___ ___ _ _ ___ ___ _ _____ ___ ___
+# / __| __| \| | __| _ \ /_\_ _| __| \
+# | (_ | _|| .` | _|| / / _ \| | | _|| |) |
+# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____
+# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _|
+# | |) | (_) | | .` | (_) || | | _|| |) | | | |
+# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_|
+#
+# Copyright 2016 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*-
+'''
+ OpenShiftCLI class that wraps the oc commands in a subprocess
+'''
+# pylint: disable=too-many-lines
+
+from __future__ import print_function
+import atexit
+import copy
+import json
+import os
+import re
+import shutil
+import subprocess
+import tempfile
+# pylint: disable=import-error
+try:
+ import ruamel.yaml as yaml
+except ImportError:
+ import yaml
+
+from ansible.module_utils.basic import AnsibleModule
+
+# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: doc/configmap -*- -*- -*-
+
+DOCUMENTATION = '''
+---
+module: oc_configmap
+short_description: Modify, and idempotently manage openshift configmaps
+description:
+ - Modify openshift configmaps programmatically.
+options:
+ state:
+ description:
+ - Supported states, present, absent, list
+ - present - will ensure object is created or updated to the value specified
+ - list - will return a configmap
+ - absent - will remove the configmap
+ required: False
+ default: present
+ choices: ["present", 'absent', 'list']
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ name:
+ description:
+ - Name of the object that is being queried.
+ required: True
+ default: None
+ aliases: []
+ namespace:
+ description:
+ - The namespace where the object lives.
+ required: false
+ default: default
+ aliases: []
+ from_file:
+ description:
+ - A dict of key, value pairs representing the configmap key and the value represents the file path.
+ required: false
+ default: None
+ aliases: []
+ from_literal:
+ description:
+ - A dict of key, value pairs representing the configmap key and the value represents the string content
+ required: false
+ default: None
+ aliases: []
+author:
+- "kenny woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: create group
+ oc_configmap:
+ state: present
+ name: testmap
+ from_file:
+ secret: /path/to/secret
+ from_literal:
+ title: systemadmin
+ register: configout
+'''
+
+# -*- -*- -*- End included fragment: doc/configmap -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+# pylint: disable=undefined-variable,missing-docstring
+# noqa: E301,E302
+
+
+class YeditException(Exception):
+ ''' Exception class for Yedit '''
+ pass
+
+
+# pylint: disable=too-many-public-methods
+class Yedit(object):
+ ''' Class to modify yaml files '''
+ re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$"
+ re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)"
+ com_sep = set(['.', '#', '|', ':'])
+
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ filename=None,
+ content=None,
+ content_type='yaml',
+ separator='.',
+ backup=False):
+ self.content = content
+ self._separator = separator
+ self.filename = filename
+ self.__yaml_dict = content
+ self.content_type = content_type
+ self.backup = backup
+ self.load(content_type=self.content_type)
+ if self.__yaml_dict is None:
+ self.__yaml_dict = {}
+
+ @property
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @separator.setter
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @property
+ def yaml_dict(self):
+ ''' getter method for yaml_dict '''
+ return self.__yaml_dict
+
+ @yaml_dict.setter
+ def yaml_dict(self, value):
+ ''' setter method for yaml_dict '''
+ self.__yaml_dict = value
+
+ @staticmethod
+ def parse_key(key, sep='.'):
+ '''parse the key allowing the appropriate separator'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ return re.findall(Yedit.re_key % ''.join(common_separators), key)
+
+ @staticmethod
+ def valid_key(key, sep='.'):
+ '''validate the incoming key'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ if not re.match(Yedit.re_valid_key % ''.join(common_separators), key):
+ return False
+
+ return True
+
+ @staticmethod
+ def remove_entry(data, key, sep='.'):
+ ''' remove data at location key '''
+ if key == '' and isinstance(data, dict):
+ data.clear()
+ return True
+ elif key == '' and isinstance(data, list):
+ del data[:]
+ return True
+
+ if not (key and Yedit.valid_key(key, sep)) and \
+ isinstance(data, (list, dict)):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ # process last index for remove
+ # expected list entry
+ if key_indexes[-1][0]:
+ if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ del data[int(key_indexes[-1][0])]
+ return True
+
+ # expected dict entry
+ elif key_indexes[-1][1]:
+ if isinstance(data, dict):
+ del data[key_indexes[-1][1]]
+ return True
+
+ @staticmethod
+ def add_entry(data, key, item=None, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a#b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key:
+ if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501
+ data = data[dict_key]
+ continue
+
+ elif data and not isinstance(data, dict):
+ raise YeditException("Unexpected item type found while going through key " +
+ "path: {} (at key: {})".format(key, dict_key))
+
+ data[dict_key] = {}
+ data = data[dict_key]
+
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ raise YeditException("Unexpected item type found while going through key path: {}".format(key))
+
+ if key == '':
+ data = item
+
+ # process last index for add
+ # expected list entry
+ elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ data[int(key_indexes[-1][0])] = item
+
+ # expected dict entry
+ elif key_indexes[-1][1] and isinstance(data, dict):
+ data[key_indexes[-1][1]] = item
+
+ # didn't add/update to an existing list, nor add/update key to a dict
+ # so we must have been provided some syntax like a.b.c[<int>] = "data" for a
+ # non-existent array
+ else:
+ raise YeditException("Error adding to object at path: {}".format(key))
+
+ return data
+
+ @staticmethod
+ def get_entry(data, key, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a.b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ return data
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ tmp_filename = filename + '.yedit'
+
+ with open(tmp_filename, 'w') as yfd:
+ yfd.write(contents)
+
+ os.rename(tmp_filename, filename)
+
+ def write(self):
+ ''' write to file '''
+ if not self.filename:
+ raise YeditException('Please specify a filename.')
+
+ if self.backup and self.file_exists():
+ shutil.copy(self.filename, self.filename + '.orig')
+
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ # Try to use RoundTripDumper if supported.
+ try:
+ Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper))
+ except AttributeError:
+ Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False))
+
+ return (True, self.yaml_dict)
+
+ def read(self):
+ ''' read from file '''
+ # check if it exists
+ if self.filename is None or not self.file_exists():
+ return None
+
+ contents = None
+ with open(self.filename) as yfd:
+ contents = yfd.read()
+
+ return contents
+
+ def file_exists(self):
+ ''' return whether file exists '''
+ if os.path.exists(self.filename):
+ return True
+
+ return False
+
+ def load(self, content_type='yaml'):
+ ''' return yaml file '''
+ contents = self.read()
+
+ if not contents and not self.content:
+ return None
+
+ if self.content:
+ if isinstance(self.content, dict):
+ self.yaml_dict = self.content
+ return self.yaml_dict
+ elif isinstance(self.content, str):
+ contents = self.content
+
+ # check if it is yaml
+ try:
+ if content_type == 'yaml' and contents:
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ # Try to use RoundTripLoader if supported.
+ try:
+ self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader)
+ except AttributeError:
+ self.yaml_dict = yaml.safe_load(contents)
+
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ elif content_type == 'json' and contents:
+ self.yaml_dict = json.loads(contents)
+ except yaml.YAMLError as err:
+ # Error loading yaml or json
+ raise YeditException('Problem with loading yaml file. %s' % err)
+
+ return self.yaml_dict
+
+ def get(self, key):
+ ''' get a specified key'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, key, self.separator)
+ except KeyError:
+ entry = None
+
+ return entry
+
+ def pop(self, path, key_or_item):
+ ''' remove a key, value pair from a dict or an item for a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ if isinstance(entry, dict):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ if key_or_item in entry:
+ entry.pop(key_or_item)
+ return (True, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ ind = None
+ try:
+ ind = entry.index(key_or_item)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ entry.pop(ind)
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ def delete(self, path):
+ ''' remove path from a dict'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ result = Yedit.remove_entry(self.yaml_dict, path, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ return (True, self.yaml_dict)
+
+ def exists(self, path, value):
+ ''' check if value exists at path'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, list):
+ if value in entry:
+ return True
+ return False
+
+ elif isinstance(entry, dict):
+ if isinstance(value, dict):
+ rval = False
+ for key, val in value.items():
+ if entry[key] != val:
+ rval = False
+ break
+ else:
+ rval = True
+ return rval
+
+ return value in entry
+
+ return entry == value
+
+ def append(self, path, value):
+ '''append value to a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ self.put(path, [])
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ if not isinstance(entry, list):
+ return (False, self.yaml_dict)
+
+ # AUDIT:maybe-no-member makes sense due to loading data from
+ # a serialized format.
+ # pylint: disable=maybe-no-member
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # pylint: disable=too-many-arguments
+ def update(self, path, value, index=None, curr_value=None):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, dict):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ if not isinstance(value, dict):
+ raise YeditException('Cannot replace key, value entry in ' +
+ 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501
+
+ entry.update(value)
+ return (True, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ ind = None
+ if curr_value:
+ try:
+ ind = entry.index(curr_value)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ elif index is not None:
+ ind = index
+
+ if ind is not None and entry[ind] != value:
+ entry[ind] = value
+ return (True, self.yaml_dict)
+
+ # see if it exists in the list
+ try:
+ ind = entry.index(value)
+ except ValueError:
+ # doesn't exist, append it
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # already exists, return
+ if ind is not None:
+ return (False, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ def put(self, path, value):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry == value:
+ return (False, self.yaml_dict)
+
+ # deepcopy didn't work
+ # Try to use ruamel.yaml and fallback to pyyaml
+ try:
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ except AttributeError:
+ tmp_copy = copy.deepcopy(self.yaml_dict)
+
+ # set the format attributes if available
+ try:
+ tmp_copy.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ self.yaml_dict = tmp_copy
+
+ return (True, self.yaml_dict)
+
+ def create(self, path, value):
+ ''' create a yaml file '''
+ if not self.file_exists():
+ # deepcopy didn't work
+ # Try to use ruamel.yaml and fallback to pyyaml
+ try:
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ except AttributeError:
+ tmp_copy = copy.deepcopy(self.yaml_dict)
+
+ # set the format attributes if available
+ try:
+ tmp_copy.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if result:
+ self.yaml_dict = tmp_copy
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ @staticmethod
+ def get_curr_value(invalue, val_type):
+ '''return the current value'''
+ if invalue is None:
+ return None
+
+ curr_value = invalue
+ if val_type == 'yaml':
+ curr_value = yaml.load(invalue)
+ elif val_type == 'json':
+ curr_value = json.loads(invalue)
+
+ return curr_value
+
+ @staticmethod
+ def parse_value(inc_value, vtype=''):
+ '''determine value type passed'''
+ true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
+ 'on', 'On', 'ON', ]
+ false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
+ 'off', 'Off', 'OFF']
+
+ # It came in as a string but you didn't specify value_type as string
+ # we will convert to bool if it matches any of the above cases
+ if isinstance(inc_value, str) and 'bool' in vtype:
+ if inc_value not in true_bools and inc_value not in false_bools:
+ raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
+ % (inc_value, vtype))
+ elif isinstance(inc_value, bool) and 'str' in vtype:
+ inc_value = str(inc_value)
+
+ # If vtype is not str then go ahead and attempt to yaml load it.
+ if isinstance(inc_value, str) and 'str' not in vtype:
+ try:
+ inc_value = yaml.load(inc_value)
+ except Exception:
+ raise YeditException('Could not determine type of incoming ' +
+ 'value. value=[%s] vtype=[%s]'
+ % (type(inc_value), vtype))
+
+ return inc_value
+
+ # pylint: disable=too-many-return-statements,too-many-branches
+ @staticmethod
+ def run_ansible(module):
+ '''perform the idempotent crud operations'''
+ yamlfile = Yedit(filename=module.params['src'],
+ backup=module.params['backup'],
+ separator=module.params['separator'])
+
+ if module.params['src']:
+ rval = yamlfile.load()
+
+ if yamlfile.yaml_dict is None and \
+ module.params['state'] != 'present':
+ return {'failed': True,
+ 'msg': 'Error opening file [%s]. Verify that the ' +
+ 'file exists, that it is has correct' +
+ ' permissions, and is valid yaml.'}
+
+ if module.params['state'] == 'list':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['key']:
+ rval = yamlfile.get(module.params['key']) or {}
+
+ return {'changed': False, 'result': rval, 'state': "list"}
+
+ elif module.params['state'] == 'absent':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['update']:
+ rval = yamlfile.pop(module.params['key'],
+ module.params['value'])
+ else:
+ rval = yamlfile.delete(module.params['key'])
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0], 'result': rval[1], 'state': "absent"}
+
+ elif module.params['state'] == 'present':
+ # check if content is different than what is in the file
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+
+ # We had no edits to make and the contents are the same
+ if yamlfile.yaml_dict == content and \
+ module.params['value'] is None:
+ return {'changed': False,
+ 'result': yamlfile.yaml_dict,
+ 'state': "present"}
+
+ yamlfile.yaml_dict = content
+
+ # we were passed a value; parse it
+ if module.params['value']:
+ value = Yedit.parse_value(module.params['value'],
+ module.params['value_type'])
+ key = module.params['key']
+ if module.params['update']:
+ # pylint: disable=line-too-long
+ curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501
+ module.params['curr_value_format']) # noqa: E501
+
+ rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501
+
+ elif module.params['append']:
+ rval = yamlfile.append(key, value)
+ else:
+ rval = yamlfile.put(key, value)
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0],
+ 'result': rval[1], 'state': "present"}
+
+ # no edits to make
+ if module.params['src']:
+ # pylint: disable=redefined-variable-type
+ rval = yamlfile.write()
+ return {'changed': rval[0],
+ 'result': rval[1],
+ 'state': "present"}
+
+ return {'failed': True, 'msg': 'Unkown state passed'}
+
+# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*-
+# pylint: disable=too-many-lines
+# noqa: E301,E302,E303,T001
+
+
+class OpenShiftCLIError(Exception):
+ '''Exception class for openshiftcli'''
+ pass
+
+
+ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')]
+
+
+def locate_oc_binary():
+ ''' Find and return oc binary file '''
+ # https://github.com/openshift/openshift-ansible/issues/3410
+ # oc can be in /usr/local/bin in some cases, but that may not
+ # be in $PATH due to ansible/sudo
+ paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS
+
+ oc_binary = 'oc'
+
+ # Use shutil.which if it is available, otherwise fallback to a naive path search
+ try:
+ which_result = shutil.which(oc_binary, path=os.pathsep.join(paths))
+ if which_result is not None:
+ oc_binary = which_result
+ except AttributeError:
+ for path in paths:
+ if os.path.exists(os.path.join(path, oc_binary)):
+ oc_binary = os.path.join(path, oc_binary)
+ break
+
+ return oc_binary
+
+
+# pylint: disable=too-few-public-methods
+class OpenShiftCLI(object):
+ ''' Class to wrap the command line tools '''
+ def __init__(self,
+ namespace,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False,
+ all_namespaces=False):
+ ''' Constructor for OpenshiftCLI '''
+ self.namespace = namespace
+ self.verbose = verbose
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
+ self.all_namespaces = all_namespaces
+ self.oc_binary = locate_oc_binary()
+
+ # Pylint allows only 5 arguments to be passed.
+ # pylint: disable=too-many-arguments
+ def _replace_content(self, resource, rname, content, force=False, sep='.'):
+ ''' replace the current object with the content '''
+ res = self._get(resource, rname)
+ if not res['results']:
+ return res
+
+ fname = Utils.create_tmpfile(rname + '-')
+
+ yed = Yedit(fname, res['results'][0], separator=sep)
+ changes = []
+ for key, value in content.items():
+ changes.append(yed.put(key, value))
+
+ if any([change[0] for change in changes]):
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._replace(fname, force)
+
+ return {'returncode': 0, 'updated': False}
+
+ def _replace(self, fname, force=False):
+ '''replace the current object with oc replace'''
+ cmd = ['replace', '-f', fname]
+ if force:
+ cmd.append('--force')
+ return self.openshift_cmd(cmd)
+
+ def _create_from_content(self, rname, content):
+ '''create a temporary file and then call oc create on it'''
+ fname = Utils.create_tmpfile(rname + '-')
+ yed = Yedit(fname, content=content)
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._create(fname)
+
+ def _create(self, fname):
+ '''call oc create on a filename'''
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _delete(self, resource, rname, selector=None):
+ '''call oc delete on a resource'''
+ cmd = ['delete', resource, rname]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+
+ return self.openshift_cmd(cmd)
+
+ def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501
+ '''process a template
+
+ template_name: the name of the template to process
+ create: whether to send to oc create after processing
+ params: the parameters for the template
+ template_data: the incoming template's data; instead of a file
+ '''
+ cmd = ['process']
+ if template_data:
+ cmd.extend(['-f', '-'])
+ else:
+ cmd.append(template_name)
+ if params:
+ param_str = ["%s=%s" % (key, value) for key, value in params.items()]
+ cmd.append('-v')
+ cmd.extend(param_str)
+
+ results = self.openshift_cmd(cmd, output=True, input_data=template_data)
+
+ if results['returncode'] != 0 or not create:
+ return results
+
+ fname = Utils.create_tmpfile(template_name + '-')
+ yed = Yedit(fname, results['results'])
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _get(self, resource, rname=None, selector=None):
+ '''return a resource by name '''
+ cmd = ['get', resource]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+ elif rname:
+ cmd.append(rname)
+
+ cmd.extend(['-o', 'json'])
+
+ rval = self.openshift_cmd(cmd, output=True)
+
+ # Ensure results are retuned in an array
+ if 'items' in rval:
+ rval['results'] = rval['items']
+ elif not isinstance(rval['results'], list):
+ rval['results'] = [rval['results']]
+
+ return rval
+
+ def _schedulable(self, node=None, selector=None, schedulable=True):
+ ''' perform oadm manage-node scheduable '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ cmd.append('--schedulable=%s' % schedulable)
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501
+
+ def _list_pods(self, node=None, selector=None, pod_selector=None):
+ ''' perform oadm list pods
+
+ node: the node in which to list pods
+ selector: the label selector filter if provided
+ pod_selector: the pod selector filter if provided
+ '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ cmd.extend(['--list-pods', '-o', 'json'])
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ # pylint: disable=too-many-arguments
+ def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False):
+ ''' perform oadm manage-node evacuate '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if dry_run:
+ cmd.append('--dry-run')
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ if grace_period:
+ cmd.append('--grace-period=%s' % int(grace_period))
+
+ if force:
+ cmd.append('--force')
+
+ cmd.append('--evacuate')
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ def _version(self):
+ ''' return the openshift version'''
+ return self.openshift_cmd(['version'], output=True, output_type='raw')
+
+ def _import_image(self, url=None, name=None, tag=None):
+ ''' perform image import '''
+ cmd = ['import-image']
+
+ image = '{0}'.format(name)
+ if tag:
+ image += ':{0}'.format(tag)
+
+ cmd.append(image)
+
+ if url:
+ cmd.append('--from={0}/{1}'.format(url, image))
+
+ cmd.append('-n{0}'.format(self.namespace))
+
+ cmd.append('--confirm')
+ return self.openshift_cmd(cmd)
+
+ def _run(self, cmds, input_data):
+ ''' Actually executes the command. This makes mocking easier. '''
+ curr_env = os.environ.copy()
+ curr_env.update({'KUBECONFIG': self.kubeconfig})
+ proc = subprocess.Popen(cmds,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ env=curr_env)
+
+ stdout, stderr = proc.communicate(input_data)
+
+ return proc.returncode, stdout.decode(), stderr.decode()
+
+ # pylint: disable=too-many-arguments,too-many-branches
+ def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None):
+ '''Base command for oc '''
+ cmds = [self.oc_binary]
+
+ if oadm:
+ cmds.append('adm')
+
+ cmds.extend(cmd)
+
+ if self.all_namespaces:
+ cmds.extend(['--all-namespaces'])
+ elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501
+ cmds.extend(['-n', self.namespace])
+
+ rval = {}
+ results = ''
+ err = None
+
+ if self.verbose:
+ print(' '.join(cmds))
+
+ try:
+ returncode, stdout, stderr = self._run(cmds, input_data)
+ except OSError as ex:
+ returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex)
+
+ rval = {"returncode": returncode,
+ "results": results,
+ "cmd": ' '.join(cmds)}
+
+ if returncode == 0:
+ if output:
+ if output_type == 'json':
+ try:
+ rval['results'] = json.loads(stdout)
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
+ elif output_type == 'raw':
+ rval['results'] = stdout
+
+ if self.verbose:
+ print("STDOUT: {0}".format(stdout))
+ print("STDERR: {0}".format(stderr))
+
+ if err:
+ rval.update({"err": err,
+ "stderr": stderr,
+ "stdout": stdout,
+ "cmd": cmds})
+
+ else:
+ rval.update({"stderr": stderr,
+ "stdout": stdout,
+ "results": {}})
+
+ return rval
+
+
+class Utils(object):
+ ''' utilities for openshiftcli modules '''
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ with open(filename, 'w') as sfd:
+ sfd.write(contents)
+
+ @staticmethod
+ def create_tmp_file_from_contents(rname, data, ftype='yaml'):
+ ''' create a file in tmp with name and contents'''
+
+ tmp = Utils.create_tmpfile(prefix=rname)
+
+ if ftype == 'yaml':
+ # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage
+ # pylint: disable=no-member
+ if hasattr(yaml, 'RoundTripDumper'):
+ Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper))
+ else:
+ Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False))
+
+ elif ftype == 'json':
+ Utils._write(tmp, json.dumps(data))
+ else:
+ Utils._write(tmp, data)
+
+ # Register cleanup when module is done
+ atexit.register(Utils.cleanup, [tmp])
+ return tmp
+
+ @staticmethod
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
+ ''' Generates and returns a temporary file name '''
+
+ with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
+ return tmp.name
+
+ @staticmethod
+ def create_tmp_files_from_contents(content, content_type=None):
+ '''Turn an array of dict: filename, content into a files array'''
+ if not isinstance(content, list):
+ content = [content]
+ files = []
+ for item in content:
+ path = Utils.create_tmp_file_from_contents(item['path'] + '-',
+ item['data'],
+ ftype=content_type)
+ files.append({'name': os.path.basename(item['path']),
+ 'path': path})
+ return files
+
+ @staticmethod
+ def cleanup(files):
+ '''Clean up on exit '''
+ for sfile in files:
+ if os.path.exists(sfile):
+ if os.path.isdir(sfile):
+ shutil.rmtree(sfile)
+ elif os.path.isfile(sfile):
+ os.remove(sfile)
+
+ @staticmethod
+ def exists(results, _name):
+ ''' Check to see if the results include the name '''
+ if not results:
+ return False
+
+ if Utils.find_result(results, _name):
+ return True
+
+ return False
+
+ @staticmethod
+ def find_result(results, _name):
+ ''' Find the specified result by name'''
+ rval = None
+ for result in results:
+ if 'metadata' in result and result['metadata']['name'] == _name:
+ rval = result
+ break
+
+ return rval
+
+ @staticmethod
+ def get_resource_file(sfile, sfile_type='yaml'):
+ ''' return the service file '''
+ contents = None
+ with open(sfile) as sfd:
+ contents = sfd.read()
+
+ if sfile_type == 'yaml':
+ # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage
+ # pylint: disable=no-member
+ if hasattr(yaml, 'RoundTripLoader'):
+ contents = yaml.load(contents, yaml.RoundTripLoader)
+ else:
+ contents = yaml.safe_load(contents)
+ elif sfile_type == 'json':
+ contents = json.loads(contents)
+
+ return contents
+
+ @staticmethod
+ def filter_versions(stdout):
+ ''' filter the oc version output '''
+
+ version_dict = {}
+ version_search = ['oc', 'openshift', 'kubernetes']
+
+ for line in stdout.strip().split('\n'):
+ for term in version_search:
+ if not line:
+ continue
+ if line.startswith(term):
+ version_dict[term] = line.split()[-1]
+
+ # horrible hack to get openshift version in Openshift 3.2
+ # By default "oc version in 3.2 does not return an "openshift" version
+ if "openshift" not in version_dict:
+ version_dict["openshift"] = version_dict["oc"]
+
+ return version_dict
+
+ @staticmethod
+ def add_custom_versions(versions):
+ ''' create custom versions strings '''
+
+ versions_dict = {}
+
+ for tech, version in versions.items():
+ # clean up "-" from version
+ if "-" in version:
+ version = version.split("-")[0]
+
+ if version.startswith('v'):
+ versions_dict[tech + '_numeric'] = version[1:].split('+')[0]
+ # "v3.3.0.33" is what we have, we want "3.3"
+ versions_dict[tech + '_short'] = version[1:4]
+
+ return versions_dict
+
+ @staticmethod
+ def openshift_installed():
+ ''' check if openshift is installed '''
+ import yum
+
+ yum_base = yum.YumBase()
+ if yum_base.rpmdb.searchNevra(name='atomic-openshift'):
+ return True
+
+ return False
+
+ # Disabling too-many-branches. This is a yaml dictionary comparison function
+ # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements
+ @staticmethod
+ def check_def_equal(user_def, result_def, skip_keys=None, debug=False):
+ ''' Given a user defined definition, compare it with the results given back by our query. '''
+
+ # Currently these values are autogenerated and we do not need to check them
+ skip = ['metadata', 'status']
+ if skip_keys:
+ skip.extend(skip_keys)
+
+ for key, value in result_def.items():
+ if key in skip:
+ continue
+
+ # Both are lists
+ if isinstance(value, list):
+ if key not in user_def:
+ if debug:
+ print('User data does not have key [%s]' % key)
+ print('User data: %s' % user_def)
+ return False
+
+ if not isinstance(user_def[key], list):
+ if debug:
+ print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key]))
+ return False
+
+ if len(user_def[key]) != len(value):
+ if debug:
+ print("List lengths are not equal.")
+ print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value)))
+ print("user_def: %s" % user_def[key])
+ print("value: %s" % value)
+ return False
+
+ for values in zip(user_def[key], value):
+ if isinstance(values[0], dict) and isinstance(values[1], dict):
+ if debug:
+ print('sending list - list')
+ print(type(values[0]))
+ print(type(values[1]))
+ result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug)
+ if not result:
+ print('list compare returned false')
+ return False
+
+ elif value != user_def[key]:
+ if debug:
+ print('value should be identical')
+ print(user_def[key])
+ print(value)
+ return False
+
+ # recurse on a dictionary
+ elif isinstance(value, dict):
+ if key not in user_def:
+ if debug:
+ print("user_def does not have key [%s]" % key)
+ return False
+ if not isinstance(user_def[key], dict):
+ if debug:
+ print("dict returned false: not instance of dict")
+ return False
+
+ # before passing ensure keys match
+ api_values = set(value.keys()) - set(skip)
+ user_values = set(user_def[key].keys()) - set(skip)
+ if api_values != user_values:
+ if debug:
+ print("keys are not equal in dict")
+ print(user_values)
+ print(api_values)
+ return False
+
+ result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
+ if not result:
+ if debug:
+ print("dict returned false")
+ print(result)
+ return False
+
+ # Verify each key, value pair is the same
+ else:
+ if key not in user_def or value != user_def[key]:
+ if debug:
+ print("value not equal; user_def does not have key")
+ print(key)
+ print(value)
+ if key in user_def:
+ print(user_def[key])
+ return False
+
+ if debug:
+ print('returning true')
+ return True
+
+
+class OpenShiftCLIConfig(object):
+ '''Generic Config'''
+ def __init__(self, rname, namespace, kubeconfig, options):
+ self.kubeconfig = kubeconfig
+ self.name = rname
+ self.namespace = namespace
+ self._options = options
+
+ @property
+ def config_options(self):
+ ''' return config options '''
+ return self._options
+
+ def to_option_list(self):
+ '''return all options as a string'''
+ return self.stringify()
+
+ def stringify(self):
+ ''' return the options hash as cli params in a string '''
+ rval = []
+ for key in sorted(self.config_options.keys()):
+ data = self.config_options[key]
+ if data['include'] \
+ and (data['value'] or isinstance(data['value'], int)):
+ rval.append('--{}={}'.format(key.replace('_', '-'), data['value']))
+
+ return rval
+
+
+# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: class/oc_configmap.py -*- -*- -*-
+
+
+# pylint: disable=too-many-arguments
+class OCConfigMap(OpenShiftCLI):
+ ''' Openshift ConfigMap Class
+
+ ConfigMaps are a way to store data inside of objects
+ '''
+ def __init__(self,
+ name,
+ from_file,
+ from_literal,
+ state,
+ namespace,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False):
+ ''' Constructor for OpenshiftOC '''
+ super(OCConfigMap, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
+ self.name = name
+ self.state = state
+ self._configmap = None
+ self._inc_configmap = None
+ self.from_file = from_file if from_file is not None else {}
+ self.from_literal = from_literal if from_literal is not None else {}
+
+ @property
+ def configmap(self):
+ if self._configmap is None:
+ self._configmap = self.get()
+
+ return self._configmap
+
+ @configmap.setter
+ def configmap(self, inc_map):
+ self._configmap = inc_map
+
+ @property
+ def inc_configmap(self):
+ if self._inc_configmap is None:
+ results = self.create(dryrun=True, output=True)
+ self._inc_configmap = results['results']
+
+ return self._inc_configmap
+
+ @inc_configmap.setter
+ def inc_configmap(self, inc_map):
+ self._inc_configmap = inc_map
+
+ def from_file_to_params(self):
+ '''return from_files in a string ready for cli'''
+ return ["--from-file={}={}".format(key, value) for key, value in self.from_file.items()]
+
+ def from_literal_to_params(self):
+ '''return from_literal in a string ready for cli'''
+ return ["--from-literal={}={}".format(key, value) for key, value in self.from_literal.items()]
+
+ def get(self):
+ '''return a configmap by name '''
+ results = self._get('configmap', self.name)
+ if results['returncode'] == 0 and results['results'][0]:
+ self.configmap = results['results'][0]
+
+ if results['returncode'] != 0 and '"{}" not found'.format(self.name) in results['stderr']:
+ results['returncode'] = 0
+
+ return results
+
+ def delete(self):
+ '''delete a configmap by name'''
+ return self._delete('configmap', self.name)
+
+ def create(self, dryrun=False, output=False):
+ '''Create a configmap
+
+ :dryrun: Product what you would have done. default: False
+ :output: Whether to parse output. default: False
+ '''
+
+ cmd = ['create', 'configmap', self.name]
+ if self.from_literal is not None:
+ cmd.extend(self.from_literal_to_params())
+
+ if self.from_file is not None:
+ cmd.extend(self.from_file_to_params())
+
+ if dryrun:
+ cmd.extend(['--dry-run', '-ojson'])
+
+ results = self.openshift_cmd(cmd, output=output)
+
+ return results
+
+ def update(self):
+ '''run update configmap '''
+ return self._replace_content('configmap', self.name, self.inc_configmap)
+
+ def needs_update(self):
+ '''compare the current configmap with the proposed and return if they are equal'''
+ return not Utils.check_def_equal(self.inc_configmap, self.configmap, debug=self.verbose)
+
+ @staticmethod
+ # pylint: disable=too-many-return-statements,too-many-branches
+ # TODO: This function should be refactored into its individual parts.
+ def run_ansible(params, check_mode):
+ '''run the ansible idempotent code'''
+
+ oc_cm = OCConfigMap(params['name'],
+ params['from_file'],
+ params['from_literal'],
+ params['state'],
+ params['namespace'],
+ kubeconfig=params['kubeconfig'],
+ verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = oc_cm.get()
+
+ if 'failed' in api_rval:
+ return {'failed': True, 'msg': api_rval}
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval, 'state': state}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ if not Utils.exists(api_rval['results'], params['name']):
+ return {'changed': False, 'state': 'absent'}
+
+ if check_mode:
+ return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+ api_rval = oc_cm.delete()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ ########
+ # Create
+ ########
+ if state == 'present':
+ if not Utils.exists(api_rval['results'], params['name']):
+
+ if check_mode:
+ return {'changed': True, 'msg': 'Would have performed a create.'}
+
+ api_rval = oc_cm.create()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ api_rval = oc_cm.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ ########
+ # Update
+ ########
+ if oc_cm.needs_update():
+
+ api_rval = oc_cm.update()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ api_rval = oc_cm.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'results': api_rval, 'state': state}
+
+ return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}
+
+# -*- -*- -*- End included fragment: class/oc_configmap.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ansible/oc_configmap.py -*- -*- -*-
+
+
+def main():
+ '''
+ ansible oc module for managing OpenShift configmap objects
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ namespace=dict(default='default', type='str'),
+ name=dict(default=None, required=True, type='str'),
+ from_file=dict(default=None, type='dict'),
+ from_literal=dict(default=None, type='dict'),
+ ),
+ supports_check_mode=True,
+ )
+
+
+ rval = OCConfigMap.run_ansible(module.params, module.check_mode)
+ if 'failed' in rval:
+ module.fail_json(**rval)
+
+ module.exit_json(**rval)
+
+if __name__ == '__main__':
+ main()
+
+# -*- -*- -*- End included fragment: ansible/oc_configmap.py -*- -*- -*-
diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py
index 7a7eaf40a..42f50ebe7 100644
--- a/roles/lib_openshift/library/oc_edit.py
+++ b/roles/lib_openshift/library/oc_edit.py
@@ -1078,9 +1078,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_env.py b/roles/lib_openshift/library/oc_env.py
index a1994b0f1..3088ea947 100644
--- a/roles/lib_openshift/library/oc_env.py
+++ b/roles/lib_openshift/library/oc_env.py
@@ -1045,9 +1045,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_group.py b/roles/lib_openshift/library/oc_group.py
new file mode 100644
index 000000000..44611df82
--- /dev/null
+++ b/roles/lib_openshift/library/oc_group.py
@@ -0,0 +1,1560 @@
+#!/usr/bin/env python
+# pylint: disable=missing-docstring
+# flake8: noqa: T001
+# ___ ___ _ _ ___ ___ _ _____ ___ ___
+# / __| __| \| | __| _ \ /_\_ _| __| \
+# | (_ | _|| .` | _|| / / _ \| | | _|| |) |
+# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____
+# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _|
+# | |) | (_) | | .` | (_) || | | _|| |) | | | |
+# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_|
+#
+# Copyright 2016 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*-
+'''
+ OpenShiftCLI class that wraps the oc commands in a subprocess
+'''
+# pylint: disable=too-many-lines
+
+from __future__ import print_function
+import atexit
+import copy
+import json
+import os
+import re
+import shutil
+import subprocess
+import tempfile
+# pylint: disable=import-error
+try:
+ import ruamel.yaml as yaml
+except ImportError:
+ import yaml
+
+from ansible.module_utils.basic import AnsibleModule
+
+# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: doc/group -*- -*- -*-
+
+DOCUMENTATION = '''
+---
+module: oc_group
+short_description: Modify, and idempotently manage openshift groups.
+description:
+ - Modify openshift groups programmatically.
+options:
+ state:
+ description:
+ - Supported states, present, absent, list
+ - present - will ensure object is created or updated to the value specified
+ - list - will return a group
+ - absent - will remove the group
+ required: False
+ default: present
+ choices: ["present", 'absent', 'list']
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ name:
+ description:
+ - Name of the object that is being queried.
+ required: false
+ default: None
+ aliases: []
+ namespace:
+ description:
+ - The namespace where the object lives.
+ required: false
+ default: str
+ aliases: []
+author:
+- "Joel Diaz <jdiaz@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: create group
+ oc_group:
+ state: present
+ name: acme_org
+ register: group_out
+'''
+
+# -*- -*- -*- End included fragment: doc/group -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+# pylint: disable=undefined-variable,missing-docstring
+# noqa: E301,E302
+
+
+class YeditException(Exception):
+ ''' Exception class for Yedit '''
+ pass
+
+
+# pylint: disable=too-many-public-methods
+class Yedit(object):
+ ''' Class to modify yaml files '''
+ re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$"
+ re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)"
+ com_sep = set(['.', '#', '|', ':'])
+
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ filename=None,
+ content=None,
+ content_type='yaml',
+ separator='.',
+ backup=False):
+ self.content = content
+ self._separator = separator
+ self.filename = filename
+ self.__yaml_dict = content
+ self.content_type = content_type
+ self.backup = backup
+ self.load(content_type=self.content_type)
+ if self.__yaml_dict is None:
+ self.__yaml_dict = {}
+
+ @property
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @separator.setter
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @property
+ def yaml_dict(self):
+ ''' getter method for yaml_dict '''
+ return self.__yaml_dict
+
+ @yaml_dict.setter
+ def yaml_dict(self, value):
+ ''' setter method for yaml_dict '''
+ self.__yaml_dict = value
+
+ @staticmethod
+ def parse_key(key, sep='.'):
+ '''parse the key allowing the appropriate separator'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ return re.findall(Yedit.re_key % ''.join(common_separators), key)
+
+ @staticmethod
+ def valid_key(key, sep='.'):
+ '''validate the incoming key'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ if not re.match(Yedit.re_valid_key % ''.join(common_separators), key):
+ return False
+
+ return True
+
+ @staticmethod
+ def remove_entry(data, key, sep='.'):
+ ''' remove data at location key '''
+ if key == '' and isinstance(data, dict):
+ data.clear()
+ return True
+ elif key == '' and isinstance(data, list):
+ del data[:]
+ return True
+
+ if not (key and Yedit.valid_key(key, sep)) and \
+ isinstance(data, (list, dict)):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ # process last index for remove
+ # expected list entry
+ if key_indexes[-1][0]:
+ if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ del data[int(key_indexes[-1][0])]
+ return True
+
+ # expected dict entry
+ elif key_indexes[-1][1]:
+ if isinstance(data, dict):
+ del data[key_indexes[-1][1]]
+ return True
+
+ @staticmethod
+ def add_entry(data, key, item=None, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a#b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key:
+ if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501
+ data = data[dict_key]
+ continue
+
+ elif data and not isinstance(data, dict):
+ raise YeditException("Unexpected item type found while going through key " +
+ "path: {} (at key: {})".format(key, dict_key))
+
+ data[dict_key] = {}
+ data = data[dict_key]
+
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ raise YeditException("Unexpected item type found while going through key path: {}".format(key))
+
+ if key == '':
+ data = item
+
+ # process last index for add
+ # expected list entry
+ elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ data[int(key_indexes[-1][0])] = item
+
+ # expected dict entry
+ elif key_indexes[-1][1] and isinstance(data, dict):
+ data[key_indexes[-1][1]] = item
+
+ # didn't add/update to an existing list, nor add/update key to a dict
+ # so we must have been provided some syntax like a.b.c[<int>] = "data" for a
+ # non-existent array
+ else:
+ raise YeditException("Error adding to object at path: {}".format(key))
+
+ return data
+
+ @staticmethod
+ def get_entry(data, key, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a.b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ return data
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ tmp_filename = filename + '.yedit'
+
+ with open(tmp_filename, 'w') as yfd:
+ yfd.write(contents)
+
+ os.rename(tmp_filename, filename)
+
+ def write(self):
+ ''' write to file '''
+ if not self.filename:
+ raise YeditException('Please specify a filename.')
+
+ if self.backup and self.file_exists():
+ shutil.copy(self.filename, self.filename + '.orig')
+
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ # Try to use RoundTripDumper if supported.
+ try:
+ Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper))
+ except AttributeError:
+ Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False))
+
+ return (True, self.yaml_dict)
+
+ def read(self):
+ ''' read from file '''
+ # check if it exists
+ if self.filename is None or not self.file_exists():
+ return None
+
+ contents = None
+ with open(self.filename) as yfd:
+ contents = yfd.read()
+
+ return contents
+
+ def file_exists(self):
+ ''' return whether file exists '''
+ if os.path.exists(self.filename):
+ return True
+
+ return False
+
+ def load(self, content_type='yaml'):
+ ''' return yaml file '''
+ contents = self.read()
+
+ if not contents and not self.content:
+ return None
+
+ if self.content:
+ if isinstance(self.content, dict):
+ self.yaml_dict = self.content
+ return self.yaml_dict
+ elif isinstance(self.content, str):
+ contents = self.content
+
+ # check if it is yaml
+ try:
+ if content_type == 'yaml' and contents:
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ # Try to use RoundTripLoader if supported.
+ try:
+ self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader)
+ except AttributeError:
+ self.yaml_dict = yaml.safe_load(contents)
+
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ elif content_type == 'json' and contents:
+ self.yaml_dict = json.loads(contents)
+ except yaml.YAMLError as err:
+ # Error loading yaml or json
+ raise YeditException('Problem with loading yaml file. %s' % err)
+
+ return self.yaml_dict
+
+ def get(self, key):
+ ''' get a specified key'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, key, self.separator)
+ except KeyError:
+ entry = None
+
+ return entry
+
+ def pop(self, path, key_or_item):
+ ''' remove a key, value pair from a dict or an item for a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ if isinstance(entry, dict):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ if key_or_item in entry:
+ entry.pop(key_or_item)
+ return (True, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ ind = None
+ try:
+ ind = entry.index(key_or_item)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ entry.pop(ind)
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ def delete(self, path):
+ ''' remove path from a dict'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ result = Yedit.remove_entry(self.yaml_dict, path, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ return (True, self.yaml_dict)
+
+ def exists(self, path, value):
+ ''' check if value exists at path'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, list):
+ if value in entry:
+ return True
+ return False
+
+ elif isinstance(entry, dict):
+ if isinstance(value, dict):
+ rval = False
+ for key, val in value.items():
+ if entry[key] != val:
+ rval = False
+ break
+ else:
+ rval = True
+ return rval
+
+ return value in entry
+
+ return entry == value
+
+ def append(self, path, value):
+ '''append value to a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ self.put(path, [])
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ if not isinstance(entry, list):
+ return (False, self.yaml_dict)
+
+ # AUDIT:maybe-no-member makes sense due to loading data from
+ # a serialized format.
+ # pylint: disable=maybe-no-member
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # pylint: disable=too-many-arguments
+ def update(self, path, value, index=None, curr_value=None):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, dict):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ if not isinstance(value, dict):
+ raise YeditException('Cannot replace key, value entry in ' +
+ 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501
+
+ entry.update(value)
+ return (True, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ ind = None
+ if curr_value:
+ try:
+ ind = entry.index(curr_value)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ elif index is not None:
+ ind = index
+
+ if ind is not None and entry[ind] != value:
+ entry[ind] = value
+ return (True, self.yaml_dict)
+
+ # see if it exists in the list
+ try:
+ ind = entry.index(value)
+ except ValueError:
+ # doesn't exist, append it
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # already exists, return
+ if ind is not None:
+ return (False, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ def put(self, path, value):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry == value:
+ return (False, self.yaml_dict)
+
+ # deepcopy didn't work
+ # Try to use ruamel.yaml and fallback to pyyaml
+ try:
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ except AttributeError:
+ tmp_copy = copy.deepcopy(self.yaml_dict)
+
+ # set the format attributes if available
+ try:
+ tmp_copy.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ self.yaml_dict = tmp_copy
+
+ return (True, self.yaml_dict)
+
+ def create(self, path, value):
+ ''' create a yaml file '''
+ if not self.file_exists():
+ # deepcopy didn't work
+ # Try to use ruamel.yaml and fallback to pyyaml
+ try:
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ except AttributeError:
+ tmp_copy = copy.deepcopy(self.yaml_dict)
+
+ # set the format attributes if available
+ try:
+ tmp_copy.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if result:
+ self.yaml_dict = tmp_copy
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ @staticmethod
+ def get_curr_value(invalue, val_type):
+ '''return the current value'''
+ if invalue is None:
+ return None
+
+ curr_value = invalue
+ if val_type == 'yaml':
+ curr_value = yaml.load(invalue)
+ elif val_type == 'json':
+ curr_value = json.loads(invalue)
+
+ return curr_value
+
+ @staticmethod
+ def parse_value(inc_value, vtype=''):
+ '''determine value type passed'''
+ true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
+ 'on', 'On', 'ON', ]
+ false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
+ 'off', 'Off', 'OFF']
+
+ # It came in as a string but you didn't specify value_type as string
+ # we will convert to bool if it matches any of the above cases
+ if isinstance(inc_value, str) and 'bool' in vtype:
+ if inc_value not in true_bools and inc_value not in false_bools:
+ raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
+ % (inc_value, vtype))
+ elif isinstance(inc_value, bool) and 'str' in vtype:
+ inc_value = str(inc_value)
+
+ # If vtype is not str then go ahead and attempt to yaml load it.
+ if isinstance(inc_value, str) and 'str' not in vtype:
+ try:
+ inc_value = yaml.load(inc_value)
+ except Exception:
+ raise YeditException('Could not determine type of incoming ' +
+ 'value. value=[%s] vtype=[%s]'
+ % (type(inc_value), vtype))
+
+ return inc_value
+
+ # pylint: disable=too-many-return-statements,too-many-branches
+ @staticmethod
+ def run_ansible(module):
+ '''perform the idempotent crud operations'''
+ yamlfile = Yedit(filename=module.params['src'],
+ backup=module.params['backup'],
+ separator=module.params['separator'])
+
+ if module.params['src']:
+ rval = yamlfile.load()
+
+ if yamlfile.yaml_dict is None and \
+ module.params['state'] != 'present':
+ return {'failed': True,
+ 'msg': 'Error opening file [%s]. Verify that the ' +
+ 'file exists, that it is has correct' +
+ ' permissions, and is valid yaml.'}
+
+ if module.params['state'] == 'list':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['key']:
+ rval = yamlfile.get(module.params['key']) or {}
+
+ return {'changed': False, 'result': rval, 'state': "list"}
+
+ elif module.params['state'] == 'absent':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['update']:
+ rval = yamlfile.pop(module.params['key'],
+ module.params['value'])
+ else:
+ rval = yamlfile.delete(module.params['key'])
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0], 'result': rval[1], 'state': "absent"}
+
+ elif module.params['state'] == 'present':
+ # check if content is different than what is in the file
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+
+ # We had no edits to make and the contents are the same
+ if yamlfile.yaml_dict == content and \
+ module.params['value'] is None:
+ return {'changed': False,
+ 'result': yamlfile.yaml_dict,
+ 'state': "present"}
+
+ yamlfile.yaml_dict = content
+
+ # we were passed a value; parse it
+ if module.params['value']:
+ value = Yedit.parse_value(module.params['value'],
+ module.params['value_type'])
+ key = module.params['key']
+ if module.params['update']:
+ # pylint: disable=line-too-long
+ curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501
+ module.params['curr_value_format']) # noqa: E501
+
+ rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501
+
+ elif module.params['append']:
+ rval = yamlfile.append(key, value)
+ else:
+ rval = yamlfile.put(key, value)
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0],
+ 'result': rval[1], 'state': "present"}
+
+ # no edits to make
+ if module.params['src']:
+ # pylint: disable=redefined-variable-type
+ rval = yamlfile.write()
+ return {'changed': rval[0],
+ 'result': rval[1],
+ 'state': "present"}
+
+ return {'failed': True, 'msg': 'Unkown state passed'}
+
+# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*-
+# pylint: disable=too-many-lines
+# noqa: E301,E302,E303,T001
+
+
+class OpenShiftCLIError(Exception):
+ '''Exception class for openshiftcli'''
+ pass
+
+
+ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')]
+
+
+def locate_oc_binary():
+ ''' Find and return oc binary file '''
+ # https://github.com/openshift/openshift-ansible/issues/3410
+ # oc can be in /usr/local/bin in some cases, but that may not
+ # be in $PATH due to ansible/sudo
+ paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS
+
+ oc_binary = 'oc'
+
+ # Use shutil.which if it is available, otherwise fallback to a naive path search
+ try:
+ which_result = shutil.which(oc_binary, path=os.pathsep.join(paths))
+ if which_result is not None:
+ oc_binary = which_result
+ except AttributeError:
+ for path in paths:
+ if os.path.exists(os.path.join(path, oc_binary)):
+ oc_binary = os.path.join(path, oc_binary)
+ break
+
+ return oc_binary
+
+
+# pylint: disable=too-few-public-methods
+class OpenShiftCLI(object):
+ ''' Class to wrap the command line tools '''
+ def __init__(self,
+ namespace,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False,
+ all_namespaces=False):
+ ''' Constructor for OpenshiftCLI '''
+ self.namespace = namespace
+ self.verbose = verbose
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
+ self.all_namespaces = all_namespaces
+ self.oc_binary = locate_oc_binary()
+
+ # Pylint allows only 5 arguments to be passed.
+ # pylint: disable=too-many-arguments
+ def _replace_content(self, resource, rname, content, force=False, sep='.'):
+ ''' replace the current object with the content '''
+ res = self._get(resource, rname)
+ if not res['results']:
+ return res
+
+ fname = Utils.create_tmpfile(rname + '-')
+
+ yed = Yedit(fname, res['results'][0], separator=sep)
+ changes = []
+ for key, value in content.items():
+ changes.append(yed.put(key, value))
+
+ if any([change[0] for change in changes]):
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._replace(fname, force)
+
+ return {'returncode': 0, 'updated': False}
+
+ def _replace(self, fname, force=False):
+ '''replace the current object with oc replace'''
+ cmd = ['replace', '-f', fname]
+ if force:
+ cmd.append('--force')
+ return self.openshift_cmd(cmd)
+
+ def _create_from_content(self, rname, content):
+ '''create a temporary file and then call oc create on it'''
+ fname = Utils.create_tmpfile(rname + '-')
+ yed = Yedit(fname, content=content)
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._create(fname)
+
+ def _create(self, fname):
+ '''call oc create on a filename'''
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _delete(self, resource, rname, selector=None):
+ '''call oc delete on a resource'''
+ cmd = ['delete', resource, rname]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+
+ return self.openshift_cmd(cmd)
+
+ def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501
+ '''process a template
+
+ template_name: the name of the template to process
+ create: whether to send to oc create after processing
+ params: the parameters for the template
+ template_data: the incoming template's data; instead of a file
+ '''
+ cmd = ['process']
+ if template_data:
+ cmd.extend(['-f', '-'])
+ else:
+ cmd.append(template_name)
+ if params:
+ param_str = ["%s=%s" % (key, value) for key, value in params.items()]
+ cmd.append('-v')
+ cmd.extend(param_str)
+
+ results = self.openshift_cmd(cmd, output=True, input_data=template_data)
+
+ if results['returncode'] != 0 or not create:
+ return results
+
+ fname = Utils.create_tmpfile(template_name + '-')
+ yed = Yedit(fname, results['results'])
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _get(self, resource, rname=None, selector=None):
+ '''return a resource by name '''
+ cmd = ['get', resource]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+ elif rname:
+ cmd.append(rname)
+
+ cmd.extend(['-o', 'json'])
+
+ rval = self.openshift_cmd(cmd, output=True)
+
+ # Ensure results are retuned in an array
+ if 'items' in rval:
+ rval['results'] = rval['items']
+ elif not isinstance(rval['results'], list):
+ rval['results'] = [rval['results']]
+
+ return rval
+
+ def _schedulable(self, node=None, selector=None, schedulable=True):
+ ''' perform oadm manage-node scheduable '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ cmd.append('--schedulable=%s' % schedulable)
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501
+
+ def _list_pods(self, node=None, selector=None, pod_selector=None):
+ ''' perform oadm list pods
+
+ node: the node in which to list pods
+ selector: the label selector filter if provided
+ pod_selector: the pod selector filter if provided
+ '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ cmd.extend(['--list-pods', '-o', 'json'])
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ # pylint: disable=too-many-arguments
+ def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False):
+ ''' perform oadm manage-node evacuate '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if dry_run:
+ cmd.append('--dry-run')
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ if grace_period:
+ cmd.append('--grace-period=%s' % int(grace_period))
+
+ if force:
+ cmd.append('--force')
+
+ cmd.append('--evacuate')
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ def _version(self):
+ ''' return the openshift version'''
+ return self.openshift_cmd(['version'], output=True, output_type='raw')
+
+ def _import_image(self, url=None, name=None, tag=None):
+ ''' perform image import '''
+ cmd = ['import-image']
+
+ image = '{0}'.format(name)
+ if tag:
+ image += ':{0}'.format(tag)
+
+ cmd.append(image)
+
+ if url:
+ cmd.append('--from={0}/{1}'.format(url, image))
+
+ cmd.append('-n{0}'.format(self.namespace))
+
+ cmd.append('--confirm')
+ return self.openshift_cmd(cmd)
+
+ def _run(self, cmds, input_data):
+ ''' Actually executes the command. This makes mocking easier. '''
+ curr_env = os.environ.copy()
+ curr_env.update({'KUBECONFIG': self.kubeconfig})
+ proc = subprocess.Popen(cmds,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ env=curr_env)
+
+ stdout, stderr = proc.communicate(input_data)
+
+ return proc.returncode, stdout.decode(), stderr.decode()
+
+ # pylint: disable=too-many-arguments,too-many-branches
+ def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None):
+ '''Base command for oc '''
+ cmds = [self.oc_binary]
+
+ if oadm:
+ cmds.append('adm')
+
+ cmds.extend(cmd)
+
+ if self.all_namespaces:
+ cmds.extend(['--all-namespaces'])
+ elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501
+ cmds.extend(['-n', self.namespace])
+
+ rval = {}
+ results = ''
+ err = None
+
+ if self.verbose:
+ print(' '.join(cmds))
+
+ try:
+ returncode, stdout, stderr = self._run(cmds, input_data)
+ except OSError as ex:
+ returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex)
+
+ rval = {"returncode": returncode,
+ "results": results,
+ "cmd": ' '.join(cmds)}
+
+ if returncode == 0:
+ if output:
+ if output_type == 'json':
+ try:
+ rval['results'] = json.loads(stdout)
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
+ elif output_type == 'raw':
+ rval['results'] = stdout
+
+ if self.verbose:
+ print("STDOUT: {0}".format(stdout))
+ print("STDERR: {0}".format(stderr))
+
+ if err:
+ rval.update({"err": err,
+ "stderr": stderr,
+ "stdout": stdout,
+ "cmd": cmds})
+
+ else:
+ rval.update({"stderr": stderr,
+ "stdout": stdout,
+ "results": {}})
+
+ return rval
+
+
+class Utils(object):
+ ''' utilities for openshiftcli modules '''
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ with open(filename, 'w') as sfd:
+ sfd.write(contents)
+
+ @staticmethod
+ def create_tmp_file_from_contents(rname, data, ftype='yaml'):
+ ''' create a file in tmp with name and contents'''
+
+ tmp = Utils.create_tmpfile(prefix=rname)
+
+ if ftype == 'yaml':
+ # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage
+ # pylint: disable=no-member
+ if hasattr(yaml, 'RoundTripDumper'):
+ Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper))
+ else:
+ Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False))
+
+ elif ftype == 'json':
+ Utils._write(tmp, json.dumps(data))
+ else:
+ Utils._write(tmp, data)
+
+ # Register cleanup when module is done
+ atexit.register(Utils.cleanup, [tmp])
+ return tmp
+
+ @staticmethod
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
+ ''' Generates and returns a temporary file name '''
+
+ with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
+ return tmp.name
+
+ @staticmethod
+ def create_tmp_files_from_contents(content, content_type=None):
+ '''Turn an array of dict: filename, content into a files array'''
+ if not isinstance(content, list):
+ content = [content]
+ files = []
+ for item in content:
+ path = Utils.create_tmp_file_from_contents(item['path'] + '-',
+ item['data'],
+ ftype=content_type)
+ files.append({'name': os.path.basename(item['path']),
+ 'path': path})
+ return files
+
+ @staticmethod
+ def cleanup(files):
+ '''Clean up on exit '''
+ for sfile in files:
+ if os.path.exists(sfile):
+ if os.path.isdir(sfile):
+ shutil.rmtree(sfile)
+ elif os.path.isfile(sfile):
+ os.remove(sfile)
+
+ @staticmethod
+ def exists(results, _name):
+ ''' Check to see if the results include the name '''
+ if not results:
+ return False
+
+ if Utils.find_result(results, _name):
+ return True
+
+ return False
+
+ @staticmethod
+ def find_result(results, _name):
+ ''' Find the specified result by name'''
+ rval = None
+ for result in results:
+ if 'metadata' in result and result['metadata']['name'] == _name:
+ rval = result
+ break
+
+ return rval
+
+ @staticmethod
+ def get_resource_file(sfile, sfile_type='yaml'):
+ ''' return the service file '''
+ contents = None
+ with open(sfile) as sfd:
+ contents = sfd.read()
+
+ if sfile_type == 'yaml':
+ # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage
+ # pylint: disable=no-member
+ if hasattr(yaml, 'RoundTripLoader'):
+ contents = yaml.load(contents, yaml.RoundTripLoader)
+ else:
+ contents = yaml.safe_load(contents)
+ elif sfile_type == 'json':
+ contents = json.loads(contents)
+
+ return contents
+
+ @staticmethod
+ def filter_versions(stdout):
+ ''' filter the oc version output '''
+
+ version_dict = {}
+ version_search = ['oc', 'openshift', 'kubernetes']
+
+ for line in stdout.strip().split('\n'):
+ for term in version_search:
+ if not line:
+ continue
+ if line.startswith(term):
+ version_dict[term] = line.split()[-1]
+
+ # horrible hack to get openshift version in Openshift 3.2
+ # By default "oc version in 3.2 does not return an "openshift" version
+ if "openshift" not in version_dict:
+ version_dict["openshift"] = version_dict["oc"]
+
+ return version_dict
+
+ @staticmethod
+ def add_custom_versions(versions):
+ ''' create custom versions strings '''
+
+ versions_dict = {}
+
+ for tech, version in versions.items():
+ # clean up "-" from version
+ if "-" in version:
+ version = version.split("-")[0]
+
+ if version.startswith('v'):
+ versions_dict[tech + '_numeric'] = version[1:].split('+')[0]
+ # "v3.3.0.33" is what we have, we want "3.3"
+ versions_dict[tech + '_short'] = version[1:4]
+
+ return versions_dict
+
+ @staticmethod
+ def openshift_installed():
+ ''' check if openshift is installed '''
+ import yum
+
+ yum_base = yum.YumBase()
+ if yum_base.rpmdb.searchNevra(name='atomic-openshift'):
+ return True
+
+ return False
+
+ # Disabling too-many-branches. This is a yaml dictionary comparison function
+ # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements
+ @staticmethod
+ def check_def_equal(user_def, result_def, skip_keys=None, debug=False):
+ ''' Given a user defined definition, compare it with the results given back by our query. '''
+
+ # Currently these values are autogenerated and we do not need to check them
+ skip = ['metadata', 'status']
+ if skip_keys:
+ skip.extend(skip_keys)
+
+ for key, value in result_def.items():
+ if key in skip:
+ continue
+
+ # Both are lists
+ if isinstance(value, list):
+ if key not in user_def:
+ if debug:
+ print('User data does not have key [%s]' % key)
+ print('User data: %s' % user_def)
+ return False
+
+ if not isinstance(user_def[key], list):
+ if debug:
+ print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key]))
+ return False
+
+ if len(user_def[key]) != len(value):
+ if debug:
+ print("List lengths are not equal.")
+ print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value)))
+ print("user_def: %s" % user_def[key])
+ print("value: %s" % value)
+ return False
+
+ for values in zip(user_def[key], value):
+ if isinstance(values[0], dict) and isinstance(values[1], dict):
+ if debug:
+ print('sending list - list')
+ print(type(values[0]))
+ print(type(values[1]))
+ result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug)
+ if not result:
+ print('list compare returned false')
+ return False
+
+ elif value != user_def[key]:
+ if debug:
+ print('value should be identical')
+ print(user_def[key])
+ print(value)
+ return False
+
+ # recurse on a dictionary
+ elif isinstance(value, dict):
+ if key not in user_def:
+ if debug:
+ print("user_def does not have key [%s]" % key)
+ return False
+ if not isinstance(user_def[key], dict):
+ if debug:
+ print("dict returned false: not instance of dict")
+ return False
+
+ # before passing ensure keys match
+ api_values = set(value.keys()) - set(skip)
+ user_values = set(user_def[key].keys()) - set(skip)
+ if api_values != user_values:
+ if debug:
+ print("keys are not equal in dict")
+ print(user_values)
+ print(api_values)
+ return False
+
+ result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
+ if not result:
+ if debug:
+ print("dict returned false")
+ print(result)
+ return False
+
+ # Verify each key, value pair is the same
+ else:
+ if key not in user_def or value != user_def[key]:
+ if debug:
+ print("value not equal; user_def does not have key")
+ print(key)
+ print(value)
+ if key in user_def:
+ print(user_def[key])
+ return False
+
+ if debug:
+ print('returning true')
+ return True
+
+
+class OpenShiftCLIConfig(object):
+ '''Generic Config'''
+ def __init__(self, rname, namespace, kubeconfig, options):
+ self.kubeconfig = kubeconfig
+ self.name = rname
+ self.namespace = namespace
+ self._options = options
+
+ @property
+ def config_options(self):
+ ''' return config options '''
+ return self._options
+
+ def to_option_list(self):
+ '''return all options as a string'''
+ return self.stringify()
+
+ def stringify(self):
+ ''' return the options hash as cli params in a string '''
+ rval = []
+ for key in sorted(self.config_options.keys()):
+ data = self.config_options[key]
+ if data['include'] \
+ and (data['value'] or isinstance(data['value'], int)):
+ rval.append('--{}={}'.format(key.replace('_', '-'), data['value']))
+
+ return rval
+
+
+# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: lib/group.py -*- -*- -*-
+
+
+class GroupConfig(object):
+ ''' Handle route options '''
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ sname,
+ namespace,
+ kubeconfig):
+ ''' constructor for handling group options '''
+ self.kubeconfig = kubeconfig
+ self.name = sname
+ self.namespace = namespace
+ self.data = {}
+
+ self.create_dict()
+
+ def create_dict(self):
+ ''' return a service as a dict '''
+ self.data['apiVersion'] = 'v1'
+ self.data['kind'] = 'Group'
+ self.data['metadata'] = {}
+ self.data['metadata']['name'] = self.name
+ self.data['users'] = None
+
+
+# pylint: disable=too-many-instance-attributes
+class Group(Yedit):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'group'
+
+ def __init__(self, content):
+ '''Group constructor'''
+ super(Group, self).__init__(content=content)
+
+# -*- -*- -*- End included fragment: lib/group.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: class/oc_group.py -*- -*- -*-
+
+
+class OCGroup(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'group'
+
+ def __init__(self,
+ config,
+ verbose=False):
+ ''' Constructor for OCGroup '''
+ super(OCGroup, self).__init__(config.namespace, config.kubeconfig)
+ self.config = config
+ self.namespace = config.namespace
+ self._group = None
+
+ @property
+ def group(self):
+ ''' property function service'''
+ if not self._group:
+ self.get()
+ return self._group
+
+ @group.setter
+ def group(self, data):
+ ''' setter function for yedit var '''
+ self._group = data
+
+ def exists(self):
+ ''' return whether a group exists '''
+ if self.group:
+ return True
+
+ return False
+
+ def get(self):
+ '''return group information '''
+ result = self._get(self.kind, self.config.name)
+ if result['returncode'] == 0:
+ self.group = Group(content=result['results'][0])
+ elif 'groups \"{}\" not found'.format(self.config.name) in result['stderr']:
+ result['returncode'] = 0
+ result['results'] = [{}]
+
+ return result
+
+ def delete(self):
+ '''delete the object'''
+ return self._delete(self.kind, self.config.name)
+
+ def create(self):
+ '''create the object'''
+ return self._create_from_content(self.config.name, self.config.data)
+
+ def update(self):
+ '''update the object'''
+ return self._replace_content(self.kind, self.config.name, self.config.data)
+
+ def needs_update(self):
+ ''' verify an update is needed '''
+ return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=[], debug=True)
+
+ # pylint: disable=too-many-return-statements,too-many-branches
+ @staticmethod
+ def run_ansible(params, check_mode=False):
+ '''run the idempotent ansible code'''
+
+ gconfig = GroupConfig(params['name'],
+ params['namespace'],
+ params['kubeconfig'],
+ )
+ oc_group = OCGroup(gconfig, verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = oc_group.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': state}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ if oc_group.exists():
+
+ if check_mode:
+ return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+ api_rval = oc_group.delete()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'state': state}
+
+ if state == 'present':
+ ########
+ # Create
+ ########
+ if not oc_group.exists():
+
+ if check_mode:
+ return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
+
+ # Create it here
+ api_rval = oc_group.create()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_group.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ ########
+ # Update
+ ########
+ if oc_group.needs_update():
+ api_rval = oc_group.update()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_group.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'results': api_rval, 'state': state}
+
+ return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}
+
+# -*- -*- -*- End included fragment: class/oc_group.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ansible/oc_group.py -*- -*- -*-
+
+#pylint: disable=too-many-branches
+def main():
+ '''
+ ansible oc module for group
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ name=dict(default=None, type='str'),
+ namespace=dict(default='default', type='str'),
+ # addind users to a group is handled through the oc_users module
+ #users=dict(default=None, type='list'),
+ ),
+ supports_check_mode=True,
+ )
+
+ rval = OCGroup.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in rval:
+ return module.fail_json(**rval)
+
+ return module.exit_json(**rval)
+
+if __name__ == '__main__':
+ main()
+
+# -*- -*- -*- End included fragment: ansible/oc_group.py -*- -*- -*-
diff --git a/roles/lib_openshift/library/oc_image.py b/roles/lib_openshift/library/oc_image.py
new file mode 100644
index 000000000..b7cc37264
--- /dev/null
+++ b/roles/lib_openshift/library/oc_image.py
@@ -0,0 +1,1486 @@
+#!/usr/bin/env python
+# pylint: disable=missing-docstring
+# flake8: noqa: T001
+# ___ ___ _ _ ___ ___ _ _____ ___ ___
+# / __| __| \| | __| _ \ /_\_ _| __| \
+# | (_ | _|| .` | _|| / / _ \| | | _|| |) |
+# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____
+# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _|
+# | |) | (_) | | .` | (_) || | | _|| |) | | | |
+# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_|
+#
+# Copyright 2016 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*-
+'''
+ OpenShiftCLI class that wraps the oc commands in a subprocess
+'''
+# pylint: disable=too-many-lines
+
+from __future__ import print_function
+import atexit
+import copy
+import json
+import os
+import re
+import shutil
+import subprocess
+import tempfile
+# pylint: disable=import-error
+try:
+ import ruamel.yaml as yaml
+except ImportError:
+ import yaml
+
+from ansible.module_utils.basic import AnsibleModule
+
+# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: doc/image -*- -*- -*-
+
+DOCUMENTATION = '''
+---
+module: oc_image
+short_description: Create, modify, and idempotently manage openshift labels.
+description:
+ - Modify openshift labels programmatically.
+options:
+ state:
+ description:
+ - State controls the action that will be taken with resource
+ - 'present' will create. Does _not_ support update.
+ - 'list' will read the labels
+ default: present
+ choices: ["present", "list"]
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ namespace:
+ description:
+ - The namespace where this object lives
+ required: false
+ default: default
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ registry_url:
+ description:
+ - The url for the registry so that openshift can pull the image
+ required: false
+ default: None
+ aliases: []
+ image_name:
+ description:
+ - The name of the image being imported
+ required: false
+ default: False
+ aliases: []
+ image_tag:
+ description:
+ - The tag of the image being imported
+ required: false
+ default: None
+ aliases: []
+author:
+- "Ivan Horvath<ihorvath@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: Get an imagestream
+ oc_image:
+ name: php55
+ state: list
+ register: imageout
+
+- name: create an imagestream
+ oc_image:
+ state: present
+ image_name: php55
+ image_tag: int
+ registry_url: registry.example.com
+ namespace: default
+ register: imageout
+'''
+
+# -*- -*- -*- End included fragment: doc/image -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+# pylint: disable=undefined-variable,missing-docstring
+# noqa: E301,E302
+
+
+class YeditException(Exception):
+ ''' Exception class for Yedit '''
+ pass
+
+
+# pylint: disable=too-many-public-methods
+class Yedit(object):
+ ''' Class to modify yaml files '''
+ re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$"
+ re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)"
+ com_sep = set(['.', '#', '|', ':'])
+
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ filename=None,
+ content=None,
+ content_type='yaml',
+ separator='.',
+ backup=False):
+ self.content = content
+ self._separator = separator
+ self.filename = filename
+ self.__yaml_dict = content
+ self.content_type = content_type
+ self.backup = backup
+ self.load(content_type=self.content_type)
+ if self.__yaml_dict is None:
+ self.__yaml_dict = {}
+
+ @property
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @separator.setter
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @property
+ def yaml_dict(self):
+ ''' getter method for yaml_dict '''
+ return self.__yaml_dict
+
+ @yaml_dict.setter
+ def yaml_dict(self, value):
+ ''' setter method for yaml_dict '''
+ self.__yaml_dict = value
+
+ @staticmethod
+ def parse_key(key, sep='.'):
+ '''parse the key allowing the appropriate separator'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ return re.findall(Yedit.re_key % ''.join(common_separators), key)
+
+ @staticmethod
+ def valid_key(key, sep='.'):
+ '''validate the incoming key'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ if not re.match(Yedit.re_valid_key % ''.join(common_separators), key):
+ return False
+
+ return True
+
+ @staticmethod
+ def remove_entry(data, key, sep='.'):
+ ''' remove data at location key '''
+ if key == '' and isinstance(data, dict):
+ data.clear()
+ return True
+ elif key == '' and isinstance(data, list):
+ del data[:]
+ return True
+
+ if not (key and Yedit.valid_key(key, sep)) and \
+ isinstance(data, (list, dict)):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ # process last index for remove
+ # expected list entry
+ if key_indexes[-1][0]:
+ if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ del data[int(key_indexes[-1][0])]
+ return True
+
+ # expected dict entry
+ elif key_indexes[-1][1]:
+ if isinstance(data, dict):
+ del data[key_indexes[-1][1]]
+ return True
+
+ @staticmethod
+ def add_entry(data, key, item=None, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a#b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key:
+ if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501
+ data = data[dict_key]
+ continue
+
+ elif data and not isinstance(data, dict):
+ raise YeditException("Unexpected item type found while going through key " +
+ "path: {} (at key: {})".format(key, dict_key))
+
+ data[dict_key] = {}
+ data = data[dict_key]
+
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ raise YeditException("Unexpected item type found while going through key path: {}".format(key))
+
+ if key == '':
+ data = item
+
+ # process last index for add
+ # expected list entry
+ elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ data[int(key_indexes[-1][0])] = item
+
+ # expected dict entry
+ elif key_indexes[-1][1] and isinstance(data, dict):
+ data[key_indexes[-1][1]] = item
+
+ # didn't add/update to an existing list, nor add/update key to a dict
+ # so we must have been provided some syntax like a.b.c[<int>] = "data" for a
+ # non-existent array
+ else:
+ raise YeditException("Error adding to object at path: {}".format(key))
+
+ return data
+
+ @staticmethod
+ def get_entry(data, key, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a.b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ return data
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ tmp_filename = filename + '.yedit'
+
+ with open(tmp_filename, 'w') as yfd:
+ yfd.write(contents)
+
+ os.rename(tmp_filename, filename)
+
+ def write(self):
+ ''' write to file '''
+ if not self.filename:
+ raise YeditException('Please specify a filename.')
+
+ if self.backup and self.file_exists():
+ shutil.copy(self.filename, self.filename + '.orig')
+
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ # Try to use RoundTripDumper if supported.
+ try:
+ Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper))
+ except AttributeError:
+ Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False))
+
+ return (True, self.yaml_dict)
+
+ def read(self):
+ ''' read from file '''
+ # check if it exists
+ if self.filename is None or not self.file_exists():
+ return None
+
+ contents = None
+ with open(self.filename) as yfd:
+ contents = yfd.read()
+
+ return contents
+
+ def file_exists(self):
+ ''' return whether file exists '''
+ if os.path.exists(self.filename):
+ return True
+
+ return False
+
+ def load(self, content_type='yaml'):
+ ''' return yaml file '''
+ contents = self.read()
+
+ if not contents and not self.content:
+ return None
+
+ if self.content:
+ if isinstance(self.content, dict):
+ self.yaml_dict = self.content
+ return self.yaml_dict
+ elif isinstance(self.content, str):
+ contents = self.content
+
+ # check if it is yaml
+ try:
+ if content_type == 'yaml' and contents:
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ # Try to use RoundTripLoader if supported.
+ try:
+ self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader)
+ except AttributeError:
+ self.yaml_dict = yaml.safe_load(contents)
+
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ elif content_type == 'json' and contents:
+ self.yaml_dict = json.loads(contents)
+ except yaml.YAMLError as err:
+ # Error loading yaml or json
+ raise YeditException('Problem with loading yaml file. %s' % err)
+
+ return self.yaml_dict
+
+ def get(self, key):
+ ''' get a specified key'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, key, self.separator)
+ except KeyError:
+ entry = None
+
+ return entry
+
+ def pop(self, path, key_or_item):
+ ''' remove a key, value pair from a dict or an item for a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ if isinstance(entry, dict):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ if key_or_item in entry:
+ entry.pop(key_or_item)
+ return (True, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ ind = None
+ try:
+ ind = entry.index(key_or_item)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ entry.pop(ind)
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ def delete(self, path):
+ ''' remove path from a dict'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ result = Yedit.remove_entry(self.yaml_dict, path, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ return (True, self.yaml_dict)
+
+ def exists(self, path, value):
+ ''' check if value exists at path'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, list):
+ if value in entry:
+ return True
+ return False
+
+ elif isinstance(entry, dict):
+ if isinstance(value, dict):
+ rval = False
+ for key, val in value.items():
+ if entry[key] != val:
+ rval = False
+ break
+ else:
+ rval = True
+ return rval
+
+ return value in entry
+
+ return entry == value
+
+ def append(self, path, value):
+ '''append value to a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ self.put(path, [])
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ if not isinstance(entry, list):
+ return (False, self.yaml_dict)
+
+ # AUDIT:maybe-no-member makes sense due to loading data from
+ # a serialized format.
+ # pylint: disable=maybe-no-member
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # pylint: disable=too-many-arguments
+ def update(self, path, value, index=None, curr_value=None):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, dict):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ if not isinstance(value, dict):
+ raise YeditException('Cannot replace key, value entry in ' +
+ 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501
+
+ entry.update(value)
+ return (True, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ ind = None
+ if curr_value:
+ try:
+ ind = entry.index(curr_value)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ elif index is not None:
+ ind = index
+
+ if ind is not None and entry[ind] != value:
+ entry[ind] = value
+ return (True, self.yaml_dict)
+
+ # see if it exists in the list
+ try:
+ ind = entry.index(value)
+ except ValueError:
+ # doesn't exist, append it
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # already exists, return
+ if ind is not None:
+ return (False, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ def put(self, path, value):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry == value:
+ return (False, self.yaml_dict)
+
+ # deepcopy didn't work
+ # Try to use ruamel.yaml and fallback to pyyaml
+ try:
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ except AttributeError:
+ tmp_copy = copy.deepcopy(self.yaml_dict)
+
+ # set the format attributes if available
+ try:
+ tmp_copy.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ self.yaml_dict = tmp_copy
+
+ return (True, self.yaml_dict)
+
+ def create(self, path, value):
+ ''' create a yaml file '''
+ if not self.file_exists():
+ # deepcopy didn't work
+ # Try to use ruamel.yaml and fallback to pyyaml
+ try:
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ except AttributeError:
+ tmp_copy = copy.deepcopy(self.yaml_dict)
+
+ # set the format attributes if available
+ try:
+ tmp_copy.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if result:
+ self.yaml_dict = tmp_copy
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ @staticmethod
+ def get_curr_value(invalue, val_type):
+ '''return the current value'''
+ if invalue is None:
+ return None
+
+ curr_value = invalue
+ if val_type == 'yaml':
+ curr_value = yaml.load(invalue)
+ elif val_type == 'json':
+ curr_value = json.loads(invalue)
+
+ return curr_value
+
+ @staticmethod
+ def parse_value(inc_value, vtype=''):
+ '''determine value type passed'''
+ true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
+ 'on', 'On', 'ON', ]
+ false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
+ 'off', 'Off', 'OFF']
+
+ # It came in as a string but you didn't specify value_type as string
+ # we will convert to bool if it matches any of the above cases
+ if isinstance(inc_value, str) and 'bool' in vtype:
+ if inc_value not in true_bools and inc_value not in false_bools:
+ raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
+ % (inc_value, vtype))
+ elif isinstance(inc_value, bool) and 'str' in vtype:
+ inc_value = str(inc_value)
+
+ # If vtype is not str then go ahead and attempt to yaml load it.
+ if isinstance(inc_value, str) and 'str' not in vtype:
+ try:
+ inc_value = yaml.load(inc_value)
+ except Exception:
+ raise YeditException('Could not determine type of incoming ' +
+ 'value. value=[%s] vtype=[%s]'
+ % (type(inc_value), vtype))
+
+ return inc_value
+
+ # pylint: disable=too-many-return-statements,too-many-branches
+ @staticmethod
+ def run_ansible(module):
+ '''perform the idempotent crud operations'''
+ yamlfile = Yedit(filename=module.params['src'],
+ backup=module.params['backup'],
+ separator=module.params['separator'])
+
+ if module.params['src']:
+ rval = yamlfile.load()
+
+ if yamlfile.yaml_dict is None and \
+ module.params['state'] != 'present':
+ return {'failed': True,
+ 'msg': 'Error opening file [%s]. Verify that the ' +
+ 'file exists, that it is has correct' +
+ ' permissions, and is valid yaml.'}
+
+ if module.params['state'] == 'list':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['key']:
+ rval = yamlfile.get(module.params['key']) or {}
+
+ return {'changed': False, 'result': rval, 'state': "list"}
+
+ elif module.params['state'] == 'absent':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['update']:
+ rval = yamlfile.pop(module.params['key'],
+ module.params['value'])
+ else:
+ rval = yamlfile.delete(module.params['key'])
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0], 'result': rval[1], 'state': "absent"}
+
+ elif module.params['state'] == 'present':
+ # check if content is different than what is in the file
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+
+ # We had no edits to make and the contents are the same
+ if yamlfile.yaml_dict == content and \
+ module.params['value'] is None:
+ return {'changed': False,
+ 'result': yamlfile.yaml_dict,
+ 'state': "present"}
+
+ yamlfile.yaml_dict = content
+
+ # we were passed a value; parse it
+ if module.params['value']:
+ value = Yedit.parse_value(module.params['value'],
+ module.params['value_type'])
+ key = module.params['key']
+ if module.params['update']:
+ # pylint: disable=line-too-long
+ curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501
+ module.params['curr_value_format']) # noqa: E501
+
+ rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501
+
+ elif module.params['append']:
+ rval = yamlfile.append(key, value)
+ else:
+ rval = yamlfile.put(key, value)
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0],
+ 'result': rval[1], 'state': "present"}
+
+ # no edits to make
+ if module.params['src']:
+ # pylint: disable=redefined-variable-type
+ rval = yamlfile.write()
+ return {'changed': rval[0],
+ 'result': rval[1],
+ 'state': "present"}
+
+ return {'failed': True, 'msg': 'Unkown state passed'}
+
+# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*-
+# pylint: disable=too-many-lines
+# noqa: E301,E302,E303,T001
+
+
+class OpenShiftCLIError(Exception):
+ '''Exception class for openshiftcli'''
+ pass
+
+
+ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')]
+
+
+def locate_oc_binary():
+ ''' Find and return oc binary file '''
+ # https://github.com/openshift/openshift-ansible/issues/3410
+ # oc can be in /usr/local/bin in some cases, but that may not
+ # be in $PATH due to ansible/sudo
+ paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS
+
+ oc_binary = 'oc'
+
+ # Use shutil.which if it is available, otherwise fallback to a naive path search
+ try:
+ which_result = shutil.which(oc_binary, path=os.pathsep.join(paths))
+ if which_result is not None:
+ oc_binary = which_result
+ except AttributeError:
+ for path in paths:
+ if os.path.exists(os.path.join(path, oc_binary)):
+ oc_binary = os.path.join(path, oc_binary)
+ break
+
+ return oc_binary
+
+
+# pylint: disable=too-few-public-methods
+class OpenShiftCLI(object):
+ ''' Class to wrap the command line tools '''
+ def __init__(self,
+ namespace,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False,
+ all_namespaces=False):
+ ''' Constructor for OpenshiftCLI '''
+ self.namespace = namespace
+ self.verbose = verbose
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
+ self.all_namespaces = all_namespaces
+ self.oc_binary = locate_oc_binary()
+
+ # Pylint allows only 5 arguments to be passed.
+ # pylint: disable=too-many-arguments
+ def _replace_content(self, resource, rname, content, force=False, sep='.'):
+ ''' replace the current object with the content '''
+ res = self._get(resource, rname)
+ if not res['results']:
+ return res
+
+ fname = Utils.create_tmpfile(rname + '-')
+
+ yed = Yedit(fname, res['results'][0], separator=sep)
+ changes = []
+ for key, value in content.items():
+ changes.append(yed.put(key, value))
+
+ if any([change[0] for change in changes]):
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._replace(fname, force)
+
+ return {'returncode': 0, 'updated': False}
+
+ def _replace(self, fname, force=False):
+ '''replace the current object with oc replace'''
+ cmd = ['replace', '-f', fname]
+ if force:
+ cmd.append('--force')
+ return self.openshift_cmd(cmd)
+
+ def _create_from_content(self, rname, content):
+ '''create a temporary file and then call oc create on it'''
+ fname = Utils.create_tmpfile(rname + '-')
+ yed = Yedit(fname, content=content)
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._create(fname)
+
+ def _create(self, fname):
+ '''call oc create on a filename'''
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _delete(self, resource, rname, selector=None):
+ '''call oc delete on a resource'''
+ cmd = ['delete', resource, rname]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+
+ return self.openshift_cmd(cmd)
+
+ def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501
+ '''process a template
+
+ template_name: the name of the template to process
+ create: whether to send to oc create after processing
+ params: the parameters for the template
+ template_data: the incoming template's data; instead of a file
+ '''
+ cmd = ['process']
+ if template_data:
+ cmd.extend(['-f', '-'])
+ else:
+ cmd.append(template_name)
+ if params:
+ param_str = ["%s=%s" % (key, value) for key, value in params.items()]
+ cmd.append('-v')
+ cmd.extend(param_str)
+
+ results = self.openshift_cmd(cmd, output=True, input_data=template_data)
+
+ if results['returncode'] != 0 or not create:
+ return results
+
+ fname = Utils.create_tmpfile(template_name + '-')
+ yed = Yedit(fname, results['results'])
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _get(self, resource, rname=None, selector=None):
+ '''return a resource by name '''
+ cmd = ['get', resource]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+ elif rname:
+ cmd.append(rname)
+
+ cmd.extend(['-o', 'json'])
+
+ rval = self.openshift_cmd(cmd, output=True)
+
+ # Ensure results are retuned in an array
+ if 'items' in rval:
+ rval['results'] = rval['items']
+ elif not isinstance(rval['results'], list):
+ rval['results'] = [rval['results']]
+
+ return rval
+
+ def _schedulable(self, node=None, selector=None, schedulable=True):
+ ''' perform oadm manage-node scheduable '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ cmd.append('--schedulable=%s' % schedulable)
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501
+
+ def _list_pods(self, node=None, selector=None, pod_selector=None):
+ ''' perform oadm list pods
+
+ node: the node in which to list pods
+ selector: the label selector filter if provided
+ pod_selector: the pod selector filter if provided
+ '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ cmd.extend(['--list-pods', '-o', 'json'])
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ # pylint: disable=too-many-arguments
+ def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False):
+ ''' perform oadm manage-node evacuate '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if dry_run:
+ cmd.append('--dry-run')
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ if grace_period:
+ cmd.append('--grace-period=%s' % int(grace_period))
+
+ if force:
+ cmd.append('--force')
+
+ cmd.append('--evacuate')
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ def _version(self):
+ ''' return the openshift version'''
+ return self.openshift_cmd(['version'], output=True, output_type='raw')
+
+ def _import_image(self, url=None, name=None, tag=None):
+ ''' perform image import '''
+ cmd = ['import-image']
+
+ image = '{0}'.format(name)
+ if tag:
+ image += ':{0}'.format(tag)
+
+ cmd.append(image)
+
+ if url:
+ cmd.append('--from={0}/{1}'.format(url, image))
+
+ cmd.append('-n{0}'.format(self.namespace))
+
+ cmd.append('--confirm')
+ return self.openshift_cmd(cmd)
+
+ def _run(self, cmds, input_data):
+ ''' Actually executes the command. This makes mocking easier. '''
+ curr_env = os.environ.copy()
+ curr_env.update({'KUBECONFIG': self.kubeconfig})
+ proc = subprocess.Popen(cmds,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ env=curr_env)
+
+ stdout, stderr = proc.communicate(input_data)
+
+ return proc.returncode, stdout.decode(), stderr.decode()
+
+ # pylint: disable=too-many-arguments,too-many-branches
+ def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None):
+ '''Base command for oc '''
+ cmds = [self.oc_binary]
+
+ if oadm:
+ cmds.append('adm')
+
+ cmds.extend(cmd)
+
+ if self.all_namespaces:
+ cmds.extend(['--all-namespaces'])
+ elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501
+ cmds.extend(['-n', self.namespace])
+
+ rval = {}
+ results = ''
+ err = None
+
+ if self.verbose:
+ print(' '.join(cmds))
+
+ try:
+ returncode, stdout, stderr = self._run(cmds, input_data)
+ except OSError as ex:
+ returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex)
+
+ rval = {"returncode": returncode,
+ "results": results,
+ "cmd": ' '.join(cmds)}
+
+ if returncode == 0:
+ if output:
+ if output_type == 'json':
+ try:
+ rval['results'] = json.loads(stdout)
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
+ elif output_type == 'raw':
+ rval['results'] = stdout
+
+ if self.verbose:
+ print("STDOUT: {0}".format(stdout))
+ print("STDERR: {0}".format(stderr))
+
+ if err:
+ rval.update({"err": err,
+ "stderr": stderr,
+ "stdout": stdout,
+ "cmd": cmds})
+
+ else:
+ rval.update({"stderr": stderr,
+ "stdout": stdout,
+ "results": {}})
+
+ return rval
+
+
+class Utils(object):
+ ''' utilities for openshiftcli modules '''
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ with open(filename, 'w') as sfd:
+ sfd.write(contents)
+
+ @staticmethod
+ def create_tmp_file_from_contents(rname, data, ftype='yaml'):
+ ''' create a file in tmp with name and contents'''
+
+ tmp = Utils.create_tmpfile(prefix=rname)
+
+ if ftype == 'yaml':
+ # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage
+ # pylint: disable=no-member
+ if hasattr(yaml, 'RoundTripDumper'):
+ Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper))
+ else:
+ Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False))
+
+ elif ftype == 'json':
+ Utils._write(tmp, json.dumps(data))
+ else:
+ Utils._write(tmp, data)
+
+ # Register cleanup when module is done
+ atexit.register(Utils.cleanup, [tmp])
+ return tmp
+
+ @staticmethod
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
+ ''' Generates and returns a temporary file name '''
+
+ with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
+ return tmp.name
+
+ @staticmethod
+ def create_tmp_files_from_contents(content, content_type=None):
+ '''Turn an array of dict: filename, content into a files array'''
+ if not isinstance(content, list):
+ content = [content]
+ files = []
+ for item in content:
+ path = Utils.create_tmp_file_from_contents(item['path'] + '-',
+ item['data'],
+ ftype=content_type)
+ files.append({'name': os.path.basename(item['path']),
+ 'path': path})
+ return files
+
+ @staticmethod
+ def cleanup(files):
+ '''Clean up on exit '''
+ for sfile in files:
+ if os.path.exists(sfile):
+ if os.path.isdir(sfile):
+ shutil.rmtree(sfile)
+ elif os.path.isfile(sfile):
+ os.remove(sfile)
+
+ @staticmethod
+ def exists(results, _name):
+ ''' Check to see if the results include the name '''
+ if not results:
+ return False
+
+ if Utils.find_result(results, _name):
+ return True
+
+ return False
+
+ @staticmethod
+ def find_result(results, _name):
+ ''' Find the specified result by name'''
+ rval = None
+ for result in results:
+ if 'metadata' in result and result['metadata']['name'] == _name:
+ rval = result
+ break
+
+ return rval
+
+ @staticmethod
+ def get_resource_file(sfile, sfile_type='yaml'):
+ ''' return the service file '''
+ contents = None
+ with open(sfile) as sfd:
+ contents = sfd.read()
+
+ if sfile_type == 'yaml':
+ # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage
+ # pylint: disable=no-member
+ if hasattr(yaml, 'RoundTripLoader'):
+ contents = yaml.load(contents, yaml.RoundTripLoader)
+ else:
+ contents = yaml.safe_load(contents)
+ elif sfile_type == 'json':
+ contents = json.loads(contents)
+
+ return contents
+
+ @staticmethod
+ def filter_versions(stdout):
+ ''' filter the oc version output '''
+
+ version_dict = {}
+ version_search = ['oc', 'openshift', 'kubernetes']
+
+ for line in stdout.strip().split('\n'):
+ for term in version_search:
+ if not line:
+ continue
+ if line.startswith(term):
+ version_dict[term] = line.split()[-1]
+
+ # horrible hack to get openshift version in Openshift 3.2
+ # By default "oc version in 3.2 does not return an "openshift" version
+ if "openshift" not in version_dict:
+ version_dict["openshift"] = version_dict["oc"]
+
+ return version_dict
+
+ @staticmethod
+ def add_custom_versions(versions):
+ ''' create custom versions strings '''
+
+ versions_dict = {}
+
+ for tech, version in versions.items():
+ # clean up "-" from version
+ if "-" in version:
+ version = version.split("-")[0]
+
+ if version.startswith('v'):
+ versions_dict[tech + '_numeric'] = version[1:].split('+')[0]
+ # "v3.3.0.33" is what we have, we want "3.3"
+ versions_dict[tech + '_short'] = version[1:4]
+
+ return versions_dict
+
+ @staticmethod
+ def openshift_installed():
+ ''' check if openshift is installed '''
+ import yum
+
+ yum_base = yum.YumBase()
+ if yum_base.rpmdb.searchNevra(name='atomic-openshift'):
+ return True
+
+ return False
+
+ # Disabling too-many-branches. This is a yaml dictionary comparison function
+ # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements
+ @staticmethod
+ def check_def_equal(user_def, result_def, skip_keys=None, debug=False):
+ ''' Given a user defined definition, compare it with the results given back by our query. '''
+
+ # Currently these values are autogenerated and we do not need to check them
+ skip = ['metadata', 'status']
+ if skip_keys:
+ skip.extend(skip_keys)
+
+ for key, value in result_def.items():
+ if key in skip:
+ continue
+
+ # Both are lists
+ if isinstance(value, list):
+ if key not in user_def:
+ if debug:
+ print('User data does not have key [%s]' % key)
+ print('User data: %s' % user_def)
+ return False
+
+ if not isinstance(user_def[key], list):
+ if debug:
+ print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key]))
+ return False
+
+ if len(user_def[key]) != len(value):
+ if debug:
+ print("List lengths are not equal.")
+ print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value)))
+ print("user_def: %s" % user_def[key])
+ print("value: %s" % value)
+ return False
+
+ for values in zip(user_def[key], value):
+ if isinstance(values[0], dict) and isinstance(values[1], dict):
+ if debug:
+ print('sending list - list')
+ print(type(values[0]))
+ print(type(values[1]))
+ result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug)
+ if not result:
+ print('list compare returned false')
+ return False
+
+ elif value != user_def[key]:
+ if debug:
+ print('value should be identical')
+ print(user_def[key])
+ print(value)
+ return False
+
+ # recurse on a dictionary
+ elif isinstance(value, dict):
+ if key not in user_def:
+ if debug:
+ print("user_def does not have key [%s]" % key)
+ return False
+ if not isinstance(user_def[key], dict):
+ if debug:
+ print("dict returned false: not instance of dict")
+ return False
+
+ # before passing ensure keys match
+ api_values = set(value.keys()) - set(skip)
+ user_values = set(user_def[key].keys()) - set(skip)
+ if api_values != user_values:
+ if debug:
+ print("keys are not equal in dict")
+ print(user_values)
+ print(api_values)
+ return False
+
+ result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
+ if not result:
+ if debug:
+ print("dict returned false")
+ print(result)
+ return False
+
+ # Verify each key, value pair is the same
+ else:
+ if key not in user_def or value != user_def[key]:
+ if debug:
+ print("value not equal; user_def does not have key")
+ print(key)
+ print(value)
+ if key in user_def:
+ print(user_def[key])
+ return False
+
+ if debug:
+ print('returning true')
+ return True
+
+
+class OpenShiftCLIConfig(object):
+ '''Generic Config'''
+ def __init__(self, rname, namespace, kubeconfig, options):
+ self.kubeconfig = kubeconfig
+ self.name = rname
+ self.namespace = namespace
+ self._options = options
+
+ @property
+ def config_options(self):
+ ''' return config options '''
+ return self._options
+
+ def to_option_list(self):
+ '''return all options as a string'''
+ return self.stringify()
+
+ def stringify(self):
+ ''' return the options hash as cli params in a string '''
+ rval = []
+ for key in sorted(self.config_options.keys()):
+ data = self.config_options[key]
+ if data['include'] \
+ and (data['value'] or isinstance(data['value'], int)):
+ rval.append('--{}={}'.format(key.replace('_', '-'), data['value']))
+
+ return rval
+
+
+# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: class/oc_image.py -*- -*- -*-
+
+
+# pylint: disable=too-many-arguments
+class OCImage(OpenShiftCLI):
+ ''' Class to import and create an imagestream object'''
+ def __init__(self,
+ namespace,
+ registry_url,
+ image_name,
+ image_tag,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False):
+ ''' Constructor for OCImage'''
+ super(OCImage, self).__init__(namespace, kubeconfig)
+ self.registry_url = registry_url
+ self.image_name = image_name
+ self.image_tag = image_tag
+ self.verbose = verbose
+
+ def get(self):
+ '''return a image by name '''
+ results = self._get('imagestream', self.image_name)
+ results['exists'] = False
+ if results['returncode'] == 0 and results['results'][0]:
+ results['exists'] = True
+
+ if results['returncode'] != 0 and '"{}" not found'.format(self.image_name) in results['stderr']:
+ results['returncode'] = 0
+
+ return results
+
+ def create(self, url=None, name=None, tag=None):
+ '''Create an image '''
+ return self._import_image(url, name, tag)
+
+
+ # pylint: disable=too-many-return-statements
+ @staticmethod
+ def run_ansible(params, check_mode):
+ ''' run the ansible idempotent code '''
+
+ ocimage = OCImage(params['namespace'],
+ params['registry_url'],
+ params['image_name'],
+ params['image_tag'],
+ kubeconfig=params['kubeconfig'],
+ verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = ocimage.get()
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ if api_rval['returncode'] != 0:
+ return {"failed": True, "msg": api_rval}
+ return {"changed": False, "results": api_rval, "state": "list"}
+
+ ########
+ # Create
+ ########
+ if state == 'present':
+
+ if not Utils.exists(api_rval['results'], params['image_name']):
+
+ if check_mode:
+ return {"changed": False, "msg": 'CHECK_MODE: Would have performed a create'}
+
+ api_rval = ocimage.create(params['registry_url'],
+ params['image_name'],
+ params['image_tag'])
+
+ if api_rval['returncode'] != 0:
+ return {"failed": True, "msg": api_rval}
+
+ # return the newly created object
+ api_rval = ocimage.get()
+
+ if api_rval['returncode'] != 0:
+ return {"failed": True, "msg": api_rval}
+
+ return {"changed": True, "results": api_rval, "state": "present"}
+
+ # image exists, no change
+ return {"changed": False, "results": api_rval, "state": "present"}
+
+ return {"failed": True, "changed": False, "msg": "Unknown state passed. {0}".format(state)}
+
+# -*- -*- -*- End included fragment: class/oc_image.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ansible/oc_image.py -*- -*- -*-
+
+
+def main():
+ '''
+ ansible oc module for image import
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'list']),
+ debug=dict(default=False, type='bool'),
+ namespace=dict(default='default', type='str'),
+ registry_url=dict(default=None, type='str'),
+ image_name=dict(default=None, required=True, type='str'),
+ image_tag=dict(default=None, type='str'),
+ force=dict(default=False, type='bool'),
+ ),
+
+ supports_check_mode=True,
+ )
+
+ rval = OCImage.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in rval:
+ module.fail_json(**rval)
+
+ module.exit_json(**rval)
+
+if __name__ == '__main__':
+ main()
+
+# -*- -*- -*- End included fragment: ansible/oc_image.py -*- -*- -*-
diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py
index 109a78184..cfcb15241 100644
--- a/roles/lib_openshift/library/oc_label.py
+++ b/roles/lib_openshift/library/oc_label.py
@@ -1054,9 +1054,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py
index bd6e77c2a..f5cba696d 100644
--- a/roles/lib_openshift/library/oc_obj.py
+++ b/roles/lib_openshift/library/oc_obj.py
@@ -1057,9 +1057,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_objectvalidator.py b/roles/lib_openshift/library/oc_objectvalidator.py
index 1d0e4c876..4e1e769cf 100644
--- a/roles/lib_openshift/library/oc_objectvalidator.py
+++ b/roles/lib_openshift/library/oc_objectvalidator.py
@@ -989,9 +989,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py
index 14d519e52..cabb2ff29 100644
--- a/roles/lib_openshift/library/oc_process.py
+++ b/roles/lib_openshift/library/oc_process.py
@@ -1046,9 +1046,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_project.py b/roles/lib_openshift/library/oc_project.py
index 4f82abcfe..7700a83a3 100644
--- a/roles/lib_openshift/library/oc_project.py
+++ b/roles/lib_openshift/library/oc_project.py
@@ -1043,9 +1043,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
@@ -1511,30 +1511,34 @@ class OCProject(OpenShiftCLI):
def update(self):
'''update a project '''
- self.project.update_annotation('display-name', self.config.config_options['display_name']['value'])
- self.project.update_annotation('description', self.config.config_options['description']['value'])
+ if self.config.config_options['display_name']['value'] is not None:
+ self.project.update_annotation('display-name', self.config.config_options['display_name']['value'])
+
+ if self.config.config_options['description']['value'] is not None:
+ self.project.update_annotation('description', self.config.config_options['description']['value'])
# work around for immutable project field
- if self.config.config_options['node_selector']['value']:
+ if self.config.config_options['node_selector']['value'] is not None:
self.project.update_annotation('node-selector', self.config.config_options['node_selector']['value'])
- else:
- self.project.update_annotation('node-selector', self.project.find_annotation('node-selector'))
return self._replace_content(self.kind, self.config.name, self.project.yaml_dict)
def needs_update(self):
''' verify an update is needed '''
- result = self.project.find_annotation("display-name")
- if result != self.config.config_options['display_name']['value']:
- return True
+ if self.config.config_options['display_name']['value'] is not None:
+ result = self.project.find_annotation("display-name")
+ if result != self.config.config_options['display_name']['value']:
+ return True
- result = self.project.find_annotation("description")
- if result != self.config.config_options['description']['value']:
- return True
+ if self.config.config_options['description']['value'] is not None:
+ result = self.project.find_annotation("description")
+ if result != self.config.config_options['description']['value']:
+ return True
- result = self.project.find_annotation("node-selector")
- if result != self.config.config_options['node_selector']['value']:
- return True
+ if self.config.config_options['node_selector']['value'] is not None:
+ result = self.project.find_annotation("node-selector")
+ if result != self.config.config_options['node_selector']['value']:
+ return True
return False
@@ -1543,19 +1547,22 @@ class OCProject(OpenShiftCLI):
def run_ansible(params, check_mode):
'''run the idempotent ansible code'''
- _ns = None
+ node_selector = None
if params['node_selector'] is not None:
- _ns = ','.join(params['node_selector'])
-
- pconfig = ProjectConfig(params['name'],
- 'None',
- params['kubeconfig'],
- {'admin': {'value': params['admin'], 'include': True},
- 'admin_role': {'value': params['admin_role'], 'include': True},
- 'description': {'value': params['description'], 'include': True},
- 'display_name': {'value': params['display_name'], 'include': True},
- 'node_selector': {'value': _ns, 'include': True},
- })
+ node_selector = ','.join(params['node_selector'])
+
+ pconfig = ProjectConfig(
+ params['name'],
+ 'None',
+ params['kubeconfig'],
+ {
+ 'admin': {'value': params['admin'], 'include': True},
+ 'admin_role': {'value': params['admin_role'], 'include': True},
+ 'description': {'value': params['description'], 'include': True},
+ 'display_name': {'value': params['display_name'], 'include': True},
+ 'node_selector': {'value': node_selector, 'include': True},
+ },
+ )
oadm_project = OCProject(pconfig, verbose=params['debug'])
diff --git a/roles/lib_openshift/library/oc_adm_registry.py.good b/roles/lib_openshift/library/oc_pvc.py
index 6fc85073f..df0b0d86a 100644
--- a/roles/lib_openshift/library/oc_adm_registry.py.good
+++ b/roles/lib_openshift/library/oc_pvc.py
@@ -32,7 +32,7 @@
# pylint: disable=too-many-lines
from __future__ import print_function
-#import atexit
+import atexit
import copy
import json
import os
@@ -50,23 +50,24 @@ from ansible.module_utils.basic import AnsibleModule
# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: doc/registry -*- -*- -*-
+# -*- -*- -*- Begin included fragment: doc/pvc -*- -*- -*-
DOCUMENTATION = '''
---
-module: oc_adm_registry
-short_description: Module to manage openshift registry
+module: oc_pvc
+short_description: Modify, and idempotently manage openshift persistent volume claims
description:
- - Manage openshift registry programmatically.
+ - Modify openshift persistent volume claims programmatically.
options:
state:
description:
- - The desired action when managing openshift registry
- - present - update or create the registry
- - absent - tear down the registry service and deploymentconfig
- - list - returns the current representiation of a registry
- required: false
- default: False
+ - Supported states, present, absent, list
+ - present - will ensure object is created or updated to the value specified
+ - list - will return a pvc
+ - absent - will remove a pvc
+ required: False
+ default: present
+ choices: ["present", 'absent', 'list']
aliases: []
kubeconfig:
description:
@@ -82,111 +83,32 @@ options:
aliases: []
name:
description:
- - The name of the registry
+ - Name of the object that is being queried.
required: false
default: None
aliases: []
namespace:
description:
- - The selector when filtering on node labels
- required: false
- default: None
- aliases: []
- images:
- description:
- - The image to base this registry on - ${component} will be replaced with --type
- required: 'openshift3/ose-${component}:${version}'
- default: None
- aliases: []
- latest_images:
- description:
- - If true, attempt to use the latest image for the registry instead of the latest release.
+ - The namespace where the object lives.
required: false
- default: False
- aliases: []
- labels:
- description:
- - A set of labels to uniquely identify the registry and its components.
- required: false
- default: None
- aliases: []
- enforce_quota:
- description:
- - If set, the registry will refuse to write blobs if they exceed quota limits
- required: False
- default: False
- aliases: []
- mount_host:
- description:
- - If set, the registry volume will be created as a host-mount at this path.
- required: False
- default: False
- aliases: []
- ports:
- description:
- - A comma delimited list of ports or port pairs to expose on the registry pod. The default is set for 5000.
- required: False
- default: [5000]
+ default: str
aliases: []
- replicas:
+ volume_capacity:
description:
- - The replication factor of the registry; commonly 2 when high availability is desired.
+ - The requested volume capacity
required: False
- default: 1
- aliases: []
- selector:
- description:
- - Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes.
- required: False
- default: None
+ default: 1G
aliases: []
- service_account:
+ access_modes:
description:
- - Name of the service account to use to run the registry pod.
+ - The access modes allowed for the pvc
+ - Expects a list
required: False
- default: 'registry'
- aliases: []
- tls_certificate:
- description:
- - An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS
- required: false
- default: None
- aliases: []
- tls_key:
- description:
- - An optional path to a PEM encoded private key for serving over TLS
- required: false
- default: None
- aliases: []
- volume_mounts:
- description:
- - The volume mounts for the registry.
- required: false
- default: None
- aliases: []
- daemonset:
- description:
- - Use a daemonset instead of a deployment config.
- required: false
- default: False
- aliases: []
- edits:
- description:
- - A list of modifications to make on the deploymentconfig
- required: false
- default: None
- aliases: []
- env_vars:
- description:
- - A dictionary of modifications to make on the deploymentconfig. e.g. FOO: BAR
- required: false
- default: None
- aliases: []
- force:
- description:
- - Force a registry update.
- required: false
- default: False
+ default: ReadWriteOnce
+ choices:
+ - ReadWriteOnce
+ - ReadOnlyMany
+ - ReadWriteMany
aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
@@ -194,55 +116,17 @@ extends_documentation_fragment: []
'''
EXAMPLES = '''
-- name: create a secure registry
- oc_adm_registry:
- name: docker-registry
- service_account: registry
- replicas: 2
- namespace: default
- selector: type=infra
- images: "registry.ops.openshift.com/openshift3/ose-${component}:${version}"
- env_vars:
- REGISTRY_CONFIGURATION_PATH: /etc/registryconfig/config.yml
- REGISTRY_HTTP_TLS_CERTIFICATE: /etc/secrets/registry.crt
- REGISTRY_HTTP_TLS_KEY: /etc/secrets/registry.key
- REGISTRY_HTTP_SECRET: supersecret
- volume_mounts:
- - path: /etc/secrets
- name: dockercerts
- type: secret
- secret_name: registry-secret
- - path: /etc/registryconfig
- name: dockersecrets
- type: secret
- secret_name: docker-registry-config
- edits:
- - key: spec.template.spec.containers[0].livenessProbe.httpGet.scheme
- value: HTTPS
- action: put
- - key: spec.template.spec.containers[0].readinessProbe.httpGet.scheme
- value: HTTPS
- action: put
- - key: spec.strategy.rollingParams
- value:
- intervalSeconds: 1
- maxSurge: 50%
- maxUnavailable: 50%
- timeoutSeconds: 600
- updatePeriodSeconds: 1
- action: put
- - key: spec.template.spec.containers[0].resources.limits.memory
- value: 2G
- action: update
- - key: spec.template.spec.containers[0].resources.requests.memory
- value: 1G
- action: update
-
- register: registryout
-
+- name: create a pvc
+ oc_pvc:
+ namespace: awesomeapp
+ name: dbstorage
+ access_modes:
+ - ReadWriteOnce
+ volume_capacity: 5G
+ register: pvcout
'''
-# -*- -*- -*- End included fragment: doc/registry -*- -*- -*-
+# -*- -*- -*- End included fragment: doc/pvc -*- -*- -*-
# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
# pylint: disable=undefined-variable,missing-docstring
@@ -371,7 +255,8 @@ class Yedit(object):
continue
elif data and not isinstance(data, dict):
- return None
+ raise YeditException("Unexpected item type found while going through key " +
+ "path: {} (at key: {})".format(key, dict_key))
data[dict_key] = {}
data = data[dict_key]
@@ -380,7 +265,7 @@ class Yedit(object):
int(arr_ind) <= len(data) - 1):
data = data[int(arr_ind)]
else:
- return None
+ raise YeditException("Unexpected item type found while going through key path: {}".format(key))
if key == '':
data = item
@@ -394,6 +279,12 @@ class Yedit(object):
elif key_indexes[-1][1] and isinstance(data, dict):
data[key_indexes[-1][1]] = item
+ # didn't add/update to an existing list, nor add/update key to a dict
+ # so we must have been provided some syntax like a.b.c[<int>] = "data" for a
+ # non-existent array
+ else:
+ raise YeditException("Error adding to object at path: {}".format(key))
+
return data
@staticmethod
@@ -932,7 +823,7 @@ class OpenShiftCLI(object):
if any([change[0] for change in changes]):
yed.write()
- #atexit.register(Utils.cleanup, [fname])
+ atexit.register(Utils.cleanup, [fname])
return self._replace(fname, force)
@@ -951,7 +842,7 @@ class OpenShiftCLI(object):
yed = Yedit(fname, content=content)
yed.write()
- #atexit.register(Utils.cleanup, [fname])
+ atexit.register(Utils.cleanup, [fname])
return self._create(fname)
@@ -994,7 +885,7 @@ class OpenShiftCLI(object):
yed = Yedit(fname, results['results'])
yed.write()
- #atexit.register(Utils.cleanup, [fname])
+ atexit.register(Utils.cleanup, [fname])
return self.openshift_cmd(['create', '-f', fname])
@@ -1119,13 +1010,13 @@ class OpenShiftCLI(object):
if oadm:
cmds.append('adm')
+ cmds.extend(cmd)
+
if self.all_namespaces:
cmds.extend(['--all-namespaces'])
elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501
cmds.extend(['-n', self.namespace])
- cmds.extend(cmd)
-
rval = {}
results = ''
err = None
@@ -1147,9 +1038,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
@@ -1201,7 +1092,7 @@ class Utils(object):
Utils._write(tmp, data)
# Register cleanup when module is done
- #atexit.register(Utils.cleanup, [tmp])
+ atexit.register(Utils.cleanup, [tmp])
return tmp
@staticmethod
@@ -1211,7 +1102,7 @@ class Utils(object):
Utils._write(tmpfile, open(inc_file).read())
# Cleanup the tmpfile
- #atexit.register(Utils.cleanup, [tmpfile])
+ atexit.register(Utils.cleanup, [tmpfile])
return tmpfile
@@ -1408,8 +1299,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print('user_def: %s' % user_values)
- print('memory: %s' % api_values)
+ print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1455,1076 +1346,322 @@ class OpenShiftCLIConfig(object):
def stringify(self):
''' return the options hash as cli params in a string '''
rval = []
- for key, data in self.config_options.items():
+ for key in sorted(self.config_options.keys()):
+ data = self.config_options[key]
if data['include'] \
and (data['value'] or isinstance(data['value'], int)):
- rval.append('--%s=%s' % (key.replace('_', '-'), data['value']))
+ rval.append('--{}={}'.format(key.replace('_', '-'), data['value']))
return rval
# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: lib/deploymentconfig.py -*- -*- -*-
-
-
-# pylint: disable=too-many-public-methods
-class DeploymentConfig(Yedit):
- ''' Class to model an openshift DeploymentConfig'''
- default_deployment_config = '''
-apiVersion: v1
-kind: DeploymentConfig
-metadata:
- name: default_dc
- namespace: default
-spec:
- replicas: 0
- selector:
- default_dc: default_dc
- strategy:
- resources: {}
- rollingParams:
- intervalSeconds: 1
- maxSurge: 0
- maxUnavailable: 25%
- timeoutSeconds: 600
- updatePercent: -25
- updatePeriodSeconds: 1
- type: Rolling
- template:
- metadata:
- spec:
- containers:
- - env:
- - name: default
- value: default
- image: default
- imagePullPolicy: IfNotPresent
- name: default_dc
- ports:
- - containerPort: 8000
- hostPort: 8000
- protocol: TCP
- name: default_port
- resources: {}
- terminationMessagePath: /dev/termination-log
- dnsPolicy: ClusterFirst
- hostNetwork: true
- nodeSelector:
- type: compute
- restartPolicy: Always
- securityContext: {}
- serviceAccount: default
- serviceAccountName: default
- terminationGracePeriodSeconds: 30
- triggers:
- - type: ConfigChange
-'''
-
- replicas_path = "spec.replicas"
- env_path = "spec.template.spec.containers[0].env"
- volumes_path = "spec.template.spec.volumes"
- container_path = "spec.template.spec.containers"
- volume_mounts_path = "spec.template.spec.containers[0].volumeMounts"
-
- def __init__(self, content=None):
- ''' Constructor for deploymentconfig '''
- if not content:
- content = DeploymentConfig.default_deployment_config
-
- super(DeploymentConfig, self).__init__(content=content)
-
- def add_env_value(self, key, value):
- ''' add key, value pair to env array '''
- rval = False
- env = self.get_env_vars()
- if env:
- env.append({'name': key, 'value': value})
- rval = True
- else:
- result = self.put(DeploymentConfig.env_path, {'name': key, 'value': value})
- rval = result[0]
-
- return rval
-
- def exists_env_value(self, key, value):
- ''' return whether a key, value pair exists '''
- results = self.get_env_vars()
- if not results:
- return False
-
- for result in results:
- if result['name'] == key and result['value'] == value:
- return True
-
- return False
-
- def exists_env_key(self, key):
- ''' return whether a key, value pair exists '''
- results = self.get_env_vars()
- if not results:
- return False
-
- for result in results:
- if result['name'] == key:
- return True
-
- return False
-
- def get_env_var(self, key):
- '''return a environment variables '''
- results = self.get(DeploymentConfig.env_path) or []
- if not results:
- return None
-
- for env_var in results:
- if env_var['name'] == key:
- return env_var
-
- return None
-
- def get_env_vars(self):
- '''return a environment variables '''
- return self.get(DeploymentConfig.env_path) or []
-
- def delete_env_var(self, keys):
- '''delete a list of keys '''
- if not isinstance(keys, list):
- keys = [keys]
-
- env_vars_array = self.get_env_vars()
- modified = False
- idx = None
- for key in keys:
- for env_idx, env_var in enumerate(env_vars_array):
- if env_var['name'] == key:
- idx = env_idx
- break
-
- if idx:
- modified = True
- del env_vars_array[idx]
-
- if modified:
- return True
-
- return False
-
- def update_env_var(self, key, value):
- '''place an env in the env var list'''
-
- env_vars_array = self.get_env_vars()
- idx = None
- for env_idx, env_var in enumerate(env_vars_array):
- if env_var['name'] == key:
- idx = env_idx
- break
-
- if idx:
- env_vars_array[idx]['value'] = value
- else:
- self.add_env_value(key, value)
-
- return True
-
- def exists_volume_mount(self, volume_mount):
- ''' return whether a volume mount exists '''
- exist_volume_mounts = self.get_volume_mounts()
-
- if not exist_volume_mounts:
- return False
-
- volume_mount_found = False
- for exist_volume_mount in exist_volume_mounts:
- if exist_volume_mount['name'] == volume_mount['name']:
- volume_mount_found = True
- break
-
- return volume_mount_found
-
- def exists_volume(self, volume):
- ''' return whether a volume exists '''
- exist_volumes = self.get_volumes()
-
- volume_found = False
- for exist_volume in exist_volumes:
- if exist_volume['name'] == volume['name']:
- volume_found = True
- break
-
- return volume_found
-
- def find_volume_by_name(self, volume, mounts=False):
- ''' return the index of a volume '''
- volumes = []
- if mounts:
- volumes = self.get_volume_mounts()
- else:
- volumes = self.get_volumes()
- for exist_volume in volumes:
- if exist_volume['name'] == volume['name']:
- return exist_volume
-
- return None
-
- def get_replicas(self):
- ''' return replicas setting '''
- return self.get(DeploymentConfig.replicas_path)
-
- def get_volume_mounts(self):
- '''return volume mount information '''
- return self.get_volumes(mounts=True)
-
- def get_volumes(self, mounts=False):
- '''return volume mount information '''
- if mounts:
- return self.get(DeploymentConfig.volume_mounts_path) or []
-
- return self.get(DeploymentConfig.volumes_path) or []
-
- def delete_volume_by_name(self, volume):
- '''delete a volume '''
- modified = False
- exist_volume_mounts = self.get_volume_mounts()
- exist_volumes = self.get_volumes()
- del_idx = None
- for idx, exist_volume in enumerate(exist_volumes):
- if 'name' in exist_volume and exist_volume['name'] == volume['name']:
- del_idx = idx
- break
-
- if del_idx != None:
- del exist_volumes[del_idx]
- modified = True
-
- del_idx = None
- for idx, exist_volume_mount in enumerate(exist_volume_mounts):
- if 'name' in exist_volume_mount and exist_volume_mount['name'] == volume['name']:
- del_idx = idx
- break
-
- if del_idx != None:
- del exist_volume_mounts[idx]
- modified = True
-
- return modified
-
- def add_volume_mount(self, volume_mount):
- ''' add a volume or volume mount to the proper location '''
- exist_volume_mounts = self.get_volume_mounts()
-
- if not exist_volume_mounts and volume_mount:
- self.put(DeploymentConfig.volume_mounts_path, [volume_mount])
- else:
- exist_volume_mounts.append(volume_mount)
-
- def add_volume(self, volume):
- ''' add a volume or volume mount to the proper location '''
- exist_volumes = self.get_volumes()
- if not volume:
- return
-
- if not exist_volumes:
- self.put(DeploymentConfig.volumes_path, [volume])
- else:
- exist_volumes.append(volume)
-
- def update_replicas(self, replicas):
- ''' update replicas value '''
- self.put(DeploymentConfig.replicas_path, replicas)
-
- def update_volume(self, volume):
- '''place an env in the env var list'''
- exist_volumes = self.get_volumes()
-
- if not volume:
- return False
-
- # update the volume
- update_idx = None
- for idx, exist_vol in enumerate(exist_volumes):
- if exist_vol['name'] == volume['name']:
- update_idx = idx
- break
-
- if update_idx != None:
- exist_volumes[update_idx] = volume
- else:
- self.add_volume(volume)
-
- return True
-
- def update_volume_mount(self, volume_mount):
- '''place an env in the env var list'''
- modified = False
-
- exist_volume_mounts = self.get_volume_mounts()
-
- if not volume_mount:
- return False
-
- # update the volume mount
- for exist_vol_mount in exist_volume_mounts:
- if exist_vol_mount['name'] == volume_mount['name']:
- if 'mountPath' in exist_vol_mount and \
- str(exist_vol_mount['mountPath']) != str(volume_mount['mountPath']):
- exist_vol_mount['mountPath'] = volume_mount['mountPath']
- modified = True
- break
-
- if not modified:
- self.add_volume_mount(volume_mount)
- modified = True
-
- return modified
-
- def needs_update_volume(self, volume, volume_mount):
- ''' verify a volume update is needed '''
- exist_volume = self.find_volume_by_name(volume)
- exist_volume_mount = self.find_volume_by_name(volume, mounts=True)
- results = []
- results.append(exist_volume['name'] == volume['name'])
-
- if 'secret' in volume:
- results.append('secret' in exist_volume)
- results.append(exist_volume['secret']['secretName'] == volume['secret']['secretName'])
- results.append(exist_volume_mount['name'] == volume_mount['name'])
- results.append(exist_volume_mount['mountPath'] == volume_mount['mountPath'])
-
- elif 'emptyDir' in volume:
- results.append(exist_volume_mount['name'] == volume['name'])
- results.append(exist_volume_mount['mountPath'] == volume_mount['mountPath'])
-
- elif 'persistentVolumeClaim' in volume:
- pvc = 'persistentVolumeClaim'
- results.append(pvc in exist_volume)
- if results[-1]:
- results.append(exist_volume[pvc]['claimName'] == volume[pvc]['claimName'])
-
- if 'claimSize' in volume[pvc]:
- results.append(exist_volume[pvc]['claimSize'] == volume[pvc]['claimSize'])
-
- elif 'hostpath' in volume:
- results.append('hostPath' in exist_volume)
- results.append(exist_volume['hostPath']['path'] == volume_mount['mountPath'])
+# -*- -*- -*- Begin included fragment: lib/pvc.py -*- -*- -*-
- return not all(results)
-
- def needs_update_replicas(self, replicas):
- ''' verify whether a replica update is needed '''
- current_reps = self.get(DeploymentConfig.replicas_path)
- return not current_reps == replicas
-
-# -*- -*- -*- End included fragment: lib/deploymentconfig.py -*- -*- -*-
-
-# -*- -*- -*- Begin included fragment: lib/secret.py -*- -*- -*-
# pylint: disable=too-many-instance-attributes
-class SecretConfig(object):
- ''' Handle secret options '''
+class PersistentVolumeClaimConfig(object):
+ ''' Handle pvc options '''
# pylint: disable=too-many-arguments
def __init__(self,
sname,
namespace,
kubeconfig,
- secrets=None):
- ''' constructor for handling secret options '''
+ access_modes=None,
+ vol_capacity='1G'):
+ ''' constructor for handling pvc options '''
self.kubeconfig = kubeconfig
self.name = sname
self.namespace = namespace
- self.secrets = secrets
+ self.access_modes = access_modes
+ self.vol_capacity = vol_capacity
self.data = {}
self.create_dict()
def create_dict(self):
- ''' assign the correct properties for a secret dict '''
+ ''' return a service as a dict '''
+ # version
self.data['apiVersion'] = 'v1'
- self.data['kind'] = 'Secret'
+ # kind
+ self.data['kind'] = 'PersistentVolumeClaim'
+ # metadata
self.data['metadata'] = {}
self.data['metadata']['name'] = self.name
- self.data['metadata']['namespace'] = self.namespace
- self.data['data'] = {}
- if self.secrets:
- for key, value in self.secrets.items():
- self.data['data'][key] = value
+ # spec
+ self.data['spec'] = {}
+ self.data['spec']['accessModes'] = ['ReadWriteOnce']
+ if self.access_modes:
+ self.data['spec']['accessModes'] = self.access_modes
-# pylint: disable=too-many-instance-attributes
-class Secret(Yedit):
+ # storage capacity
+ self.data['spec']['resources'] = {}
+ self.data['spec']['resources']['requests'] = {}
+ self.data['spec']['resources']['requests']['storage'] = self.vol_capacity
+
+
+# pylint: disable=too-many-instance-attributes,too-many-public-methods
+class PersistentVolumeClaim(Yedit):
''' Class to wrap the oc command line tools '''
- secret_path = "data"
- kind = 'secret'
+ access_modes_path = "spec.accessModes"
+ volume_capacity_path = "spec.requests.storage"
+ volume_name_path = "spec.volumeName"
+ bound_path = "status.phase"
+ kind = 'PersistentVolumeClaim'
def __init__(self, content):
- '''secret constructor'''
- super(Secret, self).__init__(content=content)
- self._secrets = None
+ '''RoleBinding constructor'''
+ super(PersistentVolumeClaim, self).__init__(content=content)
+ self._access_modes = None
+ self._volume_capacity = None
+ self._volume_name = None
@property
- def secrets(self):
- '''secret property getter'''
- if self._secrets is None:
- self._secrets = self.get_secrets()
- return self._secrets
-
- @secrets.setter
- def secrets(self):
- '''secret property setter'''
- if self._secrets is None:
- self._secrets = self.get_secrets()
- return self._secrets
-
- def get_secrets(self):
- ''' returns all of the defined secrets '''
- return self.get(Secret.secret_path) or {}
-
- def add_secret(self, key, value):
- ''' add a secret '''
- if self.secrets:
- self.secrets[key] = value
- else:
- self.put(Secret.secret_path, {key: value})
+ def volume_name(self):
+ ''' volume_name property '''
+ if self._volume_name is None:
+ self._volume_name = self.get_volume_name()
+ return self._volume_name
- return True
+ @volume_name.setter
+ def volume_name(self, data):
+ ''' volume_name property setter'''
+ self._volume_name = data
- def delete_secret(self, key):
- ''' delete secret'''
- try:
- del self.secrets[key]
- except KeyError as _:
- return False
+ @property
+ def access_modes(self):
+ ''' access_modes property '''
+ if self._access_modes is None:
+ self._access_modes = self.get_access_modes()
+ if not isinstance(self._access_modes, list):
+ self._access_modes = list(self._access_modes)
- return True
+ return self._access_modes
- def find_secret(self, key):
- ''' find secret'''
- rval = None
- try:
- rval = self.secrets[key]
- except KeyError as _:
- return None
+ @access_modes.setter
+ def access_modes(self, data):
+ ''' access_modes property setter'''
+ if not isinstance(data, list):
+ data = list(data)
- return {'key': key, 'value': rval}
+ self._access_modes = data
- def update_secret(self, key, value):
- ''' update a secret'''
- if key in self.secrets:
- self.secrets[key] = value
+ @property
+ def volume_capacity(self):
+ ''' volume_capacity property '''
+ if self._volume_capacity is None:
+ self._volume_capacity = self.get_volume_capacity()
+ return self._volume_capacity
+
+ @volume_capacity.setter
+ def volume_capacity(self, data):
+ ''' volume_capacity property setter'''
+ self._volume_capacity = data
+
+ def get_access_modes(self):
+ '''get access_modes'''
+ return self.get(PersistentVolumeClaim.access_modes_path) or []
+
+ def get_volume_capacity(self):
+ '''get volume_capacity'''
+ return self.get(PersistentVolumeClaim.volume_capacity_path) or []
+
+ def get_volume_name(self):
+ '''get volume_name'''
+ return self.get(PersistentVolumeClaim.volume_name_path) or []
+
+ def is_bound(self):
+ '''return whether volume is bound'''
+ return self.get(PersistentVolumeClaim.bound_path) or []
+
+ #### ADD #####
+ def add_access_mode(self, inc_mode):
+ ''' add an access_mode'''
+ if self.access_modes:
+ self.access_modes.append(inc_mode)
else:
- self.add_secret(key, value)
+ self.put(PersistentVolumeClaim.access_modes_path, [inc_mode])
return True
-# -*- -*- -*- End included fragment: lib/secret.py -*- -*- -*-
-
-# -*- -*- -*- Begin included fragment: lib/service.py -*- -*- -*-
-
-
-# pylint: disable=too-many-instance-attributes
-class ServiceConfig(object):
- ''' Handle service options '''
- # pylint: disable=too-many-arguments
- def __init__(self,
- sname,
- namespace,
- ports,
- selector=None,
- labels=None,
- cluster_ip=None,
- portal_ip=None,
- session_affinity=None,
- service_type=None):
- ''' constructor for handling service options '''
- self.name = sname
- self.namespace = namespace
- self.ports = ports
- self.selector = selector
- self.labels = labels
- self.cluster_ip = cluster_ip
- self.portal_ip = portal_ip
- self.session_affinity = session_affinity
- self.service_type = service_type
- self.data = {}
-
- self.create_dict()
-
- def create_dict(self):
- ''' instantiates a service dict '''
- self.data['apiVersion'] = 'v1'
- self.data['kind'] = 'Service'
- self.data['metadata'] = {}
- self.data['metadata']['name'] = self.name
- self.data['metadata']['namespace'] = self.namespace
- if self.labels:
- for lab, lab_value in self.labels.items():
- self.data['metadata'][lab] = lab_value
- self.data['spec'] = {}
-
- if self.ports:
- self.data['spec']['ports'] = self.ports
- else:
- self.data['spec']['ports'] = []
-
- if self.selector:
- self.data['spec']['selector'] = self.selector
+ #### /ADD #####
- self.data['spec']['sessionAffinity'] = self.session_affinity or 'None'
-
- if self.cluster_ip:
- self.data['spec']['clusterIP'] = self.cluster_ip
-
- if self.portal_ip:
- self.data['spec']['portalIP'] = self.portal_ip
-
- if self.service_type:
- self.data['spec']['type'] = self.service_type
-
-# pylint: disable=too-many-instance-attributes,too-many-public-methods
-class Service(Yedit):
- ''' Class to model the oc service object '''
- port_path = "spec.ports"
- portal_ip = "spec.portalIP"
- cluster_ip = "spec.clusterIP"
- selector = "spec.selector"
- kind = 'Service'
-
- def __init__(self, content):
- '''Service constructor'''
- super(Service, self).__init__(content=content)
-
- def get_ports(self):
- ''' get a list of ports '''
- return self.get(Service.port_path) or []
-
- def get_selector(self):
- ''' get the service selector'''
- return self.get(Service.selector) or {}
-
- def add_ports(self, inc_ports):
- ''' add a port object to the ports list '''
- if not isinstance(inc_ports, list):
- inc_ports = [inc_ports]
-
- ports = self.get_ports()
- if not ports:
- self.put(Service.port_path, inc_ports)
- else:
- ports.extend(inc_ports)
+ #### Remove #####
+ def remove_access_mode(self, inc_mode):
+ ''' remove an access_mode'''
+ try:
+ self.access_modes.remove(inc_mode)
+ except ValueError as _:
+ return False
return True
- def find_ports(self, inc_port):
- ''' find a specific port '''
- for port in self.get_ports():
- if port['port'] == inc_port['port']:
- return port
-
- return None
+ #### /REMOVE #####
- def delete_ports(self, inc_ports):
- ''' remove a port from a service '''
- if not isinstance(inc_ports, list):
- inc_ports = [inc_ports]
-
- ports = self.get(Service.port_path) or []
-
- if not ports:
- return True
-
- removed = False
- for inc_port in inc_ports:
- port = self.find_ports(inc_port)
- if port:
- ports.remove(port)
- removed = True
+ #### UPDATE #####
+ def update_access_mode(self, inc_mode):
+ ''' update an access_mode'''
+ try:
+ index = self.access_modes.index(inc_mode)
+ except ValueError as _:
+ return self.add_access_mode(inc_mode)
- return removed
+ self.access_modes[index] = inc_mode
- def add_cluster_ip(self, sip):
- '''add cluster ip'''
- self.put(Service.cluster_ip, sip)
+ return True
- def add_portal_ip(self, pip):
- '''add cluster ip'''
- self.put(Service.portal_ip, pip)
+ #### /UPDATE #####
-# -*- -*- -*- End included fragment: lib/service.py -*- -*- -*-
+ #### FIND ####
+ def find_access_mode(self, inc_mode):
+ ''' find a user '''
+ index = None
+ try:
+ index = self.access_modes.index(inc_mode)
+ except ValueError as _:
+ return index
-# -*- -*- -*- Begin included fragment: lib/volume.py -*- -*- -*-
+ return index
-class Volume(object):
- ''' Class to model an openshift volume object'''
- volume_mounts_path = {"pod": "spec.containers[0].volumeMounts",
- "dc": "spec.template.spec.containers[0].volumeMounts",
- "rc": "spec.template.spec.containers[0].volumeMounts",
- }
- volumes_path = {"pod": "spec.volumes",
- "dc": "spec.template.spec.volumes",
- "rc": "spec.template.spec.volumes",
- }
+# -*- -*- -*- End included fragment: lib/pvc.py -*- -*- -*-
- @staticmethod
- def create_volume_structure(volume_info):
- ''' return a properly structured volume '''
- volume_mount = None
- volume = {'name': volume_info['name']}
- if volume_info['type'] == 'secret':
- volume['secret'] = {}
- volume[volume_info['type']] = {'secretName': volume_info['secret_name']}
- volume_mount = {'mountPath': volume_info['path'],
- 'name': volume_info['name']}
- elif volume_info['type'] == 'emptydir':
- volume['emptyDir'] = {}
- volume_mount = {'mountPath': volume_info['path'],
- 'name': volume_info['name']}
- elif volume_info['type'] == 'pvc':
- volume['persistentVolumeClaim'] = {}
- volume['persistentVolumeClaim']['claimName'] = volume_info['claimName']
- volume['persistentVolumeClaim']['claimSize'] = volume_info['claimSize']
- elif volume_info['type'] == 'hostpath':
- volume['hostPath'] = {}
- volume['hostPath']['path'] = volume_info['path']
-
- return (volume, volume_mount)
-
-# -*- -*- -*- End included fragment: lib/volume.py -*- -*- -*-
-
-# -*- -*- -*- Begin included fragment: class/oc_version.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: class/oc_pvc.py -*- -*- -*-
# pylint: disable=too-many-instance-attributes
-class OCVersion(OpenShiftCLI):
+class OCPVC(OpenShiftCLI):
''' Class to wrap the oc command line tools '''
+ kind = 'pvc'
+
# pylint allows 5
# pylint: disable=too-many-arguments
def __init__(self,
config,
- debug):
- ''' Constructor for OCVersion '''
- super(OCVersion, self).__init__(None, config)
- self.debug = debug
-
- def get(self):
- '''get and return version information '''
-
- results = {}
-
- version_results = self._version()
-
- if version_results['returncode'] == 0:
- filtered_vers = Utils.filter_versions(version_results['results'])
- custom_vers = Utils.add_custom_versions(filtered_vers)
-
- results['returncode'] = version_results['returncode']
- results.update(filtered_vers)
- results.update(custom_vers)
-
- return results
-
- raise OpenShiftCLIError('Problem detecting openshift version.')
-
- @staticmethod
- def run_ansible(params):
- '''run the idempotent ansible code'''
- oc_version = OCVersion(params['kubeconfig'], params['debug'])
-
- if params['state'] == 'list':
-
- #pylint: disable=protected-access
- result = oc_version.get()
- return {'state': params['state'],
- 'results': result,
- 'changed': False}
-
-# -*- -*- -*- End included fragment: class/oc_version.py -*- -*- -*-
-
-# -*- -*- -*- Begin included fragment: class/oc_adm_registry.py -*- -*- -*-
-
-class RegistryException(Exception):
- ''' Registry Exception Class '''
- pass
-
-
-class RegistryConfig(OpenShiftCLIConfig):
- ''' RegistryConfig is a DTO for the registry. '''
- def __init__(self, rname, namespace, kubeconfig, registry_options):
- super(RegistryConfig, self).__init__(rname, namespace, kubeconfig, registry_options)
-
-
-class Registry(OpenShiftCLI):
- ''' Class to wrap the oc command line tools '''
-
- volume_mount_path = 'spec.template.spec.containers[0].volumeMounts'
- volume_path = 'spec.template.spec.volumes'
- env_path = 'spec.template.spec.containers[0].env'
-
- def __init__(self,
- registry_config,
verbose=False):
- ''' Constructor for Registry
-
- a registry consists of 3 or more parts
- - dc/docker-registry
- - svc/docker-registry
-
- Parameters:
- :registry_config:
- :verbose:
- '''
- super(Registry, self).__init__(registry_config.namespace, registry_config.kubeconfig, verbose)
- self.version = OCVersion(registry_config.kubeconfig, verbose)
- self.svc_ip = None
- self.portal_ip = None
- self.config = registry_config
- self.verbose = verbose
- self.registry_parts = [{'kind': 'dc', 'name': self.config.name},
- {'kind': 'svc', 'name': self.config.name},
- ]
-
- self.__prepared_registry = None
- self.volume_mounts = []
- self.volumes = []
- if self.config.config_options['volume_mounts']['value']:
- for volume in self.config.config_options['volume_mounts']['value']:
- volume_info = {'secret_name': volume.get('secret_name', None),
- 'name': volume.get('name', None),
- 'type': volume.get('type', None),
- 'path': volume.get('path', None),
- 'claimName': volume.get('claim_name', None),
- 'claimSize': volume.get('claim_size', None),
- }
-
- vol, vol_mount = Volume.create_volume_structure(volume_info)
- self.volumes.append(vol)
- self.volume_mounts.append(vol_mount)
-
- self.dconfig = None
- self.svc = None
+ ''' Constructor for OCVolume '''
+ super(OCPVC, self).__init__(config.namespace, config.kubeconfig)
+ self.config = config
+ self.namespace = config.namespace
+ self._pvc = None
@property
- def deploymentconfig(self):
- ''' deploymentconfig property '''
- return self.dconfig
-
- @deploymentconfig.setter
- def deploymentconfig(self, config):
- ''' setter for deploymentconfig property '''
- self.dconfig = config
-
- @property
- def service(self):
- ''' service property '''
- return self.svc
-
- @service.setter
- def service(self, config):
- ''' setter for service property '''
- self.svc = config
-
- @property
- def prepared_registry(self):
- ''' prepared_registry property '''
- if not self.__prepared_registry:
- results = self.prepare_registry()
- if not results:
- raise RegistryException('Could not perform registry preparation.')
- self.__prepared_registry = results
-
- return self.__prepared_registry
-
- @prepared_registry.setter
- def prepared_registry(self, data):
- ''' setter method for prepared_registry attribute '''
- self.__prepared_registry = data
-
- def get(self):
- ''' return the self.registry_parts '''
- self.deploymentconfig = None
- self.service = None
-
- rval = 0
- for part in self.registry_parts:
- result = self._get(part['kind'], rname=part['name'])
- if result['returncode'] == 0 and part['kind'] == 'dc':
- self.deploymentconfig = DeploymentConfig(result['results'][0])
- elif result['returncode'] == 0 and part['kind'] == 'svc':
- self.service = Service(result['results'][0])
-
- if result['returncode'] != 0:
- rval = result['returncode']
-
+ def pvc(self):
+ ''' property function pvc'''
+ if not self._pvc:
+ self.get()
+ return self._pvc
+
+ @pvc.setter
+ def pvc(self, data):
+ ''' setter function for yedit var '''
+ self._pvc = data
+
+ def bound(self):
+ '''return whether the pvc is bound'''
+ if self.pvc.get_volume_name():
+ return True
- return {'returncode': rval, 'deploymentconfig': self.deploymentconfig, 'service': self.service}
+ return False
def exists(self):
- '''does the object exist?'''
- self.get()
- if self.deploymentconfig or self.service:
+ ''' return whether a pvc exists '''
+ if self.pvc:
return True
return False
- def delete(self, complete=True):
- '''return all pods '''
- parts = []
- for part in self.registry_parts:
- if not complete and part['kind'] == 'svc':
- continue
- parts.append(self._delete(part['kind'], part['name']))
-
- # Clean up returned results
- rval = 0
- for part in parts:
- # pylint: disable=invalid-sequence-index
- if 'returncode' in part and part['returncode'] != 0:
- rval = part['returncode']
-
- return {'returncode': rval, 'results': parts}
-
- def prepare_registry(self):
- ''' prepare a registry for instantiation '''
- options = self.config.to_option_list()
-
- cmd = ['registry', '-n', self.config.namespace]
- cmd.extend(options)
- cmd.extend(['--dry-run=True', '-o', 'json'])
-
- results = self.openshift_cmd(cmd, oadm=True, output=True, output_type='json')
- # probably need to parse this
- # pylint thinks results is a string
- # pylint: disable=no-member
- if results['returncode'] != 0 and 'items' in results['results']:
- return results
-
- service = None
- deploymentconfig = None
- # pylint: disable=invalid-sequence-index
- for res in results['results']['items']:
- if res['kind'] == 'DeploymentConfig':
- deploymentconfig = DeploymentConfig(res)
- elif res['kind'] == 'Service':
- service = Service(res)
-
- # Verify we got a service and a deploymentconfig
- if not service or not deploymentconfig:
- return results
-
- # results will need to get parsed here and modifications added
- deploymentconfig = DeploymentConfig(self.add_modifications(deploymentconfig))
-
- # modify service ip
- if self.svc_ip:
- service.put('spec.clusterIP', self.svc_ip)
- if self.portal_ip:
- service.put('spec.portalIP', self.portal_ip)
-
- # the dry-run doesn't apply the selector correctly
- service.put('spec.selector', self.service.get_selector())
-
+ def get(self):
+ '''return pvc information '''
+ result = self._get(self.kind, self.config.name)
+ if result['returncode'] == 0:
+ self.pvc = PersistentVolumeClaim(content=result['results'][0])
+ elif '\"%s\" not found' % self.config.name in result['stderr']:
+ result['returncode'] = 0
+ result['results'] = [{}]
- # need to create the service and the deploymentconfig
- service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict)
- deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict)
+ return result
- return {"service": service,
- "service_file": service_file,
- "service_update": False,
- "deployment": deploymentconfig,
- "deployment_file": deployment_file,
- "deployment_update": False}
+ def delete(self):
+ '''delete the object'''
+ return self._delete(self.kind, self.config.name)
def create(self):
- '''Create a registry'''
- results = []
- for config_file in ['deployment_file', 'service_file']:
- results.append(self._create(self.prepared_registry[config_file]))
-
- # Clean up returned results
- rval = 0
- for result in results:
- # pylint: disable=invalid-sequence-index
- if 'returncode' in result and result['returncode'] != 0:
- rval = result['returncode']
-
- return {'returncode': rval, 'results': results}
+ '''create the object'''
+ return self._create_from_content(self.config.name, self.config.data)
def update(self):
- '''run update for the registry. This performs a delete and then create '''
- # Store the current service IP
- if self.service:
- svcip = self.service.get('spec.clusterIP')
- if svcip:
- self.svc_ip = svcip
- portip = self.service.get('spec.portalIP')
- if portip:
- self.portal_ip = portip
-
- results = []
- if self.prepared_registry['deployment_update']:
- results.append(self._replace(self.prepared_registry['deployment_file']))
- if self.prepared_registry['service_update']:
- results.append(self._replace(self.prepared_registry['service_file']))
-
- # Clean up returned results
- rval = 0
- for result in results:
- if result['returncode'] != 0:
- rval = result['returncode']
-
- return {'returncode': rval, 'results': results}
-
- def add_modifications(self, deploymentconfig):
- ''' update a deployment config with changes '''
- # The environment variable for REGISTRY_HTTP_SECRET is autogenerated
- # We should set the generated deploymentconfig to the in memory version
- # the following modifications will overwrite if needed
- if self.deploymentconfig:
- result = self.deploymentconfig.get_env_var('REGISTRY_HTTP_SECRET')
- if result:
- deploymentconfig.update_env_var('REGISTRY_HTTP_SECRET', result['value'])
-
- # Currently we know that our deployment of a registry requires a few extra modifications
- # Modification 1
- # we need specific environment variables to be set
- for key, value in self.config.config_options['env_vars'].get('value', {}).items():
- if not deploymentconfig.exists_env_key(key):
- deploymentconfig.add_env_value(key, value)
- else:
- deploymentconfig.update_env_var(key, value)
-
- # Modification 2
- # we need specific volume variables to be set
- for volume in self.volumes:
- deploymentconfig.update_volume(volume)
-
- for vol_mount in self.volume_mounts:
- deploymentconfig.update_volume_mount(vol_mount)
-
- # Modification 3
- # Edits
- edit_results = []
- for edit in self.config.config_options['edits'].get('value', []):
- if edit['action'] == 'put':
- edit_results.append(deploymentconfig.put(edit['key'],
- edit['value']))
- if edit['action'] == 'update':
- edit_results.append(deploymentconfig.update(edit['key'],
- edit['value'],
- edit.get('index', None),
- edit.get('curr_value', None)))
- if edit['action'] == 'append':
- edit_results.append(deploymentconfig.append(edit['key'],
- edit['value']))
-
- if edit_results and not any([res[0] for res in edit_results]):
- return None
-
- return deploymentconfig.yaml_dict
+ '''update the object'''
+ # need to update the tls information and the service name
+ return self._replace_content(self.kind, self.config.name, self.config.data)
def needs_update(self):
- ''' check to see if we need to update '''
- if not self.service or not self.deploymentconfig:
- return True
+ ''' verify an update is needed '''
+ if self.pvc.get_volume_name() or self.pvc.is_bound():
+ return False
+
+ skip = []
+ return not Utils.check_def_equal(self.config.data, self.pvc.yaml_dict, skip_keys=skip, debug=True)
- exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol']
- if not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict,
- self.service.yaml_dict,
- exclude_list,
- debug=self.verbose):
- self.prepared_registry['service_update'] = True
-
- exclude_list = ['dnsPolicy',
- 'terminationGracePeriodSeconds',
- 'restartPolicy', 'timeoutSeconds',
- 'livenessProbe', 'readinessProbe',
- 'terminationMessagePath',
- 'securityContext',
- 'imagePullPolicy',
- 'protocol', # ports.portocol: TCP
- 'type', # strategy: {'type': 'rolling'}
- 'defaultMode', # added on secrets
- 'activeDeadlineSeconds', # added in 1.5 for timeouts
- ]
-
- if not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict,
- self.deploymentconfig.yaml_dict,
- exclude_list,
- debug=self.verbose):
- self.prepared_registry['deployment_update'] = True
-
- return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False
-
- # In the future, we would like to break out each ansible state into a function.
# pylint: disable=too-many-branches,too-many-return-statements
@staticmethod
def run_ansible(params, check_mode):
- '''run idempotent ansible code'''
-
- rconfig = RegistryConfig(params['name'],
- params['namespace'],
- params['kubeconfig'],
- {'images': {'value': params['images'], 'include': True},
- 'latest_images': {'value': params['latest_images'], 'include': True},
- 'labels': {'value': params['labels'], 'include': True},
- 'ports': {'value': ','.join(params['ports']), 'include': True},
- 'replicas': {'value': params['replicas'], 'include': True},
- 'selector': {'value': params['selector'], 'include': True},
- 'service_account': {'value': params['service_account'], 'include': True},
- 'mount_host': {'value': params['mount_host'], 'include': True},
- 'env_vars': {'value': params['env_vars'], 'include': False},
- 'volume_mounts': {'value': params['volume_mounts'], 'include': False},
- 'edits': {'value': params['edits'], 'include': False},
- 'enforce_quota': {'value': params['enforce_quota'], 'include': True},
- 'daemonset': {'value': params['daemonset'], 'include': True},
- 'tls_key': {'value': params['tls_key'], 'include': True},
- 'tls_certificate': {'value': params['tls_certificate'], 'include': True},
- })
-
-
- ocregistry = Registry(rconfig, params['debug'])
-
- api_rval = ocregistry.get()
+ '''run the idempotent ansible code'''
+ pconfig = PersistentVolumeClaimConfig(params['name'],
+ params['namespace'],
+ params['kubeconfig'],
+ params['access_modes'],
+ params['volume_capacity'],
+ )
+ oc_pvc = OCPVC(pconfig, verbose=params['debug'])
state = params['state']
- ########
- # get
- ########
- if state == 'list':
- if api_rval['returncode'] != 0:
- return {'failed': True, 'msg': api_rval}
+ api_rval = oc_pvc.get()
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
- return {'changed': False, 'results': api_rval, 'state': state}
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': state}
########
# Delete
########
if state == 'absent':
- if not ocregistry.exists():
- return {'changed': False, 'state': state}
+ if oc_pvc.exists():
- if check_mode:
- return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+ if check_mode:
+ return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'}
- # Unsure as to why this is angry with the return type.
- # pylint: disable=redefined-variable-type
- api_rval = ocregistry.delete()
+ api_rval = oc_pvc.delete()
- if api_rval['returncode'] != 0:
- return {'failed': True, 'msg': api_rval}
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
- return {'changed': True, 'results': api_rval, 'state': state}
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'state': state}
if state == 'present':
########
# Create
########
- if not ocregistry.exists():
+ if not oc_pvc.exists():
if check_mode:
return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
- api_rval = ocregistry.create()
+ # Create it here
+ api_rval = oc_pvc.create()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_pvc.get()
if api_rval['returncode'] != 0:
return {'failed': True, 'msg': api_rval}
@@ -2534,68 +1671,63 @@ class Registry(OpenShiftCLI):
########
# Update
########
- if not params['force'] and not ocregistry.needs_update():
- return {'changed': False, 'state': state}
+ if oc_pvc.pvc.is_bound() or oc_pvc.pvc.get_volume_name():
+ api_rval['msg'] = '##### - This volume is currently bound. Will not update - ####'
+ return {'changed': False, 'results': api_rval, 'state': state}
- if check_mode:
- return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'}
+ if oc_pvc.needs_update():
+ api_rval = oc_pvc.update()
- api_rval = ocregistry.update()
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
- if api_rval['returncode'] != 0:
- return {'failed': True, 'msg': api_rval}
+ # return the created object
+ api_rval = oc_pvc.get()
- return {'changed': True, 'results': api_rval, 'state': state}
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
- return {'failed': True, 'msg': 'Unknown state passed. %s' % state}
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'results': api_rval, 'state': state}
-# -*- -*- -*- End included fragment: class/oc_adm_registry.py -*- -*- -*-
+ return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}
-# -*- -*- -*- Begin included fragment: ansible/oc_adm_registry.py -*- -*- -*-
+# -*- -*- -*- End included fragment: class/oc_pvc.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: ansible/oc_pvc.py -*- -*- -*-
+
+#pylint: disable=too-many-branches
def main():
'''
- ansible oc module for registry
+ ansible oc module for pvc
'''
module = AnsibleModule(
argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
state=dict(default='present', type='str',
- choices=['present', 'absent']),
+ choices=['present', 'absent', 'list']),
debug=dict(default=False, type='bool'),
- namespace=dict(default='default', type='str'),
name=dict(default=None, required=True, type='str'),
-
- kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
- images=dict(default=None, type='str'),
- latest_images=dict(default=False, type='bool'),
- labels=dict(default=None, type='list'),
- ports=dict(default=['5000'], type='list'),
- replicas=dict(default=1, type='int'),
- selector=dict(default=None, type='str'),
- service_account=dict(default='registry', type='str'),
- mount_host=dict(default=None, type='str'),
- volume_mounts=dict(default=None, type='list'),
- env_vars=dict(default={}, type='dict'),
- edits=dict(default=[], type='list'),
- enforce_quota=dict(default=False, type='bool'),
- force=dict(default=False, type='bool'),
- daemonset=dict(default=False, type='bool'),
- tls_key=dict(default=None, type='str'),
- tls_certificate=dict(default=None, type='str'),
+ namespace=dict(default=None, required=True, type='str'),
+ volume_capacity=dict(default='1G', type='str'),
+ access_modes=dict(default='ReadWriteOnce',
+ choices=['ReadWriteOnce', 'ReadOnlyMany', 'ReadWriteMany'],
+ type='str'),
),
-
supports_check_mode=True,
)
- results = Registry.run_ansible(module.params, module.check_mode)
- if 'failed' in results:
- module.fail_json(**results)
+ rval = OCPVC.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in rval:
+ module.fail_json(**rval)
- module.exit_json(**results)
+ return module.exit_json(**rval)
if __name__ == '__main__':
main()
-# -*- -*- -*- End included fragment: ansible/oc_adm_registry.py -*- -*- -*-
+# -*- -*- -*- End included fragment: ansible/oc_pvc.py -*- -*- -*-
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index 97dd310bc..fe59cca33 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -1088,9 +1088,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py
index 56e4e38f7..98f1d94a7 100644
--- a/roles/lib_openshift/library/oc_scale.py
+++ b/roles/lib_openshift/library/oc_scale.py
@@ -1032,9 +1032,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py
index ad32d4900..deba4ab8a 100644
--- a/roles/lib_openshift/library/oc_secret.py
+++ b/roles/lib_openshift/library/oc_secret.py
@@ -1078,9 +1078,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py
index a4d0ca3f3..c2e91e39e 100644
--- a/roles/lib_openshift/library/oc_service.py
+++ b/roles/lib_openshift/library/oc_service.py
@@ -1084,9 +1084,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py
index b6586fca9..a1d8fff14 100644
--- a/roles/lib_openshift/library/oc_serviceaccount.py
+++ b/roles/lib_openshift/library/oc_serviceaccount.py
@@ -1030,9 +1030,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py
index 925a5a088..470043cc6 100644
--- a/roles/lib_openshift/library/oc_serviceaccount_secret.py
+++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py
@@ -1030,9 +1030,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_user.py b/roles/lib_openshift/library/oc_user.py
new file mode 100644
index 000000000..2ccc00301
--- /dev/null
+++ b/roles/lib_openshift/library/oc_user.py
@@ -0,0 +1,1714 @@
+#!/usr/bin/env python
+# pylint: disable=missing-docstring
+# flake8: noqa: T001
+# ___ ___ _ _ ___ ___ _ _____ ___ ___
+# / __| __| \| | __| _ \ /_\_ _| __| \
+# | (_ | _|| .` | _|| / / _ \| | | _|| |) |
+# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____
+# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _|
+# | |) | (_) | | .` | (_) || | | _|| |) | | | |
+# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_|
+#
+# Copyright 2016 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*-
+'''
+ OpenShiftCLI class that wraps the oc commands in a subprocess
+'''
+# pylint: disable=too-many-lines
+
+from __future__ import print_function
+import atexit
+import copy
+import json
+import os
+import re
+import shutil
+import subprocess
+import tempfile
+# pylint: disable=import-error
+try:
+ import ruamel.yaml as yaml
+except ImportError:
+ import yaml
+
+from ansible.module_utils.basic import AnsibleModule
+
+# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: doc/user -*- -*- -*-
+
+DOCUMENTATION = '''
+---
+module: oc_user
+short_description: Create, modify, and idempotently manage openshift users.
+description:
+ - Modify openshift users programmatically.
+options:
+ state:
+ description:
+ - State controls the action that will be taken with resource
+ - 'present' will create or update a user to the desired state
+ - 'absent' will ensure user is removed
+ - 'list' will read and return a list of users
+ default: present
+ choices: ["present", "absent", "list"]
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ username:
+ description:
+ - Short username to query/modify.
+ required: false
+ default: None
+ aliases: []
+ full_name:
+ description:
+ - String with the full name/description of the user.
+ required: false
+ default: None
+ aliases: []
+ groups:
+ description:
+ - List of groups the user should be a member of. This does not add/update the legacy 'groups' field in the OpenShift user object, but makes user entries into the appropriate OpenShift group object for the given user.
+ required: false
+ default: []
+ aliases: []
+author:
+- "Joel Diaz <jdiaz@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: Ensure user exists
+ oc_user:
+ state: present
+ username: johndoe
+ full_name "John Doe"
+ groups:
+ - dedicated-admins
+ register: user_johndoe
+
+user_johndoe variable will have contents like:
+ok: [ded-int-aws-master-61034] => {
+ "user_johndoe": {
+ "changed": true,
+ "results": {
+ "cmd": "oc -n default get users johndoe -o json",
+ "results": [
+ {
+ "apiVersion": "v1",
+ "fullName": "John DOe",
+ "groups": null,
+ "identities": null,
+ "kind": "User",
+ "metadata": {
+ "creationTimestamp": "2017-02-28T15:09:21Z",
+ "name": "johndoe",
+ "resourceVersion": "848781",
+ "selfLink": "/oapi/v1/users/johndoe",
+ "uid": "e23d3300-fdc7-11e6-9e3e-12822d6b7656"
+ }
+ }
+ ],
+ "returncode": 0
+ },
+ "state": "present"
+ }
+}
+'groups' is empty because this field is the OpenShift user object's 'group' field.
+
+- name: Ensure user does not exist
+ oc_user:
+ state: absent
+ username: johndoe
+
+- name: List user's info
+ oc_user:
+ state: list
+ username: johndoe
+ register: user_johndoe
+
+user_johndoe will have contents similar to:
+ok: [ded-int-aws-master-61034] => {
+ "user_johndoe": {
+ "changed": false,
+ "results": [
+ {
+ "apiVersion": "v1",
+ "fullName": "John Doe",
+ "groups": null,
+ "identities": null,
+ "kind": "User",
+ "metadata": {
+ "creationTimestamp": "2017-02-28T15:04:44Z",
+ "name": "johndoe",
+ "resourceVersion": "848280",
+ "selfLink": "/oapi/v1/users/johndoe",
+ "uid": "3d479ad2-fdc7-11e6-9e3e-12822d6b7656"
+ }
+ }
+ ],
+ "state": "list"
+ }
+}
+'''
+
+# -*- -*- -*- End included fragment: doc/user -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+# pylint: disable=undefined-variable,missing-docstring
+# noqa: E301,E302
+
+
+class YeditException(Exception):
+ ''' Exception class for Yedit '''
+ pass
+
+
+# pylint: disable=too-many-public-methods
+class Yedit(object):
+ ''' Class to modify yaml files '''
+ re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$"
+ re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)"
+ com_sep = set(['.', '#', '|', ':'])
+
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ filename=None,
+ content=None,
+ content_type='yaml',
+ separator='.',
+ backup=False):
+ self.content = content
+ self._separator = separator
+ self.filename = filename
+ self.__yaml_dict = content
+ self.content_type = content_type
+ self.backup = backup
+ self.load(content_type=self.content_type)
+ if self.__yaml_dict is None:
+ self.__yaml_dict = {}
+
+ @property
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @separator.setter
+ def separator(self):
+ ''' getter method for yaml_dict '''
+ return self._separator
+
+ @property
+ def yaml_dict(self):
+ ''' getter method for yaml_dict '''
+ return self.__yaml_dict
+
+ @yaml_dict.setter
+ def yaml_dict(self, value):
+ ''' setter method for yaml_dict '''
+ self.__yaml_dict = value
+
+ @staticmethod
+ def parse_key(key, sep='.'):
+ '''parse the key allowing the appropriate separator'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ return re.findall(Yedit.re_key % ''.join(common_separators), key)
+
+ @staticmethod
+ def valid_key(key, sep='.'):
+ '''validate the incoming key'''
+ common_separators = list(Yedit.com_sep - set([sep]))
+ if not re.match(Yedit.re_valid_key % ''.join(common_separators), key):
+ return False
+
+ return True
+
+ @staticmethod
+ def remove_entry(data, key, sep='.'):
+ ''' remove data at location key '''
+ if key == '' and isinstance(data, dict):
+ data.clear()
+ return True
+ elif key == '' and isinstance(data, list):
+ del data[:]
+ return True
+
+ if not (key and Yedit.valid_key(key, sep)) and \
+ isinstance(data, (list, dict)):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ # process last index for remove
+ # expected list entry
+ if key_indexes[-1][0]:
+ if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ del data[int(key_indexes[-1][0])]
+ return True
+
+ # expected dict entry
+ elif key_indexes[-1][1]:
+ if isinstance(data, dict):
+ del data[key_indexes[-1][1]]
+ return True
+
+ @staticmethod
+ def add_entry(data, key, item=None, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a#b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes[:-1]:
+ if dict_key:
+ if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501
+ data = data[dict_key]
+ continue
+
+ elif data and not isinstance(data, dict):
+ raise YeditException("Unexpected item type found while going through key " +
+ "path: {} (at key: {})".format(key, dict_key))
+
+ data[dict_key] = {}
+ data = data[dict_key]
+
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ raise YeditException("Unexpected item type found while going through key path: {}".format(key))
+
+ if key == '':
+ data = item
+
+ # process last index for add
+ # expected list entry
+ elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501
+ data[int(key_indexes[-1][0])] = item
+
+ # expected dict entry
+ elif key_indexes[-1][1] and isinstance(data, dict):
+ data[key_indexes[-1][1]] = item
+
+ # didn't add/update to an existing list, nor add/update key to a dict
+ # so we must have been provided some syntax like a.b.c[<int>] = "data" for a
+ # non-existent array
+ else:
+ raise YeditException("Error adding to object at path: {}".format(key))
+
+ return data
+
+ @staticmethod
+ def get_entry(data, key, sep='.'):
+ ''' Get an item from a dictionary with key notation a.b.c
+ d = {'a': {'b': 'c'}}}
+ key = a.b
+ return c
+ '''
+ if key == '':
+ pass
+ elif (not (key and Yedit.valid_key(key, sep)) and
+ isinstance(data, (list, dict))):
+ return None
+
+ key_indexes = Yedit.parse_key(key, sep)
+ for arr_ind, dict_key in key_indexes:
+ if dict_key and isinstance(data, dict):
+ data = data.get(dict_key, None)
+ elif (arr_ind and isinstance(data, list) and
+ int(arr_ind) <= len(data) - 1):
+ data = data[int(arr_ind)]
+ else:
+ return None
+
+ return data
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ tmp_filename = filename + '.yedit'
+
+ with open(tmp_filename, 'w') as yfd:
+ yfd.write(contents)
+
+ os.rename(tmp_filename, filename)
+
+ def write(self):
+ ''' write to file '''
+ if not self.filename:
+ raise YeditException('Please specify a filename.')
+
+ if self.backup and self.file_exists():
+ shutil.copy(self.filename, self.filename + '.orig')
+
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ # Try to use RoundTripDumper if supported.
+ try:
+ Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper))
+ except AttributeError:
+ Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False))
+
+ return (True, self.yaml_dict)
+
+ def read(self):
+ ''' read from file '''
+ # check if it exists
+ if self.filename is None or not self.file_exists():
+ return None
+
+ contents = None
+ with open(self.filename) as yfd:
+ contents = yfd.read()
+
+ return contents
+
+ def file_exists(self):
+ ''' return whether file exists '''
+ if os.path.exists(self.filename):
+ return True
+
+ return False
+
+ def load(self, content_type='yaml'):
+ ''' return yaml file '''
+ contents = self.read()
+
+ if not contents and not self.content:
+ return None
+
+ if self.content:
+ if isinstance(self.content, dict):
+ self.yaml_dict = self.content
+ return self.yaml_dict
+ elif isinstance(self.content, str):
+ contents = self.content
+
+ # check if it is yaml
+ try:
+ if content_type == 'yaml' and contents:
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ # Try to use RoundTripLoader if supported.
+ try:
+ self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader)
+ except AttributeError:
+ self.yaml_dict = yaml.safe_load(contents)
+
+ # Try to set format attributes if supported
+ try:
+ self.yaml_dict.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ elif content_type == 'json' and contents:
+ self.yaml_dict = json.loads(contents)
+ except yaml.YAMLError as err:
+ # Error loading yaml or json
+ raise YeditException('Problem with loading yaml file. %s' % err)
+
+ return self.yaml_dict
+
+ def get(self, key):
+ ''' get a specified key'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, key, self.separator)
+ except KeyError:
+ entry = None
+
+ return entry
+
+ def pop(self, path, key_or_item):
+ ''' remove a key, value pair from a dict or an item for a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ if isinstance(entry, dict):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ if key_or_item in entry:
+ entry.pop(key_or_item)
+ return (True, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ ind = None
+ try:
+ ind = entry.index(key_or_item)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ entry.pop(ind)
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ def delete(self, path):
+ ''' remove path from a dict'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ return (False, self.yaml_dict)
+
+ result = Yedit.remove_entry(self.yaml_dict, path, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ return (True, self.yaml_dict)
+
+ def exists(self, path, value):
+ ''' check if value exists at path'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, list):
+ if value in entry:
+ return True
+ return False
+
+ elif isinstance(entry, dict):
+ if isinstance(value, dict):
+ rval = False
+ for key, val in value.items():
+ if entry[key] != val:
+ rval = False
+ break
+ else:
+ rval = True
+ return rval
+
+ return value in entry
+
+ return entry == value
+
+ def append(self, path, value):
+ '''append value to a list'''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry is None:
+ self.put(path, [])
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ if not isinstance(entry, list):
+ return (False, self.yaml_dict)
+
+ # AUDIT:maybe-no-member makes sense due to loading data from
+ # a serialized format.
+ # pylint: disable=maybe-no-member
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # pylint: disable=too-many-arguments
+ def update(self, path, value, index=None, curr_value=None):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if isinstance(entry, dict):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ if not isinstance(value, dict):
+ raise YeditException('Cannot replace key, value entry in ' +
+ 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501
+
+ entry.update(value)
+ return (True, self.yaml_dict)
+
+ elif isinstance(entry, list):
+ # AUDIT:maybe-no-member makes sense due to fuzzy types
+ # pylint: disable=maybe-no-member
+ ind = None
+ if curr_value:
+ try:
+ ind = entry.index(curr_value)
+ except ValueError:
+ return (False, self.yaml_dict)
+
+ elif index is not None:
+ ind = index
+
+ if ind is not None and entry[ind] != value:
+ entry[ind] = value
+ return (True, self.yaml_dict)
+
+ # see if it exists in the list
+ try:
+ ind = entry.index(value)
+ except ValueError:
+ # doesn't exist, append it
+ entry.append(value)
+ return (True, self.yaml_dict)
+
+ # already exists, return
+ if ind is not None:
+ return (False, self.yaml_dict)
+ return (False, self.yaml_dict)
+
+ def put(self, path, value):
+ ''' put path, value into a dict '''
+ try:
+ entry = Yedit.get_entry(self.yaml_dict, path, self.separator)
+ except KeyError:
+ entry = None
+
+ if entry == value:
+ return (False, self.yaml_dict)
+
+ # deepcopy didn't work
+ # Try to use ruamel.yaml and fallback to pyyaml
+ try:
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ except AttributeError:
+ tmp_copy = copy.deepcopy(self.yaml_dict)
+
+ # set the format attributes if available
+ try:
+ tmp_copy.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if not result:
+ return (False, self.yaml_dict)
+
+ self.yaml_dict = tmp_copy
+
+ return (True, self.yaml_dict)
+
+ def create(self, path, value):
+ ''' create a yaml file '''
+ if not self.file_exists():
+ # deepcopy didn't work
+ # Try to use ruamel.yaml and fallback to pyyaml
+ try:
+ tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict,
+ default_flow_style=False),
+ yaml.RoundTripLoader)
+ except AttributeError:
+ tmp_copy = copy.deepcopy(self.yaml_dict)
+
+ # set the format attributes if available
+ try:
+ tmp_copy.fa.set_block_style()
+ except AttributeError:
+ pass
+
+ result = Yedit.add_entry(tmp_copy, path, value, self.separator)
+ if result:
+ self.yaml_dict = tmp_copy
+ return (True, self.yaml_dict)
+
+ return (False, self.yaml_dict)
+
+ @staticmethod
+ def get_curr_value(invalue, val_type):
+ '''return the current value'''
+ if invalue is None:
+ return None
+
+ curr_value = invalue
+ if val_type == 'yaml':
+ curr_value = yaml.load(invalue)
+ elif val_type == 'json':
+ curr_value = json.loads(invalue)
+
+ return curr_value
+
+ @staticmethod
+ def parse_value(inc_value, vtype=''):
+ '''determine value type passed'''
+ true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
+ 'on', 'On', 'ON', ]
+ false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
+ 'off', 'Off', 'OFF']
+
+ # It came in as a string but you didn't specify value_type as string
+ # we will convert to bool if it matches any of the above cases
+ if isinstance(inc_value, str) and 'bool' in vtype:
+ if inc_value not in true_bools and inc_value not in false_bools:
+ raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
+ % (inc_value, vtype))
+ elif isinstance(inc_value, bool) and 'str' in vtype:
+ inc_value = str(inc_value)
+
+ # If vtype is not str then go ahead and attempt to yaml load it.
+ if isinstance(inc_value, str) and 'str' not in vtype:
+ try:
+ inc_value = yaml.load(inc_value)
+ except Exception:
+ raise YeditException('Could not determine type of incoming ' +
+ 'value. value=[%s] vtype=[%s]'
+ % (type(inc_value), vtype))
+
+ return inc_value
+
+ # pylint: disable=too-many-return-statements,too-many-branches
+ @staticmethod
+ def run_ansible(module):
+ '''perform the idempotent crud operations'''
+ yamlfile = Yedit(filename=module.params['src'],
+ backup=module.params['backup'],
+ separator=module.params['separator'])
+
+ if module.params['src']:
+ rval = yamlfile.load()
+
+ if yamlfile.yaml_dict is None and \
+ module.params['state'] != 'present':
+ return {'failed': True,
+ 'msg': 'Error opening file [%s]. Verify that the ' +
+ 'file exists, that it is has correct' +
+ ' permissions, and is valid yaml.'}
+
+ if module.params['state'] == 'list':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['key']:
+ rval = yamlfile.get(module.params['key']) or {}
+
+ return {'changed': False, 'result': rval, 'state': "list"}
+
+ elif module.params['state'] == 'absent':
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+ yamlfile.yaml_dict = content
+
+ if module.params['update']:
+ rval = yamlfile.pop(module.params['key'],
+ module.params['value'])
+ else:
+ rval = yamlfile.delete(module.params['key'])
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0], 'result': rval[1], 'state': "absent"}
+
+ elif module.params['state'] == 'present':
+ # check if content is different than what is in the file
+ if module.params['content']:
+ content = Yedit.parse_value(module.params['content'],
+ module.params['content_type'])
+
+ # We had no edits to make and the contents are the same
+ if yamlfile.yaml_dict == content and \
+ module.params['value'] is None:
+ return {'changed': False,
+ 'result': yamlfile.yaml_dict,
+ 'state': "present"}
+
+ yamlfile.yaml_dict = content
+
+ # we were passed a value; parse it
+ if module.params['value']:
+ value = Yedit.parse_value(module.params['value'],
+ module.params['value_type'])
+ key = module.params['key']
+ if module.params['update']:
+ # pylint: disable=line-too-long
+ curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501
+ module.params['curr_value_format']) # noqa: E501
+
+ rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501
+
+ elif module.params['append']:
+ rval = yamlfile.append(key, value)
+ else:
+ rval = yamlfile.put(key, value)
+
+ if rval[0] and module.params['src']:
+ yamlfile.write()
+
+ return {'changed': rval[0],
+ 'result': rval[1], 'state': "present"}
+
+ # no edits to make
+ if module.params['src']:
+ # pylint: disable=redefined-variable-type
+ rval = yamlfile.write()
+ return {'changed': rval[0],
+ 'result': rval[1],
+ 'state': "present"}
+
+ return {'failed': True, 'msg': 'Unkown state passed'}
+
+# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*-
+# pylint: disable=too-many-lines
+# noqa: E301,E302,E303,T001
+
+
+class OpenShiftCLIError(Exception):
+ '''Exception class for openshiftcli'''
+ pass
+
+
+ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')]
+
+
+def locate_oc_binary():
+ ''' Find and return oc binary file '''
+ # https://github.com/openshift/openshift-ansible/issues/3410
+ # oc can be in /usr/local/bin in some cases, but that may not
+ # be in $PATH due to ansible/sudo
+ paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS
+
+ oc_binary = 'oc'
+
+ # Use shutil.which if it is available, otherwise fallback to a naive path search
+ try:
+ which_result = shutil.which(oc_binary, path=os.pathsep.join(paths))
+ if which_result is not None:
+ oc_binary = which_result
+ except AttributeError:
+ for path in paths:
+ if os.path.exists(os.path.join(path, oc_binary)):
+ oc_binary = os.path.join(path, oc_binary)
+ break
+
+ return oc_binary
+
+
+# pylint: disable=too-few-public-methods
+class OpenShiftCLI(object):
+ ''' Class to wrap the command line tools '''
+ def __init__(self,
+ namespace,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False,
+ all_namespaces=False):
+ ''' Constructor for OpenshiftCLI '''
+ self.namespace = namespace
+ self.verbose = verbose
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
+ self.all_namespaces = all_namespaces
+ self.oc_binary = locate_oc_binary()
+
+ # Pylint allows only 5 arguments to be passed.
+ # pylint: disable=too-many-arguments
+ def _replace_content(self, resource, rname, content, force=False, sep='.'):
+ ''' replace the current object with the content '''
+ res = self._get(resource, rname)
+ if not res['results']:
+ return res
+
+ fname = Utils.create_tmpfile(rname + '-')
+
+ yed = Yedit(fname, res['results'][0], separator=sep)
+ changes = []
+ for key, value in content.items():
+ changes.append(yed.put(key, value))
+
+ if any([change[0] for change in changes]):
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._replace(fname, force)
+
+ return {'returncode': 0, 'updated': False}
+
+ def _replace(self, fname, force=False):
+ '''replace the current object with oc replace'''
+ cmd = ['replace', '-f', fname]
+ if force:
+ cmd.append('--force')
+ return self.openshift_cmd(cmd)
+
+ def _create_from_content(self, rname, content):
+ '''create a temporary file and then call oc create on it'''
+ fname = Utils.create_tmpfile(rname + '-')
+ yed = Yedit(fname, content=content)
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self._create(fname)
+
+ def _create(self, fname):
+ '''call oc create on a filename'''
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _delete(self, resource, rname, selector=None):
+ '''call oc delete on a resource'''
+ cmd = ['delete', resource, rname]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+
+ return self.openshift_cmd(cmd)
+
+ def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501
+ '''process a template
+
+ template_name: the name of the template to process
+ create: whether to send to oc create after processing
+ params: the parameters for the template
+ template_data: the incoming template's data; instead of a file
+ '''
+ cmd = ['process']
+ if template_data:
+ cmd.extend(['-f', '-'])
+ else:
+ cmd.append(template_name)
+ if params:
+ param_str = ["%s=%s" % (key, value) for key, value in params.items()]
+ cmd.append('-v')
+ cmd.extend(param_str)
+
+ results = self.openshift_cmd(cmd, output=True, input_data=template_data)
+
+ if results['returncode'] != 0 or not create:
+ return results
+
+ fname = Utils.create_tmpfile(template_name + '-')
+ yed = Yedit(fname, results['results'])
+ yed.write()
+
+ atexit.register(Utils.cleanup, [fname])
+
+ return self.openshift_cmd(['create', '-f', fname])
+
+ def _get(self, resource, rname=None, selector=None):
+ '''return a resource by name '''
+ cmd = ['get', resource]
+ if selector:
+ cmd.append('--selector=%s' % selector)
+ elif rname:
+ cmd.append(rname)
+
+ cmd.extend(['-o', 'json'])
+
+ rval = self.openshift_cmd(cmd, output=True)
+
+ # Ensure results are retuned in an array
+ if 'items' in rval:
+ rval['results'] = rval['items']
+ elif not isinstance(rval['results'], list):
+ rval['results'] = [rval['results']]
+
+ return rval
+
+ def _schedulable(self, node=None, selector=None, schedulable=True):
+ ''' perform oadm manage-node scheduable '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ cmd.append('--schedulable=%s' % schedulable)
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501
+
+ def _list_pods(self, node=None, selector=None, pod_selector=None):
+ ''' perform oadm list pods
+
+ node: the node in which to list pods
+ selector: the label selector filter if provided
+ pod_selector: the pod selector filter if provided
+ '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ cmd.extend(['--list-pods', '-o', 'json'])
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ # pylint: disable=too-many-arguments
+ def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False):
+ ''' perform oadm manage-node evacuate '''
+ cmd = ['manage-node']
+ if node:
+ cmd.extend(node)
+ else:
+ cmd.append('--selector=%s' % selector)
+
+ if dry_run:
+ cmd.append('--dry-run')
+
+ if pod_selector:
+ cmd.append('--pod-selector=%s' % pod_selector)
+
+ if grace_period:
+ cmd.append('--grace-period=%s' % int(grace_period))
+
+ if force:
+ cmd.append('--force')
+
+ cmd.append('--evacuate')
+
+ return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+ def _version(self):
+ ''' return the openshift version'''
+ return self.openshift_cmd(['version'], output=True, output_type='raw')
+
+ def _import_image(self, url=None, name=None, tag=None):
+ ''' perform image import '''
+ cmd = ['import-image']
+
+ image = '{0}'.format(name)
+ if tag:
+ image += ':{0}'.format(tag)
+
+ cmd.append(image)
+
+ if url:
+ cmd.append('--from={0}/{1}'.format(url, image))
+
+ cmd.append('-n{0}'.format(self.namespace))
+
+ cmd.append('--confirm')
+ return self.openshift_cmd(cmd)
+
+ def _run(self, cmds, input_data):
+ ''' Actually executes the command. This makes mocking easier. '''
+ curr_env = os.environ.copy()
+ curr_env.update({'KUBECONFIG': self.kubeconfig})
+ proc = subprocess.Popen(cmds,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ env=curr_env)
+
+ stdout, stderr = proc.communicate(input_data)
+
+ return proc.returncode, stdout.decode(), stderr.decode()
+
+ # pylint: disable=too-many-arguments,too-many-branches
+ def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None):
+ '''Base command for oc '''
+ cmds = [self.oc_binary]
+
+ if oadm:
+ cmds.append('adm')
+
+ cmds.extend(cmd)
+
+ if self.all_namespaces:
+ cmds.extend(['--all-namespaces'])
+ elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501
+ cmds.extend(['-n', self.namespace])
+
+ rval = {}
+ results = ''
+ err = None
+
+ if self.verbose:
+ print(' '.join(cmds))
+
+ try:
+ returncode, stdout, stderr = self._run(cmds, input_data)
+ except OSError as ex:
+ returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex)
+
+ rval = {"returncode": returncode,
+ "results": results,
+ "cmd": ' '.join(cmds)}
+
+ if returncode == 0:
+ if output:
+ if output_type == 'json':
+ try:
+ rval['results'] = json.loads(stdout)
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
+ elif output_type == 'raw':
+ rval['results'] = stdout
+
+ if self.verbose:
+ print("STDOUT: {0}".format(stdout))
+ print("STDERR: {0}".format(stderr))
+
+ if err:
+ rval.update({"err": err,
+ "stderr": stderr,
+ "stdout": stdout,
+ "cmd": cmds})
+
+ else:
+ rval.update({"stderr": stderr,
+ "stdout": stdout,
+ "results": {}})
+
+ return rval
+
+
+class Utils(object):
+ ''' utilities for openshiftcli modules '''
+
+ @staticmethod
+ def _write(filename, contents):
+ ''' Actually write the file contents to disk. This helps with mocking. '''
+
+ with open(filename, 'w') as sfd:
+ sfd.write(contents)
+
+ @staticmethod
+ def create_tmp_file_from_contents(rname, data, ftype='yaml'):
+ ''' create a file in tmp with name and contents'''
+
+ tmp = Utils.create_tmpfile(prefix=rname)
+
+ if ftype == 'yaml':
+ # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage
+ # pylint: disable=no-member
+ if hasattr(yaml, 'RoundTripDumper'):
+ Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper))
+ else:
+ Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False))
+
+ elif ftype == 'json':
+ Utils._write(tmp, json.dumps(data))
+ else:
+ Utils._write(tmp, data)
+
+ # Register cleanup when module is done
+ atexit.register(Utils.cleanup, [tmp])
+ return tmp
+
+ @staticmethod
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
+ ''' Generates and returns a temporary file name '''
+
+ with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
+ return tmp.name
+
+ @staticmethod
+ def create_tmp_files_from_contents(content, content_type=None):
+ '''Turn an array of dict: filename, content into a files array'''
+ if not isinstance(content, list):
+ content = [content]
+ files = []
+ for item in content:
+ path = Utils.create_tmp_file_from_contents(item['path'] + '-',
+ item['data'],
+ ftype=content_type)
+ files.append({'name': os.path.basename(item['path']),
+ 'path': path})
+ return files
+
+ @staticmethod
+ def cleanup(files):
+ '''Clean up on exit '''
+ for sfile in files:
+ if os.path.exists(sfile):
+ if os.path.isdir(sfile):
+ shutil.rmtree(sfile)
+ elif os.path.isfile(sfile):
+ os.remove(sfile)
+
+ @staticmethod
+ def exists(results, _name):
+ ''' Check to see if the results include the name '''
+ if not results:
+ return False
+
+ if Utils.find_result(results, _name):
+ return True
+
+ return False
+
+ @staticmethod
+ def find_result(results, _name):
+ ''' Find the specified result by name'''
+ rval = None
+ for result in results:
+ if 'metadata' in result and result['metadata']['name'] == _name:
+ rval = result
+ break
+
+ return rval
+
+ @staticmethod
+ def get_resource_file(sfile, sfile_type='yaml'):
+ ''' return the service file '''
+ contents = None
+ with open(sfile) as sfd:
+ contents = sfd.read()
+
+ if sfile_type == 'yaml':
+ # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage
+ # pylint: disable=no-member
+ if hasattr(yaml, 'RoundTripLoader'):
+ contents = yaml.load(contents, yaml.RoundTripLoader)
+ else:
+ contents = yaml.safe_load(contents)
+ elif sfile_type == 'json':
+ contents = json.loads(contents)
+
+ return contents
+
+ @staticmethod
+ def filter_versions(stdout):
+ ''' filter the oc version output '''
+
+ version_dict = {}
+ version_search = ['oc', 'openshift', 'kubernetes']
+
+ for line in stdout.strip().split('\n'):
+ for term in version_search:
+ if not line:
+ continue
+ if line.startswith(term):
+ version_dict[term] = line.split()[-1]
+
+ # horrible hack to get openshift version in Openshift 3.2
+ # By default "oc version in 3.2 does not return an "openshift" version
+ if "openshift" not in version_dict:
+ version_dict["openshift"] = version_dict["oc"]
+
+ return version_dict
+
+ @staticmethod
+ def add_custom_versions(versions):
+ ''' create custom versions strings '''
+
+ versions_dict = {}
+
+ for tech, version in versions.items():
+ # clean up "-" from version
+ if "-" in version:
+ version = version.split("-")[0]
+
+ if version.startswith('v'):
+ versions_dict[tech + '_numeric'] = version[1:].split('+')[0]
+ # "v3.3.0.33" is what we have, we want "3.3"
+ versions_dict[tech + '_short'] = version[1:4]
+
+ return versions_dict
+
+ @staticmethod
+ def openshift_installed():
+ ''' check if openshift is installed '''
+ import yum
+
+ yum_base = yum.YumBase()
+ if yum_base.rpmdb.searchNevra(name='atomic-openshift'):
+ return True
+
+ return False
+
+ # Disabling too-many-branches. This is a yaml dictionary comparison function
+ # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements
+ @staticmethod
+ def check_def_equal(user_def, result_def, skip_keys=None, debug=False):
+ ''' Given a user defined definition, compare it with the results given back by our query. '''
+
+ # Currently these values are autogenerated and we do not need to check them
+ skip = ['metadata', 'status']
+ if skip_keys:
+ skip.extend(skip_keys)
+
+ for key, value in result_def.items():
+ if key in skip:
+ continue
+
+ # Both are lists
+ if isinstance(value, list):
+ if key not in user_def:
+ if debug:
+ print('User data does not have key [%s]' % key)
+ print('User data: %s' % user_def)
+ return False
+
+ if not isinstance(user_def[key], list):
+ if debug:
+ print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key]))
+ return False
+
+ if len(user_def[key]) != len(value):
+ if debug:
+ print("List lengths are not equal.")
+ print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value)))
+ print("user_def: %s" % user_def[key])
+ print("value: %s" % value)
+ return False
+
+ for values in zip(user_def[key], value):
+ if isinstance(values[0], dict) and isinstance(values[1], dict):
+ if debug:
+ print('sending list - list')
+ print(type(values[0]))
+ print(type(values[1]))
+ result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug)
+ if not result:
+ print('list compare returned false')
+ return False
+
+ elif value != user_def[key]:
+ if debug:
+ print('value should be identical')
+ print(user_def[key])
+ print(value)
+ return False
+
+ # recurse on a dictionary
+ elif isinstance(value, dict):
+ if key not in user_def:
+ if debug:
+ print("user_def does not have key [%s]" % key)
+ return False
+ if not isinstance(user_def[key], dict):
+ if debug:
+ print("dict returned false: not instance of dict")
+ return False
+
+ # before passing ensure keys match
+ api_values = set(value.keys()) - set(skip)
+ user_values = set(user_def[key].keys()) - set(skip)
+ if api_values != user_values:
+ if debug:
+ print("keys are not equal in dict")
+ print(user_values)
+ print(api_values)
+ return False
+
+ result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
+ if not result:
+ if debug:
+ print("dict returned false")
+ print(result)
+ return False
+
+ # Verify each key, value pair is the same
+ else:
+ if key not in user_def or value != user_def[key]:
+ if debug:
+ print("value not equal; user_def does not have key")
+ print(key)
+ print(value)
+ if key in user_def:
+ print(user_def[key])
+ return False
+
+ if debug:
+ print('returning true')
+ return True
+
+
+class OpenShiftCLIConfig(object):
+ '''Generic Config'''
+ def __init__(self, rname, namespace, kubeconfig, options):
+ self.kubeconfig = kubeconfig
+ self.name = rname
+ self.namespace = namespace
+ self._options = options
+
+ @property
+ def config_options(self):
+ ''' return config options '''
+ return self._options
+
+ def to_option_list(self):
+ '''return all options as a string'''
+ return self.stringify()
+
+ def stringify(self):
+ ''' return the options hash as cli params in a string '''
+ rval = []
+ for key in sorted(self.config_options.keys()):
+ data = self.config_options[key]
+ if data['include'] \
+ and (data['value'] or isinstance(data['value'], int)):
+ rval.append('--{}={}'.format(key.replace('_', '-'), data['value']))
+
+ return rval
+
+
+# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: lib/user.py -*- -*- -*-
+
+
+class UserConfig(object):
+ ''' Handle user options '''
+ def __init__(self,
+ kubeconfig,
+ username,
+ full_name):
+ ''' constructor for handling user options '''
+ self.kubeconfig = kubeconfig
+ self.username = username
+ self.full_name = full_name
+
+ self.data = {}
+ self.create_dict()
+
+ def create_dict(self):
+ ''' return a user as a dict '''
+ self.data['apiVersion'] = 'v1'
+ self.data['fullName'] = self.full_name
+ self.data['groups'] = None
+ self.data['identities'] = None
+ self.data['kind'] = 'User'
+ self.data['metadata'] = {}
+ self.data['metadata']['name'] = self.username
+
+
+# pylint: disable=too-many-instance-attributes
+class User(Yedit):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'user'
+
+ def __init__(self, content):
+ '''User constructor'''
+ super(User, self).__init__(content=content)
+
+# -*- -*- -*- End included fragment: lib/user.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: class/oc_user.py -*- -*- -*-
+
+# pylint: disable=too-many-instance-attributes
+class OCUser(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'users'
+
+ def __init__(self,
+ config,
+ groups=None,
+ verbose=False):
+ ''' Constructor for OCUser '''
+ # namespace has no meaning for user operations, hardcode to 'default'
+ super(OCUser, self).__init__('default', config.kubeconfig)
+ self.config = config
+ self.groups = groups
+ self._user = None
+
+ @property
+ def user(self):
+ ''' property function user'''
+ if not self._user:
+ self.get()
+ return self._user
+
+ @user.setter
+ def user(self, data):
+ ''' setter function for user '''
+ self._user = data
+
+ def exists(self):
+ ''' return whether a user exists '''
+ if self.user:
+ return True
+
+ return False
+
+ def get(self):
+ ''' return user information '''
+ result = self._get(self.kind, self.config.username)
+ if result['returncode'] == 0:
+ self.user = User(content=result['results'][0])
+ elif 'users \"%s\" not found' % self.config.username in result['stderr']:
+ result['returncode'] = 0
+ result['results'] = [{}]
+
+ return result
+
+ def delete(self):
+ ''' delete the object '''
+ return self._delete(self.kind, self.config.username)
+
+ def create_group_entries(self):
+ ''' make entries for user to the provided group list '''
+ if self.groups != None:
+ for group in self.groups:
+ cmd = ['groups', 'add-users', group, self.config.username]
+ rval = self.openshift_cmd(cmd, oadm=True)
+ if rval['returncode'] != 0:
+ return rval
+
+ return rval
+
+ return {'returncode': 0}
+
+ def create(self):
+ ''' create the object '''
+ rval = self.create_group_entries()
+ if rval['returncode'] != 0:
+ return rval
+
+ return self._create_from_content(self.config.username, self.config.data)
+
+ def group_update(self):
+ ''' update group membership '''
+ rval = {'returncode': 0}
+ cmd = ['get', 'groups', '-o', 'json']
+ all_groups = self.openshift_cmd(cmd, output=True)
+
+ # pylint misindentifying all_groups['results']['items'] type
+ # pylint: disable=invalid-sequence-index
+ for group in all_groups['results']['items']:
+ # If we're supposed to be in this group
+ if group['metadata']['name'] in self.groups \
+ and (group['users'] is None or self.config.username not in group['users']):
+ cmd = ['groups', 'add-users', group['metadata']['name'],
+ self.config.username]
+ rval = self.openshift_cmd(cmd, oadm=True)
+ if rval['returncode'] != 0:
+ return rval
+ # else if we're in the group, but aren't supposed to be
+ elif group['users'] != None and self.config.username in group['users'] \
+ and group['metadata']['name'] not in self.groups:
+ cmd = ['groups', 'remove-users', group['metadata']['name'],
+ self.config.username]
+ rval = self.openshift_cmd(cmd, oadm=True)
+ if rval['returncode'] != 0:
+ return rval
+
+ return rval
+
+ def update(self):
+ ''' update the object '''
+ rval = self.group_update()
+ if rval['returncode'] != 0:
+ return rval
+
+ # need to update the user's info
+ return self._replace_content(self.kind, self.config.username, self.config.data, force=True)
+
+ def needs_group_update(self):
+ ''' check if there are group membership changes '''
+ cmd = ['get', 'groups', '-o', 'json']
+ all_groups = self.openshift_cmd(cmd, output=True)
+
+ # pylint misindentifying all_groups['results']['items'] type
+ # pylint: disable=invalid-sequence-index
+ for group in all_groups['results']['items']:
+ # If we're supposed to be in this group
+ if group['metadata']['name'] in self.groups \
+ and (group['users'] is None or self.config.username not in group['users']):
+ return True
+ # else if we're in the group, but aren't supposed to be
+ elif group['users'] != None and self.config.username in group['users'] \
+ and group['metadata']['name'] not in self.groups:
+ return True
+
+ return False
+
+ def needs_update(self):
+ ''' verify an update is needed '''
+ skip = []
+ if self.needs_group_update():
+ return True
+
+ return not Utils.check_def_equal(self.config.data, self.user.yaml_dict, skip_keys=skip, debug=True)
+
+ # pylint: disable=too-many-return-statements
+ @staticmethod
+ def run_ansible(params, check_mode=False):
+ ''' run the idempotent ansible code
+
+ params comes from the ansible portion of this module
+ check_mode: does the module support check mode. (module.check_mode)
+ '''
+
+ uconfig = UserConfig(params['kubeconfig'],
+ params['username'],
+ params['full_name'],
+ )
+
+ oc_user = OCUser(uconfig, params['groups'],
+ verbose=params['debug'])
+ state = params['state']
+
+ api_rval = oc_user.get()
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': "list"}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ if oc_user.exists():
+
+ if check_mode:
+ return {'changed': False, 'msg': 'Would have performed a delete.'}
+
+ api_rval = oc_user.delete()
+
+ return {'changed': True, 'results': api_rval, 'state': "absent"}
+ return {'changed': False, 'state': "absent"}
+
+ if state == 'present':
+ ########
+ # Create
+ ########
+ if not oc_user.exists():
+
+ if check_mode:
+ return {'changed': False, 'msg': 'Would have performed a create.'}
+
+ # Create it here
+ api_rval = oc_user.create()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_user.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': "present"}
+
+ ########
+ # Update
+ ########
+ if oc_user.needs_update():
+ api_rval = oc_user.update()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ orig_cmd = api_rval['cmd']
+ # return the created object
+ api_rval = oc_user.get()
+ # overwrite the get/list cmd
+ api_rval['cmd'] = orig_cmd
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': "present"}
+
+ return {'changed': False, 'results': api_rval, 'state': "present"}
+
+ return {'failed': True,
+ 'changed': False,
+ 'results': 'Unknown state passed. %s' % state,
+ 'state': "unknown"}
+
+# -*- -*- -*- End included fragment: class/oc_user.py -*- -*- -*-
+
+# -*- -*- -*- Begin included fragment: ansible/oc_user.py -*- -*- -*-
+
+def main():
+ '''
+ ansible oc module for user
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ username=dict(default=None, type='str'),
+ full_name=dict(default=None, type='str'),
+ # setting groups for user data will not populate the
+ # 'groups' field in the user data.
+ # it will call out to the group data and make the user
+ # entry there
+ groups=dict(default=[], type='list'),
+ ),
+ supports_check_mode=True,
+ )
+
+ results = OCUser.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in results:
+ module.fail_json(**results)
+
+ module.exit_json(**results)
+
+if __name__ == '__main__':
+ main()
+
+# -*- -*- -*- End included fragment: ansible/oc_user.py -*- -*- -*-
diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py
index 8f59d4d7e..378c2b2e5 100644
--- a/roles/lib_openshift/library/oc_version.py
+++ b/roles/lib_openshift/library/oc_version.py
@@ -1002,9 +1002,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/library/oc_adm_registry.py.bak b/roles/lib_openshift/library/oc_volume.py
index d2532a784..e9e29468a 100644
--- a/roles/lib_openshift/library/oc_adm_registry.py.bak
+++ b/roles/lib_openshift/library/oc_volume.py
@@ -50,23 +50,23 @@ from ansible.module_utils.basic import AnsibleModule
# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: doc/registry -*- -*- -*-
+# -*- -*- -*- Begin included fragment: doc/volume -*- -*- -*-
DOCUMENTATION = '''
---
-module: oc_adm_registry
-short_description: Module to manage openshift registry
+module: oc_volume
+short_description: Create, modify, and idempotently manage openshift volumes.
description:
- - Manage openshift registry programmatically.
+ - Modify openshift volumes programmatically.
options:
state:
description:
- - The desired action when managing openshift registry
- - present - update or create the registry
- - absent - tear down the registry service and deploymentconfig
- - list - returns the current representiation of a registry
- required: false
- default: False
+ - State controls the action that will be taken with resource
+ - 'present' will create or update and object to the desired state
+ - 'absent' will ensure volumes are removed
+ - 'list' will read the volumes
+ default: present
+ choices: ["present", "absent", "list"]
aliases: []
kubeconfig:
description:
@@ -80,169 +80,82 @@ options:
required: false
default: False
aliases: []
- name:
- description:
- - The name of the registry
- required: false
- default: None
- aliases: []
namespace:
description:
- - The selector when filtering on node labels
+ - The name of the namespace where the object lives
required: false
- default: None
+ default: default
aliases: []
- images:
+ kind:
description:
- - The image to base this registry on - ${component} will be replaced with --type
- required: 'openshift3/ose-${component}:${version}'
- default: None
+ - The kind of object that can be managed.
+ default: dc
+ choices:
+ - dc
+ - rc
+ - pods
aliases: []
- latest_images:
+ mount_type:
description:
- - If true, attempt to use the latest image for the registry instead of the latest release.
- required: false
- default: False
- aliases: []
- labels:
- description:
- - A set of labels to uniquely identify the registry and its components.
+ - The type of volume to be used
required: false
default: None
+ choices:
+ - emptydir
+ - hostpath
+ - secret
+ - pvc
+ - configmap
aliases: []
- enforce_quota:
- description:
- - If set, the registry will refuse to write blobs if they exceed quota limits
- required: False
- default: False
- aliases: []
- mount_host:
+ mount_path:
description:
- - If set, the registry volume will be created as a host-mount at this path.
- required: False
- default: False
- aliases: []
- ports:
- description:
- - A comma delimited list of ports or port pairs to expose on the registry pod. The default is set for 5000.
- required: False
- default: [5000]
- aliases: []
- replicas:
- description:
- - The replication factor of the registry; commonly 2 when high availability is desired.
- required: False
- default: 1
- aliases: []
- selector:
- description:
- - Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes.
- required: False
- default: None
- aliases: []
- service_account:
- description:
- - Name of the service account to use to run the registry pod.
- required: False
- default: 'registry'
- aliases: []
- tls_certificate:
- description:
- - An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS
+ - The path to where the mount will be attached
required: false
default: None
aliases: []
- tls_key:
+ secret_name:
description:
- - An optional path to a PEM encoded private key for serving over TLS
+ - The name of the secret. Used when mount_type is secret.
required: false
default: None
aliases: []
- volume_mounts:
+ claim_size:
description:
- - The volume mounts for the registry.
+ - The size in GB of the pv claim. e.g. 100G
required: false
default: None
aliases: []
- daemonset:
- description:
- - Use a daemonset instead of a deployment config.
- required: false
- default: False
- aliases: []
- edits:
+ claim_name:
description:
- - A list of modifications to make on the deploymentconfig
+ - The name of the pv claim
required: false
default: None
aliases: []
- env_vars:
+ configmap_name:
description:
- - A dictionary of modifications to make on the deploymentconfig. e.g. FOO: BAR
+ - The name of the configmap
required: false
default: None
aliases: []
- force:
- description:
- - Force a registry update.
- required: false
- default: False
- aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
'''
EXAMPLES = '''
-- name: create a secure registry
- oc_adm_registry:
- name: docker-registry
- service_account: registry
- replicas: 2
- namespace: default
- selector: type=infra
- images: "registry.ops.openshift.com/openshift3/ose-${component}:${version}"
- env_vars:
- REGISTRY_CONFIGURATION_PATH: /etc/registryconfig/config.yml
- REGISTRY_HTTP_TLS_CERTIFICATE: /etc/secrets/registry.crt
- REGISTRY_HTTP_TLS_KEY: /etc/secrets/registry.key
- REGISTRY_HTTP_SECRET: supersecret
- volume_mounts:
- - path: /etc/secrets
- name: dockercerts
- type: secret
- secret_name: registry-secret
- - path: /etc/registryconfig
- name: dockersecrets
- type: secret
- secret_name: docker-registry-config
- edits:
- - key: spec.template.spec.containers[0].livenessProbe.httpGet.scheme
- value: HTTPS
- action: put
- - key: spec.template.spec.containers[0].readinessProbe.httpGet.scheme
- value: HTTPS
- action: put
- - key: spec.strategy.rollingParams
- value:
- intervalSeconds: 1
- maxSurge: 50%
- maxUnavailable: 50%
- timeoutSeconds: 600
- updatePeriodSeconds: 1
- action: put
- - key: spec.template.spec.containers[0].resources.limits.memory
- value: 2G
- action: update
- - key: spec.template.spec.containers[0].resources.requests.memory
- value: 1G
- action: update
-
- register: registryout
-
+- name: attach storage volumes to deploymentconfig
+ oc_volume:
+ namespace: logging
+ kind: dc
+ name: name_of_the_dc
+ mount_type: pvc
+ claim_name: loggingclaim
+ claim_size: 100G
+ vol_name: logging-storage
+ run_once: true
'''
-# -*- -*- -*- End included fragment: doc/registry -*- -*- -*-
+# -*- -*- -*- End included fragment: doc/volume -*- -*- -*-
# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
# pylint: disable=undefined-variable,missing-docstring
@@ -371,7 +284,8 @@ class Yedit(object):
continue
elif data and not isinstance(data, dict):
- return None
+ raise YeditException("Unexpected item type found while going through key " +
+ "path: {} (at key: {})".format(key, dict_key))
data[dict_key] = {}
data = data[dict_key]
@@ -380,7 +294,7 @@ class Yedit(object):
int(arr_ind) <= len(data) - 1):
data = data[int(arr_ind)]
else:
- return None
+ raise YeditException("Unexpected item type found while going through key path: {}".format(key))
if key == '':
data = item
@@ -394,6 +308,12 @@ class Yedit(object):
elif key_indexes[-1][1] and isinstance(data, dict):
data[key_indexes[-1][1]] = item
+ # didn't add/update to an existing list, nor add/update key to a dict
+ # so we must have been provided some syntax like a.b.c[<int>] = "data" for a
+ # non-existent array
+ else:
+ raise YeditException("Error adding to object at path: {}".format(key))
+
return data
@staticmethod
@@ -873,6 +793,32 @@ class OpenShiftCLIError(Exception):
pass
+ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')]
+
+
+def locate_oc_binary():
+ ''' Find and return oc binary file '''
+ # https://github.com/openshift/openshift-ansible/issues/3410
+ # oc can be in /usr/local/bin in some cases, but that may not
+ # be in $PATH due to ansible/sudo
+ paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS
+
+ oc_binary = 'oc'
+
+ # Use shutil.which if it is available, otherwise fallback to a naive path search
+ try:
+ which_result = shutil.which(oc_binary, path=os.pathsep.join(paths))
+ if which_result is not None:
+ oc_binary = which_result
+ except AttributeError:
+ for path in paths:
+ if os.path.exists(os.path.join(path, oc_binary)):
+ oc_binary = os.path.join(path, oc_binary)
+ break
+
+ return oc_binary
+
+
# pylint: disable=too-few-public-methods
class OpenShiftCLI(object):
''' Class to wrap the command line tools '''
@@ -886,6 +832,7 @@ class OpenShiftCLI(object):
self.verbose = verbose
self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
+ self.oc_binary = locate_oc_binary()
# Pylint allows only 5 arguments to be passed.
# pylint: disable=too-many-arguments
@@ -1087,19 +1034,18 @@ class OpenShiftCLI(object):
# pylint: disable=too-many-arguments,too-many-branches
def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None):
'''Base command for oc '''
- cmds = []
+ cmds = [self.oc_binary]
+
if oadm:
- cmds = ['oadm']
- else:
- cmds = ['oc']
+ cmds.append('adm')
+
+ cmds.extend(cmd)
if self.all_namespaces:
cmds.extend(['--all-namespaces'])
elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501
cmds.extend(['-n', self.namespace])
- cmds.extend(cmd)
-
rval = {}
results = ''
err = None
@@ -1107,7 +1053,10 @@ class OpenShiftCLI(object):
if self.verbose:
print(' '.join(cmds))
- returncode, stdout, stderr = self._run(cmds, input_data)
+ try:
+ returncode, stdout, stderr = self._run(cmds, input_data)
+ except OSError as ex:
+ returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex)
rval = {"returncode": returncode,
"results": results,
@@ -1118,9 +1067,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
@@ -1358,8 +1307,8 @@ class Utils(object):
elif value != user_def[key]:
if debug:
print('value should be identical')
- print(value)
print(user_def[key])
+ print(value)
return False
# recurse on a dictionary
@@ -1379,8 +1328,8 @@ class Utils(object):
if api_values != user_values:
if debug:
print("keys are not equal in dict")
- print(api_values)
print(user_values)
+ print(api_values)
return False
result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
@@ -1426,10 +1375,11 @@ class OpenShiftCLIConfig(object):
def stringify(self):
''' return the options hash as cli params in a string '''
rval = []
- for key, data in self.config_options.items():
+ for key in sorted(self.config_options.keys()):
+ data = self.config_options[key]
if data['include'] \
and (data['value'] or isinstance(data['value'], int)):
- rval.append('--%s=%s' % (key.replace('_', '-'), data['value']))
+ rval.append('--{}={}'.format(key.replace('_', '-'), data['value']))
return rval
@@ -1546,7 +1496,7 @@ spec:
'''return a environment variables '''
results = self.get(DeploymentConfig.env_path) or []
if not results:
- return None
+ return None
for env_var in results:
if env_var['name'] == key:
@@ -1788,238 +1738,10 @@ spec:
# -*- -*- -*- End included fragment: lib/deploymentconfig.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: lib/secret.py -*- -*- -*-
-
-# pylint: disable=too-many-instance-attributes
-class SecretConfig(object):
- ''' Handle secret options '''
- # pylint: disable=too-many-arguments
- def __init__(self,
- sname,
- namespace,
- kubeconfig,
- secrets=None):
- ''' constructor for handling secret options '''
- self.kubeconfig = kubeconfig
- self.name = sname
- self.namespace = namespace
- self.secrets = secrets
- self.data = {}
-
- self.create_dict()
-
- def create_dict(self):
- ''' assign the correct properties for a secret dict '''
- self.data['apiVersion'] = 'v1'
- self.data['kind'] = 'Secret'
- self.data['metadata'] = {}
- self.data['metadata']['name'] = self.name
- self.data['metadata']['namespace'] = self.namespace
- self.data['data'] = {}
- if self.secrets:
- for key, value in self.secrets.items():
- self.data['data'][key] = value
-
-# pylint: disable=too-many-instance-attributes
-class Secret(Yedit):
- ''' Class to wrap the oc command line tools '''
- secret_path = "data"
- kind = 'secret'
-
- def __init__(self, content):
- '''secret constructor'''
- super(Secret, self).__init__(content=content)
- self._secrets = None
-
- @property
- def secrets(self):
- '''secret property getter'''
- if self._secrets is None:
- self._secrets = self.get_secrets()
- return self._secrets
-
- @secrets.setter
- def secrets(self):
- '''secret property setter'''
- if self._secrets is None:
- self._secrets = self.get_secrets()
- return self._secrets
-
- def get_secrets(self):
- ''' returns all of the defined secrets '''
- return self.get(Secret.secret_path) or {}
-
- def add_secret(self, key, value):
- ''' add a secret '''
- if self.secrets:
- self.secrets[key] = value
- else:
- self.put(Secret.secret_path, {key: value})
-
- return True
-
- def delete_secret(self, key):
- ''' delete secret'''
- try:
- del self.secrets[key]
- except KeyError as _:
- return False
-
- return True
-
- def find_secret(self, key):
- ''' find secret'''
- rval = None
- try:
- rval = self.secrets[key]
- except KeyError as _:
- return None
-
- return {'key': key, 'value': rval}
-
- def update_secret(self, key, value):
- ''' update a secret'''
- if key in self.secrets:
- self.secrets[key] = value
- else:
- self.add_secret(key, value)
-
- return True
-
-# -*- -*- -*- End included fragment: lib/secret.py -*- -*- -*-
-
-# -*- -*- -*- Begin included fragment: lib/service.py -*- -*- -*-
-
-
-# pylint: disable=too-many-instance-attributes
-class ServiceConfig(object):
- ''' Handle service options '''
- # pylint: disable=too-many-arguments
- def __init__(self,
- sname,
- namespace,
- ports,
- selector=None,
- labels=None,
- cluster_ip=None,
- portal_ip=None,
- session_affinity=None,
- service_type=None):
- ''' constructor for handling service options '''
- self.name = sname
- self.namespace = namespace
- self.ports = ports
- self.selector = selector
- self.labels = labels
- self.cluster_ip = cluster_ip
- self.portal_ip = portal_ip
- self.session_affinity = session_affinity
- self.service_type = service_type
- self.data = {}
-
- self.create_dict()
-
- def create_dict(self):
- ''' instantiates a service dict '''
- self.data['apiVersion'] = 'v1'
- self.data['kind'] = 'Service'
- self.data['metadata'] = {}
- self.data['metadata']['name'] = self.name
- self.data['metadata']['namespace'] = self.namespace
- if self.labels:
- for lab, lab_value in self.labels.items():
- self.data['metadata'][lab] = lab_value
- self.data['spec'] = {}
-
- if self.ports:
- self.data['spec']['ports'] = self.ports
- else:
- self.data['spec']['ports'] = []
-
- if self.selector:
- self.data['spec']['selector'] = self.selector
-
- self.data['spec']['sessionAffinity'] = self.session_affinity or 'None'
-
- if self.cluster_ip:
- self.data['spec']['clusterIP'] = self.cluster_ip
-
- if self.portal_ip:
- self.data['spec']['portalIP'] = self.portal_ip
-
- if self.service_type:
- self.data['spec']['type'] = self.service_type
-
-# pylint: disable=too-many-instance-attributes,too-many-public-methods
-class Service(Yedit):
- ''' Class to model the oc service object '''
- port_path = "spec.ports"
- portal_ip = "spec.portalIP"
- cluster_ip = "spec.clusterIP"
- kind = 'Service'
-
- def __init__(self, content):
- '''Service constructor'''
- super(Service, self).__init__(content=content)
-
- def get_ports(self):
- ''' get a list of ports '''
- return self.get(Service.port_path) or []
-
- def add_ports(self, inc_ports):
- ''' add a port object to the ports list '''
- if not isinstance(inc_ports, list):
- inc_ports = [inc_ports]
-
- ports = self.get_ports()
- if not ports:
- self.put(Service.port_path, inc_ports)
- else:
- ports.extend(inc_ports)
-
- return True
-
- def find_ports(self, inc_port):
- ''' find a specific port '''
- for port in self.get_ports():
- if port['port'] == inc_port['port']:
- return port
-
- return None
-
- def delete_ports(self, inc_ports):
- ''' remove a port from a service '''
- if not isinstance(inc_ports, list):
- inc_ports = [inc_ports]
-
- ports = self.get(Service.port_path) or []
-
- if not ports:
- return True
-
- removed = False
- for inc_port in inc_ports:
- port = self.find_ports(inc_port)
- if port:
- ports.remove(port)
- removed = True
-
- return removed
-
- def add_cluster_ip(self, sip):
- '''add cluster ip'''
- self.put(Service.cluster_ip, sip)
-
- def add_portal_ip(self, pip):
- '''add cluster ip'''
- self.put(Service.portal_ip, pip)
-
-# -*- -*- -*- End included fragment: lib/service.py -*- -*- -*-
-
# -*- -*- -*- Begin included fragment: lib/volume.py -*- -*- -*-
class Volume(object):
- ''' Class to model an openshift volume object'''
+ ''' Class to represent an openshift volume object'''
volume_mounts_path = {"pod": "spec.containers[0].volumeMounts",
"dc": "spec.template.spec.containers[0].volumeMounts",
"rc": "spec.template.spec.containers[0].volumeMounts",
@@ -2034,458 +1756,201 @@ class Volume(object):
''' return a properly structured volume '''
volume_mount = None
volume = {'name': volume_info['name']}
- if volume_info['type'] == 'secret':
+ volume_type = volume_info['type'].lower()
+ if volume_type == 'secret':
volume['secret'] = {}
volume[volume_info['type']] = {'secretName': volume_info['secret_name']}
volume_mount = {'mountPath': volume_info['path'],
'name': volume_info['name']}
- elif volume_info['type'] == 'emptydir':
+ elif volume_type == 'emptydir':
volume['emptyDir'] = {}
volume_mount = {'mountPath': volume_info['path'],
'name': volume_info['name']}
- elif volume_info['type'] == 'pvc':
+ elif volume_type == 'pvc' or volume_type == 'persistentvolumeclaim':
volume['persistentVolumeClaim'] = {}
volume['persistentVolumeClaim']['claimName'] = volume_info['claimName']
volume['persistentVolumeClaim']['claimSize'] = volume_info['claimSize']
- elif volume_info['type'] == 'hostpath':
+ elif volume_type == 'hostpath':
volume['hostPath'] = {}
volume['hostPath']['path'] = volume_info['path']
+ elif volume_type == 'configmap':
+ volume['configMap'] = {}
+ volume['configMap']['name'] = volume_info['configmap_name']
+ volume_mount = {'mountPath': volume_info['path'],
+ 'name': volume_info['name']}
return (volume, volume_mount)
# -*- -*- -*- End included fragment: lib/volume.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: class/oc_version.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: class/oc_volume.py -*- -*- -*-
# pylint: disable=too-many-instance-attributes
-class OCVersion(OpenShiftCLI):
+class OCVolume(OpenShiftCLI):
''' Class to wrap the oc command line tools '''
+ volume_mounts_path = {"pod": "spec.containers[0].volumeMounts",
+ "dc": "spec.template.spec.containers[0].volumeMounts",
+ "rc": "spec.template.spec.containers[0].volumeMounts",
+ }
+ volumes_path = {"pod": "spec.volumes",
+ "dc": "spec.template.spec.volumes",
+ "rc": "spec.template.spec.volumes",
+ }
+
# pylint allows 5
# pylint: disable=too-many-arguments
def __init__(self,
- config,
- debug):
- ''' Constructor for OCVersion '''
- super(OCVersion, self).__init__(None, config)
- self.debug = debug
-
- def get(self):
- '''get and return version information '''
-
- results = {}
-
- version_results = self._version()
-
- if version_results['returncode'] == 0:
- filtered_vers = Utils.filter_versions(version_results['results'])
- custom_vers = Utils.add_custom_versions(filtered_vers)
-
- results['returncode'] = version_results['returncode']
- results.update(filtered_vers)
- results.update(custom_vers)
-
- return results
-
- raise OpenShiftCLIError('Problem detecting openshift version.')
-
- @staticmethod
- def run_ansible(params):
- '''run the idempotent ansible code'''
- oc_version = OCVersion(params['kubeconfig'], params['debug'])
-
- if params['state'] == 'list':
-
- #pylint: disable=protected-access
- result = oc_version.get()
- return {'state': params['state'],
- 'results': result,
- 'changed': False}
-
-# -*- -*- -*- End included fragment: class/oc_version.py -*- -*- -*-
-
-# -*- -*- -*- Begin included fragment: class/oc_adm_registry.py -*- -*- -*-
-
-class RegistryException(Exception):
- ''' Registry Exception Class '''
- pass
-
-
-class RegistryConfig(OpenShiftCLIConfig):
- ''' RegistryConfig is a DTO for the registry. '''
- def __init__(self, rname, namespace, kubeconfig, registry_options):
- super(RegistryConfig, self).__init__(rname, namespace, kubeconfig, registry_options)
-
-
-class Registry(OpenShiftCLI):
- ''' Class to wrap the oc command line tools '''
-
- volume_mount_path = 'spec.template.spec.containers[0].volumeMounts'
- volume_path = 'spec.template.spec.volumes'
- env_path = 'spec.template.spec.containers[0].env'
-
- def __init__(self,
- registry_config,
+ kind,
+ resource_name,
+ namespace,
+ vol_name,
+ mount_path,
+ mount_type,
+ secret_name,
+ claim_size,
+ claim_name,
+ configmap_name,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
verbose=False):
- ''' Constructor for Registry
-
- a registry consists of 3 or more parts
- - dc/docker-registry
- - svc/docker-registry
-
- Parameters:
- :registry_config:
- :verbose:
- '''
- super(Registry, self).__init__(registry_config.namespace, registry_config.kubeconfig, verbose)
- self.version = OCVersion(registry_config.kubeconfig, verbose)
- self.svc_ip = None
- self.portal_ip = None
- self.config = registry_config
+ ''' Constructor for OCVolume '''
+ super(OCVolume, self).__init__(namespace, kubeconfig)
+ self.kind = kind
+ self.volume_info = {'name': vol_name,
+ 'secret_name': secret_name,
+ 'path': mount_path,
+ 'type': mount_type,
+ 'claimSize': claim_size,
+ 'claimName': claim_name,
+ 'configmap_name': configmap_name}
+ self.volume, self.volume_mount = Volume.create_volume_structure(self.volume_info)
+ self.name = resource_name
+ self.namespace = namespace
+ self.kubeconfig = kubeconfig
self.verbose = verbose
- self.registry_parts = [{'kind': 'dc', 'name': self.config.name},
- {'kind': 'svc', 'name': self.config.name},
- ]
-
- self.__prepared_registry = None
- self.volume_mounts = []
- self.volumes = []
- if self.config.config_options['volume_mounts']['value']:
- for volume in self.config.config_options['volume_mounts']['value']:
- volume_info = {'secret_name': volume.get('secret_name', None),
- 'name': volume.get('name', None),
- 'type': volume.get('type', None),
- 'path': volume.get('path', None),
- 'claimName': volume.get('claim_name', None),
- 'claimSize': volume.get('claim_size', None),
- }
-
- vol, vol_mount = Volume.create_volume_structure(volume_info)
- self.volumes.append(vol)
- self.volume_mounts.append(vol_mount)
-
- self.dconfig = None
- self.svc = None
-
- @property
- def deploymentconfig(self):
- ''' deploymentconfig property '''
- return self.dconfig
-
- @deploymentconfig.setter
- def deploymentconfig(self, config):
- ''' setter for deploymentconfig property '''
- self.dconfig = config
-
- @property
- def service(self):
- ''' service property '''
- return self.svc
-
- @service.setter
- def service(self, config):
- ''' setter for service property '''
- self.svc = config
+ self._resource = None
@property
- def prepared_registry(self):
- ''' prepared_registry property '''
- if not self.__prepared_registry:
- results = self.prepare_registry()
- if not results:
- raise RegistryException('Could not perform registry preparation.')
- self.__prepared_registry = results
-
- return self.__prepared_registry
-
- @prepared_registry.setter
- def prepared_registry(self, data):
- ''' setter method for prepared_registry attribute '''
- self.__prepared_registry = data
-
- def get(self):
- ''' return the self.registry_parts '''
- self.deploymentconfig = None
- self.service = None
-
- rval = 0
- for part in self.registry_parts:
- result = self._get(part['kind'], rname=part['name'])
- if result['returncode'] == 0 and part['kind'] == 'dc':
- self.deploymentconfig = DeploymentConfig(result['results'][0])
- elif result['returncode'] == 0 and part['kind'] == 'svc':
- self.service = Yedit(content=result['results'][0])
-
- if result['returncode'] != 0:
- rval = result['returncode']
+ def resource(self):
+ ''' property function for resource var '''
+ if not self._resource:
+ self.get()
+ return self._resource
-
- return {'returncode': rval, 'deploymentconfig': self.deploymentconfig, 'service': self.service}
+ @resource.setter
+ def resource(self, data):
+ ''' setter function for resource var '''
+ self._resource = data
def exists(self):
- '''does the object exist?'''
- self.get()
- if self.deploymentconfig or self.service:
+ ''' return whether a volume exists '''
+ volume_mount_found = False
+ volume_found = self.resource.exists_volume(self.volume)
+ if not self.volume_mount and volume_found:
return True
- return False
-
- def delete(self, complete=True):
- '''return all pods '''
- parts = []
- for part in self.registry_parts:
- if not complete and part['kind'] == 'svc':
- continue
- parts.append(self._delete(part['kind'], part['name']))
-
- # Clean up returned results
- rval = 0
- for part in parts:
- # pylint: disable=invalid-sequence-index
- if 'returncode' in part and part['returncode'] != 0:
- rval = part['returncode']
-
- return {'returncode': rval, 'results': parts}
-
- def prepare_registry(self):
- ''' prepare a registry for instantiation '''
- options = self.config.to_option_list()
-
- cmd = ['registry', '-n', self.config.namespace]
- cmd.extend(options)
- cmd.extend(['--dry-run=True', '-o', 'json'])
-
- results = self.openshift_cmd(cmd, oadm=True, output=True, output_type='json')
- # probably need to parse this
- # pylint thinks results is a string
- # pylint: disable=no-member
- if results['returncode'] != 0 and 'items' in results['results']:
- return results
+ if self.volume_mount:
+ volume_mount_found = self.resource.exists_volume_mount(self.volume_mount)
- service = None
- deploymentconfig = None
- # pylint: disable=invalid-sequence-index
- for res in results['results']['items']:
- if res['kind'] == 'DeploymentConfig':
- deploymentconfig = DeploymentConfig(res)
- elif res['kind'] == 'Service':
- service = Service(res)
-
- # Verify we got a service and a deploymentconfig
- if not service or not deploymentconfig:
- return results
-
- # results will need to get parsed here and modifications added
- deploymentconfig = DeploymentConfig(self.add_modifications(deploymentconfig))
-
- # modify service ip
- if self.svc_ip:
- service.put('spec.clusterIP', self.svc_ip)
- if self.portal_ip:
- service.put('spec.portalIP', self.portal_ip)
-
- # need to create the service and the deploymentconfig
- service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict)
- deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict)
-
- return {"service": service,
- "service_file": service_file,
- "service_update": False,
- "deployment": deploymentconfig,
- "deployment_file": deployment_file,
- "deployment_update": False}
-
- def create(self):
- '''Create a registry'''
- results = []
- for config_file in ['deployment_file', 'service_file']:
- results.append(self._create(self.prepared_registry[config_file]))
-
- # Clean up returned results
- rval = 0
- for result in results:
- # pylint: disable=invalid-sequence-index
- if 'returncode' in result and result['returncode'] != 0:
- rval = result['returncode']
-
- return {'returncode': rval, 'results': results}
-
- def update(self):
- '''run update for the registry. This performs a delete and then create '''
- # Store the current service IP
- if self.service:
- svcip = self.service.get('spec.clusterIP')
- if svcip:
- self.svc_ip = svcip
- portip = self.service.get('spec.portalIP')
- if portip:
- self.portal_ip = portip
-
- results = []
- if self.prepared_registry['deployment_update']:
- results.append(self._replace(self.prepared_registry['deployment_file']))
- if self.prepared_registry['service_update']:
- results.append(self._replace(self.prepared_registry['service_file']))
+ if volume_found and self.volume_mount and volume_mount_found:
+ return True
- # Clean up returned results
- rval = 0
- for result in results:
- if result['returncode'] != 0:
- rval = result['returncode']
-
- return {'returncode': rval, 'results': results}
-
- def add_modifications(self, deploymentconfig):
- ''' update a deployment config with changes '''
- # The environment variable for REGISTRY_HTTP_SECRET is autogenerated
- # We should set the generated deploymentconfig to the in memory version
- # the following modifications will overwrite if needed
- result = self.deploymentconfig.get_env_var('REGISTRY_HTTP_SECRET')
- if result:
- deploymentconfig.update_env_var('REGISTRY_HTTP_SECRET', result['value'])
-
- # Currently we know that our deployment of a registry requires a few extra modifications
- # Modification 1
- # we need specific environment variables to be set
- for key, value in self.config.config_options['env_vars'].get('value', {}).items():
- if not deploymentconfig.exists_env_key(key):
- deploymentconfig.add_env_value(key, value)
- else:
- deploymentconfig.update_env_var(key, value)
-
- # Modification 2
- # we need specific volume variables to be set
- for volume in self.volumes:
- deploymentconfig.update_volume(volume)
-
- for vol_mount in self.volume_mounts:
- deploymentconfig.update_volume_mount(vol_mount)
-
- # Modification 3
- # Edits
- edit_results = []
- for edit in self.config.config_options['edits'].get('value', []):
- if edit['action'] == 'put':
- edit_results.append(deploymentconfig.put(edit['key'],
- edit['value']))
- if edit['action'] == 'update':
- edit_results.append(deploymentconfig.update(edit['key'],
- edit['value'],
- edit.get('index', None),
- edit.get('curr_value', None)))
- if edit['action'] == 'append':
- edit_results.append(deploymentconfig.append(edit['key'],
- edit['value']))
-
- if edit_results and not any([res[0] for res in edit_results]):
- return None
+ return False
- return deploymentconfig.yaml_dict
+ def get(self):
+ '''return volume information '''
+ vol = self._get(self.kind, self.name)
+ if vol['returncode'] == 0:
+ if self.kind == 'dc':
+ self.resource = DeploymentConfig(content=vol['results'][0])
+ vol['results'] = self.resource.get_volumes()
+
+ return vol
+
+ def delete(self):
+ '''remove a volume'''
+ self.resource.delete_volume_by_name(self.volume)
+ return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
+
+ def put(self):
+ '''place volume into dc '''
+ self.resource.update_volume(self.volume)
+ self.resource.get_volumes()
+ self.resource.update_volume_mount(self.volume_mount)
+ return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
def needs_update(self):
- ''' check to see if we need to update '''
- if not self.service or not self.deploymentconfig:
- return True
+ ''' verify an update is needed '''
+ return self.resource.needs_update_volume(self.volume, self.volume_mount)
- exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol']
- if not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict,
- self.service.yaml_dict,
- exclude_list,
- debug=self.verbose):
- self.prepared_registry['service_update'] = True
-
- exclude_list = ['dnsPolicy',
- 'terminationGracePeriodSeconds',
- 'restartPolicy', 'timeoutSeconds',
- 'livenessProbe', 'readinessProbe',
- 'terminationMessagePath',
- 'securityContext',
- 'imagePullPolicy',
- 'protocol', # ports.portocol: TCP
- 'type', # strategy: {'type': 'rolling'}
- 'defaultMode', # added on secrets
- 'activeDeadlineSeconds', # added in 1.5 for timeouts
- ]
-
- if not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict,
- self.deploymentconfig.yaml_dict,
- exclude_list,
- debug=self.verbose):
- self.prepared_registry['deployment_update'] = True
-
- return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False
-
- # In the future, we would like to break out each ansible state into a function.
# pylint: disable=too-many-branches,too-many-return-statements
@staticmethod
- def run_ansible(params, check_mode):
- '''run idempotent ansible code'''
-
- rconfig = RegistryConfig(params['name'],
- params['namespace'],
- params['kubeconfig'],
- {'images': {'value': params['images'], 'include': True},
- 'latest_images': {'value': params['latest_images'], 'include': True},
- 'labels': {'value': params['labels'], 'include': True},
- 'ports': {'value': ','.join(params['ports']), 'include': True},
- 'replicas': {'value': params['replicas'], 'include': True},
- 'selector': {'value': params['selector'], 'include': True},
- 'service_account': {'value': params['service_account'], 'include': True},
- 'mount_host': {'value': params['mount_host'], 'include': True},
- 'env_vars': {'value': params['env_vars'], 'include': False},
- 'volume_mounts': {'value': params['volume_mounts'], 'include': False},
- 'edits': {'value': params['edits'], 'include': False},
- 'enforce_quota': {'value': params['enforce_quota'], 'include': True},
- 'daemonset': {'value': params['daemonset'], 'include': True},
- 'tls_key': {'value': params['tls_key'], 'include': True},
- 'tls_certificate': {'value': params['tls_certificate'], 'include': True},
- })
-
-
- ocregistry = Registry(rconfig, params['debug'])
-
- api_rval = ocregistry.get()
+ def run_ansible(params, check_mode=False):
+ '''run the idempotent ansible code'''
+ oc_volume = OCVolume(params['kind'],
+ params['name'],
+ params['namespace'],
+ params['vol_name'],
+ params['mount_path'],
+ params['mount_type'],
+ # secrets
+ params['secret_name'],
+ # pvc
+ params['claim_size'],
+ params['claim_name'],
+ # configmap
+ params['configmap_name'],
+ kubeconfig=params['kubeconfig'],
+ verbose=params['debug'])
state = params['state']
- ########
- # get
- ########
- if state == 'list':
- if api_rval['returncode'] != 0:
- return {'failed': True, 'msg': api_rval}
+ api_rval = oc_volume.get()
- return {'changed': False, 'results': api_rval, 'state': state}
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': state}
########
# Delete
########
if state == 'absent':
- if not ocregistry.exists():
- return {'changed': False, 'state': state}
+ if oc_volume.exists():
- if check_mode:
- return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+ if check_mode:
+ return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'}
- # Unsure as to why this is angry with the return type.
- # pylint: disable=redefined-variable-type
- api_rval = ocregistry.delete()
+ api_rval = oc_volume.delete()
- if api_rval['returncode'] != 0:
- return {'failed': True, 'msg': api_rval}
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
- return {'changed': True, 'results': api_rval, 'state': state}
+ return {'changed': False, 'state': state}
if state == 'present':
########
# Create
########
- if not ocregistry.exists():
+ if not oc_volume.exists():
if check_mode:
- return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
+ exit_json(changed=False, msg='Would have performed a create.')
- api_rval = ocregistry.create()
+ # Create it here
+ api_rval = oc_volume.put()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_volume.get()
if api_rval['returncode'] != 0:
return {'failed': True, 'msg': api_rval}
@@ -2495,68 +1960,65 @@ class Registry(OpenShiftCLI):
########
# Update
########
- if not params['force'] and not ocregistry.needs_update():
- return {'changed': False, 'state': state}
+ if oc_volume.needs_update():
+ api_rval = oc_volume.put()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
- if check_mode:
- return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'}
+ # return the created object
+ api_rval = oc_volume.get()
- api_rval = ocregistry.update()
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
- if api_rval['returncode'] != 0:
- return {'failed': True, 'msg': api_rval}
+ return {'changed': True, 'results': api_rval, state: state}
- return {'changed': True, 'results': api_rval, 'state': state}
+ return {'changed': False, 'results': api_rval, state: state}
- return {'failed': True, 'msg': 'Unknown state passed. %s' % state}
+ return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}
-# -*- -*- -*- End included fragment: class/oc_adm_registry.py -*- -*- -*-
+# -*- -*- -*- End included fragment: class/oc_volume.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: ansible/oc_adm_registry.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: ansible/oc_volume.py -*- -*- -*-
def main():
'''
- ansible oc module for registry
+ ansible oc module for volumes
'''
module = AnsibleModule(
argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
state=dict(default='present', type='str',
- choices=['present', 'absent']),
+ choices=['present', 'absent', 'list']),
debug=dict(default=False, type='bool'),
+ kind=dict(default='dc', choices=['dc', 'rc', 'pods'], type='str'),
namespace=dict(default='default', type='str'),
- name=dict(default=None, required=True, type='str'),
-
- kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
- images=dict(default=None, type='str'),
- latest_images=dict(default=False, type='bool'),
- labels=dict(default=None, type='list'),
- ports=dict(default=['5000'], type='list'),
- replicas=dict(default=1, type='int'),
- selector=dict(default=None, type='str'),
- service_account=dict(default='registry', type='str'),
- mount_host=dict(default=None, type='str'),
- volume_mounts=dict(default=None, type='list'),
- env_vars=dict(default={}, type='dict'),
- edits=dict(default=[], type='list'),
- enforce_quota=dict(default=False, type='bool'),
- force=dict(default=False, type='bool'),
- daemonset=dict(default=False, type='bool'),
- tls_key=dict(default=None, type='str'),
- tls_certificate=dict(default=None, type='str'),
+ vol_name=dict(default=None, type='str'),
+ name=dict(default=None, type='str'),
+ mount_type=dict(default=None,
+ choices=['emptydir', 'hostpath', 'secret', 'pvc', 'configmap'],
+ type='str'),
+ mount_path=dict(default=None, type='str'),
+ # secrets require a name
+ secret_name=dict(default=None, type='str'),
+ # pvc requires a size
+ claim_size=dict(default=None, type='str'),
+ claim_name=dict(default=None, type='str'),
+ # configmap requires a name
+ configmap_name=dict(default=None, type='str'),
),
-
supports_check_mode=True,
)
+ rval = OCVolume.run_ansible(module.params, module.check_mode)
+ if 'failed' in rval:
+ module.fail_json(**rval)
- results = Registry.run_ansible(module.params, module.check_mode)
- if 'failed' in results:
- module.fail_json(**results)
-
- module.exit_json(**results)
+ module.exit_json(**rval)
if __name__ == '__main__':
main()
-# -*- -*- -*- End included fragment: ansible/oc_adm_registry.py -*- -*- -*-
+# -*- -*- -*- End included fragment: ansible/oc_volume.py -*- -*- -*-
diff --git a/roles/lib_openshift/src/ansible/oadm_manage_node.py b/roles/lib_openshift/src/ansible/oc_adm_manage_node.py
index b870c1211..b870c1211 100644
--- a/roles/lib_openshift/src/ansible/oadm_manage_node.py
+++ b/roles/lib_openshift/src/ansible/oc_adm_manage_node.py
diff --git a/roles/lib_openshift/src/ansible/oc_configmap.py b/roles/lib_openshift/src/ansible/oc_configmap.py
new file mode 100644
index 000000000..974f72499
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_configmap.py
@@ -0,0 +1,32 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+def main():
+ '''
+ ansible oc module for managing OpenShift configmap objects
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ namespace=dict(default='default', type='str'),
+ name=dict(default=None, required=True, type='str'),
+ from_file=dict(default=None, type='dict'),
+ from_literal=dict(default=None, type='dict'),
+ ),
+ supports_check_mode=True,
+ )
+
+
+ rval = OCConfigMap.run_ansible(module.params, module.check_mode)
+ if 'failed' in rval:
+ module.fail_json(**rval)
+
+ module.exit_json(**rval)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/lib_openshift/src/ansible/oc_group.py b/roles/lib_openshift/src/ansible/oc_group.py
new file mode 100644
index 000000000..9294286d6
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_group.py
@@ -0,0 +1,32 @@
+# pylint: skip-file
+# flake8: noqa
+
+#pylint: disable=too-many-branches
+def main():
+ '''
+ ansible oc module for group
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ name=dict(default=None, type='str'),
+ namespace=dict(default='default', type='str'),
+ # addind users to a group is handled through the oc_users module
+ #users=dict(default=None, type='list'),
+ ),
+ supports_check_mode=True,
+ )
+
+ rval = OCGroup.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in rval:
+ return module.fail_json(**rval)
+
+ return module.exit_json(**rval)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/lib_openshift/src/ansible/oc_image.py b/roles/lib_openshift/src/ansible/oc_image.py
new file mode 100644
index 000000000..447d62f20
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_image.py
@@ -0,0 +1,34 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+def main():
+ '''
+ ansible oc module for image import
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'list']),
+ debug=dict(default=False, type='bool'),
+ namespace=dict(default='default', type='str'),
+ registry_url=dict(default=None, type='str'),
+ image_name=dict(default=None, required=True, type='str'),
+ image_tag=dict(default=None, type='str'),
+ force=dict(default=False, type='bool'),
+ ),
+
+ supports_check_mode=True,
+ )
+
+ rval = OCImage.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in rval:
+ module.fail_json(**rval)
+
+ module.exit_json(**rval)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/lib_openshift/src/ansible/oc_pvc.py b/roles/lib_openshift/src/ansible/oc_pvc.py
new file mode 100644
index 000000000..a5181e281
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_pvc.py
@@ -0,0 +1,35 @@
+# pylint: skip-file
+# flake8: noqa
+
+#pylint: disable=too-many-branches
+def main():
+ '''
+ ansible oc module for pvc
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ name=dict(default=None, required=True, type='str'),
+ namespace=dict(default=None, required=True, type='str'),
+ volume_capacity=dict(default='1G', type='str'),
+ access_modes=dict(default='ReadWriteOnce',
+ choices=['ReadWriteOnce', 'ReadOnlyMany', 'ReadWriteMany'],
+ type='str'),
+ ),
+ supports_check_mode=True,
+ )
+
+ rval = OCPVC.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in rval:
+ module.fail_json(**rval)
+
+ return module.exit_json(**rval)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/lib_openshift/src/ansible/oc_user.py b/roles/lib_openshift/src/ansible/oc_user.py
new file mode 100644
index 000000000..6b1440796
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_user.py
@@ -0,0 +1,34 @@
+# pylint: skip-file
+# flake8: noqa
+
+def main():
+ '''
+ ansible oc module for user
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ username=dict(default=None, type='str'),
+ full_name=dict(default=None, type='str'),
+ # setting groups for user data will not populate the
+ # 'groups' field in the user data.
+ # it will call out to the group data and make the user
+ # entry there
+ groups=dict(default=[], type='list'),
+ ),
+ supports_check_mode=True,
+ )
+
+ results = OCUser.run_ansible(module.params, module.check_mode)
+
+ if 'failed' in results:
+ module.fail_json(**results)
+
+ module.exit_json(**results)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/lib_openshift/src/ansible/oc_volume.py b/roles/lib_openshift/src/ansible/oc_volume.py
new file mode 100644
index 000000000..660376d2f
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_volume.py
@@ -0,0 +1,41 @@
+# pylint: skip-file
+# flake8: noqa
+
+def main():
+ '''
+ ansible oc module for volumes
+ '''
+
+ module = AnsibleModule(
+ argument_spec=dict(
+ kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+ state=dict(default='present', type='str',
+ choices=['present', 'absent', 'list']),
+ debug=dict(default=False, type='bool'),
+ kind=dict(default='dc', choices=['dc', 'rc', 'pods'], type='str'),
+ namespace=dict(default='default', type='str'),
+ vol_name=dict(default=None, type='str'),
+ name=dict(default=None, type='str'),
+ mount_type=dict(default=None,
+ choices=['emptydir', 'hostpath', 'secret', 'pvc', 'configmap'],
+ type='str'),
+ mount_path=dict(default=None, type='str'),
+ # secrets require a name
+ secret_name=dict(default=None, type='str'),
+ # pvc requires a size
+ claim_size=dict(default=None, type='str'),
+ claim_name=dict(default=None, type='str'),
+ # configmap requires a name
+ configmap_name=dict(default=None, type='str'),
+ ),
+ supports_check_mode=True,
+ )
+ rval = OCVolume.run_ansible(module.params, module.check_mode)
+ if 'failed' in rval:
+ module.fail_json(**rval)
+
+ module.exit_json(**rval)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/lib_openshift/src/class/oadm_manage_node.py b/roles/lib_openshift/src/class/oc_adm_manage_node.py
index c07320477..c07320477 100644
--- a/roles/lib_openshift/src/class/oadm_manage_node.py
+++ b/roles/lib_openshift/src/class/oc_adm_manage_node.py
diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py
index c083cd179..25519c9c9 100644
--- a/roles/lib_openshift/src/class/oc_adm_registry.py
+++ b/roles/lib_openshift/src/class/oc_adm_registry.py
@@ -87,8 +87,8 @@ class Registry(OpenShiftCLI):
''' prepared_registry property '''
if not self.__prepared_registry:
results = self.prepare_registry()
- if not results:
- raise RegistryException('Could not perform registry preparation.')
+ if not results or ('returncode' in results and results['returncode'] != 0):
+ raise RegistryException('Could not perform registry preparation. {}'.format(results))
self.__prepared_registry = results
return self.__prepared_registry
@@ -153,8 +153,8 @@ class Registry(OpenShiftCLI):
# probably need to parse this
# pylint thinks results is a string
# pylint: disable=no-member
- if results['returncode'] != 0 and 'items' in results['results']:
- return results
+ if results['returncode'] != 0 and 'items' not in results['results']:
+ raise RegistryException('Could not perform registry preparation. {}'.format(results))
service = None
deploymentconfig = None
diff --git a/roles/lib_openshift/src/class/oc_configmap.py b/roles/lib_openshift/src/class/oc_configmap.py
new file mode 100644
index 000000000..87de3e1df
--- /dev/null
+++ b/roles/lib_openshift/src/class/oc_configmap.py
@@ -0,0 +1,187 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+# pylint: disable=too-many-arguments
+class OCConfigMap(OpenShiftCLI):
+ ''' Openshift ConfigMap Class
+
+ ConfigMaps are a way to store data inside of objects
+ '''
+ def __init__(self,
+ name,
+ from_file,
+ from_literal,
+ state,
+ namespace,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False):
+ ''' Constructor for OpenshiftOC '''
+ super(OCConfigMap, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
+ self.name = name
+ self.state = state
+ self._configmap = None
+ self._inc_configmap = None
+ self.from_file = from_file if from_file is not None else {}
+ self.from_literal = from_literal if from_literal is not None else {}
+
+ @property
+ def configmap(self):
+ if self._configmap is None:
+ self._configmap = self.get()
+
+ return self._configmap
+
+ @configmap.setter
+ def configmap(self, inc_map):
+ self._configmap = inc_map
+
+ @property
+ def inc_configmap(self):
+ if self._inc_configmap is None:
+ results = self.create(dryrun=True, output=True)
+ self._inc_configmap = results['results']
+
+ return self._inc_configmap
+
+ @inc_configmap.setter
+ def inc_configmap(self, inc_map):
+ self._inc_configmap = inc_map
+
+ def from_file_to_params(self):
+ '''return from_files in a string ready for cli'''
+ return ["--from-file={}={}".format(key, value) for key, value in self.from_file.items()]
+
+ def from_literal_to_params(self):
+ '''return from_literal in a string ready for cli'''
+ return ["--from-literal={}={}".format(key, value) for key, value in self.from_literal.items()]
+
+ def get(self):
+ '''return a configmap by name '''
+ results = self._get('configmap', self.name)
+ if results['returncode'] == 0 and results['results'][0]:
+ self.configmap = results['results'][0]
+
+ if results['returncode'] != 0 and '"{}" not found'.format(self.name) in results['stderr']:
+ results['returncode'] = 0
+
+ return results
+
+ def delete(self):
+ '''delete a configmap by name'''
+ return self._delete('configmap', self.name)
+
+ def create(self, dryrun=False, output=False):
+ '''Create a configmap
+
+ :dryrun: Product what you would have done. default: False
+ :output: Whether to parse output. default: False
+ '''
+
+ cmd = ['create', 'configmap', self.name]
+ if self.from_literal is not None:
+ cmd.extend(self.from_literal_to_params())
+
+ if self.from_file is not None:
+ cmd.extend(self.from_file_to_params())
+
+ if dryrun:
+ cmd.extend(['--dry-run', '-ojson'])
+
+ results = self.openshift_cmd(cmd, output=output)
+
+ return results
+
+ def update(self):
+ '''run update configmap '''
+ return self._replace_content('configmap', self.name, self.inc_configmap)
+
+ def needs_update(self):
+ '''compare the current configmap with the proposed and return if they are equal'''
+ return not Utils.check_def_equal(self.inc_configmap, self.configmap, debug=self.verbose)
+
+ @staticmethod
+ # pylint: disable=too-many-return-statements,too-many-branches
+ # TODO: This function should be refactored into its individual parts.
+ def run_ansible(params, check_mode):
+ '''run the ansible idempotent code'''
+
+ oc_cm = OCConfigMap(params['name'],
+ params['from_file'],
+ params['from_literal'],
+ params['state'],
+ params['namespace'],
+ kubeconfig=params['kubeconfig'],
+ verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = oc_cm.get()
+
+ if 'failed' in api_rval:
+ return {'failed': True, 'msg': api_rval}
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval, 'state': state}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ if not Utils.exists(api_rval['results'], params['name']):
+ return {'changed': False, 'state': 'absent'}
+
+ if check_mode:
+ return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+ api_rval = oc_cm.delete()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ ########
+ # Create
+ ########
+ if state == 'present':
+ if not Utils.exists(api_rval['results'], params['name']):
+
+ if check_mode:
+ return {'changed': True, 'msg': 'Would have performed a create.'}
+
+ api_rval = oc_cm.create()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ api_rval = oc_cm.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ ########
+ # Update
+ ########
+ if oc_cm.needs_update():
+
+ api_rval = oc_cm.update()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ api_rval = oc_cm.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'results': api_rval, 'state': state}
+
+ return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}
diff --git a/roles/lib_openshift/src/class/oc_group.py b/roles/lib_openshift/src/class/oc_group.py
new file mode 100644
index 000000000..89fb09ea4
--- /dev/null
+++ b/roles/lib_openshift/src/class/oc_group.py
@@ -0,0 +1,148 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+class OCGroup(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'group'
+
+ def __init__(self,
+ config,
+ verbose=False):
+ ''' Constructor for OCGroup '''
+ super(OCGroup, self).__init__(config.namespace, config.kubeconfig)
+ self.config = config
+ self.namespace = config.namespace
+ self._group = None
+
+ @property
+ def group(self):
+ ''' property function service'''
+ if not self._group:
+ self.get()
+ return self._group
+
+ @group.setter
+ def group(self, data):
+ ''' setter function for yedit var '''
+ self._group = data
+
+ def exists(self):
+ ''' return whether a group exists '''
+ if self.group:
+ return True
+
+ return False
+
+ def get(self):
+ '''return group information '''
+ result = self._get(self.kind, self.config.name)
+ if result['returncode'] == 0:
+ self.group = Group(content=result['results'][0])
+ elif 'groups \"{}\" not found'.format(self.config.name) in result['stderr']:
+ result['returncode'] = 0
+ result['results'] = [{}]
+
+ return result
+
+ def delete(self):
+ '''delete the object'''
+ return self._delete(self.kind, self.config.name)
+
+ def create(self):
+ '''create the object'''
+ return self._create_from_content(self.config.name, self.config.data)
+
+ def update(self):
+ '''update the object'''
+ return self._replace_content(self.kind, self.config.name, self.config.data)
+
+ def needs_update(self):
+ ''' verify an update is needed '''
+ return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=[], debug=True)
+
+ # pylint: disable=too-many-return-statements,too-many-branches
+ @staticmethod
+ def run_ansible(params, check_mode=False):
+ '''run the idempotent ansible code'''
+
+ gconfig = GroupConfig(params['name'],
+ params['namespace'],
+ params['kubeconfig'],
+ )
+ oc_group = OCGroup(gconfig, verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = oc_group.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': state}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ if oc_group.exists():
+
+ if check_mode:
+ return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+ api_rval = oc_group.delete()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'state': state}
+
+ if state == 'present':
+ ########
+ # Create
+ ########
+ if not oc_group.exists():
+
+ if check_mode:
+ return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
+
+ # Create it here
+ api_rval = oc_group.create()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_group.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ ########
+ # Update
+ ########
+ if oc_group.needs_update():
+ api_rval = oc_group.update()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_group.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'results': api_rval, 'state': state}
+
+ return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}
diff --git a/roles/lib_openshift/src/class/oc_image.py b/roles/lib_openshift/src/class/oc_image.py
new file mode 100644
index 000000000..d25349127
--- /dev/null
+++ b/roles/lib_openshift/src/class/oc_image.py
@@ -0,0 +1,91 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+# pylint: disable=too-many-arguments
+class OCImage(OpenShiftCLI):
+ ''' Class to import and create an imagestream object'''
+ def __init__(self,
+ namespace,
+ registry_url,
+ image_name,
+ image_tag,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False):
+ ''' Constructor for OCImage'''
+ super(OCImage, self).__init__(namespace, kubeconfig)
+ self.registry_url = registry_url
+ self.image_name = image_name
+ self.image_tag = image_tag
+ self.verbose = verbose
+
+ def get(self):
+ '''return a image by name '''
+ results = self._get('imagestream', self.image_name)
+ results['exists'] = False
+ if results['returncode'] == 0 and results['results'][0]:
+ results['exists'] = True
+
+ if results['returncode'] != 0 and '"{}" not found'.format(self.image_name) in results['stderr']:
+ results['returncode'] = 0
+
+ return results
+
+ def create(self, url=None, name=None, tag=None):
+ '''Create an image '''
+ return self._import_image(url, name, tag)
+
+
+ # pylint: disable=too-many-return-statements
+ @staticmethod
+ def run_ansible(params, check_mode):
+ ''' run the ansible idempotent code '''
+
+ ocimage = OCImage(params['namespace'],
+ params['registry_url'],
+ params['image_name'],
+ params['image_tag'],
+ kubeconfig=params['kubeconfig'],
+ verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = ocimage.get()
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ if api_rval['returncode'] != 0:
+ return {"failed": True, "msg": api_rval}
+ return {"changed": False, "results": api_rval, "state": "list"}
+
+ ########
+ # Create
+ ########
+ if state == 'present':
+
+ if not Utils.exists(api_rval['results'], params['image_name']):
+
+ if check_mode:
+ return {"changed": False, "msg": 'CHECK_MODE: Would have performed a create'}
+
+ api_rval = ocimage.create(params['registry_url'],
+ params['image_name'],
+ params['image_tag'])
+
+ if api_rval['returncode'] != 0:
+ return {"failed": True, "msg": api_rval}
+
+ # return the newly created object
+ api_rval = ocimage.get()
+
+ if api_rval['returncode'] != 0:
+ return {"failed": True, "msg": api_rval}
+
+ return {"changed": True, "results": api_rval, "state": "present"}
+
+ # image exists, no change
+ return {"changed": False, "results": api_rval, "state": "present"}
+
+ return {"failed": True, "changed": False, "msg": "Unknown state passed. {0}".format(state)}
diff --git a/roles/lib_openshift/src/class/oc_project.py b/roles/lib_openshift/src/class/oc_project.py
index 7e3984297..9ad8111a8 100644
--- a/roles/lib_openshift/src/class/oc_project.py
+++ b/roles/lib_openshift/src/class/oc_project.py
@@ -61,30 +61,34 @@ class OCProject(OpenShiftCLI):
def update(self):
'''update a project '''
- self.project.update_annotation('display-name', self.config.config_options['display_name']['value'])
- self.project.update_annotation('description', self.config.config_options['description']['value'])
+ if self.config.config_options['display_name']['value'] is not None:
+ self.project.update_annotation('display-name', self.config.config_options['display_name']['value'])
+
+ if self.config.config_options['description']['value'] is not None:
+ self.project.update_annotation('description', self.config.config_options['description']['value'])
# work around for immutable project field
- if self.config.config_options['node_selector']['value']:
+ if self.config.config_options['node_selector']['value'] is not None:
self.project.update_annotation('node-selector', self.config.config_options['node_selector']['value'])
- else:
- self.project.update_annotation('node-selector', self.project.find_annotation('node-selector'))
return self._replace_content(self.kind, self.config.name, self.project.yaml_dict)
def needs_update(self):
''' verify an update is needed '''
- result = self.project.find_annotation("display-name")
- if result != self.config.config_options['display_name']['value']:
- return True
+ if self.config.config_options['display_name']['value'] is not None:
+ result = self.project.find_annotation("display-name")
+ if result != self.config.config_options['display_name']['value']:
+ return True
- result = self.project.find_annotation("description")
- if result != self.config.config_options['description']['value']:
- return True
+ if self.config.config_options['description']['value'] is not None:
+ result = self.project.find_annotation("description")
+ if result != self.config.config_options['description']['value']:
+ return True
- result = self.project.find_annotation("node-selector")
- if result != self.config.config_options['node_selector']['value']:
- return True
+ if self.config.config_options['node_selector']['value'] is not None:
+ result = self.project.find_annotation("node-selector")
+ if result != self.config.config_options['node_selector']['value']:
+ return True
return False
@@ -93,19 +97,22 @@ class OCProject(OpenShiftCLI):
def run_ansible(params, check_mode):
'''run the idempotent ansible code'''
- _ns = None
+ node_selector = None
if params['node_selector'] is not None:
- _ns = ','.join(params['node_selector'])
-
- pconfig = ProjectConfig(params['name'],
- 'None',
- params['kubeconfig'],
- {'admin': {'value': params['admin'], 'include': True},
- 'admin_role': {'value': params['admin_role'], 'include': True},
- 'description': {'value': params['description'], 'include': True},
- 'display_name': {'value': params['display_name'], 'include': True},
- 'node_selector': {'value': _ns, 'include': True},
- })
+ node_selector = ','.join(params['node_selector'])
+
+ pconfig = ProjectConfig(
+ params['name'],
+ 'None',
+ params['kubeconfig'],
+ {
+ 'admin': {'value': params['admin'], 'include': True},
+ 'admin_role': {'value': params['admin_role'], 'include': True},
+ 'description': {'value': params['description'], 'include': True},
+ 'display_name': {'value': params['display_name'], 'include': True},
+ 'node_selector': {'value': node_selector, 'include': True},
+ },
+ )
oadm_project = OCProject(pconfig, verbose=params['debug'])
diff --git a/roles/lib_openshift/src/class/oc_pvc.py b/roles/lib_openshift/src/class/oc_pvc.py
new file mode 100644
index 000000000..c73abc47c
--- /dev/null
+++ b/roles/lib_openshift/src/class/oc_pvc.py
@@ -0,0 +1,167 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+# pylint: disable=too-many-instance-attributes
+class OCPVC(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'pvc'
+
+ # pylint allows 5
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ config,
+ verbose=False):
+ ''' Constructor for OCVolume '''
+ super(OCPVC, self).__init__(config.namespace, config.kubeconfig)
+ self.config = config
+ self.namespace = config.namespace
+ self._pvc = None
+
+ @property
+ def pvc(self):
+ ''' property function pvc'''
+ if not self._pvc:
+ self.get()
+ return self._pvc
+
+ @pvc.setter
+ def pvc(self, data):
+ ''' setter function for yedit var '''
+ self._pvc = data
+
+ def bound(self):
+ '''return whether the pvc is bound'''
+ if self.pvc.get_volume_name():
+ return True
+
+ return False
+
+ def exists(self):
+ ''' return whether a pvc exists '''
+ if self.pvc:
+ return True
+
+ return False
+
+ def get(self):
+ '''return pvc information '''
+ result = self._get(self.kind, self.config.name)
+ if result['returncode'] == 0:
+ self.pvc = PersistentVolumeClaim(content=result['results'][0])
+ elif '\"%s\" not found' % self.config.name in result['stderr']:
+ result['returncode'] = 0
+ result['results'] = [{}]
+
+ return result
+
+ def delete(self):
+ '''delete the object'''
+ return self._delete(self.kind, self.config.name)
+
+ def create(self):
+ '''create the object'''
+ return self._create_from_content(self.config.name, self.config.data)
+
+ def update(self):
+ '''update the object'''
+ # need to update the tls information and the service name
+ return self._replace_content(self.kind, self.config.name, self.config.data)
+
+ def needs_update(self):
+ ''' verify an update is needed '''
+ if self.pvc.get_volume_name() or self.pvc.is_bound():
+ return False
+
+ skip = []
+ return not Utils.check_def_equal(self.config.data, self.pvc.yaml_dict, skip_keys=skip, debug=True)
+
+ # pylint: disable=too-many-branches,too-many-return-statements
+ @staticmethod
+ def run_ansible(params, check_mode):
+ '''run the idempotent ansible code'''
+ pconfig = PersistentVolumeClaimConfig(params['name'],
+ params['namespace'],
+ params['kubeconfig'],
+ params['access_modes'],
+ params['volume_capacity'],
+ )
+ oc_pvc = OCPVC(pconfig, verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = oc_pvc.get()
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': state}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ if oc_pvc.exists():
+
+ if check_mode:
+ return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+ api_rval = oc_pvc.delete()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'state': state}
+
+ if state == 'present':
+ ########
+ # Create
+ ########
+ if not oc_pvc.exists():
+
+ if check_mode:
+ return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
+
+ # Create it here
+ api_rval = oc_pvc.create()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_pvc.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ ########
+ # Update
+ ########
+ if oc_pvc.pvc.is_bound() or oc_pvc.pvc.get_volume_name():
+ api_rval['msg'] = '##### - This volume is currently bound. Will not update - ####'
+ return {'changed': False, 'results': api_rval, 'state': state}
+
+ if oc_pvc.needs_update():
+ api_rval = oc_pvc.update()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_pvc.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'results': api_rval, 'state': state}
+
+ return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}
diff --git a/roles/lib_openshift/src/class/oc_user.py b/roles/lib_openshift/src/class/oc_user.py
new file mode 100644
index 000000000..d9e4eac13
--- /dev/null
+++ b/roles/lib_openshift/src/class/oc_user.py
@@ -0,0 +1,227 @@
+# pylint: skip-file
+# flake8: noqa
+
+# pylint: disable=too-many-instance-attributes
+class OCUser(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'users'
+
+ def __init__(self,
+ config,
+ groups=None,
+ verbose=False):
+ ''' Constructor for OCUser '''
+ # namespace has no meaning for user operations, hardcode to 'default'
+ super(OCUser, self).__init__('default', config.kubeconfig)
+ self.config = config
+ self.groups = groups
+ self._user = None
+
+ @property
+ def user(self):
+ ''' property function user'''
+ if not self._user:
+ self.get()
+ return self._user
+
+ @user.setter
+ def user(self, data):
+ ''' setter function for user '''
+ self._user = data
+
+ def exists(self):
+ ''' return whether a user exists '''
+ if self.user:
+ return True
+
+ return False
+
+ def get(self):
+ ''' return user information '''
+ result = self._get(self.kind, self.config.username)
+ if result['returncode'] == 0:
+ self.user = User(content=result['results'][0])
+ elif 'users \"%s\" not found' % self.config.username in result['stderr']:
+ result['returncode'] = 0
+ result['results'] = [{}]
+
+ return result
+
+ def delete(self):
+ ''' delete the object '''
+ return self._delete(self.kind, self.config.username)
+
+ def create_group_entries(self):
+ ''' make entries for user to the provided group list '''
+ if self.groups != None:
+ for group in self.groups:
+ cmd = ['groups', 'add-users', group, self.config.username]
+ rval = self.openshift_cmd(cmd, oadm=True)
+ if rval['returncode'] != 0:
+ return rval
+
+ return rval
+
+ return {'returncode': 0}
+
+ def create(self):
+ ''' create the object '''
+ rval = self.create_group_entries()
+ if rval['returncode'] != 0:
+ return rval
+
+ return self._create_from_content(self.config.username, self.config.data)
+
+ def group_update(self):
+ ''' update group membership '''
+ rval = {'returncode': 0}
+ cmd = ['get', 'groups', '-o', 'json']
+ all_groups = self.openshift_cmd(cmd, output=True)
+
+ # pylint misindentifying all_groups['results']['items'] type
+ # pylint: disable=invalid-sequence-index
+ for group in all_groups['results']['items']:
+ # If we're supposed to be in this group
+ if group['metadata']['name'] in self.groups \
+ and (group['users'] is None or self.config.username not in group['users']):
+ cmd = ['groups', 'add-users', group['metadata']['name'],
+ self.config.username]
+ rval = self.openshift_cmd(cmd, oadm=True)
+ if rval['returncode'] != 0:
+ return rval
+ # else if we're in the group, but aren't supposed to be
+ elif group['users'] != None and self.config.username in group['users'] \
+ and group['metadata']['name'] not in self.groups:
+ cmd = ['groups', 'remove-users', group['metadata']['name'],
+ self.config.username]
+ rval = self.openshift_cmd(cmd, oadm=True)
+ if rval['returncode'] != 0:
+ return rval
+
+ return rval
+
+ def update(self):
+ ''' update the object '''
+ rval = self.group_update()
+ if rval['returncode'] != 0:
+ return rval
+
+ # need to update the user's info
+ return self._replace_content(self.kind, self.config.username, self.config.data, force=True)
+
+ def needs_group_update(self):
+ ''' check if there are group membership changes '''
+ cmd = ['get', 'groups', '-o', 'json']
+ all_groups = self.openshift_cmd(cmd, output=True)
+
+ # pylint misindentifying all_groups['results']['items'] type
+ # pylint: disable=invalid-sequence-index
+ for group in all_groups['results']['items']:
+ # If we're supposed to be in this group
+ if group['metadata']['name'] in self.groups \
+ and (group['users'] is None or self.config.username not in group['users']):
+ return True
+ # else if we're in the group, but aren't supposed to be
+ elif group['users'] != None and self.config.username in group['users'] \
+ and group['metadata']['name'] not in self.groups:
+ return True
+
+ return False
+
+ def needs_update(self):
+ ''' verify an update is needed '''
+ skip = []
+ if self.needs_group_update():
+ return True
+
+ return not Utils.check_def_equal(self.config.data, self.user.yaml_dict, skip_keys=skip, debug=True)
+
+ # pylint: disable=too-many-return-statements
+ @staticmethod
+ def run_ansible(params, check_mode=False):
+ ''' run the idempotent ansible code
+
+ params comes from the ansible portion of this module
+ check_mode: does the module support check mode. (module.check_mode)
+ '''
+
+ uconfig = UserConfig(params['kubeconfig'],
+ params['username'],
+ params['full_name'],
+ )
+
+ oc_user = OCUser(uconfig, params['groups'],
+ verbose=params['debug'])
+ state = params['state']
+
+ api_rval = oc_user.get()
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': "list"}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ if oc_user.exists():
+
+ if check_mode:
+ return {'changed': False, 'msg': 'Would have performed a delete.'}
+
+ api_rval = oc_user.delete()
+
+ return {'changed': True, 'results': api_rval, 'state': "absent"}
+ return {'changed': False, 'state': "absent"}
+
+ if state == 'present':
+ ########
+ # Create
+ ########
+ if not oc_user.exists():
+
+ if check_mode:
+ return {'changed': False, 'msg': 'Would have performed a create.'}
+
+ # Create it here
+ api_rval = oc_user.create()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_user.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': "present"}
+
+ ########
+ # Update
+ ########
+ if oc_user.needs_update():
+ api_rval = oc_user.update()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ orig_cmd = api_rval['cmd']
+ # return the created object
+ api_rval = oc_user.get()
+ # overwrite the get/list cmd
+ api_rval['cmd'] = orig_cmd
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': "present"}
+
+ return {'changed': False, 'results': api_rval, 'state': "present"}
+
+ return {'failed': True,
+ 'changed': False,
+ 'results': 'Unknown state passed. %s' % state,
+ 'state': "unknown"}
diff --git a/roles/lib_openshift/src/class/oc_volume.py b/roles/lib_openshift/src/class/oc_volume.py
new file mode 100644
index 000000000..5211a1afd
--- /dev/null
+++ b/roles/lib_openshift/src/class/oc_volume.py
@@ -0,0 +1,195 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+# pylint: disable=too-many-instance-attributes
+class OCVolume(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+ volume_mounts_path = {"pod": "spec.containers[0].volumeMounts",
+ "dc": "spec.template.spec.containers[0].volumeMounts",
+ "rc": "spec.template.spec.containers[0].volumeMounts",
+ }
+ volumes_path = {"pod": "spec.volumes",
+ "dc": "spec.template.spec.volumes",
+ "rc": "spec.template.spec.volumes",
+ }
+
+ # pylint allows 5
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ kind,
+ resource_name,
+ namespace,
+ vol_name,
+ mount_path,
+ mount_type,
+ secret_name,
+ claim_size,
+ claim_name,
+ configmap_name,
+ kubeconfig='/etc/origin/master/admin.kubeconfig',
+ verbose=False):
+ ''' Constructor for OCVolume '''
+ super(OCVolume, self).__init__(namespace, kubeconfig)
+ self.kind = kind
+ self.volume_info = {'name': vol_name,
+ 'secret_name': secret_name,
+ 'path': mount_path,
+ 'type': mount_type,
+ 'claimSize': claim_size,
+ 'claimName': claim_name,
+ 'configmap_name': configmap_name}
+ self.volume, self.volume_mount = Volume.create_volume_structure(self.volume_info)
+ self.name = resource_name
+ self.namespace = namespace
+ self.kubeconfig = kubeconfig
+ self.verbose = verbose
+ self._resource = None
+
+ @property
+ def resource(self):
+ ''' property function for resource var '''
+ if not self._resource:
+ self.get()
+ return self._resource
+
+ @resource.setter
+ def resource(self, data):
+ ''' setter function for resource var '''
+ self._resource = data
+
+ def exists(self):
+ ''' return whether a volume exists '''
+ volume_mount_found = False
+ volume_found = self.resource.exists_volume(self.volume)
+ if not self.volume_mount and volume_found:
+ return True
+
+ if self.volume_mount:
+ volume_mount_found = self.resource.exists_volume_mount(self.volume_mount)
+
+ if volume_found and self.volume_mount and volume_mount_found:
+ return True
+
+ return False
+
+ def get(self):
+ '''return volume information '''
+ vol = self._get(self.kind, self.name)
+ if vol['returncode'] == 0:
+ if self.kind == 'dc':
+ self.resource = DeploymentConfig(content=vol['results'][0])
+ vol['results'] = self.resource.get_volumes()
+
+ return vol
+
+ def delete(self):
+ '''remove a volume'''
+ self.resource.delete_volume_by_name(self.volume)
+ return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
+
+ def put(self):
+ '''place volume into dc '''
+ self.resource.update_volume(self.volume)
+ self.resource.get_volumes()
+ self.resource.update_volume_mount(self.volume_mount)
+ return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
+
+ def needs_update(self):
+ ''' verify an update is needed '''
+ return self.resource.needs_update_volume(self.volume, self.volume_mount)
+
+ # pylint: disable=too-many-branches,too-many-return-statements
+ @staticmethod
+ def run_ansible(params, check_mode=False):
+ '''run the idempotent ansible code'''
+ oc_volume = OCVolume(params['kind'],
+ params['name'],
+ params['namespace'],
+ params['vol_name'],
+ params['mount_path'],
+ params['mount_type'],
+ # secrets
+ params['secret_name'],
+ # pvc
+ params['claim_size'],
+ params['claim_name'],
+ # configmap
+ params['configmap_name'],
+ kubeconfig=params['kubeconfig'],
+ verbose=params['debug'])
+
+ state = params['state']
+
+ api_rval = oc_volume.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ #####
+ # Get
+ #####
+ if state == 'list':
+ return {'changed': False, 'results': api_rval['results'], 'state': state}
+
+ ########
+ # Delete
+ ########
+ if state == 'absent':
+ if oc_volume.exists():
+
+ if check_mode:
+ return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+ api_rval = oc_volume.delete()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ return {'changed': False, 'state': state}
+
+ if state == 'present':
+ ########
+ # Create
+ ########
+ if not oc_volume.exists():
+
+ if check_mode:
+ exit_json(changed=False, msg='Would have performed a create.')
+
+ # Create it here
+ api_rval = oc_volume.put()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_volume.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, 'state': state}
+
+ ########
+ # Update
+ ########
+ if oc_volume.needs_update():
+ api_rval = oc_volume.put()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ # return the created object
+ api_rval = oc_volume.get()
+
+ if api_rval['returncode'] != 0:
+ return {'failed': True, 'msg': api_rval}
+
+ return {'changed': True, 'results': api_rval, state: state}
+
+ return {'changed': False, 'results': api_rval, state: state}
+
+ return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}
diff --git a/roles/lib_openshift/src/doc/configmap b/roles/lib_openshift/src/doc/configmap
new file mode 100644
index 000000000..5ca8292c4
--- /dev/null
+++ b/roles/lib_openshift/src/doc/configmap
@@ -0,0 +1,72 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_configmap
+short_description: Modify, and idempotently manage openshift configmaps
+description:
+ - Modify openshift configmaps programmatically.
+options:
+ state:
+ description:
+ - Supported states, present, absent, list
+ - present - will ensure object is created or updated to the value specified
+ - list - will return a configmap
+ - absent - will remove the configmap
+ required: False
+ default: present
+ choices: ["present", 'absent', 'list']
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ name:
+ description:
+ - Name of the object that is being queried.
+ required: True
+ default: None
+ aliases: []
+ namespace:
+ description:
+ - The namespace where the object lives.
+ required: false
+ default: default
+ aliases: []
+ from_file:
+ description:
+ - A dict of key, value pairs representing the configmap key and the value represents the file path.
+ required: false
+ default: None
+ aliases: []
+ from_literal:
+ description:
+ - A dict of key, value pairs representing the configmap key and the value represents the string content
+ required: false
+ default: None
+ aliases: []
+author:
+- "kenny woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: create group
+ oc_configmap:
+ state: present
+ name: testmap
+ from_file:
+ secret: /path/to/secret
+ from_literal:
+ title: systemadmin
+ register: configout
+'''
diff --git a/roles/lib_openshift/src/doc/group b/roles/lib_openshift/src/doc/group
new file mode 100644
index 000000000..c5ba6ebd9
--- /dev/null
+++ b/roles/lib_openshift/src/doc/group
@@ -0,0 +1,56 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_group
+short_description: Modify, and idempotently manage openshift groups.
+description:
+ - Modify openshift groups programmatically.
+options:
+ state:
+ description:
+ - Supported states, present, absent, list
+ - present - will ensure object is created or updated to the value specified
+ - list - will return a group
+ - absent - will remove the group
+ required: False
+ default: present
+ choices: ["present", 'absent', 'list']
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ name:
+ description:
+ - Name of the object that is being queried.
+ required: false
+ default: None
+ aliases: []
+ namespace:
+ description:
+ - The namespace where the object lives.
+ required: false
+ default: str
+ aliases: []
+author:
+- "Joel Diaz <jdiaz@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: create group
+ oc_group:
+ state: present
+ name: acme_org
+ register: group_out
+'''
diff --git a/roles/lib_openshift/src/doc/image b/roles/lib_openshift/src/doc/image
new file mode 100644
index 000000000..18cf4e168
--- /dev/null
+++ b/roles/lib_openshift/src/doc/image
@@ -0,0 +1,75 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_image
+short_description: Create, modify, and idempotently manage openshift labels.
+description:
+ - Modify openshift labels programmatically.
+options:
+ state:
+ description:
+ - State controls the action that will be taken with resource
+ - 'present' will create. Does _not_ support update.
+ - 'list' will read the labels
+ default: present
+ choices: ["present", "list"]
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ namespace:
+ description:
+ - The namespace where this object lives
+ required: false
+ default: default
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ registry_url:
+ description:
+ - The url for the registry so that openshift can pull the image
+ required: false
+ default: None
+ aliases: []
+ image_name:
+ description:
+ - The name of the image being imported
+ required: false
+ default: False
+ aliases: []
+ image_tag:
+ description:
+ - The tag of the image being imported
+ required: false
+ default: None
+ aliases: []
+author:
+- "Ivan Horvath<ihorvath@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: Get an imagestream
+ oc_image:
+ name: php55
+ state: list
+ register: imageout
+
+- name: create an imagestream
+ oc_image:
+ state: present
+ image_name: php55
+ image_tag: int
+ registry_url: registry.example.com
+ namespace: default
+ register: imageout
+'''
diff --git a/roles/lib_openshift/src/doc/manage_node b/roles/lib_openshift/src/doc/manage_node
index 382377f3e..b651ea4e7 100644
--- a/roles/lib_openshift/src/doc/manage_node
+++ b/roles/lib_openshift/src/doc/manage_node
@@ -3,7 +3,7 @@
DOCUMENTATION = '''
---
-module: oadm_manage_node
+module: oc_adm_manage_node
short_description: Module to manage openshift nodes
description:
- Manage openshift nodes programmatically.
@@ -75,13 +75,13 @@ extends_documentation_fragment: []
EXAMPLES = '''
- name: oadm manage-node --schedulable=true --selector=ops_node=new
- oadm_manage_node:
+ oc_adm_manage_node:
selector: ops_node=new
schedulable: True
register: schedout
- name: oadm manage-node my-k8s-node-5 --evacuate
- oadm_manage_node:
+ oc_adm_manage_node:
node: my-k8s-node-5
evacuate: True
force: True
diff --git a/roles/lib_openshift/src/doc/pvc b/roles/lib_openshift/src/doc/pvc
new file mode 100644
index 000000000..9240f2a0f
--- /dev/null
+++ b/roles/lib_openshift/src/doc/pvc
@@ -0,0 +1,76 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_pvc
+short_description: Modify, and idempotently manage openshift persistent volume claims
+description:
+ - Modify openshift persistent volume claims programmatically.
+options:
+ state:
+ description:
+ - Supported states, present, absent, list
+ - present - will ensure object is created or updated to the value specified
+ - list - will return a pvc
+ - absent - will remove a pvc
+ required: False
+ default: present
+ choices: ["present", 'absent', 'list']
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ name:
+ description:
+ - Name of the object that is being queried.
+ required: false
+ default: None
+ aliases: []
+ namespace:
+ description:
+ - The namespace where the object lives.
+ required: false
+ default: str
+ aliases: []
+ volume_capacity:
+ description:
+ - The requested volume capacity
+ required: False
+ default: 1G
+ aliases: []
+ access_modes:
+ description:
+ - The access modes allowed for the pvc
+ - Expects a list
+ required: False
+ default: ReadWriteOnce
+ choices:
+ - ReadWriteOnce
+ - ReadOnlyMany
+ - ReadWriteMany
+ aliases: []
+author:
+- "Kenny Woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: create a pvc
+ oc_pvc:
+ namespace: awesomeapp
+ name: dbstorage
+ access_modes:
+ - ReadWriteOnce
+ volume_capacity: 5G
+ register: pvcout
+'''
diff --git a/roles/lib_openshift/src/doc/user b/roles/lib_openshift/src/doc/user
new file mode 100644
index 000000000..65ee01eb7
--- /dev/null
+++ b/roles/lib_openshift/src/doc/user
@@ -0,0 +1,128 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_user
+short_description: Create, modify, and idempotently manage openshift users.
+description:
+ - Modify openshift users programmatically.
+options:
+ state:
+ description:
+ - State controls the action that will be taken with resource
+ - 'present' will create or update a user to the desired state
+ - 'absent' will ensure user is removed
+ - 'list' will read and return a list of users
+ default: present
+ choices: ["present", "absent", "list"]
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ username:
+ description:
+ - Short username to query/modify.
+ required: false
+ default: None
+ aliases: []
+ full_name:
+ description:
+ - String with the full name/description of the user.
+ required: false
+ default: None
+ aliases: []
+ groups:
+ description:
+ - List of groups the user should be a member of. This does not add/update the legacy 'groups' field in the OpenShift user object, but makes user entries into the appropriate OpenShift group object for the given user.
+ required: false
+ default: []
+ aliases: []
+author:
+- "Joel Diaz <jdiaz@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: Ensure user exists
+ oc_user:
+ state: present
+ username: johndoe
+ full_name "John Doe"
+ groups:
+ - dedicated-admins
+ register: user_johndoe
+
+user_johndoe variable will have contents like:
+ok: [ded-int-aws-master-61034] => {
+ "user_johndoe": {
+ "changed": true,
+ "results": {
+ "cmd": "oc -n default get users johndoe -o json",
+ "results": [
+ {
+ "apiVersion": "v1",
+ "fullName": "John DOe",
+ "groups": null,
+ "identities": null,
+ "kind": "User",
+ "metadata": {
+ "creationTimestamp": "2017-02-28T15:09:21Z",
+ "name": "johndoe",
+ "resourceVersion": "848781",
+ "selfLink": "/oapi/v1/users/johndoe",
+ "uid": "e23d3300-fdc7-11e6-9e3e-12822d6b7656"
+ }
+ }
+ ],
+ "returncode": 0
+ },
+ "state": "present"
+ }
+}
+'groups' is empty because this field is the OpenShift user object's 'group' field.
+
+- name: Ensure user does not exist
+ oc_user:
+ state: absent
+ username: johndoe
+
+- name: List user's info
+ oc_user:
+ state: list
+ username: johndoe
+ register: user_johndoe
+
+user_johndoe will have contents similar to:
+ok: [ded-int-aws-master-61034] => {
+ "user_johndoe": {
+ "changed": false,
+ "results": [
+ {
+ "apiVersion": "v1",
+ "fullName": "John Doe",
+ "groups": null,
+ "identities": null,
+ "kind": "User",
+ "metadata": {
+ "creationTimestamp": "2017-02-28T15:04:44Z",
+ "name": "johndoe",
+ "resourceVersion": "848280",
+ "selfLink": "/oapi/v1/users/johndoe",
+ "uid": "3d479ad2-fdc7-11e6-9e3e-12822d6b7656"
+ }
+ }
+ ],
+ "state": "list"
+ }
+}
+'''
diff --git a/roles/lib_openshift/src/doc/volume b/roles/lib_openshift/src/doc/volume
new file mode 100644
index 000000000..1d04afeef
--- /dev/null
+++ b/roles/lib_openshift/src/doc/volume
@@ -0,0 +1,105 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_volume
+short_description: Create, modify, and idempotently manage openshift volumes.
+description:
+ - Modify openshift volumes programmatically.
+options:
+ state:
+ description:
+ - State controls the action that will be taken with resource
+ - 'present' will create or update and object to the desired state
+ - 'absent' will ensure volumes are removed
+ - 'list' will read the volumes
+ default: present
+ choices: ["present", "absent", "list"]
+ aliases: []
+ kubeconfig:
+ description:
+ - The path for the kubeconfig file to use for authentication
+ required: false
+ default: /etc/origin/master/admin.kubeconfig
+ aliases: []
+ debug:
+ description:
+ - Turn on debug output.
+ required: false
+ default: False
+ aliases: []
+ namespace:
+ description:
+ - The name of the namespace where the object lives
+ required: false
+ default: default
+ aliases: []
+ kind:
+ description:
+ - The kind of object that can be managed.
+ default: dc
+ choices:
+ - dc
+ - rc
+ - pods
+ aliases: []
+ mount_type:
+ description:
+ - The type of volume to be used
+ required: false
+ default: None
+ choices:
+ - emptydir
+ - hostpath
+ - secret
+ - pvc
+ - configmap
+ aliases: []
+ mount_path:
+ description:
+ - The path to where the mount will be attached
+ required: false
+ default: None
+ aliases: []
+ secret_name:
+ description:
+ - The name of the secret. Used when mount_type is secret.
+ required: false
+ default: None
+ aliases: []
+ claim_size:
+ description:
+ - The size in GB of the pv claim. e.g. 100G
+ required: false
+ default: None
+ aliases: []
+ claim_name:
+ description:
+ - The name of the pv claim
+ required: false
+ default: None
+ aliases: []
+ configmap_name:
+ description:
+ - The name of the configmap
+ required: false
+ default: None
+ aliases: []
+author:
+- "Kenny Woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: attach storage volumes to deploymentconfig
+ oc_volume:
+ namespace: logging
+ kind: dc
+ name: name_of_the_dc
+ mount_type: pvc
+ claim_name: loggingclaim
+ claim_size: 100G
+ vol_name: logging-storage
+ run_once: true
+'''
diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py
index 334542b97..132c586c9 100644
--- a/roles/lib_openshift/src/lib/base.py
+++ b/roles/lib_openshift/src/lib/base.py
@@ -283,9 +283,9 @@ class OpenShiftCLI(object):
if output_type == 'json':
try:
rval['results'] = json.loads(stdout)
- except ValueError as err:
- if "No JSON object could be decoded" in err.args:
- err = err.args
+ except ValueError as verr:
+ if "No JSON object could be decoded" in verr.args:
+ err = verr.args
elif output_type == 'raw':
rval['results'] = stdout
diff --git a/roles/lib_openshift/src/lib/group.py b/roles/lib_openshift/src/lib/group.py
new file mode 100644
index 000000000..fac5fcbc2
--- /dev/null
+++ b/roles/lib_openshift/src/lib/group.py
@@ -0,0 +1,36 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+class GroupConfig(object):
+ ''' Handle route options '''
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ sname,
+ namespace,
+ kubeconfig):
+ ''' constructor for handling group options '''
+ self.kubeconfig = kubeconfig
+ self.name = sname
+ self.namespace = namespace
+ self.data = {}
+
+ self.create_dict()
+
+ def create_dict(self):
+ ''' return a service as a dict '''
+ self.data['apiVersion'] = 'v1'
+ self.data['kind'] = 'Group'
+ self.data['metadata'] = {}
+ self.data['metadata']['name'] = self.name
+ self.data['users'] = None
+
+
+# pylint: disable=too-many-instance-attributes
+class Group(Yedit):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'group'
+
+ def __init__(self, content):
+ '''Group constructor'''
+ super(Group, self).__init__(content=content)
diff --git a/roles/lib_openshift/src/lib/pvc.py b/roles/lib_openshift/src/lib/pvc.py
new file mode 100644
index 000000000..929b50990
--- /dev/null
+++ b/roles/lib_openshift/src/lib/pvc.py
@@ -0,0 +1,167 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+# pylint: disable=too-many-instance-attributes
+class PersistentVolumeClaimConfig(object):
+ ''' Handle pvc options '''
+ # pylint: disable=too-many-arguments
+ def __init__(self,
+ sname,
+ namespace,
+ kubeconfig,
+ access_modes=None,
+ vol_capacity='1G'):
+ ''' constructor for handling pvc options '''
+ self.kubeconfig = kubeconfig
+ self.name = sname
+ self.namespace = namespace
+ self.access_modes = access_modes
+ self.vol_capacity = vol_capacity
+ self.data = {}
+
+ self.create_dict()
+
+ def create_dict(self):
+ ''' return a service as a dict '''
+ # version
+ self.data['apiVersion'] = 'v1'
+ # kind
+ self.data['kind'] = 'PersistentVolumeClaim'
+ # metadata
+ self.data['metadata'] = {}
+ self.data['metadata']['name'] = self.name
+ # spec
+ self.data['spec'] = {}
+ self.data['spec']['accessModes'] = ['ReadWriteOnce']
+ if self.access_modes:
+ self.data['spec']['accessModes'] = self.access_modes
+
+ # storage capacity
+ self.data['spec']['resources'] = {}
+ self.data['spec']['resources']['requests'] = {}
+ self.data['spec']['resources']['requests']['storage'] = self.vol_capacity
+
+
+# pylint: disable=too-many-instance-attributes,too-many-public-methods
+class PersistentVolumeClaim(Yedit):
+ ''' Class to wrap the oc command line tools '''
+ access_modes_path = "spec.accessModes"
+ volume_capacity_path = "spec.requests.storage"
+ volume_name_path = "spec.volumeName"
+ bound_path = "status.phase"
+ kind = 'PersistentVolumeClaim'
+
+ def __init__(self, content):
+ '''RoleBinding constructor'''
+ super(PersistentVolumeClaim, self).__init__(content=content)
+ self._access_modes = None
+ self._volume_capacity = None
+ self._volume_name = None
+
+ @property
+ def volume_name(self):
+ ''' volume_name property '''
+ if self._volume_name is None:
+ self._volume_name = self.get_volume_name()
+ return self._volume_name
+
+ @volume_name.setter
+ def volume_name(self, data):
+ ''' volume_name property setter'''
+ self._volume_name = data
+
+ @property
+ def access_modes(self):
+ ''' access_modes property '''
+ if self._access_modes is None:
+ self._access_modes = self.get_access_modes()
+ if not isinstance(self._access_modes, list):
+ self._access_modes = list(self._access_modes)
+
+ return self._access_modes
+
+ @access_modes.setter
+ def access_modes(self, data):
+ ''' access_modes property setter'''
+ if not isinstance(data, list):
+ data = list(data)
+
+ self._access_modes = data
+
+ @property
+ def volume_capacity(self):
+ ''' volume_capacity property '''
+ if self._volume_capacity is None:
+ self._volume_capacity = self.get_volume_capacity()
+ return self._volume_capacity
+
+ @volume_capacity.setter
+ def volume_capacity(self, data):
+ ''' volume_capacity property setter'''
+ self._volume_capacity = data
+
+ def get_access_modes(self):
+ '''get access_modes'''
+ return self.get(PersistentVolumeClaim.access_modes_path) or []
+
+ def get_volume_capacity(self):
+ '''get volume_capacity'''
+ return self.get(PersistentVolumeClaim.volume_capacity_path) or []
+
+ def get_volume_name(self):
+ '''get volume_name'''
+ return self.get(PersistentVolumeClaim.volume_name_path) or []
+
+ def is_bound(self):
+ '''return whether volume is bound'''
+ return self.get(PersistentVolumeClaim.bound_path) or []
+
+ #### ADD #####
+ def add_access_mode(self, inc_mode):
+ ''' add an access_mode'''
+ if self.access_modes:
+ self.access_modes.append(inc_mode)
+ else:
+ self.put(PersistentVolumeClaim.access_modes_path, [inc_mode])
+
+ return True
+
+ #### /ADD #####
+
+ #### Remove #####
+ def remove_access_mode(self, inc_mode):
+ ''' remove an access_mode'''
+ try:
+ self.access_modes.remove(inc_mode)
+ except ValueError as _:
+ return False
+
+ return True
+
+ #### /REMOVE #####
+
+ #### UPDATE #####
+ def update_access_mode(self, inc_mode):
+ ''' update an access_mode'''
+ try:
+ index = self.access_modes.index(inc_mode)
+ except ValueError as _:
+ return self.add_access_mode(inc_mode)
+
+ self.access_modes[index] = inc_mode
+
+ return True
+
+ #### /UPDATE #####
+
+ #### FIND ####
+ def find_access_mode(self, inc_mode):
+ ''' find a user '''
+ index = None
+ try:
+ index = self.access_modes.index(inc_mode)
+ except ValueError as _:
+ return index
+
+ return index
diff --git a/roles/lib_openshift/src/lib/user.py b/roles/lib_openshift/src/lib/user.py
new file mode 100644
index 000000000..a14d5fc91
--- /dev/null
+++ b/roles/lib_openshift/src/lib/user.py
@@ -0,0 +1,37 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+class UserConfig(object):
+ ''' Handle user options '''
+ def __init__(self,
+ kubeconfig,
+ username,
+ full_name):
+ ''' constructor for handling user options '''
+ self.kubeconfig = kubeconfig
+ self.username = username
+ self.full_name = full_name
+
+ self.data = {}
+ self.create_dict()
+
+ def create_dict(self):
+ ''' return a user as a dict '''
+ self.data['apiVersion'] = 'v1'
+ self.data['fullName'] = self.full_name
+ self.data['groups'] = None
+ self.data['identities'] = None
+ self.data['kind'] = 'User'
+ self.data['metadata'] = {}
+ self.data['metadata']['name'] = self.username
+
+
+# pylint: disable=too-many-instance-attributes
+class User(Yedit):
+ ''' Class to wrap the oc command line tools '''
+ kind = 'user'
+
+ def __init__(self, content):
+ '''User constructor'''
+ super(User, self).__init__(content=content)
diff --git a/roles/lib_openshift/src/lib/volume.py b/roles/lib_openshift/src/lib/volume.py
index e0abb1d1b..c049c8b49 100644
--- a/roles/lib_openshift/src/lib/volume.py
+++ b/roles/lib_openshift/src/lib/volume.py
@@ -2,7 +2,7 @@
# flake8: noqa
class Volume(object):
- ''' Class to model an openshift volume object'''
+ ''' Class to represent an openshift volume object'''
volume_mounts_path = {"pod": "spec.containers[0].volumeMounts",
"dc": "spec.template.spec.containers[0].volumeMounts",
"rc": "spec.template.spec.containers[0].volumeMounts",
@@ -34,5 +34,10 @@ class Volume(object):
elif volume_type == 'hostpath':
volume['hostPath'] = {}
volume['hostPath']['path'] = volume_info['path']
+ elif volume_type == 'configmap':
+ volume['configMap'] = {}
+ volume['configMap']['name'] = volume_info['configmap_name']
+ volume_mount = {'mountPath': volume_info['path'],
+ 'name': volume_info['name']}
return (volume, volume_mount)
diff --git a/roles/lib_openshift/src/sources.yml b/roles/lib_openshift/src/sources.yml
index f16b3c8de..135e2b752 100644
--- a/roles/lib_openshift/src/sources.yml
+++ b/roles/lib_openshift/src/sources.yml
@@ -9,15 +9,15 @@ oc_adm_ca_server_cert.py:
- class/oc_adm_ca_server_cert.py
- ansible/oc_adm_ca_server_cert.py
-oadm_manage_node.py:
+oc_adm_manage_node.py:
- doc/generated
- doc/license
- lib/import.py
- doc/manage_node
- ../../lib_utils/src/class/yedit.py
- lib/base.py
-- class/oadm_manage_node.py
-- ansible/oadm_manage_node.py
+- class/oc_adm_manage_node.py
+- ansible/oc_adm_manage_node.py
oc_adm_policy_user.py:
- doc/generated
@@ -79,6 +79,16 @@ oc_atomic_container.py:
- doc/atomic_container
- ansible/oc_atomic_container.py
+oc_configmap.py:
+- doc/generated
+- doc/license
+- lib/import.py
+- doc/configmap
+- ../../lib_utils/src/class/yedit.py
+- lib/base.py
+- class/oc_configmap.py
+- ansible/oc_configmap.py
+
oc_edit.py:
- doc/generated
- doc/license
@@ -100,6 +110,28 @@ oc_env.py:
- class/oc_env.py
- ansible/oc_env.py
+
+oc_group.py:
+- doc/generated
+- doc/license
+- lib/import.py
+- doc/group
+- ../../lib_utils/src/class/yedit.py
+- lib/base.py
+- lib/group.py
+- class/oc_group.py
+- ansible/oc_group.py
+
+oc_image.py:
+- doc/generated
+- doc/license
+- lib/import.py
+- doc/image
+- ../../lib_utils/src/class/yedit.py
+- lib/base.py
+- class/oc_image.py
+- ansible/oc_image.py
+
oc_label.py:
- doc/generated
- doc/license
@@ -141,6 +173,17 @@ oc_project.py:
- class/oc_project.py
- ansible/oc_project.py
+oc_pvc.py:
+- doc/generated
+- doc/license
+- lib/import.py
+- doc/pvc
+- ../../lib_utils/src/class/yedit.py
+- lib/base.py
+- lib/pvc.py
+- class/oc_pvc.py
+- ansible/oc_pvc.py
+
oc_route.py:
- doc/generated
- doc/license
@@ -208,6 +251,17 @@ oc_service.py:
- class/oc_service.py
- ansible/oc_service.py
+oc_user.py:
+- doc/generated
+- doc/license
+- lib/import.py
+- doc/user
+- ../../lib_utils/src/class/yedit.py
+- lib/base.py
+- lib/user.py
+- class/oc_user.py
+- ansible/oc_user.py
+
oc_version.py:
- doc/generated
- doc/license
@@ -218,6 +272,18 @@ oc_version.py:
- class/oc_version.py
- ansible/oc_version.py
+oc_volume.py:
+- doc/generated
+- doc/license
+- lib/import.py
+- doc/volume
+- ../../lib_utils/src/class/yedit.py
+- lib/base.py
+- lib/deploymentconfig.py
+- lib/volume.py
+- class/oc_volume.py
+- ansible/oc_volume.py
+
oc_objectvalidator.py:
- doc/generated
- doc/license
diff --git a/roles/lib_openshift/src/test/integration/group.yml b/roles/lib_openshift/src/test/integration/group.yml
new file mode 100755
index 000000000..25aa5727b
--- /dev/null
+++ b/roles/lib_openshift/src/test/integration/group.yml
@@ -0,0 +1,229 @@
+#!/usr/bin/ansible-playbook
+---
+- hosts: "{{ cli_master_test }}"
+ gather_facts: no
+ user: root
+
+ vars:
+
+ post_tasks:
+ - name: delete test group (so future tests work)
+ oc_group:
+ state: absent
+ name: jgroup
+
+ - name: delete 2nd test group (so future tests work)
+ oc_group:
+ state: absent
+ name: jgroup2
+
+ - name: delete test user (so future tests work)
+ oc_user:
+ state: absent
+ username: jdiaz@redhat.com
+
+ - name: get group list
+ oc_group:
+ state: list
+ name: jgroup
+ register: group_out
+ #- debug: var=group_out
+ - name: assert group 'jgroup' (test group) does not exist
+ assert:
+ that: group_out['results'][0] == {}
+
+ - name: get group list
+ oc_group:
+ state: list
+ name: jgroup2
+ register: group_out
+ #- debug: var=group_out
+ - name: assert group 'jgroup2' (test group) does not exist
+ assert:
+ that: group_out['results'][0] == {}
+
+ - name: get user list
+ oc_user:
+ state: list
+ username: 'jdiaz@redhat.com'
+ register: group_out
+ #- debug: var=group_out
+ - name: assert user 'jdiaz@redhat.com' (test user) does not exist
+ assert:
+ that: group_out['results'][0] == {}
+
+ - name: create group
+ oc_group:
+ state: present
+ name: jgroup
+ register: group_out
+ #- debug: var=group_out
+ - name: assert creating group marked changed
+ assert:
+ that: group_out['changed'] == True
+
+ - name: list group
+ oc_group:
+ state: list
+ name: jgroup
+ register: group_out
+ #- debug: var=group_out
+ - name: assert group actually created
+ assert:
+ that: group_out['results'][0]['metadata']['name'] == 'jgroup'
+
+ - name: re-add group
+ oc_group:
+ state: present
+ name: jgroup
+ register: group_out
+ #- debug: var=group_out
+ - name: assert re-adding group marked not changed
+ assert:
+ that: group_out['changed'] == False
+
+
+ - name: add user with group membership
+ oc_user:
+ state: present
+ username: jdiaz@redhat.com
+ full_name: Joel Diaz
+ groups:
+ - jgroup
+ register: group_out
+ #- debug: var=group_out
+
+ - name: get group
+ oc_group:
+ state: list
+ name: jgroup
+ register: group_out
+ - name: assert user in group
+ assert:
+ that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com'
+
+ - name: add 2nd group
+ oc_group:
+ state: present
+ name: jgroup2
+
+ - name: change group membership
+ oc_user:
+ state: present
+ username: jdiaz@redhat.com
+ full_name: Joel Diaz
+ groups:
+ - jgroup2
+ register: group_out
+ - name: assert result changed
+ assert:
+ that: group_out['changed'] == True
+
+ - name: check jgroup user membership
+ oc_group:
+ state: list
+ name: jgroup
+ register: group_out
+ #- debug: var=group_out
+ - name: assert user not present in previous group
+ assert:
+ that: group_out['results'][0]['users'] == []
+
+ - name: check jgroup2 user membership
+ oc_group:
+ state: list
+ name: jgroup2
+ register: group_out
+ #- debug: var=group_out
+ - name: assert user present in new group
+ assert:
+ that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com'
+
+ - name: multi-group membership
+ oc_user:
+ state: present
+ username: jdiaz@redhat.com
+ full_name: Joel Diaz
+ groups:
+ - jgroup
+ - jgroup2
+ register: group_out
+ - name: assert result changed
+ assert:
+ that: group_out['changed'] == True
+
+ - name: check jgroup user membership
+ oc_group:
+ state: list
+ name: jgroup
+ register: group_out
+ #- debug: var=group_out
+ - name: assert user present in group
+ assert:
+ that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com'
+
+ - name: check jgroup2 user membership
+ oc_group:
+ state: list
+ name: jgroup2
+ register: group_out
+ #- debug: var=group_out
+ - name: assert user still present in group
+ assert:
+ that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com'
+
+ - name: user delete (group cleanup)
+ oc_user:
+ state: absent
+ username: jdiaz@redhat.com
+ register: group_out
+
+ - name: get user list for jgroup
+ oc_group:
+ state: list
+ name: jgroup
+ register: group_out
+ #- debug: var=group_out
+ - name: assert that group jgroup has no members
+ assert:
+ that: group_out['results'][0]['users'] == []
+
+ - name: get user list for jgroup2
+ oc_group:
+ state: list
+ name: jgroup2
+ register: group_out
+ #- debug: var=group_out
+ - name: assert that group jgroup2 has no members
+ assert:
+ that: group_out['results'][0]['users'] == []
+
+ - name: user without groups defined
+ oc_user:
+ state: present
+ username: jdiaz@redhat.com
+ full_name: Joel Diaz
+ register: group_out
+ - name: assert result changed
+ assert:
+ that: group_out['changed'] == True
+
+ - name: check jgroup user membership
+ oc_group:
+ state: list
+ name: jgroup
+ register: group_out
+ #- debug: var=group_out
+ - name: assert user not present in group
+ assert:
+ that: group_out['results'][0]['users'] == []
+
+ - name: check jgroup2 user membership
+ oc_group:
+ state: list
+ name: jgroup2
+ register: group_out
+ #- debug: var=group_out
+ - name: assert user not present in group
+ assert:
+ that: group_out['results'][0]['users'] == []
diff --git a/roles/lib_openshift/src/test/integration/oadm_manage_node.yml b/roles/lib_openshift/src/test/integration/oc_adm_manage_node.yml
index 3ee13a409..1ed2ef11b 100755
--- a/roles/lib_openshift/src/test/integration/oadm_manage_node.yml
+++ b/roles/lib_openshift/src/test/integration/oc_adm_manage_node.yml
@@ -1,6 +1,6 @@
#!/usr/bin/ansible-playbook --module-path=../../../library/
#
-# ./oadm_manage_node.yml -e "cli_master_test=$OPENSHIFT_MASTER
+# ./oc_adm_manage_node.yml -e "cli_master_test=$OPENSHIFT_MASTER
---
- hosts: "{{ cli_master_test }}"
gather_facts: no
@@ -17,7 +17,7 @@
node_to_test: "{{ obj_out['results']['results'][0]['items'][0]['metadata']['name'] }}"
- name: list pods from a node
- oadm_manage_node:
+ oc_adm_manage_node:
list_pods: True
node:
- "{{ node_to_test }}"
@@ -29,7 +29,7 @@
msg: Pod data was not returned
- name: set node to unschedulable
- oadm_manage_node:
+ oc_adm_manage_node:
schedulable: False
node:
- "{{ node_to_test }}"
@@ -56,7 +56,7 @@
that: nodeout.results.results[0]['spec']['unschedulable']
- name: set node to schedulable
- oadm_manage_node:
+ oc_adm_manage_node:
schedulable: True
node:
- "{{ node_to_test }}"
diff --git a/roles/lib_openshift/src/test/integration/oc_configmap.yml b/roles/lib_openshift/src/test/integration/oc_configmap.yml
new file mode 100755
index 000000000..c0d200e73
--- /dev/null
+++ b/roles/lib_openshift/src/test/integration/oc_configmap.yml
@@ -0,0 +1,95 @@
+#!/usr/bin/ansible-playbook --module-path=../../../library/
+## ./oc_configmap.yml -M ../../../library -e "cli_master_test=$OPENSHIFT_MASTER
+---
+- hosts: "{{ cli_master_test }}"
+ gather_facts: no
+ user: root
+ vars:
+ filename: /tmp/test_configmap_from_file
+
+ post_tasks:
+ - name: Setup a file with known contents
+ copy:
+ content: This is a file
+ dest: "{{ filename }}"
+
+ - name: create a test project
+ oc_project:
+ name: test
+ description: for tests only
+
+ ###### create test ###########
+ - name: create a configmap
+ oc_configmap:
+ state: present
+ name: configmaptest
+ namespace: test
+ from_file:
+ config: "{{ filename }}"
+ from_literal:
+ foo: bar
+
+ - name: fetch the created configmap
+ oc_configmap:
+ name: configmaptest
+ state: list
+ namespace: test
+ register: cmout
+
+ - debug: var=cmout
+
+ - name: assert configmaptest exists
+ assert:
+ that:
+ - cmout.results.results[0].metadata.name == 'configmaptest'
+ - cmout.results.results[0].data.foo == 'bar'
+ ###### end create test ###########
+
+ ###### update test ###########
+ - name: create a configmap
+ oc_configmap:
+ state: present
+ name: configmaptest
+ namespace: test
+ from_file:
+ config: "{{ filename }}"
+ from_literal:
+ foo: notbar
+ deployment_type: online
+
+ - name: fetch the updated configmap
+ oc_configmap:
+ name: configmaptest
+ state: list
+ namespace: test
+ register: cmout
+
+ - debug: var=cmout
+
+ - name: assert configmaptest exists
+ assert:
+ that:
+ - cmout.results.results[0].metadata.name == 'configmaptest'
+ - cmout.results.results[0].data.deployment_type == 'online'
+ - cmout.results.results[0].data.foo == 'notbar'
+ ###### end update test ###########
+
+ ###### delete test ###########
+ - name: delete a configmap
+ oc_configmap:
+ state: absent
+ name: configmaptest
+ namespace: test
+
+ - name: fetch the updated configmap
+ oc_configmap:
+ name: configmaptest
+ state: list
+ namespace: test
+ register: cmout
+
+ - debug: var=cmout
+
+ - name: assert configmaptest exists
+ assert:
+ that: "'\"configmaptest\" not found' in cmout.results.stderr"
diff --git a/roles/lib_openshift/src/test/integration/oc_user.yml b/roles/lib_openshift/src/test/integration/oc_user.yml
new file mode 100755
index 000000000..ad1f9d188
--- /dev/null
+++ b/roles/lib_openshift/src/test/integration/oc_user.yml
@@ -0,0 +1,240 @@
+#!/usr/bin/ansible-playbook --module-path=../../../library/
+#
+# ./oc_user.yml -e "cli_master_test=$OPENSHIFT_MASTER
+#
+---
+- hosts: "{{ cli_master_test }}"
+ gather_facts: no
+ user: root
+
+ vars:
+ test_user: testuser@email.com
+ test_user_fullname: "Test User"
+ pre_tasks:
+ - name: ensure needed vars are defined
+ fail:
+ msg: "{{ item }} no defined"
+ when: "{{ item}} is not defined"
+ with_items:
+ - cli_master_test # ansible inventory instance to run playbook against
+
+ tasks:
+ - name: delete test user (so future tests work)
+ oc_user:
+ state: absent
+ username: "{{ test_user }}"
+
+ - name: get user list
+ oc_user:
+ state: list
+ username: "{{ test_user }}"
+ register: user_out
+ - name: "assert test user does not exist"
+ assert:
+ that: user_out['results'][0] == {}
+ msg: "{{ user_out }}"
+
+ - name: get all list
+ oc_user:
+ state: list
+ register: user_out
+ #- debug: var=user_out
+
+ - name: add test user
+ oc_user:
+ state: present
+ username: "{{ test_user }}"
+ full_name: "{{ test_user_fullname }}"
+ register: user_out
+ - name: assert result set to changed
+ assert:
+ that: user_out['changed'] == True
+ msg: "{{ user_out }}"
+
+ - name: check test user actually added
+ oc_user:
+ state: list
+ username: "{{ test_user }}"
+ register: user_out
+ - name: assert user actually added
+ assert:
+ that: user_out['results'][0]['metadata']['name'] == "{{ test_user }}" and
+ user_out['results'][0]['fullName'] == "{{ test_user_fullname }}"
+ msg: "{{ user_out }}"
+
+ - name: re-add test user
+ oc_user:
+ state: present
+ username: "{{ test_user }}"
+ full_name: "{{ test_user_fullname }}"
+ register: user_out
+ - name: assert re-add result set to not changed
+ assert:
+ that: user_out['changed'] == False
+ msg: "{{ user_out }}"
+
+ - name: modify existing user
+ oc_user:
+ state: present
+ username: "{{ test_user }}"
+ full_name: 'Something Different'
+ register: user_out
+ - name: assert modify existing user result set to changed
+ assert:
+ that: user_out['changed'] == True
+ msg: "{{ user_out }}"
+
+ - name: check modify test user
+ oc_user:
+ state: list
+ username: "{{ test_user }}"
+ register: user_out
+ - name: assert modification successful
+ assert:
+ that: user_out['results'][0]['metadata']['name'] == "{{ test_user }}" and
+ user_out['results'][0]['fullName'] == 'Something Different'
+ msg: "{{ user_out }}"
+
+ - name: delete test user
+ oc_user:
+ state: absent
+ username: "{{ test_user }}"
+ register: user_out
+ - name: assert delete marked changed
+ assert:
+ that: user_out['changed'] == True
+ msg: "{{ user_out }}"
+
+ - name: check delete user
+ oc_user:
+ state: list
+ username: "{{ test_user }}"
+ register: user_out
+ - name: assert deletion successful
+ assert:
+ that: user_out['results'][0] == {}
+ msg: "{{ user_out }}"
+
+ - name: re-delete test user
+ oc_user:
+ state: absent
+ username: "{{ test_user }}"
+ register: user_out
+ - name: check re-delete marked not changed
+ assert:
+ that: user_out['changed'] == False
+ msg: "{{ user_out }}"
+
+ - name: delete test group
+ oc_obj:
+ kind: group
+ state: absent
+ name: integration-test-group
+
+ - name: create test group
+ command: oadm groups new integration-test-group
+
+ - name: check group creation
+ oc_obj:
+ kind: group
+ state: list
+ name: integration-test-group
+ register: user_out
+ - name: assert test group created
+ assert:
+ that: user_out['results']['results'][0]['metadata']['name'] == "integration-test-group"
+ msg: "{{ user_out }}"
+
+ - name: create user with group membership
+ oc_user:
+ state: present
+ username: "{{ test_user }}"
+ groups:
+ - "integration-test-group"
+ register: user_out
+ - debug: var=user_out
+ - name: get group user members
+ oc_obj:
+ kind: group
+ state: list
+ name: integration-test-group
+ register: user_out
+ - name: assert user group membership
+ assert:
+ that: "'{{ test_user }}' in user_out['results']['results'][0]['users'][0]"
+ msg: "{{ user_out }}"
+
+ - name: delete second test group
+ oc_obj:
+ kind: group
+ state: absent
+ name: integration-test-group2
+
+ - name: create empty second group
+ command: oadm groups new integration-test-group2
+
+ - name: update user with second group membership
+ oc_user:
+ state: present
+ username: "{{ test_user }}"
+ groups:
+ - "integration-test-group"
+ - "integration-test-group2"
+ register: user_out
+ - name: assert adding more group changed
+ assert:
+ that: user_out['changed'] == True
+
+ - name: get group memberships
+ oc_obj:
+ kind: group
+ state: list
+ name: "{{ item }}"
+ with_items:
+ - integration-test-group
+ - integration-test-group2
+ register: user_out
+ - name: assert user member of above groups
+ assert:
+ that: "'{{ test_user }}' in user_out['results'][0]['results']['results'][0]['users'] and \
+ '{{ test_user }}' in user_out['results'][1]['results']['results'][0]['users']"
+ msg: "{{ user_out }}"
+
+ - name: update user with only one group
+ oc_user:
+ state: present
+ username: "{{ test_user }}"
+ groups:
+ - "integration-test-group2"
+ register: user_out
+ - assert:
+ that: user_out['changed'] == True
+
+ - name: get group memberships
+ oc_obj:
+ kind: group
+ state: list
+ name: "{{ item }}"
+ with_items:
+ - "integration-test-group"
+ - "integration-test-group2"
+ register: user_out
+ - debug: var=user_out
+ - name: assert proper user membership
+ assert:
+ that: "'{{ test_user }}' not in user_out['results'][0]['results']['results'][0]['users'] and \
+ '{{ test_user }}' in user_out['results'][1]['results']['results'][0]['users']"
+
+ - name: clean up test groups
+ oc_obj:
+ kind: group
+ state: absent
+ name: "{{ item }}"
+ with_items:
+ - "integration-test-group"
+ - "integration-test-group2"
+
+ - name: clean up test user
+ oc_user:
+ state: absent
+ username: "{{ test_user }}"
diff --git a/roles/lib_openshift/src/test/unit/test_oadm_manage_node.py b/roles/lib_openshift/src/test/unit/test_oc_adm_manage_node.py
index 27d98b869..312b1ecbb 100755
--- a/roles/lib_openshift/src/test/unit/test_oadm_manage_node.py
+++ b/roles/lib_openshift/src/test/unit/test_oc_adm_manage_node.py
@@ -1,5 +1,5 @@
'''
- Unit tests for oadm_manage_node
+ Unit tests for oc_adm_manage_node
'''
import os
@@ -16,16 +16,16 @@ import mock
# place class in our python path
module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
sys.path.insert(0, module_path)
-from oadm_manage_node import ManageNode, locate_oc_binary # noqa: E402
+from oc_adm_manage_node import ManageNode, locate_oc_binary # noqa: E402
class ManageNodeTest(unittest.TestCase):
'''
- Test class for oadm_manage_node
+ Test class for oc_adm_manage_node
'''
- @mock.patch('oadm_manage_node.Utils.create_tmpfile_copy')
- @mock.patch('oadm_manage_node.ManageNode.openshift_cmd')
+ @mock.patch('oc_adm_manage_node.Utils.create_tmpfile_copy')
+ @mock.patch('oc_adm_manage_node.ManageNode.openshift_cmd')
def test_list_pods(self, mock_openshift_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'node': ['ip-172-31-49-140.ec2.internal'],
@@ -107,8 +107,8 @@ class ManageNodeTest(unittest.TestCase):
# returned 2 pods
self.assertTrue(len(results['results']['nodes']['ip-172-31-49-140.ec2.internal']) == 2)
- @mock.patch('oadm_manage_node.Utils.create_tmpfile_copy')
- @mock.patch('oadm_manage_node.ManageNode.openshift_cmd')
+ @mock.patch('oc_adm_manage_node.Utils.create_tmpfile_copy')
+ @mock.patch('oc_adm_manage_node.ManageNode.openshift_cmd')
def test_schedulable_false(self, mock_openshift_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'node': ['ip-172-31-49-140.ec2.internal'],
diff --git a/roles/lib_openshift/src/test/unit/test_oc_configmap.py b/roles/lib_openshift/src/test/unit/test_oc_configmap.py
new file mode 100755
index 000000000..318fd6167
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/test_oc_configmap.py
@@ -0,0 +1,239 @@
+'''
+ Unit tests for oc configmap
+'''
+
+import copy
+import os
+import six
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error,wrong-import-position
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_configmap import OCConfigMap, locate_oc_binary # noqa: E402
+
+
+class OCConfigMapTest(unittest.TestCase):
+ '''
+ Test class for OCConfigMap
+ '''
+ params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'state': 'present',
+ 'debug': False,
+ 'name': 'configmap',
+ 'from_file': {},
+ 'from_literal': {},
+ 'namespace': 'test'}
+
+ @mock.patch('oc_configmap.Utils._write')
+ @mock.patch('oc_configmap.Utils.create_tmpfile_copy')
+ @mock.patch('oc_configmap.OCConfigMap._run')
+ def test_create_configmap(self, mock_run, mock_tmpfile_copy, mock_write):
+ ''' Testing a configmap create '''
+ # TODO
+ return
+ params = copy.deepcopy(OCConfigMapTest.params)
+ params['from_file'] = {'test': '/root/file'}
+ params['from_literal'] = {'foo': 'bar'}
+
+ configmap = '''{
+ "apiVersion": "v1",
+ "data": {
+ "foo": "bar",
+ "test": "this is a file\\n"
+ },
+ "kind": "ConfigMap",
+ "metadata": {
+ "creationTimestamp": "2017-03-20T20:24:35Z",
+ "name": "configmap",
+ "namespace": "test"
+ }
+ }'''
+
+ mock_run.side_effect = [
+ (1, '', 'Error from server (NotFound): configmaps "configmap" not found'),
+ (0, '', ''),
+ (0, configmap, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCConfigMap.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['results']['results'][0]['metadata']['name'], 'configmap')
+
+ @mock.patch('oc_configmap.Utils._write')
+ @mock.patch('oc_configmap.Utils.create_tmpfile_copy')
+ @mock.patch('oc_configmap.OCConfigMap._run')
+ def test_update_configmap(self, mock_run, mock_tmpfile_copy, mock_write):
+ ''' Testing a configmap create '''
+ params = copy.deepcopy(OCConfigMapTest.params)
+ params['from_file'] = {'test': '/root/file'}
+ params['from_literal'] = {'foo': 'bar', 'deployment_type': 'online'}
+
+ configmap = '''{
+ "apiVersion": "v1",
+ "data": {
+ "foo": "bar",
+ "test": "this is a file\\n"
+ },
+ "kind": "ConfigMap",
+ "metadata": {
+ "creationTimestamp": "2017-03-20T20:24:35Z",
+ "name": "configmap",
+ "namespace": "test"
+
+ }
+ }'''
+
+ mod_configmap = '''{
+ "apiVersion": "v1",
+ "data": {
+ "foo": "bar",
+ "deployment_type": "online",
+ "test": "this is a file\\n"
+ },
+ "kind": "ConfigMap",
+ "metadata": {
+ "creationTimestamp": "2017-03-20T20:24:35Z",
+ "name": "configmap",
+ "namespace": "test"
+
+ }
+ }'''
+
+ mock_run.side_effect = [
+ (0, configmap, ''),
+ (0, mod_configmap, ''),
+ (0, configmap, ''),
+ (0, '', ''),
+ (0, mod_configmap, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCConfigMap.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['results']['results'][0]['metadata']['name'], 'configmap')
+ self.assertEqual(results['results']['results'][0]['data']['deployment_type'], 'online')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_path_exists.side_effect = lambda _: False
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_shutil_which.side_effect = lambda _f, path=None: None
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
diff --git a/roles/lib_openshift/src/test/unit/test_oc_group.py b/roles/lib_openshift/src/test/unit/test_oc_group.py
new file mode 100755
index 000000000..8eef37810
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/test_oc_group.py
@@ -0,0 +1,253 @@
+'''
+ Unit tests for oc group
+'''
+
+import copy
+import os
+import six
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error,wrong-import-position
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_group import OCGroup, locate_oc_binary # noqa: E402
+
+
+class OCGroupTest(unittest.TestCase):
+ '''
+ Test class for OCGroup
+ '''
+ params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'state': 'present',
+ 'debug': False,
+ 'name': 'acme',
+ 'namespace': 'test'}
+
+ @mock.patch('oc_group.Utils.create_tmpfile_copy')
+ @mock.patch('oc_group.OCGroup._run')
+ def test_create_group(self, mock_run, mock_tmpfile_copy):
+ ''' Testing a group create '''
+ params = copy.deepcopy(OCGroupTest.params)
+
+ group = '''{
+ "kind": "Group",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "acme"
+ },
+ "users": []
+ }'''
+
+ mock_run.side_effect = [
+ (1, '', 'Error from server: groups "acme" not found'),
+ (1, '', 'Error from server: groups "acme" not found'),
+ (0, '', ''),
+ (0, group, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCGroup.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['results']['results'][0]['metadata']['name'], 'acme')
+
+ @mock.patch('oc_group.Utils.create_tmpfile_copy')
+ @mock.patch('oc_group.OCGroup._run')
+ def test_failed_get_group(self, mock_run, mock_tmpfile_copy):
+ ''' Testing a group create '''
+ params = copy.deepcopy(OCGroupTest.params)
+ params['state'] = 'list'
+ params['name'] = 'noexist'
+
+ mock_run.side_effect = [
+ (1, '', 'Error from server: groups "acme" not found'),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCGroup.run_ansible(params, False)
+
+ self.assertTrue(results['failed'])
+
+ @mock.patch('oc_group.Utils.create_tmpfile_copy')
+ @mock.patch('oc_group.OCGroup._run')
+ def test_delete_group(self, mock_run, mock_tmpfile_copy):
+ ''' Testing a group create '''
+ params = copy.deepcopy(OCGroupTest.params)
+ params['state'] = 'absent'
+
+ group = '''{
+ "kind": "Group",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "acme"
+ },
+ "users": [
+ "user1"
+ ]
+ }'''
+
+ mock_run.side_effect = [
+ (0, group, ''),
+ (0, '', ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCGroup.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+
+ @mock.patch('oc_group.Utils.create_tmpfile_copy')
+ @mock.patch('oc_group.OCGroup._run')
+ def test_get_group(self, mock_run, mock_tmpfile_copy):
+ ''' Testing a group create '''
+ params = copy.deepcopy(OCGroupTest.params)
+ params['state'] = 'list'
+
+ group = '''{
+ "kind": "Group",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "acme"
+ },
+ "users": [
+ "user1"
+ ]
+ }'''
+
+ mock_run.side_effect = [
+ (0, group, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCGroup.run_ansible(params, False)
+
+ self.assertFalse(results['changed'])
+ self.assertEqual(results['results'][0]['metadata']['name'], 'acme')
+ self.assertEqual(results['results'][0]['users'][0], 'user1')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_path_exists.side_effect = lambda _: False
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_shutil_which.side_effect = lambda _f, path=None: None
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
diff --git a/roles/lib_openshift/src/test/unit/test_oc_image.py b/roles/lib_openshift/src/test/unit/test_oc_image.py
new file mode 100755
index 000000000..943c8ca17
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/test_oc_image.py
@@ -0,0 +1,280 @@
+'''
+ Unit tests for oc image
+'''
+import os
+import sys
+import unittest
+import mock
+import six
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_image import OCImage, locate_oc_binary # noqa: E402
+
+
+class OCImageTest(unittest.TestCase):
+ '''
+ Test class for OCImage
+ '''
+
+ @mock.patch('oc_image.Utils.create_tmpfile_copy')
+ @mock.patch('oc_image.OCImage._run')
+ def test_state_list(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing a label list '''
+ params = {'registry_url': 'registry.ops.openshift.com',
+ 'image_name': 'oso-rhel7-zagg-web',
+ 'image_tag': 'int',
+ 'namespace': 'default',
+ 'state': 'list',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False}
+
+ istream = '''{
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "oso-rhel7-zagg-web",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/imagestreams/oso-rhel7-zagg-web",
+ "uid": "6ca2b199-dcdb-11e6-8ffd-0a5f8e3e32be",
+ "resourceVersion": "8135944",
+ "generation": 1,
+ "creationTimestamp": "2017-01-17T17:36:05Z",
+ "annotations": {
+ "openshift.io/image.dockerRepositoryCheck": "2017-01-17T17:36:05Z"
+ }
+ },
+ "spec": {
+ "tags": [
+ {
+ "name": "int",
+ "annotations": null,
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.ops.openshift.com/ops/oso-rhel7-zagg-web:int"
+ },
+ "generation": 1,
+ "importPolicy": {}
+ }
+ ]
+ },
+ "status": {
+ "dockerImageRepository": "172.30.183.164:5000/default/oso-rhel7-zagg-web",
+ "tags": [
+ {
+ "tag": "int",
+ "items": [
+ {
+ "created": "2017-01-17T17:36:05Z",
+ "dockerImageReference": "registry.ops.openshift.com/ops/oso-rhel7-zagg-web@sha256:645bab780cf18a9b764d64b02ca65c39d13cb16f19badd0a49a1668629759392",
+ "image": "sha256:645bab780cf18a9b764d64b02ca65c39d13cb16f19badd0a49a1668629759392",
+ "generation": 1
+ }
+ ]
+ }
+ ]
+ }
+ }
+ '''
+
+ mock_cmd.side_effect = [
+ (0, istream, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCImage.run_ansible(params, False)
+
+ self.assertFalse(results['changed'])
+ self.assertEquals(results['results']['results'][0]['metadata']['name'], 'oso-rhel7-zagg-web')
+
+ @mock.patch('oc_image.Utils.create_tmpfile_copy')
+ @mock.patch('oc_image.OCImage._run')
+ def test_state_present(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing a image present '''
+ params = {'registry_url': 'registry.ops.openshift.com',
+ 'image_name': 'oso-rhel7-zagg-web',
+ 'image_tag': 'int',
+ 'namespace': 'default',
+ 'state': 'present',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False}
+
+ istream = '''{
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "oso-rhel7-zagg-web",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/imagestreams/oso-rhel7-zagg-web",
+ "uid": "6ca2b199-dcdb-11e6-8ffd-0a5f8e3e32be",
+ "resourceVersion": "8135944",
+ "generation": 1,
+ "creationTimestamp": "2017-01-17T17:36:05Z",
+ "annotations": {
+ "openshift.io/image.dockerRepositoryCheck": "2017-01-17T17:36:05Z"
+ }
+ },
+ "spec": {
+ "tags": [
+ {
+ "name": "int",
+ "annotations": null,
+ "from": {
+ "kind": "DockerImage",
+ "name": "registry.ops.openshift.com/ops/oso-rhel7-zagg-web:int"
+ },
+ "generation": 1,
+ "importPolicy": {}
+ }
+ ]
+ },
+ "status": {
+ "dockerImageRepository": "172.30.183.164:5000/default/oso-rhel7-zagg-web",
+ "tags": [
+ {
+ "tag": "int",
+ "items": [
+ {
+ "created": "2017-01-17T17:36:05Z",
+ "dockerImageReference": "registry.ops.openshift.com/ops/oso-rhel7-zagg-web@sha256:645bab780cf18a9b764d64b02ca65c39d13cb16f19badd0a49a1668629759392",
+ "image": "sha256:645bab780cf18a9b764d64b02ca65c39d13cb16f19badd0a49a1668629759392",
+ "generation": 1
+ }
+ ]
+ }
+ ]
+ }
+ }
+ '''
+
+ mock_cmd.side_effect = [
+ (1, '', 'Error from server: imagestreams "oso-rhel7-zagg-web" not found'),
+ (0, '', ''),
+ (0, istream, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCImage.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertTrue(results['results']['results'][0]['metadata']['name'] == 'oso-rhel7-zagg-web')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_path_exists.side_effect = lambda _: False
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_shutil_which.side_effect = lambda _f, path=None: None
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
diff --git a/roles/lib_openshift/src/test/unit/test_oc_project.py b/roles/lib_openshift/src/test/unit/test_oc_project.py
index 5155101cb..fa454d035 100755
--- a/roles/lib_openshift/src/test/unit/test_oc_project.py
+++ b/roles/lib_openshift/src/test/unit/test_oc_project.py
@@ -2,6 +2,7 @@
Unit tests for oc project
'''
+import copy
import os
import sys
import unittest
@@ -20,9 +21,22 @@ from oc_project import OCProject # noqa: E402
class OCProjectTest(unittest.TestCase):
'''
- Test class for OCSecret
+ Test class for OCProject
'''
+ # run_ansible input parameters
+ params = {
+ 'state': 'present',
+ 'display_name': 'operations project',
+ 'name': 'operations',
+ 'node_selector': ['ops_only=True'],
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'debug': False,
+ 'admin': None,
+ 'admin_role': 'admin',
+ 'description': 'All things operations project',
+ }
+
@mock.patch('oc_project.locate_oc_binary')
@mock.patch('oc_project.Utils.create_tmpfile_copy')
@mock.patch('oc_project.Utils._write')
@@ -30,21 +44,9 @@ class OCProjectTest(unittest.TestCase):
def test_adding_a_project(self, mock_cmd, mock_write, mock_tmpfile_copy, mock_loc_oc_bin):
''' Testing adding a project '''
- # Arrange
+ params = copy.deepcopy(OCProjectTest.params)
# run_ansible input parameters
- params = {
- 'state': 'present',
- 'display_name': 'operations project',
- 'name': 'operations',
- 'node_selector': ['ops_only=True'],
- 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
- 'debug': False,
- 'admin': None,
- 'admin_role': 'admin',
- 'description': 'All things operations project',
- }
-
project_results = '''{
"kind": "Project",
"apiVersion": "v1",
@@ -90,7 +92,6 @@ class OCProjectTest(unittest.TestCase):
]
# Act
-
results = OCProject.run_ansible(params, False)
# Assert
@@ -108,3 +109,172 @@ class OCProjectTest(unittest.TestCase):
mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None),
])
+
+ @mock.patch('oc_project.locate_oc_binary')
+ @mock.patch('oc_project.Utils.create_tmpfile_copy')
+ @mock.patch('oc_project.Utils._write')
+ @mock.patch('oc_project.OCProject._run')
+ def test_modifying_a_project_no_attributes(self, mock_cmd, mock_write, mock_tmpfile_copy, mock_loc_oc_bin):
+ ''' Testing adding a project '''
+ params = copy.deepcopy(self.params)
+ params['display_name'] = None
+ params['node_selector'] = None
+ params['description'] = None
+
+ # run_ansible input parameters
+ project_results = '''{
+ "kind": "Project",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "operations",
+ "selfLink": "/oapi/v1/projects/operations",
+ "uid": "5e52afb8-ee33-11e6-89f4-0edc441d9666",
+ "resourceVersion": "1584",
+ "labels": {},
+ "annotations": {
+ "openshift.io/node-selector": "",
+ "openshift.io/description: "This is a description",
+ "openshift.io/sa.initialized-roles": "true",
+ "openshift.io/sa.scc.mcs": "s0:c3,c2",
+ "openshift.io/sa.scc.supplemental-groups": "1000010000/10000",
+ "openshift.io/sa.scc.uid-range": "1000010000/10000"
+ }
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ }'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ (0, project_results, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ mock_loc_oc_bin.side_effect = [
+ 'oc',
+ ]
+
+ # Act
+ results = OCProject.run_ansible(params, False)
+
+ # Assert
+ self.assertFalse(results['changed'])
+
+ # Making sure our mock was called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None),
+ ])
+
+ @mock.patch('oc_project.locate_oc_binary')
+ @mock.patch('oc_project.Utils.create_tmpfile_copy')
+ @mock.patch('oc_project.Utils._write')
+ @mock.patch('oc_project.OCProject._run')
+ def test_modifying_project_attributes(self, mock_cmd, mock_write, mock_tmpfile_copy, mock_loc_oc_bin):
+ ''' Testing adding a project '''
+ params = copy.deepcopy(self.params)
+ params['display_name'] = 'updated display name'
+ params['node_selector'] = 'type=infra'
+ params['description'] = 'updated description'
+
+ # run_ansible input parameters
+ project_results = '''{
+ "kind": "Project",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "operations",
+ "selfLink": "/oapi/v1/projects/operations",
+ "uid": "5e52afb8-ee33-11e6-89f4-0edc441d9666",
+ "resourceVersion": "1584",
+ "labels": {},
+ "annotations": {
+ "openshift.io/node-selector": "",
+ "openshift.io/description": "This is a description",
+ "openshift.io/sa.initialized-roles": "true",
+ "openshift.io/sa.scc.mcs": "s0:c3,c2",
+ "openshift.io/sa.scc.supplemental-groups": "1000010000/10000",
+ "openshift.io/sa.scc.uid-range": "1000010000/10000"
+ }
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ }'''
+
+ mod_project_results = '''{
+ "kind": "Project",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "operations",
+ "selfLink": "/oapi/v1/projects/operations",
+ "uid": "5e52afb8-ee33-11e6-89f4-0edc441d9666",
+ "resourceVersion": "1584",
+ "labels": {},
+ "annotations": {
+ "openshift.io/node-selector": "type=infra",
+ "openshift.io/description": "updated description",
+ "openshift.io/display-name": "updated display name",
+ "openshift.io/sa.initialized-roles": "true",
+ "openshift.io/sa.scc.mcs": "s0:c3,c2",
+ "openshift.io/sa.scc.supplemental-groups": "1000010000/10000",
+ "openshift.io/sa.scc.uid-range": "1000010000/10000"
+ }
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ }'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ (0, project_results, ''),
+ (0, project_results, ''),
+ (0, '', ''),
+ (0, mod_project_results, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ mock_loc_oc_bin.side_effect = [
+ 'oc',
+ ]
+
+ # Act
+ results = OCProject.run_ansible(params, False)
+
+ # Assert
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['results']['returncode'], 0)
+ self.assertEqual(results['results']['results']['metadata']['annotations']['openshift.io/description'], 'updated description')
+ self.assertEqual(results['state'], 'present')
+
+ # Making sure our mock was called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None),
+ mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None),
+ mock.call(['oc', 'replace', '-f', mock.ANY], None),
+ mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None),
+ ])
diff --git a/roles/lib_openshift/src/test/unit/test_oc_pvc.py b/roles/lib_openshift/src/test/unit/test_oc_pvc.py
new file mode 100755
index 000000000..82187917d
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/test_oc_pvc.py
@@ -0,0 +1,366 @@
+'''
+ Unit tests for oc pvc
+'''
+
+import copy
+import os
+import six
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error,wrong-import-position
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_pvc import OCPVC, locate_oc_binary # noqa: E402
+
+
+class OCPVCTest(unittest.TestCase):
+ '''
+ Test class for OCPVC
+ '''
+ params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'state': 'present',
+ 'debug': False,
+ 'name': 'mypvc',
+ 'namespace': 'test',
+ 'volume_capacity': '1G',
+ 'access_modes': 'ReadWriteMany'}
+
+ @mock.patch('oc_pvc.Utils.create_tmpfile_copy')
+ @mock.patch('oc_pvc.OCPVC._run')
+ def test_create_pvc(self, mock_run, mock_tmpfile_copy):
+ ''' Testing a pvc create '''
+ params = copy.deepcopy(OCPVCTest.params)
+
+ pvc = '''{"kind": "PersistentVolumeClaim",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "mypvc",
+ "namespace": "test",
+ "selfLink": "/api/v1/namespaces/test/persistentvolumeclaims/mypvc",
+ "uid": "77597898-d8d8-11e6-aea5-0e3c0c633889",
+ "resourceVersion": "126510787",
+ "creationTimestamp": "2017-01-12T15:04:50Z",
+ "labels": {
+ "mypvc": "database"
+ },
+ "annotations": {
+ "pv.kubernetes.io/bind-completed": "yes",
+ "pv.kubernetes.io/bound-by-controller": "yes",
+ "v1.2-volume.experimental.kubernetes.io/provisioning-required": "volume.experimental.kubernetes.io/provisioning-completed"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "1Gi"
+ }
+ },
+ "volumeName": "pv-aws-ow5vl"
+ },
+ "status": {
+ "phase": "Bound",
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "capacity": {
+ "storage": "1Gi"
+ }
+ }
+ }'''
+
+ mock_run.side_effect = [
+ (1, '', 'Error from server: persistentvolumeclaims "mypvc" not found'),
+ (1, '', 'Error from server: persistentvolumeclaims "mypvc" not found'),
+ (0, '', ''),
+ (0, pvc, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCPVC.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['results']['results'][0]['metadata']['name'], 'mypvc')
+
+ @mock.patch('oc_pvc.Utils.create_tmpfile_copy')
+ @mock.patch('oc_pvc.OCPVC._run')
+ def test_update_pvc(self, mock_run, mock_tmpfile_copy):
+ ''' Testing a pvc create '''
+ params = copy.deepcopy(OCPVCTest.params)
+ params['access_modes'] = 'ReadWriteMany'
+
+ pvc = '''{"kind": "PersistentVolumeClaim",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "mypvc",
+ "namespace": "test",
+ "selfLink": "/api/v1/namespaces/test/persistentvolumeclaims/mypvc",
+ "uid": "77597898-d8d8-11e6-aea5-0e3c0c633889",
+ "resourceVersion": "126510787",
+ "creationTimestamp": "2017-01-12T15:04:50Z",
+ "labels": {
+ "mypvc": "database"
+ },
+ "annotations": {
+ "pv.kubernetes.io/bind-completed": "yes",
+ "pv.kubernetes.io/bound-by-controller": "yes",
+ "v1.2-volume.experimental.kubernetes.io/provisioning-required": "volume.experimental.kubernetes.io/provisioning-completed"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "1Gi"
+ }
+ },
+ "volumeName": "pv-aws-ow5vl"
+ },
+ "status": {
+ "phase": "Bound",
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "capacity": {
+ "storage": "1Gi"
+ }
+ }
+ }'''
+
+ mod_pvc = '''{"kind": "PersistentVolumeClaim",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "mypvc",
+ "namespace": "test",
+ "selfLink": "/api/v1/namespaces/test/persistentvolumeclaims/mypvc",
+ "uid": "77597898-d8d8-11e6-aea5-0e3c0c633889",
+ "resourceVersion": "126510787",
+ "creationTimestamp": "2017-01-12T15:04:50Z",
+ "labels": {
+ "mypvc": "database"
+ },
+ "annotations": {
+ "pv.kubernetes.io/bind-completed": "yes",
+ "pv.kubernetes.io/bound-by-controller": "yes",
+ "v1.2-volume.experimental.kubernetes.io/provisioning-required": "volume.experimental.kubernetes.io/provisioning-completed"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteMany"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "1Gi"
+ }
+ },
+ "volumeName": "pv-aws-ow5vl"
+ },
+ "status": {
+ "phase": "Bound",
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "capacity": {
+ "storage": "1Gi"
+ }
+ }
+ }'''
+
+ mock_run.side_effect = [
+ (0, pvc, ''),
+ (0, pvc, ''),
+ (0, '', ''),
+ (0, mod_pvc, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCPVC.run_ansible(params, False)
+
+ self.assertFalse(results['changed'])
+ self.assertEqual(results['results']['msg'], '##### - This volume is currently bound. Will not update - ####')
+
+ @mock.patch('oc_pvc.Utils.create_tmpfile_copy')
+ @mock.patch('oc_pvc.OCPVC._run')
+ def test_delete_pvc(self, mock_run, mock_tmpfile_copy):
+ ''' Testing a pvc create '''
+ params = copy.deepcopy(OCPVCTest.params)
+ params['state'] = 'absent'
+
+ pvc = '''{"kind": "PersistentVolumeClaim",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "mypvc",
+ "namespace": "test",
+ "selfLink": "/api/v1/namespaces/test/persistentvolumeclaims/mypvc",
+ "uid": "77597898-d8d8-11e6-aea5-0e3c0c633889",
+ "resourceVersion": "126510787",
+ "creationTimestamp": "2017-01-12T15:04:50Z",
+ "labels": {
+ "mypvc": "database"
+ },
+ "annotations": {
+ "pv.kubernetes.io/bind-completed": "yes",
+ "pv.kubernetes.io/bound-by-controller": "yes",
+ "v1.2-volume.experimental.kubernetes.io/provisioning-required": "volume.experimental.kubernetes.io/provisioning-completed"
+ }
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "1Gi"
+ }
+ },
+ "volumeName": "pv-aws-ow5vl"
+ },
+ "status": {
+ "phase": "Bound",
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "capacity": {
+ "storage": "1Gi"
+ }
+ }
+ }'''
+
+ mock_run.side_effect = [
+ (0, pvc, ''),
+ (0, '', ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCPVC.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_path_exists.side_effect = lambda _: False
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_shutil_which.side_effect = lambda _f, path=None: None
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
diff --git a/roles/lib_openshift/src/test/unit/test_oc_route.py b/roles/lib_openshift/src/test/unit/test_oc_route.py
index 09c52a461..afdb5e4dc 100755
--- a/roles/lib_openshift/src/test/unit/test_oc_route.py
+++ b/roles/lib_openshift/src/test/unit/test_oc_route.py
@@ -21,7 +21,7 @@ from oc_route import OCRoute, locate_oc_binary # noqa: E402
class OCRouteTest(unittest.TestCase):
'''
- Test class for OCServiceAccount
+ Test class for OCRoute
'''
@mock.patch('oc_route.locate_oc_binary')
diff --git a/roles/lib_openshift/src/test/unit/test_oc_user.py b/roles/lib_openshift/src/test/unit/test_oc_user.py
new file mode 100755
index 000000000..f7a17cc2c
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/test_oc_user.py
@@ -0,0 +1,127 @@
+#!/usr/bin/env python2
+'''
+ Unit tests for oc user
+'''
+# To run
+# ./oc_user.py
+#
+# ..
+# ----------------------------------------------------------------------
+# Ran 2 tests in 0.003s
+#
+# OK
+
+import os
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_user import OCUser # noqa: E402
+
+
+class OCUserTest(unittest.TestCase):
+ '''
+ Test class for OCUser
+ '''
+
+ def setUp(self):
+ ''' setup method will create a file and set to known configuration '''
+ pass
+
+ @mock.patch('oc_user.Utils.create_tmpfile_copy')
+ @mock.patch('oc_user.OCUser._run')
+ def test_state_list(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing a user list '''
+ params = {'username': 'testuser@email.com',
+ 'state': 'list',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'full_name': None,
+ 'groups': [],
+ 'debug': False}
+
+ user = '''{
+ "kind": "User",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "testuser@email.com",
+ "selfLink": "/oapi/v1/users/testuser@email.com",
+ "uid": "02fee6c9-f20d-11e6-b83b-12e1a7285e80",
+ "resourceVersion": "38566887",
+ "creationTimestamp": "2017-02-13T16:53:58Z"
+ },
+ "fullName": "Test User",
+ "identities": null,
+ "groups": null
+ }'''
+
+ mock_cmd.side_effect = [
+ (0, user, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCUser.run_ansible(params, False)
+
+ self.assertFalse(results['changed'])
+ self.assertTrue(results['results'][0]['metadata']['name'] == "testuser@email.com")
+
+ @mock.patch('oc_user.Utils.create_tmpfile_copy')
+ @mock.patch('oc_user.OCUser._run')
+ def test_state_present(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing a user list '''
+ params = {'username': 'testuser@email.com',
+ 'state': 'present',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'full_name': 'Test User',
+ 'groups': [],
+ 'debug': False}
+
+ created_user = '''{
+ "kind": "User",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "testuser@email.com",
+ "selfLink": "/oapi/v1/users/testuser@email.com",
+ "uid": "8d508039-f224-11e6-b83b-12e1a7285e80",
+ "resourceVersion": "38646241",
+ "creationTimestamp": "2017-02-13T19:42:28Z"
+ },
+ "fullName": "Test User",
+ "identities": null,
+ "groups": null
+ }'''
+
+ mock_cmd.side_effect = [
+ (1, '', 'Error from server: users "testuser@email.com" not found'), # get
+ (1, '', 'Error from server: users "testuser@email.com" not found'), # get
+ (0, 'user "testuser@email.com" created', ''), # create
+ (0, created_user, ''), # get
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCUser.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertTrue(results['results']['results'][0]['metadata']['name'] ==
+ "testuser@email.com")
+
+ def tearDown(self):
+ '''TearDown method'''
+ pass
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/roles/lib_openshift/src/test/unit/test_oc_volume.py b/roles/lib_openshift/src/test/unit/test_oc_volume.py
new file mode 100755
index 000000000..d91e22bc7
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/test_oc_volume.py
@@ -0,0 +1,633 @@
+'''
+ Unit tests for oc volume
+'''
+
+import copy
+import os
+import six
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_volume import OCVolume, locate_oc_binary # noqa: E402
+
+
+class OCVolumeTest(unittest.TestCase):
+ '''
+ Test class for OCVolume
+ '''
+ params = {'name': 'oso-rhel7-zagg-web',
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'namespace': 'test',
+ 'labels': None,
+ 'state': 'present',
+ 'kind': 'dc',
+ 'mount_path': None,
+ 'secret_name': None,
+ 'mount_type': 'pvc',
+ 'claim_name': 'testclaim',
+ 'claim_size': '1G',
+ 'configmap_name': None,
+ 'vol_name': 'test-volume',
+ 'debug': False}
+
+ @mock.patch('oc_volume.Utils.create_tmpfile_copy')
+ @mock.patch('oc_volume.OCVolume._run')
+ def test_create_pvc(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing a label list '''
+ params = copy.deepcopy(OCVolumeTest.params)
+
+ dc = '''{
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "oso-rhel7-zagg-web",
+ "namespace": "new-monitoring",
+ "selfLink": "/oapi/v1/namespaces/new-monitoring/deploymentconfigs/oso-rhel7-zagg-web",
+ "uid": "f56e9dd2-7c13-11e6-b046-0e8844de0587",
+ "resourceVersion": "137095771",
+ "generation": 4,
+ "creationTimestamp": "2016-09-16T13:46:24Z",
+ "labels": {
+ "app": "oso-rhel7-ops-base",
+ "name": "oso-rhel7-zagg-web"
+ },
+ "annotations": {
+ "openshift.io/generated-by": "OpenShiftNewApp"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Rolling",
+ "rollingParams": {
+ "updatePeriodSeconds": 1,
+ "intervalSeconds": 1,
+ "timeoutSeconds": 600,
+ "maxUnavailable": "25%",
+ "maxSurge": "25%"
+ },
+ "resources": {}
+ },
+ "triggers": [
+ {
+ "type": "ConfigChange"
+ },
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "oso-rhel7-zagg-web"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "new-monitoring",
+ "name": "oso-rhel7-zagg-web:latest"
+ },
+ "lastTriggeredImage": "notused"
+ }
+ }
+ ],
+ "replicas": 10,
+ "test": false,
+ "selector": {
+ "deploymentconfig": "oso-rhel7-zagg-web"
+ },
+ "template": {
+ "metadata": {
+ "creationTimestamp": null,
+ "labels": {
+ "app": "oso-rhel7-ops-base",
+ "deploymentconfig": "oso-rhel7-zagg-web"
+ },
+ "annotations": {
+ "openshift.io/generated-by": "OpenShiftNewApp"
+ }
+ },
+ "spec": {
+ "volumes": [
+ {
+ "name": "monitoring-secrets",
+ "secret": {
+ "secretName": "monitoring-secrets"
+ }
+ }
+ ],
+ "containers": [
+ {
+ "name": "oso-rhel7-zagg-web",
+ "image": "notused",
+ "resources": {},
+ "volumeMounts": [
+ {
+ "name": "monitoring-secrets",
+ "mountPath": "/secrets"
+ }
+ ],
+ "terminationMessagePath": "/dev/termination-log",
+ "imagePullPolicy": "Always",
+ "securityContext": {
+ "capabilities": {},
+ "privileged": false
+ }
+ }
+ ],
+ "restartPolicy": "Always",
+ "terminationGracePeriodSeconds": 30,
+ "dnsPolicy": "ClusterFirst",
+ "securityContext": {}
+ }
+ }
+ }
+ }'''
+
+ post_dc = '''{
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "oso-rhel7-zagg-web",
+ "namespace": "new-monitoring",
+ "selfLink": "/oapi/v1/namespaces/new-monitoring/deploymentconfigs/oso-rhel7-zagg-web",
+ "uid": "f56e9dd2-7c13-11e6-b046-0e8844de0587",
+ "resourceVersion": "137095771",
+ "generation": 4,
+ "creationTimestamp": "2016-09-16T13:46:24Z",
+ "labels": {
+ "app": "oso-rhel7-ops-base",
+ "name": "oso-rhel7-zagg-web"
+ },
+ "annotations": {
+ "openshift.io/generated-by": "OpenShiftNewApp"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Rolling",
+ "rollingParams": {
+ "updatePeriodSeconds": 1,
+ "intervalSeconds": 1,
+ "timeoutSeconds": 600,
+ "maxUnavailable": "25%",
+ "maxSurge": "25%"
+ },
+ "resources": {}
+ },
+ "triggers": [
+ {
+ "type": "ConfigChange"
+ },
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "oso-rhel7-zagg-web"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "new-monitoring",
+ "name": "oso-rhel7-zagg-web:latest"
+ },
+ "lastTriggeredImage": "notused"
+ }
+ }
+ ],
+ "replicas": 10,
+ "test": false,
+ "selector": {
+ "deploymentconfig": "oso-rhel7-zagg-web"
+ },
+ "template": {
+ "metadata": {
+ "creationTimestamp": null,
+ "labels": {
+ "app": "oso-rhel7-ops-base",
+ "deploymentconfig": "oso-rhel7-zagg-web"
+ },
+ "annotations": {
+ "openshift.io/generated-by": "OpenShiftNewApp"
+ }
+ },
+ "spec": {
+ "volumes": [
+ {
+ "name": "monitoring-secrets",
+ "secret": {
+ "secretName": "monitoring-secrets"
+ }
+ },
+ {
+ "name": "test-volume",
+ "persistentVolumeClaim": {
+ "claimName": "testclass",
+ "claimSize": "1G"
+ }
+ }
+ ],
+ "containers": [
+ {
+ "name": "oso-rhel7-zagg-web",
+ "image": "notused",
+ "resources": {},
+ "volumeMounts": [
+ {
+ "name": "monitoring-secrets",
+ "mountPath": "/secrets"
+ },
+ {
+ "name": "test-volume",
+ "mountPath": "/data"
+ }
+ ],
+ "terminationMessagePath": "/dev/termination-log",
+ "imagePullPolicy": "Always",
+ "securityContext": {
+ "capabilities": {},
+ "privileged": false
+ }
+ }
+ ],
+ "restartPolicy": "Always",
+ "terminationGracePeriodSeconds": 30,
+ "dnsPolicy": "ClusterFirst",
+ "securityContext": {}
+ }
+ }
+ }
+ }'''
+
+ mock_cmd.side_effect = [
+ (0, dc, ''),
+ (0, dc, ''),
+ (0, '', ''),
+ (0, post_dc, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCVolume.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertTrue(results['results']['results'][-1]['name'] == 'test-volume')
+
+ @mock.patch('oc_volume.Utils.create_tmpfile_copy')
+ @mock.patch('oc_volume.OCVolume._run')
+ def test_create_configmap(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing a label list '''
+ params = copy.deepcopy(OCVolumeTest.params)
+ params.update({'mount_path': '/configmap',
+ 'mount_type': 'configmap',
+ 'configmap_name': 'configtest',
+ 'vol_name': 'configvol'})
+
+ dc = '''{
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "oso-rhel7-zagg-web",
+ "namespace": "new-monitoring",
+ "selfLink": "/oapi/v1/namespaces/new-monitoring/deploymentconfigs/oso-rhel7-zagg-web",
+ "uid": "f56e9dd2-7c13-11e6-b046-0e8844de0587",
+ "resourceVersion": "137095771",
+ "generation": 4,
+ "creationTimestamp": "2016-09-16T13:46:24Z",
+ "labels": {
+ "app": "oso-rhel7-ops-base",
+ "name": "oso-rhel7-zagg-web"
+ },
+ "annotations": {
+ "openshift.io/generated-by": "OpenShiftNewApp"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Rolling",
+ "rollingParams": {
+ "updatePeriodSeconds": 1,
+ "intervalSeconds": 1,
+ "timeoutSeconds": 600,
+ "maxUnavailable": "25%",
+ "maxSurge": "25%"
+ },
+ "resources": {}
+ },
+ "triggers": [
+ {
+ "type": "ConfigChange"
+ },
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "oso-rhel7-zagg-web"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "new-monitoring",
+ "name": "oso-rhel7-zagg-web:latest"
+ },
+ "lastTriggeredImage": "notused"
+ }
+ }
+ ],
+ "replicas": 10,
+ "test": false,
+ "selector": {
+ "deploymentconfig": "oso-rhel7-zagg-web"
+ },
+ "template": {
+ "metadata": {
+ "creationTimestamp": null,
+ "labels": {
+ "app": "oso-rhel7-ops-base",
+ "deploymentconfig": "oso-rhel7-zagg-web"
+ },
+ "annotations": {
+ "openshift.io/generated-by": "OpenShiftNewApp"
+ }
+ },
+ "spec": {
+ "volumes": [
+ {
+ "name": "monitoring-secrets",
+ "secret": {
+ "secretName": "monitoring-secrets"
+ }
+ }
+ ],
+ "containers": [
+ {
+ "name": "oso-rhel7-zagg-web",
+ "image": "notused",
+ "resources": {},
+ "volumeMounts": [
+ {
+ "name": "monitoring-secrets",
+ "mountPath": "/secrets"
+ }
+ ],
+ "terminationMessagePath": "/dev/termination-log",
+ "imagePullPolicy": "Always",
+ "securityContext": {
+ "capabilities": {},
+ "privileged": false
+ }
+ }
+ ],
+ "restartPolicy": "Always",
+ "terminationGracePeriodSeconds": 30,
+ "dnsPolicy": "ClusterFirst",
+ "securityContext": {}
+ }
+ }
+ }
+ }'''
+
+ post_dc = '''{
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "oso-rhel7-zagg-web",
+ "namespace": "new-monitoring",
+ "selfLink": "/oapi/v1/namespaces/new-monitoring/deploymentconfigs/oso-rhel7-zagg-web",
+ "uid": "f56e9dd2-7c13-11e6-b046-0e8844de0587",
+ "resourceVersion": "137095771",
+ "generation": 4,
+ "creationTimestamp": "2016-09-16T13:46:24Z",
+ "labels": {
+ "app": "oso-rhel7-ops-base",
+ "name": "oso-rhel7-zagg-web"
+ },
+ "annotations": {
+ "openshift.io/generated-by": "OpenShiftNewApp"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Rolling",
+ "rollingParams": {
+ "updatePeriodSeconds": 1,
+ "intervalSeconds": 1,
+ "timeoutSeconds": 600,
+ "maxUnavailable": "25%",
+ "maxSurge": "25%"
+ },
+ "resources": {}
+ },
+ "triggers": [
+ {
+ "type": "ConfigChange"
+ },
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "oso-rhel7-zagg-web"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "new-monitoring",
+ "name": "oso-rhel7-zagg-web:latest"
+ },
+ "lastTriggeredImage": "notused"
+ }
+ }
+ ],
+ "replicas": 10,
+ "test": false,
+ "selector": {
+ "deploymentconfig": "oso-rhel7-zagg-web"
+ },
+ "template": {
+ "metadata": {
+ "creationTimestamp": null,
+ "labels": {
+ "app": "oso-rhel7-ops-base",
+ "deploymentconfig": "oso-rhel7-zagg-web"
+ },
+ "annotations": {
+ "openshift.io/generated-by": "OpenShiftNewApp"
+ }
+ },
+ "spec": {
+ "volumes": [
+ {
+ "name": "monitoring-secrets",
+ "secret": {
+ "secretName": "monitoring-secrets"
+ }
+ },
+ {
+ "name": "configvol",
+ "configMap": {
+ "name": "configtest"
+ }
+ }
+ ],
+ "containers": [
+ {
+ "name": "oso-rhel7-zagg-web",
+ "image": "notused",
+ "resources": {},
+ "volumeMounts": [
+ {
+ "name": "monitoring-secrets",
+ "mountPath": "/secrets"
+ },
+ {
+ "name": "configvol",
+ "mountPath": "/configmap"
+ }
+ ],
+ "terminationMessagePath": "/dev/termination-log",
+ "imagePullPolicy": "Always",
+ "securityContext": {
+ "capabilities": {},
+ "privileged": false
+ }
+ }
+ ],
+ "restartPolicy": "Always",
+ "terminationGracePeriodSeconds": 30,
+ "dnsPolicy": "ClusterFirst",
+ "securityContext": {}
+ }
+ }
+ }
+ }'''
+
+ mock_cmd.side_effect = [
+ (0, dc, ''),
+ (0, dc, ''),
+ (0, '', ''),
+ (0, post_dc, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ results = OCVolume.run_ansible(params, False)
+
+ self.assertTrue(results['changed'])
+ self.assertTrue(results['results']['results'][-1]['name'] == 'configvol')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_path_exists.side_effect = lambda _: False
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY3, 'py2 test only')
+ @mock.patch('os.path.exists')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_path_exists.side_effect = lambda f: f == oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup fallback '''
+
+ mock_env_get.side_effect = lambda _v, _d: ''
+
+ mock_shutil_which.side_effect = lambda _f, path=None: None
+
+ self.assertEqual(locate_oc_binary(), 'oc')
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in path '''
+
+ oc_bin = '/usr/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in /usr/local/bin '''
+
+ oc_bin = '/usr/local/bin/oc'
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
+
+ @unittest.skipIf(six.PY2, 'py3 test only')
+ @mock.patch('shutil.which')
+ @mock.patch('os.environ.get')
+ def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which):
+ ''' Testing binary lookup in ~/bin '''
+
+ oc_bin = os.path.expanduser('~/bin/oc')
+
+ mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+ mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+ self.assertEqual(locate_oc_binary(), oc_bin)
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index d211d30e8..fefd28bbd 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -22,6 +22,15 @@
- nuage.key
- nuage.kubeconfig
+- name: Copy the certificates and keys
+ become: yes
+ copy: src="/tmp/{{ item }}" dest="{{ cert_output_dir }}/{{ item }}"
+ with_items:
+ - ca.crt
+ - nuage.crt
+ - nuage.key
+ - nuage.kubeconfig
+
- include: certificates.yml
- name: Create nuage-openshift-monitor.yaml
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
index 16ea08244..eee448e2c 100644
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -3,14 +3,20 @@
command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig
register: nuage_tmp_conf_mktemp
changed_when: False
+ run_once: True
+ delegate_to: "{{ nuage_ca_master }}"
- set_fact:
nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}"
+ run_once: True
+ delegate_to: "{{ nuage_ca_master }}"
- name: Copy Configuration to temporary conf
command: >
cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}
changed_when: false
+ run_once: True
+ delegate_to: "{{ nuage_ca_master }}"
- name: Create Admin Service Account
oc_serviceaccount:
@@ -18,6 +24,8 @@
name: nuage
namespace: default
state: present
+ run_once: True
+ delegate_to: "{{ nuage_ca_master }}"
- name: Configure role/user permissions
command: >
@@ -27,6 +35,8 @@
register: osnuage_perm_task
failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
changed_when: osnuage_perm_task.rc == 0
+ run_once: True
+ delegate_to: "{{ nuage_ca_master }}"
- name: Generate the node client config
command: >
@@ -40,8 +50,12 @@
--signer-serial={{ openshift_master_ca_serial }}
--basename='nuage'
--user={{ nuage_service_account }}
+ delegate_to: "{{ nuage_ca_master }}"
+ run_once: True
- name: Clean temporary configuration file
command: >
rm -f {{nuage_tmp_conf}}
changed_when: false
+ delegate_to: "{{ nuage_ca_master }}"
+ run_once: True
diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh
index e3cc3a9b4..0a2d3005f 100755
--- a/roles/openshift_examples/examples-sync.sh
+++ b/roles/openshift_examples/examples-sync.sh
@@ -31,6 +31,8 @@ mv application-templates-GA/fis-image-streams.json ${EXAMPLES_BASE}/xpaas-stream
mv application-templates-GA/quickstarts/* ${EXAMPLES_BASE}/xpaas-templates/
find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \;
wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json
+wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-example.json
+wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-pgsql-persistent.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-pgsql-persistent.json
wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/origin/metrics-deployer.yaml
wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/enterprise/metrics-deployer.yaml
wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/origin/logging-deployer.yaml
diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json
index 0d5ac21d8..857ffa980 100644
--- a/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json
+++ b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json
@@ -27,8 +27,9 @@
"iconClass": "icon-dotnet",
"tags": "builder,.net,dotnet,dotnetcore",
"supports":"dotnet",
- "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git",
- "sampleContextDir": "1.1/test/asp-net-hello-world"
+ "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git",
+ "sampleContextDir": "app",
+ "sampleRef": "dotnetcore-1.1"
},
"from": {
"kind": "ImageStreamTag",
@@ -43,8 +44,9 @@
"iconClass": "icon-dotnet",
"tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore11",
"supports":"dotnet:1.1,dotnet",
- "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git",
- "sampleContextDir": "1.1/test/asp-net-hello-world",
+ "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git",
+ "sampleContextDir": "app",
+ "sampleRef": "dotnetcore-1.1",
"version": "1.1"
},
"from": {
@@ -60,8 +62,9 @@
"iconClass": "icon-dotnet",
"tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10",
"supports":"dotnet:1.0,dotnet",
- "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git",
- "sampleContextDir": "1.0/test/asp-net-hello-world",
+ "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git",
+ "sampleContextDir": "app",
+ "sampleRef": "dotnetcore-1.0",
"version": "1.0"
},
"from": {
diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-example.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-example.json
new file mode 100644
index 000000000..a09d71a00
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-example.json
@@ -0,0 +1,333 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnet-example",
+ "annotations": {
+ "openshift.io/display-name": ".NET Core",
+ "description": "An example .NET Core application.",
+ "tags": "quickstart,dotnet,.net",
+ "iconClass": "icon-dotnet",
+ "template.openshift.io/provider-display-name": "Red Hat, Inc.",
+ "template.openshift.io/documentation-url": "https://github.com/redhat-developer/s2i-dotnetcore",
+ "template.openshift.io/support-url": "https://access.redhat.com"
+ }
+ },
+ "objects": [
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}"
+ },
+ "spec": {
+ "host": "${APPLICATION_DOMAIN}",
+ "to": {
+ "kind": "Service",
+ "name": "${NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}",
+ "annotations": {
+ "description": "Exposes and load balances the application pods"
+ }
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "web",
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "name": "${NAME}"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}",
+ "annotations": {
+ "description": "Keeps track of changes in the application image"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}",
+ "annotations": {
+ "description": "Defines how to build the application"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${NAMESPACE}",
+ "name": "${DOTNET_IMAGE_STREAM_TAG}"
+ },
+ "env": [
+ {
+ "name": "DOTNET_STARTUP_PROJECT",
+ "value": "${DOTNET_STARTUP_PROJECT}"
+ },
+ {
+ "name": "DOTNET_ASSEMBLY_NAME",
+ "value": "${DOTNET_ASSEMBLY_NAME}"
+ },
+ {
+ "name": "DOTNET_NPM_TOOLS",
+ "value": "${DOTNET_NPM_TOOLS}"
+ },
+ {
+ "name": "DOTNET_TEST_PROJECTS",
+ "value": "${DOTNET_TEST_PROJECTS}"
+ },
+ {
+ "name": "DOTNET_CONFIGURATION",
+ "value": "${DOTNET_CONFIGURATION}"
+ },
+ {
+ "name": "DOTNET_PUBLISH",
+ "value": "true"
+ },
+ {
+ "name": "DOTNET_RESTORE_SOURCES",
+ "value": "${DOTNET_RESTORE_SOURCES}"
+ }
+ ]
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "ImageChange"
+ },
+ {
+ "type": "ConfigChange"
+ },
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ },
+ {
+ "type": "Generic",
+ "generic": {
+ "secret": "${GENERIC_WEBHOOK_SECRET}"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}",
+ "annotations": {
+ "description": "Defines how to deploy the application server"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Rolling"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "dotnet-app"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "${NAME}:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "name": "${NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${NAME}",
+ "labels": {
+ "name": "${NAME}"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "dotnet-app",
+ "image": " ",
+ "ports": [
+ {
+ "containerPort": 8080
+ }
+ ],
+ "livenessProbe": {
+ "httpGet": {
+ "path": "/",
+ "port": 8080,
+ "scheme": "HTTP"
+ },
+ "initialDelaySeconds": 40,
+ "timeoutSeconds": 15
+ },
+ "readinessProbe": {
+ "httpGet": {
+ "path": "/",
+ "port": 8080,
+ "scheme": "HTTP"
+ },
+ "initialDelaySeconds": 10,
+ "timeoutSeconds": 30
+ },
+ "resources": {
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
+ "env": []
+ }
+ ]
+ }
+ }
+ }
+ }
+ ],
+ "parameters": [
+ {
+ "name": "NAME",
+ "displayName": "Name",
+ "description": "The name assigned to all of the frontend objects defined in this template.",
+ "required": true,
+ "value": "dotnet-example"
+ },
+ {
+ "name": "MEMORY_LIMIT",
+ "displayName": "Memory Limit",
+ "description": "Maximum amount of memory the container can use.",
+ "required": true,
+ "value": "512Mi"
+ },
+ {
+ "name": "DOTNET_IMAGE_STREAM_TAG",
+ "displayName": ".NET builder",
+ "required": true,
+ "description": "The image stream tag which is used to build the code.",
+ "value": "dotnet:1.0"
+ },
+ {
+ "name": "NAMESPACE",
+ "displayName": "Namespace",
+ "description": "The OpenShift Namespace where the ImageStream resides.",
+ "required": true,
+ "value": "openshift"
+ },
+ {
+ "name": "SOURCE_REPOSITORY_URL",
+ "displayName": "Git Repository URL",
+ "description": "The URL of the repository with your application source code.",
+ "required": true,
+ "value": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git"
+ },
+ {
+ "name": "SOURCE_REPOSITORY_REF",
+ "displayName": "Git Reference",
+ "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.",
+ "value": "dotnetcore-1.0"
+ },
+ {
+ "name": "CONTEXT_DIR",
+ "displayName": "Context Directory",
+ "description": "Set this to use a subdirectory of the source code repository"
+ },
+ {
+ "name": "APPLICATION_DOMAIN",
+ "displayName": "Application Hostname",
+ "description": "The exposed hostname that will route to the .NET Core service, if left blank a value will be defaulted.",
+ "value": ""
+ },
+ {
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "displayName": "GitHub Webhook Secret",
+ "description": "A secret string used to configure the GitHub webhook.",
+ "generate": "expression",
+ "from": "[a-zA-Z0-9]{40}"
+ },
+ {
+ "name": "GENERIC_WEBHOOK_SECRET",
+ "displayName": "Generic Webhook Secret",
+ "description": "A secret string used to configure the Generic webhook.",
+ "generate": "expression",
+ "from": "[a-zA-Z0-9]{40}"
+ },
+ {
+ "name": "DOTNET_STARTUP_PROJECT",
+ "displayName": "Startup Project",
+ "description": "Set this to the folder containing your startup project.",
+ "value": "app"
+ },
+ {
+ "name": "DOTNET_ASSEMBLY_NAME",
+ "displayName": "Startup Assembly",
+ "description": "Set this when the assembly name is overridden in the project file."
+ },
+ {
+ "name": "DOTNET_NPM_TOOLS",
+ "displayName": "Npm Tools",
+ "description": "Set this to a space separated list of npm tools needed to publish.",
+ "value": "bower gulp"
+ },
+ {
+ "name": "DOTNET_TEST_PROJECTS",
+ "displayName": "Test projects",
+ "description": "Set this to a space separated list of test projects to run before publishing."
+ },
+ {
+ "name": "DOTNET_CONFIGURATION",
+ "displayName": "Configuration",
+ "description": "Set this to configuration (Release/Debug).",
+ "value": "Release"
+ },
+ {
+ "name": "DOTNET_RESTORE_SOURCES",
+ "displayName": "NuGet package sources",
+ "description": "Set this to override the NuGet.config sources."
+ }
+ ]
+}
diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json
new file mode 100644
index 000000000..fa31f7f61
--- /dev/null
+++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json
@@ -0,0 +1,544 @@
+{
+ "kind": "Template",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "dotnet-pgsql-persistent",
+ "annotations": {
+ "openshift.io/display-name": ".NET Core + PostgreSQL (Persistent)",
+ "description": "An example .NET Core application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore.",
+ "tags": "quickstart,dotnet",
+ "iconClass": "icon-dotnet",
+ "template.openshift.io/provider-display-name": "Red Hat, Inc.",
+ "template.openshift.io/documentation-url": "https://github.com/redhat-developer/s2i-dotnetcore",
+ "template.openshift.io/support-url": "https://access.redhat.com"
+ }
+ },
+ "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore.",
+ "labels": {
+ "template": "dotnet-pgsql-persistent"
+ },
+ "objects": [
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}",
+ "annotations": {
+ "description": "Exposes and load balances the application pods",
+ "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]"
+ }
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "web",
+ "port": 8080,
+ "targetPort": 8080
+ }
+ ],
+ "selector": {
+ "name": "${NAME}"
+ }
+ }
+ },
+ {
+ "kind": "Route",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}"
+ },
+ "spec": {
+ "host": "${APPLICATION_DOMAIN}",
+ "to": {
+ "kind": "Service",
+ "name": "${NAME}"
+ }
+ }
+ },
+ {
+ "kind": "ImageStream",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}",
+ "annotations": {
+ "description": "Keeps track of changes in the application image"
+ }
+ }
+ },
+ {
+ "kind": "BuildConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}",
+ "annotations": {
+ "description": "Defines how to build the application"
+ }
+ },
+ "spec": {
+ "source": {
+ "type": "Git",
+ "git": {
+ "uri": "${SOURCE_REPOSITORY_URL}",
+ "ref": "${SOURCE_REPOSITORY_REF}"
+ },
+ "contextDir": "${CONTEXT_DIR}"
+ },
+ "strategy": {
+ "type": "Source",
+ "sourceStrategy": {
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "${NAMESPACE}",
+ "name": "${DOTNET_IMAGE_STREAM_TAG}"
+ },
+ "env": [
+ {
+ "name": "DOTNET_STARTUP_PROJECT",
+ "value": "${DOTNET_STARTUP_PROJECT}"
+ },
+ {
+ "name": "DOTNET_ASSEMBLY_NAME",
+ "value": "${DOTNET_ASSEMBLY_NAME}"
+ },
+ {
+ "name": "DOTNET_NPM_TOOLS",
+ "value": "${DOTNET_NPM_TOOLS}"
+ },
+ {
+ "name": "DOTNET_TEST_PROJECTS",
+ "value": "${DOTNET_TEST_PROJECTS}"
+ },
+ {
+ "name": "DOTNET_CONFIGURATION",
+ "value": "${DOTNET_CONFIGURATION}"
+ },
+ {
+ "name": "DOTNET_PUBLISH",
+ "value": "true"
+ },
+ {
+ "name": "DOTNET_RESTORE_SOURCES",
+ "value": "${DOTNET_RESTORE_SOURCES}"
+ }
+ ]
+ }
+ },
+ "output": {
+ "to": {
+ "kind": "ImageStreamTag",
+ "name": "${NAME}:latest"
+ }
+ },
+ "triggers": [
+ {
+ "type": "ImageChange"
+ },
+ {
+ "type": "ConfigChange"
+ },
+ {
+ "type": "GitHub",
+ "github": {
+ "secret": "${GITHUB_WEBHOOK_SECRET}"
+ }
+ }
+ ],
+ "postCommit": {}
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${NAME}",
+ "annotations": {
+ "description": "Defines how to deploy the application server"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Rolling",
+ "rollingParams": {
+ "updatePeriodSeconds": 1,
+ "intervalSeconds": 1,
+ "timeoutSeconds": 600,
+ "maxUnavailable": "25%",
+ "maxSurge": "25%"
+ },
+ "resources": {}
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "dotnet-pgsql-persistent"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "name": "${NAME}:latest"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "name": "${NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${NAME}",
+ "labels": {
+ "name": "${NAME}"
+ }
+ },
+ "spec": {
+ "containers": [
+ {
+ "name": "dotnet-pgsql-persistent",
+ "image": " ",
+ "ports": [
+ {
+ "containerPort": 8080
+ }
+ ],
+ "env": [
+ {
+ "name": "ConnectionString",
+ "value": "Host=${DATABASE_SERVICE_NAME};Database=${DATABASE_NAME};Username=${DATABASE_USER};Password=${DATABASE_PASSWORD}"
+ }
+ ],
+ "resources": {
+ "limits": {
+ "memory": "${MEMORY_LIMIT}"
+ }
+ },
+ "livenessProbe": {
+ "httpGet": {
+ "path": "/",
+ "port": 8080,
+ "scheme": "HTTP"
+ },
+ "initialDelaySeconds": 40,
+ "timeoutSeconds": 10
+ },
+ "readinessProbe": {
+ "httpGet": {
+ "path": "/",
+ "port": 8080,
+ "scheme": "HTTP"
+ },
+ "initialDelaySeconds": 10,
+ "timeoutSeconds": 30
+ }
+ }
+ ]
+ }
+ }
+ }
+ },
+ {
+ "kind": "PersistentVolumeClaim",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "spec": {
+ "accessModes": [
+ "ReadWriteOnce"
+ ],
+ "resources": {
+ "requests": {
+ "storage": "${VOLUME_CAPACITY}"
+ }
+ }
+ }
+ },
+ {
+ "kind": "Service",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}",
+ "annotations": {
+ "description": "Exposes the database server"
+ }
+ },
+ "spec": {
+ "ports": [
+ {
+ "name": "postgresql",
+ "port": 5432,
+ "targetPort": 5432
+ }
+ ],
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ }
+ },
+ {
+ "kind": "DeploymentConfig",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}",
+ "annotations": {
+ "description": "Defines how to deploy the database"
+ }
+ },
+ "spec": {
+ "strategy": {
+ "type": "Recreate"
+ },
+ "triggers": [
+ {
+ "type": "ImageChange",
+ "imageChangeParams": {
+ "automatic": true,
+ "containerNames": [
+ "postgresql"
+ ],
+ "from": {
+ "kind": "ImageStreamTag",
+ "namespace": "openshift",
+ "name": "postgresql:9.5"
+ }
+ }
+ },
+ {
+ "type": "ConfigChange"
+ }
+ ],
+ "replicas": 1,
+ "selector": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ },
+ "template": {
+ "metadata": {
+ "name": "${DATABASE_SERVICE_NAME}",
+ "labels": {
+ "name": "${DATABASE_SERVICE_NAME}"
+ }
+ },
+ "spec": {
+ "volumes": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "persistentVolumeClaim": {
+ "claimName": "${DATABASE_SERVICE_NAME}"
+ }
+ }
+ ],
+ "containers": [
+ {
+ "name": "postgresql",
+ "image": " ",
+ "ports": [
+ {
+ "containerPort": 5432
+ }
+ ],
+ "readinessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 5,
+ "exec": {
+ "command": [
+ "/bin/sh",
+ "-i",
+ "-c",
+ "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"
+ ]
+ }
+ },
+ "livenessProbe": {
+ "timeoutSeconds": 1,
+ "initialDelaySeconds": 30,
+ "tcpSocket": {
+ "port": 5432
+ }
+ },
+ "volumeMounts": [
+ {
+ "name": "${DATABASE_SERVICE_NAME}-data",
+ "mountPath": "/var/lib/pgsql/data"
+ }
+ ],
+ "env": [
+ {
+ "name": "POSTGRESQL_USER",
+ "value": "${DATABASE_USER}"
+ },
+ {
+ "name": "POSTGRESQL_PASSWORD",
+ "value": "${DATABASE_PASSWORD}"
+ },
+ {
+ "name": "POSTGRESQL_DATABASE",
+ "value": "${DATABASE_NAME}"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "value": "${POSTGRESQL_MAX_CONNECTIONS}"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "value": "${POSTGRESQL_SHARED_BUFFERS}"
+ }
+ ],
+ "resources": {
+ "limits": {
+ "memory": "${MEMORY_POSTGRESQL_LIMIT}"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+ ],
+ "parameters": [
+ {
+ "name": "NAME",
+ "displayName": "Name",
+ "description": "The name assigned to all of the frontend objects defined in this template.",
+ "required": true,
+ "value": "musicstore"
+ },
+ {
+ "name": "MEMORY_LIMIT",
+ "displayName": "Memory Limit",
+ "required": true,
+ "description": "Maximum amount of memory the .NET Core container can use.",
+ "value": "512Mi"
+ },
+ {
+ "name": "MEMORY_POSTGRESQL_LIMIT",
+ "displayName": "Memory Limit (PostgreSQL)",
+ "required": true,
+ "description": "Maximum amount of memory the PostgreSQL container can use.",
+ "value": "512Mi"
+ },
+ {
+ "name": "VOLUME_CAPACITY",
+ "displayName": "Volume Capacity",
+ "description": "Volume space available for data, e.g. 512Mi, 2Gi",
+ "value": "1Gi",
+ "required": true
+ },
+ {
+ "name": "DOTNET_IMAGE_STREAM_TAG",
+ "displayName": ".NET builder",
+ "required": true,
+ "description": "The image stream tag which is used to build the code.",
+ "value": "dotnet:1.1"
+ },
+ {
+ "name": "NAMESPACE",
+ "displayName": "Namespace",
+ "required": true,
+ "description": "The OpenShift Namespace where the .NET builder ImageStream resides.",
+ "value": "openshift"
+ },
+ {
+ "name": "SOURCE_REPOSITORY_URL",
+ "displayName": "Git Repository URL",
+ "required": true,
+ "description": "The URL of the repository with your application source code.",
+ "value": "https://github.com/redhat-developer/s2i-aspnet-musicstore-ex.git"
+ },
+ {
+ "name": "SOURCE_REPOSITORY_REF",
+ "displayName": "Git Reference",
+ "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.",
+ "value": "rel/1.1-example"
+ },
+ {
+ "name": "CONTEXT_DIR",
+ "displayName": "Context Directory",
+ "description": "Set this to the relative path to your project if it is not in the root of your repository."
+ },
+ {
+ "name": "DOTNET_STARTUP_PROJECT",
+ "displayName": "Startup Project",
+ "description": "Set this to the folder containing your startup project.",
+ "value": "samples/MusicStore"
+ },
+ {
+ "name": "DOTNET_ASSEMBLY_NAME",
+ "displayName": "Startup Assembly",
+ "description": "Set this when the assembly name is overridden in the project file."
+ },
+ {
+ "name": "DOTNET_NPM_TOOLS",
+ "displayName": "Npm Tools",
+ "description": "Set this to a space separated list of npm tools needed to publish."
+ },
+ {
+ "name": "DOTNET_TEST_PROJECTS",
+ "displayName": "Test projects",
+ "description": "Set this to a space separated list of test projects to run before publishing."
+ },
+ {
+ "name": "DOTNET_CONFIGURATION",
+ "displayName": "Configuration",
+ "description": "Set this to configuration (Release/Debug).",
+ "value": "Release"
+ },
+ {
+ "name": "DOTNET_RESTORE_SOURCES",
+ "displayName": "NuGet package sources",
+ "description": "Set this to override the NuGet.config sources."
+ },
+ {
+ "name": "APPLICATION_DOMAIN",
+ "displayName": "Application Hostname",
+ "description": "The exposed hostname that will route to the .NET Core service, if left blank a value will be defaulted.",
+ "value": ""
+ },
+ {
+ "name": "GITHUB_WEBHOOK_SECRET",
+ "displayName": "GitHub Webhook Secret",
+ "description": "A secret string used to configure the GitHub webhook.",
+ "generate": "expression",
+ "from": "[a-zA-Z0-9]{40}"
+ },
+ {
+ "name": "DATABASE_SERVICE_NAME",
+ "required": true,
+ "displayName": "Database Service Name",
+ "value": "postgresql"
+ },
+ {
+ "name": "DATABASE_USER",
+ "displayName": "Database Username",
+ "generate": "expression",
+ "from": "user[A-Z0-9]{3}"
+ },
+ {
+ "name": "DATABASE_PASSWORD",
+ "displayName": "Database Password",
+ "generate": "expression",
+ "from": "[a-zA-Z0-9]{8}"
+ },
+ {
+ "name": "DATABASE_NAME",
+ "required": true,
+ "displayName": "Database Name",
+ "value": "musicstore"
+ },
+ {
+ "name": "POSTGRESQL_MAX_CONNECTIONS",
+ "displayName": "Maximum Database Connections",
+ "value": "100"
+ },
+ {
+ "name": "POSTGRESQL_SHARED_BUFFERS",
+ "displayName": "Shared Buffer Amount",
+ "value": "12MB"
+ }
+ ]
+}
diff --git a/roles/openshift_excluder/README.md b/roles/openshift_excluder/README.md
index e76a15952..e048bd107 100644
--- a/roles/openshift_excluder/README.md
+++ b/roles/openshift_excluder/README.md
@@ -18,8 +18,6 @@ Facts
| enable_docker_excluder | enable_excluders | Enable docker excluder. If not set, the docker excluder is ignored. |
| enable_openshift_excluder | enable_excluders | Enable openshift excluder. If not set, the openshift excluder is ignored. |
| enable_excluders | None | Enable all excluders
-| enable_docker_excluder_override | None | indication the docker excluder needs to be enabled |
-| disable_openshift_excluder_override | None | indication the openshift excluder needs to be disabled |
Role Variables
--------------
diff --git a/roles/openshift_excluder/tasks/adjust.yml b/roles/openshift_excluder/tasks/adjust.yml
deleted file mode 100644
index 2535b9ea6..000000000
--- a/roles/openshift_excluder/tasks/adjust.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-# Depending on enablement of individual excluders and their status
-# some excluders needs to be disabled, resp. enabled
-# By default, all excluders are disabled unless overrided.
-- block:
- - include: init.yml
- # All excluders that are to be enabled are enabled
- - include: exclude.yml
- vars:
- # Enable the docker excluder only if it is overrided
- enable_docker_excluder: "{{ enable_docker_excluder_override | default(false) | bool }}"
- # excluder is to be disabled by default
- enable_openshift_excluder: false
- # All excluders that are to be disabled are disabled
- - include: unexclude.yml
- vars:
- # If the docker override is not set, default to the generic behaviour
- disable_docker_excluder: "{{ not enable_docker_excluder_override | default(not docker_excluder_on) | bool }}"
- # disable openshift excluder is never overrided to be enabled
- # disable it if the docker excluder is enabled
- disable_openshift_excluder: "{{ openshift_excluder_on | bool }}"
- when:
- - not openshift.common.is_atomic | bool
diff --git a/roles/openshift_excluder/tasks/disable.yml b/roles/openshift_excluder/tasks/disable.yml
index a8deb3eb1..e23496b3b 100644
--- a/roles/openshift_excluder/tasks/disable.yml
+++ b/roles/openshift_excluder/tasks/disable.yml
@@ -1,7 +1,6 @@
---
# input variables
# - with_status_check
-# - with_install
# - excluder_package_state
# - docker_excluder_package_state
- include: init.yml
@@ -18,9 +17,24 @@
# it the docker excluder is enabled, we install it and in case its status is non-zero
# it is enabled no matter what
-# Check the current state of all excluders
-- include: status.yml
- when: with_status_check | default(docker_excluder_on or openshift_excluder_on) | bool
-
- # And finally adjust an excluder in order to update host components correctly
-- include: adjust.yml
+# And finally adjust an excluder in order to update host components correctly. First
+# exclude then unexclude
+- block:
+ - include: exclude.yml
+ vars:
+ # Enable the docker excluder only if it is overrided
+ # BZ #1430612: docker excluders should be enabled even during installation and upgrade
+ exclude_docker_excluder: "{{ docker_excluder_on | bool }}"
+ # excluder is to be disabled by default
+ exclude_openshift_excluder: false
+ # All excluders that are to be disabled are disabled
+ - include: unexclude.yml
+ vars:
+ # If the docker override is not set, default to the generic behaviour
+ # BZ #1430612: docker excluders should be enabled even during installation and upgrade
+ unexclude_docker_excluder: false
+ # disable openshift excluder is never overrided to be enabled
+ # disable it if the docker excluder is enabled
+ unexclude_openshift_excluder: true
+ when:
+ - not openshift.common.is_atomic | bool
diff --git a/roles/openshift_excluder/tasks/enable.yml b/roles/openshift_excluder/tasks/enable.yml
index 413c7b5cf..e719325bc 100644
--- a/roles/openshift_excluder/tasks/enable.yml
+++ b/roles/openshift_excluder/tasks/enable.yml
@@ -1,6 +1,5 @@
---
# input variables:
-# - with_install
- block:
- include: init.yml
@@ -8,14 +7,12 @@
vars:
install_docker_excluder: "{{ docker_excluder_on | bool }}"
install_openshift_excluder: "{{ openshift_excluder_on | bool }}"
- when: with_install | default(docker_excluder_on or openshift_excluder_on) | bool
+ when: docker_excluder_on or openshift_excluder_on | bool
- include: exclude.yml
vars:
- # Enable the docker excluder only if it is overrided, resp. enabled by default (in that order)
- enable_docker_excluder: "{{ enable_docker_excluder_override | default(docker_excluder_on) | bool }}"
- # Enable the openshift excluder only if it is not overrided, resp. enabled by default (in that order)
- enable_openshift_excluder: "{{ not disable_openshift_excluder_override | default(not openshift_excluder_on) | bool }}"
+ exclude_docker_excluder: "{{ docker_excluder_on | bool }}"
+ exclude_openshift_excluder: "{{ openshift_excluder_on | bool }}"
when:
- not openshift.common.is_atomic | bool
diff --git a/roles/openshift_excluder/tasks/exclude.yml b/roles/openshift_excluder/tasks/exclude.yml
index af9824aae..ca18d343f 100644
--- a/roles/openshift_excluder/tasks/exclude.yml
+++ b/roles/openshift_excluder/tasks/exclude.yml
@@ -1,20 +1,30 @@
---
# input variables:
-# - enable_docker_excluder
-# - enable_openshift_excluder
+# - exclude_docker_excluder
+# - exclude_openshift_excluder
- block:
+
+ - name: Check for docker-excluder
+ stat:
+ path: /sbin/{{ openshift.common.service_type }}-docker-excluder
+ register: docker_excluder_stat
- name: Enable docker excluder
command: "{{ openshift.common.service_type }}-docker-excluder exclude"
- # if the docker override is set, it means the docker excluder needs to be enabled no matter what
- # if the docker override is not set, the excluder is set based on enable_docker_excluder
when:
- - enable_docker_excluder | default(false) | bool
+ - exclude_docker_excluder | default(false) | bool
+ - docker_excluder_stat.stat.exists
+ - name: Check for openshift excluder
+ stat:
+ path: /sbin/{{ openshift.common.service_type }}-excluder
+ register: openshift_excluder_stat
- name: Enable openshift excluder
command: "{{ openshift.common.service_type }}-excluder exclude"
# if the openshift override is set, it means the openshift excluder is disabled no matter what
# if the openshift override is not set, the excluder is set based on enable_openshift_excluder
when:
- - enable_openshift_excluder | default(false) | bool
+ - exclude_openshift_excluder | default(false) | bool
+ - openshift_excluder_stat.stat.exists
+
when:
- not openshift.common.is_atomic | bool
diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml
index dcc8df0cb..3490a613e 100644
--- a/roles/openshift_excluder/tasks/install.yml
+++ b/roles/openshift_excluder/tasks/install.yml
@@ -6,14 +6,14 @@
- name: Install docker excluder
package:
- name: "{{ openshift.common.service_type }}-docker-excluder"
+ name: "{{ openshift.common.service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}"
state: "{{ docker_excluder_package_state }}"
when:
- install_docker_excluder | default(true) | bool
- name: Install openshift excluder
package:
- name: "{{ openshift.common.service_type }}-excluder"
+ name: "{{ openshift.common.service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}"
state: "{{ openshift_excluder_package_state }}"
when:
- install_openshift_excluder | default(true) | bool
diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml
deleted file mode 100644
index 78a3d37cb..000000000
--- a/roles/openshift_excluder/tasks/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-include: status.yml
diff --git a/roles/openshift_excluder/tasks/status.yml b/roles/openshift_excluder/tasks/status.yml
deleted file mode 100644
index 363ccdbea..000000000
--- a/roles/openshift_excluder/tasks/status.yml
+++ /dev/null
@@ -1,84 +0,0 @@
----
-- name: Determine if excluder packages are installed
- rpm_q:
- name: "{{ openshift.common.service_type }}-excluder"
- state: present
- register: openshift_excluder_installed
- failed_when: false
-
-# docker excluder needs to be enable by default
-- name: Determine if docker packages are installed
- rpm_q:
- name: "{{ openshift.common.service_type }}-docker-excluder"
- state: present
- register: docker_excluder_installed
- failed_when: false
-
-# The excluder status function returns 0 when everything is excluded
-# and 1 if any packages are missing from the exclusions list and outputs a warning to stderr
-# # atomic-openshift-excluder status ; echo $?
-# exclude -- All packages excluded
-# 0
-# # atomic-openshift-excluder unexclude
-# # atomic-openshift-excluder status ; echo $?
-# unexclude -- At least one package not excluded
-# 1
-
-- block:
- - include: init.yml
- - block:
- - name: Record openshift excluder status
- command: "{{ openshift.common.service_type }}-excluder status"
- register: excluder_status
- failed_when: false
-
- # Even though the openshift excluder is enabled
- # if the status is non-zero, disabled the excluder
- - name: Override openshift excluder enablement if the status is non-zero
- set_fact:
- disable_openshift_excluder_override: true
- when:
- - "{{ excluder_status.rc | default(0) != 0 }}"
-
- - debug:
- msg: "Disabling openshift excluder"
- when:
- - "{{ excluder_status.rc | default(0) != 0 }}"
-
- when:
- - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
- - "{{ openshift_excluder_on }}"
-
- - block:
- - name: Record docker excluder status
- command: "{{ openshift.common.service_type }}-docker-excluder status"
- register: docker_excluder_status
- failed_when: false
-
- # If the docker excluder is installed and the status is non-zero
- # always enable the docker excluder
- - name: Override docker excluder enablement if the status is non-zero
- set_fact:
- enable_docker_excluder_override: true
- when:
- - "{{ docker_excluder_status.rc | default(0) != 0 }}"
-
- - debug:
- msg: "Enabling docker excluder"
- when:
- - "{{ docker_excluder_status.rc | default(0) != 0 }}"
-
- # As the docker excluder status is not satisfied,
- # re-enable entire docker excluder again
- # At the same time keep the override set in a case other task would
- - name: Enable docker excluder
- command: "{{ openshift.common.service_type }}-docker-excluder exclude"
-
- # Run the docker excluder status even if the excluder is disabled.
- # In order to determine of the excluder needs to be enabled.
- when:
- - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
- - "{{ docker_excluder_on }}"
-
- when:
- - not openshift.common.is_atomic | bool
diff --git a/roles/openshift_excluder/tasks/unexclude.yml b/roles/openshift_excluder/tasks/unexclude.yml
index 196ca25f5..4df7f14b4 100644
--- a/roles/openshift_excluder/tasks/unexclude.yml
+++ b/roles/openshift_excluder/tasks/unexclude.yml
@@ -1,19 +1,28 @@
---
# input variables:
-# - disable_docker_excluder
-# - disable_openshift_excluder
+# - unexclude_docker_excluder
+# - unexclude_openshift_excluder
- block:
- - include: init.yml
+ - name: Check for docker-excluder
+ stat:
+ path: /sbin/{{ openshift.common.service_type }}-docker-excluder
+ register: docker_excluder_stat
- name: disable docker excluder
command: "{{ openshift.common.service_type }}-docker-excluder unexclude"
when:
- - disable_docker_excluder | default(false) | bool
+ - unexclude_docker_excluder | default(false) | bool
+ - docker_excluder_stat.stat.exists
+ - name: Check for openshift excluder
+ stat:
+ path: /sbin/{{ openshift.common.service_type }}-excluder
+ register: openshift_excluder_stat
- name: disable openshift excluder
command: "{{ openshift.common.service_type }}-excluder unexclude"
when:
- - disable_openshift_excluder | default(false) | bool
+ - unexclude_openshift_excluder | default(false) | bool
+ - openshift_excluder_stat.stat.exists
when:
- not openshift.common.is_atomic | bool
diff --git a/roles/openshift_health_checker/action_plugins/openshift_health_check.py b/roles/openshift_health_checker/action_plugins/openshift_health_check.py
index 0411797b1..8b23533c8 100644
--- a/roles/openshift_health_checker/action_plugins/openshift_health_check.py
+++ b/roles/openshift_health_checker/action_plugins/openshift_health_check.py
@@ -74,6 +74,7 @@ class ActionModule(ActionBase):
result["failed"] = True
result["msg"] = "One or more checks failed"
+ result["changed"] = any(r.get("changed", False) for r in check_results.values())
return result
def load_known_checks(self):
diff --git a/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py b/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py
index 8caefab15..208e81048 100644
--- a/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py
+++ b/roles/openshift_health_checker/callback_plugins/zz_failure_summary.py
@@ -53,11 +53,11 @@ class CallbackModule(CallbackBase):
subsequent_extra_indent = u' ' * (initial_indent_len + 10)
for i, failure in enumerate(self.__failures, 1):
- lines = _format_failure(failure)
- self._display.display(u'\n{}{}'.format(initial_indent_format.format(i), lines[0]))
- for line in lines[1:]:
- line = line.replace(u'\n', u'\n' + subsequent_extra_indent)
- indented = u'{}{}'.format(subsequent_indent, line)
+ entries = _format_failure(failure)
+ self._display.display(u'\n{}{}'.format(initial_indent_format.format(i), entries[0]))
+ for entry in entries[1:]:
+ entry = entry.replace(u'\n', u'\n' + subsequent_extra_indent)
+ indented = u'{}{}'.format(subsequent_indent, entry)
self._display.display(indented)
@@ -66,8 +66,9 @@ class CallbackModule(CallbackBase):
# Status: permanently disabled unless Ansible's API changes.
# pylint: disable=protected-access
def _format_failure(failure):
- '''Return a list of pretty-formatted lines describing a failure, including
- relevant information about it. Line separators are not included.'''
+ '''Return a list of pretty-formatted text entries describing a failure, including
+ relevant information about it. Expect that the list of text entries will be joined
+ by a newline separator when output to the user.'''
result = failure['result']
host = result._host.get_name()
play = _get_play(result._task)
@@ -75,16 +76,29 @@ def _format_failure(failure):
play = play.get_name()
task = result._task.get_name()
msg = result._result.get('msg', u'???')
- rows = (
+ fields = (
(u'Host', host),
(u'Play', play),
(u'Task', task),
(u'Message', stringc(msg, C.COLOR_ERROR)),
)
if 'checks' in result._result:
- rows += ((u'Details', stringc(pformat(result._result['checks']), C.COLOR_ERROR)),)
+ fields += ((u'Details', _format_failed_checks(result._result['checks'])),)
row_format = '{:10}{}'
- return [row_format.format(header + u':', body) for header, body in rows]
+ return [row_format.format(header + u':', body) for header, body in fields]
+
+
+def _format_failed_checks(checks):
+ '''Return pretty-formatted text describing checks that failed.'''
+ failed_check_msgs = []
+ for check, body in checks.items():
+ if body.get('failed', False): # only show the failed checks
+ msg = body.get('msg', u"Failed without returning a message")
+ failed_check_msgs.append('check "%s":\n%s' % (check, msg))
+ if failed_check_msgs:
+ return stringc("\n\n".join(failed_check_msgs), C.COLOR_ERROR)
+ else: # something failed but no checks will admit to it, so dump everything
+ return stringc(pformat(checks), C.COLOR_ERROR)
# Reason: disable pylint protected-access because we need to access _*
diff --git a/roles/openshift_health_checker/library/aos_version.py b/roles/openshift_health_checker/library/aos_version.py
index 13b7d310b..191a4b107 100755
--- a/roles/openshift_health_checker/library/aos_version.py
+++ b/roles/openshift_health_checker/library/aos_version.py
@@ -32,6 +32,7 @@ def main(): # pylint: disable=missing-docstring,too-many-branches
bail("prefix must not be empty")
yb = yum.YumBase() # pylint: disable=invalid-name
+ yb.conf.disable_excludes = ["all"] # assume the openshift excluder will be managed, ignore current state
# search for package versions available for aos pkgs
expected_pkgs = [
diff --git a/roles/openshift_health_checker/library/check_yum_update.py b/roles/openshift_health_checker/library/check_yum_update.py
index 9bc14fd47..630ebc848 100755
--- a/roles/openshift_health_checker/library/check_yum_update.py
+++ b/roles/openshift_health_checker/library/check_yum_update.py
@@ -27,6 +27,7 @@ def main(): # pylint: disable=missing-docstring,too-many-branches
module.fail_json(msg=error)
yb = yum.YumBase() # pylint: disable=invalid-name
+ yb.conf.disable_excludes = ["all"] # assume the openshift excluder will be managed, ignore current state
# determine if the existing yum configuration is valid
try:
yb.repos.populateSack(mdtype='metadata', cacheonly=1)
diff --git a/roles/openshift_health_checker/library/docker_container.py b/roles/openshift_health_checker/library/docker_container.py
new file mode 100644
index 000000000..f81b4ec01
--- /dev/null
+++ b/roles/openshift_health_checker/library/docker_container.py
@@ -0,0 +1,2036 @@
+#!/usr/bin/python
+# pylint: skip-file
+# flake8: noqa
+
+# TODO: remove this file once openshift-ansible requires ansible >= 2.3.
+# This file is a copy of
+# https://github.com/ansible/ansible/blob/20bf02f/lib/ansible/modules/cloud/docker/docker_container.py.
+# It has been temporarily vendored here due to issue https://github.com/ansible/ansible/issues/22323.
+
+
+# Copyright 2016 Red Hat | Ansible
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+ANSIBLE_METADATA = {'status': ['preview'],
+ 'supported_by': 'committer',
+ 'version': '1.0'}
+
+DOCUMENTATION = '''
+---
+module: docker_container
+
+short_description: manage docker containers
+
+description:
+ - Manage the life cycle of docker containers.
+ - Supports check mode. Run with --check and --diff to view config difference and list of actions to be taken.
+
+version_added: "2.1"
+
+options:
+ blkio_weight:
+ description:
+ - Block IO (relative weight), between 10 and 1000.
+ default: null
+ required: false
+ capabilities:
+ description:
+ - List of capabilities to add to the container.
+ default: null
+ required: false
+ cleanup:
+ description:
+ - Use with I(detach) to remove the container after successful execution.
+ default: false
+ required: false
+ version_added: "2.2"
+ command:
+ description:
+ - Command to execute when the container starts.
+ default: null
+ required: false
+ cpu_period:
+ description:
+ - Limit CPU CFS (Completely Fair Scheduler) period
+ default: 0
+ required: false
+ cpu_quota:
+ description:
+ - Limit CPU CFS (Completely Fair Scheduler) quota
+ default: 0
+ required: false
+ cpuset_cpus:
+ description:
+ - CPUs in which to allow execution C(1,3) or C(1-3).
+ default: null
+ required: false
+ cpuset_mems:
+ description:
+ - Memory nodes (MEMs) in which to allow execution C(0-3) or C(0,1)
+ default: null
+ required: false
+ cpu_shares:
+ description:
+ - CPU shares (relative weight).
+ default: null
+ required: false
+ detach:
+ description:
+ - Enable detached mode to leave the container running in background.
+ If disabled, the task will reflect the status of the container run (failed if the command failed).
+ default: true
+ required: false
+ devices:
+ description:
+ - "List of host device bindings to add to the container. Each binding is a mapping expressed
+ in the format: <path_on_host>:<path_in_container>:<cgroup_permissions>"
+ default: null
+ required: false
+ dns_servers:
+ description:
+ - List of custom DNS servers.
+ default: null
+ required: false
+ dns_search_domains:
+ description:
+ - List of custom DNS search domains.
+ default: null
+ required: false
+ env:
+ description:
+ - Dictionary of key,value pairs.
+ default: null
+ required: false
+ env_file:
+ version_added: "2.2"
+ description:
+ - Path to a file containing environment variables I(FOO=BAR).
+ - If variable also present in C(env), then C(env) value will override.
+ - Requires docker-py >= 1.4.0.
+ default: null
+ required: false
+ entrypoint:
+ description:
+ - Command that overwrites the default ENTRYPOINT of the image.
+ default: null
+ required: false
+ etc_hosts:
+ description:
+ - Dict of host-to-IP mappings, where each host name is a key in the dictionary.
+ Each host name will be added to the container's /etc/hosts file.
+ default: null
+ required: false
+ exposed_ports:
+ description:
+ - List of additional container ports which informs Docker that the container
+ listens on the specified network ports at runtime.
+ If the port is already exposed using EXPOSE in a Dockerfile, it does not
+ need to be exposed again.
+ default: null
+ required: false
+ aliases:
+ - exposed
+ force_kill:
+ description:
+ - Use the kill command when stopping a running container.
+ default: false
+ required: false
+ groups:
+ description:
+ - List of additional group names and/or IDs that the container process will run as.
+ default: null
+ required: false
+ hostname:
+ description:
+ - Container hostname.
+ default: null
+ required: false
+ ignore_image:
+ description:
+ - When C(state) is I(present) or I(started) the module compares the configuration of an existing
+ container to requested configuration. The evaluation includes the image version. If
+ the image version in the registry does not match the container, the container will be
+ recreated. Stop this behavior by setting C(ignore_image) to I(True).
+ default: false
+ required: false
+ version_added: "2.2"
+ image:
+ description:
+ - Repository path and tag used to create the container. If an image is not found or pull is true, the image
+ will be pulled from the registry. If no tag is included, 'latest' will be used.
+ default: null
+ required: false
+ interactive:
+ description:
+ - Keep stdin open after a container is launched, even if not attached.
+ default: false
+ required: false
+ ipc_mode:
+ description:
+ - Set the IPC mode for the container. Can be one of 'container:<name|id>' to reuse another
+ container's IPC namespace or 'host' to use the host's IPC namespace within the container.
+ default: null
+ required: false
+ keep_volumes:
+ description:
+ - Retain volumes associated with a removed container.
+ default: true
+ required: false
+ kill_signal:
+ description:
+ - Override default signal used to kill a running container.
+ default null:
+ required: false
+ kernel_memory:
+ description:
+ - "Kernel memory limit (format: <number>[<unit>]). Number is a positive integer.
+ Unit can be one of b, k, m, or g. Minimum is 4M."
+ default: 0
+ required: false
+ labels:
+ description:
+ - Dictionary of key value pairs.
+ default: null
+ required: false
+ links:
+ description:
+ - List of name aliases for linked containers in the format C(container_name:alias)
+ default: null
+ required: false
+ log_driver:
+ description:
+ - Specify the logging driver. Docker uses json-file by default.
+ choices:
+ - none
+ - json-file
+ - syslog
+ - journald
+ - gelf
+ - fluentd
+ - awslogs
+ - splunk
+ default: null
+ required: false
+ log_options:
+ description:
+ - Dictionary of options specific to the chosen log_driver. See https://docs.docker.com/engine/admin/logging/overview/
+ for details.
+ required: false
+ default: null
+ mac_address:
+ description:
+ - Container MAC address (e.g. 92:d0:c6:0a:29:33)
+ default: null
+ required: false
+ memory:
+ description:
+ - "Memory limit (format: <number>[<unit>]). Number is a positive integer.
+ Unit can be one of b, k, m, or g"
+ default: 0
+ required: false
+ memory_reservation:
+ description:
+ - "Memory soft limit (format: <number>[<unit>]). Number is a positive integer.
+ Unit can be one of b, k, m, or g"
+ default: 0
+ required: false
+ memory_swap:
+ description:
+ - Total memory limit (memory + swap, format:<number>[<unit>]).
+ Number is a positive integer. Unit can be one of b, k, m, or g.
+ default: 0
+ required: false
+ memory_swappiness:
+ description:
+ - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
+ default: 0
+ required: false
+ name:
+ description:
+ - Assign a name to a new container or match an existing container.
+ - When identifying an existing container name may be a name or a long or short container ID.
+ required: true
+ network_mode:
+ description:
+ - Connect the container to a network.
+ choices:
+ - bridge
+ - container:<name|id>
+ - host
+ - none
+ default: null
+ required: false
+ networks:
+ description:
+ - List of networks the container belongs to.
+ - Each network is a dict with keys C(name), C(ipv4_address), C(ipv6_address), C(links), C(aliases).
+ - For each network C(name) is required, all other keys are optional.
+ - If included, C(links) or C(aliases) are lists.
+ - For examples of the data structure and usage see EXAMPLES below.
+ - To remove a container from one or more networks, use the C(purge_networks) option.
+ default: null
+ required: false
+ version_added: "2.2"
+ oom_killer:
+ description:
+ - Whether or not to disable OOM Killer for the container.
+ default: false
+ required: false
+ oom_score_adj:
+ description:
+ - An integer value containing the score given to the container in order to tune OOM killer preferences.
+ default: 0
+ required: false
+ version_added: "2.2"
+ paused:
+ description:
+ - Use with the started state to pause running processes inside the container.
+ default: false
+ required: false
+ pid_mode:
+ description:
+ - Set the PID namespace mode for the container. Currently only supports 'host'.
+ default: null
+ required: false
+ privileged:
+ description:
+ - Give extended privileges to the container.
+ default: false
+ required: false
+ published_ports:
+ description:
+ - List of ports to publish from the container to the host.
+ - "Use docker CLI syntax: C(8000), C(9000:8000), or C(0.0.0.0:9000:8000), where 8000 is a
+ container port, 9000 is a host port, and 0.0.0.0 is a host interface."
+ - Container ports must be exposed either in the Dockerfile or via the C(expose) option.
+ - A value of all will publish all exposed container ports to random host ports, ignoring
+ any other mappings.
+ - If C(networks) parameter is provided, will inspect each network to see if there exists
+ a bridge network with optional parameter com.docker.network.bridge.host_binding_ipv4.
+ If such a network is found, then published ports where no host IP address is specified
+ will be bound to the host IP pointed to by com.docker.network.bridge.host_binding_ipv4.
+ Note that the first bridge network with a com.docker.network.bridge.host_binding_ipv4
+ value encountered in the list of C(networks) is the one that will be used.
+ aliases:
+ - ports
+ required: false
+ default: null
+ pull:
+ description:
+ - If true, always pull the latest version of an image. Otherwise, will only pull an image when missing.
+ default: false
+ required: false
+ purge_networks:
+ description:
+ - Remove the container from ALL networks not included in C(networks) parameter.
+ - Any default networks such as I(bridge), if not found in C(networks), will be removed as well.
+ default: false
+ required: false
+ version_added: "2.2"
+ read_only:
+ description:
+ - Mount the container's root file system as read-only.
+ default: false
+ required: false
+ recreate:
+ description:
+ - Use with present and started states to force the re-creation of an existing container.
+ default: false
+ required: false
+ restart:
+ description:
+ - Use with started state to force a matching container to be stopped and restarted.
+ default: false
+ required: false
+ restart_policy:
+ description:
+ - Container restart policy. Place quotes around I(no) option.
+ choices:
+ - always
+ - no
+ - on-failure
+ - unless-stopped
+ default: on-failure
+ required: false
+ restart_retries:
+ description:
+ - Use with restart policy to control maximum number of restart attempts.
+ default: 0
+ required: false
+ shm_size:
+ description:
+ - Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater than `0`.
+ Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes).
+ - Omitting the unit defaults to bytes. If you omit the size entirely, the system uses `64m`.
+ default: null
+ required: false
+ security_opts:
+ description:
+ - List of security options in the form of C("label:user:User")
+ default: null
+ required: false
+ state:
+ description:
+ - 'I(absent) - A container matching the specified name will be stopped and removed. Use force_kill to kill the container
+ rather than stopping it. Use keep_volumes to retain volumes associated with the removed container.'
+ - 'I(present) - Asserts the existence of a container matching the name and any provided configuration parameters. If no
+ container matches the name, a container will be created. If a container matches the name but the provided configuration
+ does not match, the container will be updated, if it can be. If it cannot be updated, it will be removed and re-created
+ with the requested config. Image version will be taken into account when comparing configuration. To ignore image
+ version use the ignore_image option. Use the recreate option to force the re-creation of the matching container. Use
+ force_kill to kill the container rather than stopping it. Use keep_volumes to retain volumes associated with a removed
+ container.'
+ - 'I(started) - Asserts there is a running container matching the name and any provided configuration. If no container
+ matches the name, a container will be created and started. If a container matching the name is found but the
+ configuration does not match, the container will be updated, if it can be. If it cannot be updated, it will be removed
+ and a new container will be created with the requested configuration and started. Image version will be taken into
+ account when comparing configuration. To ignore image version use the ignore_image option. Use recreate to always
+ re-create a matching container, even if it is running. Use restart to force a matching container to be stopped and
+ restarted. Use force_kill to kill a container rather than stopping it. Use keep_volumes to retain volumes associated
+ with a removed container.'
+ - 'I(stopped) - Asserts that the container is first I(present), and then if the container is running moves it to a stopped
+ state. Use force_kill to kill a container rather than stopping it.'
+ required: false
+ default: started
+ choices:
+ - absent
+ - present
+ - stopped
+ - started
+ stop_signal:
+ description:
+ - Override default signal used to stop the container.
+ default: null
+ required: false
+ stop_timeout:
+ description:
+ - Number of seconds to wait for the container to stop before sending SIGKILL.
+ required: false
+ default: null
+ trust_image_content:
+ description:
+ - If true, skip image verification.
+ default: false
+ required: false
+ tty:
+ description:
+ - Allocate a psuedo-TTY.
+ default: false
+ required: false
+ ulimits:
+ description:
+ - "List of ulimit options. A ulimit is specified as C(nofile:262144:262144)"
+ default: null
+ required: false
+ user:
+ description:
+ - Sets the username or UID used and optionally the groupname or GID for the specified command.
+ - "Can be [ user | user:group | uid | uid:gid | user:gid | uid:group ]"
+ default: null
+ required: false
+ uts:
+ description:
+ - Set the UTS namespace mode for the container.
+ default: null
+ required: false
+ volumes:
+ description:
+ - List of volumes to mount within the container.
+ - "Use docker CLI-style syntax: C(/host:/container[:mode])"
+ - You can specify a read mode for the mount with either C(ro) or C(rw).
+ - SELinux hosts can additionally use C(z) or C(Z) to use a shared or
+ private label for the volume.
+ default: null
+ required: false
+ volume_driver:
+ description:
+ - The container volume driver.
+ default: none
+ required: false
+ volumes_from:
+ description:
+ - List of container names or Ids to get volumes from.
+ default: null
+ required: false
+extends_documentation_fragment:
+ - docker
+
+author:
+ - "Cove Schneider (@cove)"
+ - "Joshua Conner (@joshuaconner)"
+ - "Pavel Antonov (@softzilla)"
+ - "Thomas Steinbach (@ThomasSteinbach)"
+ - "Philippe Jandot (@zfil)"
+ - "Daan Oosterveld (@dusdanig)"
+ - "James Tanner (@jctanner)"
+ - "Chris Houseknecht (@chouseknecht)"
+
+requirements:
+ - "python >= 2.6"
+ - "docker-py >= 1.7.0"
+ - "Docker API >= 1.20"
+'''
+
+EXAMPLES = '''
+- name: Create a data container
+ docker_container:
+ name: mydata
+ image: busybox
+ volumes:
+ - /data
+
+- name: Re-create a redis container
+ docker_container:
+ name: myredis
+ image: redis
+ command: redis-server --appendonly yes
+ state: present
+ recreate: yes
+ exposed_ports:
+ - 6379
+ volumes_from:
+ - mydata
+
+- name: Restart a container
+ docker_container:
+ name: myapplication
+ image: someuser/appimage
+ state: started
+ restart: yes
+ links:
+ - "myredis:aliasedredis"
+ devices:
+ - "/dev/sda:/dev/xvda:rwm"
+ ports:
+ - "8080:9000"
+ - "127.0.0.1:8081:9001/udp"
+ env:
+ SECRET_KEY: ssssh
+
+- name: Container present
+ docker_container:
+ name: mycontainer
+ state: present
+ image: ubuntu:14.04
+ command: sleep infinity
+
+- name: Stop a container
+ docker_container:
+ name: mycontainer
+ state: stopped
+
+- name: Start 4 load-balanced containers
+ docker_container:
+ name: "container{{ item }}"
+ recreate: yes
+ image: someuser/anotherappimage
+ command: sleep 1d
+ with_sequence: count=4
+
+- name: remove container
+ docker_container:
+ name: ohno
+ state: absent
+
+- name: Syslogging output
+ docker_container:
+ name: myservice
+ image: busybox
+ log_driver: syslog
+ log_options:
+ syslog-address: tcp://my-syslog-server:514
+ syslog-facility: daemon
+ # NOTE: in Docker 1.13+ the "syslog-tag" option was renamed to "tag" for
+ # older docker installs, use "syslog-tag" instead
+ tag: myservice
+
+- name: Create db container and connect to network
+ docker_container:
+ name: db_test
+ image: "postgres:latest"
+ networks:
+ - name: "{{ docker_network_name }}"
+
+- name: Start container, connect to network and link
+ docker_container:
+ name: sleeper
+ image: ubuntu:14.04
+ networks:
+ - name: TestingNet
+ ipv4_address: "172.1.1.100"
+ aliases:
+ - sleepyzz
+ links:
+ - db_test:db
+ - name: TestingNet2
+
+- name: Start a container with a command
+ docker_container:
+ name: sleepy
+ image: ubuntu:14.04
+ command: sleep infinity
+
+- name: Add container to networks
+ docker_container:
+ name: sleepy
+ networks:
+ - name: TestingNet
+ ipv4_address: 172.1.1.18
+ links:
+ - sleeper
+ - name: TestingNet2
+ ipv4_address: 172.1.10.20
+
+- name: Update network with aliases
+ docker_container:
+ name: sleepy
+ networks:
+ - name: TestingNet
+ aliases:
+ - sleepyz
+ - zzzz
+
+- name: Remove container from one network
+ docker_container:
+ name: sleepy
+ networks:
+ - name: TestingNet2
+ purge_networks: yes
+
+- name: Remove container from all networks
+ docker_container:
+ name: sleepy
+ purge_networks: yes
+
+'''
+
+RETURN = '''
+docker_container:
+ description:
+ - Before 2.3 this was 'ansible_docker_container' but was renamed due to conflicts with the connection plugin.
+ - Facts representing the current state of the container. Matches the docker inspection output.
+ - Note that facts are not part of registered vars but accessible directly.
+ - Empty if C(state) is I(absent)
+ - If detached is I(False), will include Output attribute containing any output from container run.
+ returned: always
+ type: dict
+ sample: '{
+ "AppArmorProfile": "",
+ "Args": [],
+ "Config": {
+ "AttachStderr": false,
+ "AttachStdin": false,
+ "AttachStdout": false,
+ "Cmd": [
+ "/usr/bin/supervisord"
+ ],
+ "Domainname": "",
+ "Entrypoint": null,
+ "Env": [
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+ ],
+ "ExposedPorts": {
+ "443/tcp": {},
+ "80/tcp": {}
+ },
+ "Hostname": "8e47bf643eb9",
+ "Image": "lnmp_nginx:v1",
+ "Labels": {},
+ "OnBuild": null,
+ "OpenStdin": false,
+ "StdinOnce": false,
+ "Tty": false,
+ "User": "",
+ "Volumes": {
+ "/tmp/lnmp/nginx-sites/logs/": {}
+ },
+ ...
+ }'
+'''
+
+import re
+
+from ansible.module_utils.docker_common import *
+
+try:
+ from docker import utils
+ if HAS_DOCKER_PY_2:
+ from docker.types import Ulimit
+ else:
+ from docker.utils.types import Ulimit
+except:
+ # missing docker-py handled in ansible.module_utils.docker
+ pass
+
+
+REQUIRES_CONVERSION_TO_BYTES = [
+ 'memory',
+ 'memory_reservation',
+ 'memory_swap',
+ 'shm_size'
+]
+
+VOLUME_PERMISSIONS = ('rw', 'ro', 'z', 'Z')
+
+class TaskParameters(DockerBaseClass):
+ '''
+ Access and parse module parameters
+ '''
+
+ def __init__(self, client):
+ super(TaskParameters, self).__init__()
+ self.client = client
+
+ self.blkio_weight = None
+ self.capabilities = None
+ self.cleanup = None
+ self.command = None
+ self.cpu_period = None
+ self.cpu_quota = None
+ self.cpuset_cpus = None
+ self.cpuset_mems = None
+ self.cpu_shares = None
+ self.detach = None
+ self.debug = None
+ self.devices = None
+ self.dns_servers = None
+ self.dns_opts = None
+ self.dns_search_domains = None
+ self.env = None
+ self.env_file = None
+ self.entrypoint = None
+ self.etc_hosts = None
+ self.exposed_ports = None
+ self.force_kill = None
+ self.groups = None
+ self.hostname = None
+ self.ignore_image = None
+ self.image = None
+ self.interactive = None
+ self.ipc_mode = None
+ self.keep_volumes = None
+ self.kernel_memory = None
+ self.kill_signal = None
+ self.labels = None
+ self.links = None
+ self.log_driver = None
+ self.log_options = None
+ self.mac_address = None
+ self.memory = None
+ self.memory_reservation = None
+ self.memory_swap = None
+ self.memory_swappiness = None
+ self.name = None
+ self.network_mode = None
+ self.networks = None
+ self.oom_killer = None
+ self.oom_score_adj = None
+ self.paused = None
+ self.pid_mode = None
+ self.privileged = None
+ self.purge_networks = None
+ self.pull = None
+ self.read_only = None
+ self.recreate = None
+ self.restart = None
+ self.restart_retries = None
+ self.restart_policy = None
+ self.shm_size = None
+ self.security_opts = None
+ self.state = None
+ self.stop_signal = None
+ self.stop_timeout = None
+ self.trust_image_content = None
+ self.tty = None
+ self.user = None
+ self.uts = None
+ self.volumes = None
+ self.volume_binds = dict()
+ self.volumes_from = None
+ self.volume_driver = None
+
+ for key, value in client.module.params.items():
+ setattr(self, key, value)
+
+ for param_name in REQUIRES_CONVERSION_TO_BYTES:
+ if client.module.params.get(param_name):
+ try:
+ setattr(self, param_name, human_to_bytes(client.module.params.get(param_name)))
+ except ValueError as exc:
+ self.fail("Failed to convert %s to bytes: %s" % (param_name, exc))
+
+ self.publish_all_ports = False
+ self.published_ports = self._parse_publish_ports()
+ if self.published_ports in ('all', 'ALL'):
+ self.publish_all_ports = True
+ self.published_ports = None
+
+ self.ports = self._parse_exposed_ports(self.published_ports)
+ self.log("expose ports:")
+ self.log(self.ports, pretty_print=True)
+
+ self.links = self._parse_links(self.links)
+
+ if self.volumes:
+ self.volumes = self._expand_host_paths()
+
+ self.env = self._get_environment()
+ self.ulimits = self._parse_ulimits()
+ self.log_config = self._parse_log_config()
+ self.exp_links = None
+ self.volume_binds = self._get_volume_binds(self.volumes)
+
+ self.log("volumes:")
+ self.log(self.volumes, pretty_print=True)
+ self.log("volume binds:")
+ self.log(self.volume_binds, pretty_print=True)
+
+ if self.networks:
+ for network in self.networks:
+ if not network.get('name'):
+ self.fail("Parameter error: network must have a name attribute.")
+ network['id'] = self._get_network_id(network['name'])
+ if not network['id']:
+ self.fail("Parameter error: network named %s could not be found. Does it exist?" % network['name'])
+ if network.get('links'):
+ network['links'] = self._parse_links(network['links'])
+
+ def fail(self, msg):
+ self.client.module.fail_json(msg=msg)
+
+ @property
+ def update_parameters(self):
+ '''
+ Returns parameters used to update a container
+ '''
+
+ update_parameters = dict(
+ blkio_weight='blkio_weight',
+ cpu_period='cpu_period',
+ cpu_quota='cpu_quota',
+ cpu_shares='cpu_shares',
+ cpuset_cpus='cpuset_cpus',
+ mem_limit='memory',
+ mem_reservation='mem_reservation',
+ memswap_limit='memory_swap',
+ kernel_memory='kernel_memory'
+ )
+ result = dict()
+ for key, value in update_parameters.items():
+ if getattr(self, value, None) is not None:
+ result[key] = getattr(self, value)
+ return result
+
+ @property
+ def create_parameters(self):
+ '''
+ Returns parameters used to create a container
+ '''
+ create_params = dict(
+ command='command',
+ hostname='hostname',
+ user='user',
+ detach='detach',
+ stdin_open='interactive',
+ tty='tty',
+ ports='ports',
+ environment='env',
+ name='name',
+ entrypoint='entrypoint',
+ cpu_shares='cpu_shares',
+ mac_address='mac_address',
+ labels='labels',
+ stop_signal='stop_signal',
+ volume_driver='volume_driver',
+ )
+
+ result = dict(
+ host_config=self._host_config(),
+ volumes=self._get_mounts(),
+ )
+
+ for key, value in create_params.items():
+ if getattr(self, value, None) is not None:
+ result[key] = getattr(self, value)
+ return result
+
+ def _expand_host_paths(self):
+ new_vols = []
+ for vol in self.volumes:
+ if ':' in vol:
+ if len(vol.split(':')) == 3:
+ host, container, mode = vol.split(':')
+ if re.match(r'[\.~]', host):
+ host = os.path.abspath(host)
+ new_vols.append("%s:%s:%s" % (host, container, mode))
+ continue
+ elif len(vol.split(':')) == 2:
+ parts = vol.split(':')
+ if parts[1] not in VOLUME_PERMISSIONS and re.match(r'[\.~]', parts[0]):
+ host = os.path.abspath(parts[0])
+ new_vols.append("%s:%s:rw" % (host, parts[1]))
+ continue
+ new_vols.append(vol)
+ return new_vols
+
+ def _get_mounts(self):
+ '''
+ Return a list of container mounts.
+ :return:
+ '''
+ result = []
+ if self.volumes:
+ for vol in self.volumes:
+ if ':' in vol:
+ if len(vol.split(':')) == 3:
+ host, container, _ = vol.split(':')
+ result.append(container)
+ continue
+ if len(vol.split(':')) == 2:
+ parts = vol.split(':')
+ if parts[1] not in VOLUME_PERMISSIONS:
+ result.append(parts[1])
+ continue
+ result.append(vol)
+ self.log("mounts:")
+ self.log(result, pretty_print=True)
+ return result
+
+ def _host_config(self):
+ '''
+ Returns parameters used to create a HostConfig object
+ '''
+
+ host_config_params=dict(
+ port_bindings='published_ports',
+ publish_all_ports='publish_all_ports',
+ links='links',
+ privileged='privileged',
+ dns='dns_servers',
+ dns_search='dns_search_domains',
+ binds='volume_binds',
+ volumes_from='volumes_from',
+ network_mode='network_mode',
+ cap_add='capabilities',
+ extra_hosts='etc_hosts',
+ read_only='read_only',
+ ipc_mode='ipc_mode',
+ security_opt='security_opts',
+ ulimits='ulimits',
+ log_config='log_config',
+ mem_limit='memory',
+ memswap_limit='memory_swap',
+ mem_swappiness='memory_swappiness',
+ oom_score_adj='oom_score_adj',
+ shm_size='shm_size',
+ group_add='groups',
+ devices='devices',
+ pid_mode='pid_mode'
+ )
+ params = dict()
+ for key, value in host_config_params.items():
+ if getattr(self, value, None) is not None:
+ params[key] = getattr(self, value)
+
+ if self.restart_policy:
+ params['restart_policy'] = dict(Name=self.restart_policy,
+ MaximumRetryCount=self.restart_retries)
+
+ return self.client.create_host_config(**params)
+
+ @property
+ def default_host_ip(self):
+ ip = '0.0.0.0'
+ if not self.networks:
+ return ip
+ for net in self.networks:
+ if net.get('name'):
+ network = self.client.inspect_network(net['name'])
+ if network.get('Driver') == 'bridge' and \
+ network.get('Options', {}).get('com.docker.network.bridge.host_binding_ipv4'):
+ ip = network['Options']['com.docker.network.bridge.host_binding_ipv4']
+ break
+ return ip
+
+ def _parse_publish_ports(self):
+ '''
+ Parse ports from docker CLI syntax
+ '''
+ if self.published_ports is None:
+ return None
+
+ if 'all' in self.published_ports:
+ return 'all'
+
+ default_ip = self.default_host_ip
+
+ binds = {}
+ for port in self.published_ports:
+ parts = str(port).split(':')
+ container_port = parts[-1]
+ if '/' not in container_port:
+ container_port = int(parts[-1])
+
+ p_len = len(parts)
+ if p_len == 1:
+ bind = (default_ip,)
+ elif p_len == 2:
+ bind = (default_ip, int(parts[0]))
+ elif p_len == 3:
+ bind = (parts[0], int(parts[1])) if parts[1] else (parts[0],)
+
+ if container_port in binds:
+ old_bind = binds[container_port]
+ if isinstance(old_bind, list):
+ old_bind.append(bind)
+ else:
+ binds[container_port] = [binds[container_port], bind]
+ else:
+ binds[container_port] = bind
+ return binds
+
+ @staticmethod
+ def _get_volume_binds(volumes):
+ '''
+ Extract host bindings, if any, from list of volume mapping strings.
+
+ :return: dictionary of bind mappings
+ '''
+ result = dict()
+ if volumes:
+ for vol in volumes:
+ host = None
+ if ':' in vol:
+ if len(vol.split(':')) == 3:
+ host, container, mode = vol.split(':')
+ if len(vol.split(':')) == 2:
+ parts = vol.split(':')
+ if parts[1] not in VOLUME_PERMISSIONS:
+ host, container, mode = (vol.split(':') + ['rw'])
+ if host is not None:
+ result[host] = dict(
+ bind=container,
+ mode=mode
+ )
+ return result
+
+ def _parse_exposed_ports(self, published_ports):
+ '''
+ Parse exposed ports from docker CLI-style ports syntax.
+ '''
+ exposed = []
+ if self.exposed_ports:
+ for port in self.exposed_ports:
+ port = str(port).strip()
+ protocol = 'tcp'
+ match = re.search(r'(/.+$)', port)
+ if match:
+ protocol = match.group(1).replace('/', '')
+ port = re.sub(r'/.+$', '', port)
+ exposed.append((port, protocol))
+ if published_ports:
+ # Any published port should also be exposed
+ for publish_port in published_ports:
+ match = False
+ if isinstance(publish_port, basestring) and '/' in publish_port:
+ port, protocol = publish_port.split('/')
+ port = int(port)
+ else:
+ protocol = 'tcp'
+ port = int(publish_port)
+ for exposed_port in exposed:
+ if isinstance(exposed_port[0], basestring) and '-' in exposed_port[0]:
+ start_port, end_port = exposed_port[0].split('-')
+ if int(start_port) <= port <= int(end_port):
+ match = True
+ elif exposed_port[0] == port:
+ match = True
+ if not match:
+ exposed.append((port, protocol))
+ return exposed
+
+ @staticmethod
+ def _parse_links(links):
+ '''
+ Turn links into a dictionary
+ '''
+ if links is None:
+ return None
+
+ result = {}
+ for link in links:
+ parsed_link = link.split(':', 1)
+ if len(parsed_link) == 2:
+ result[parsed_link[0]] = parsed_link[1]
+ else:
+ result[parsed_link[0]] = parsed_link[0]
+ return result
+
+ def _parse_ulimits(self):
+ '''
+ Turn ulimits into an array of Ulimit objects
+ '''
+ if self.ulimits is None:
+ return None
+
+ results = []
+ for limit in self.ulimits:
+ limits = dict()
+ pieces = limit.split(':')
+ if len(pieces) >= 2:
+ limits['name'] = pieces[0]
+ limits['soft'] = int(pieces[1])
+ limits['hard'] = int(pieces[1])
+ if len(pieces) == 3:
+ limits['hard'] = int(pieces[2])
+ try:
+ results.append(Ulimit(**limits))
+ except ValueError as exc:
+ self.fail("Error parsing ulimits value %s - %s" % (limit, exc))
+ return results
+
+ def _parse_log_config(self):
+ '''
+ Create a LogConfig object
+ '''
+ if self.log_driver is None:
+ return None
+
+ options = dict(
+ Type=self.log_driver,
+ Config = dict()
+ )
+
+ if self.log_options is not None:
+ options['Config'] = self.log_options
+
+ try:
+ return LogConfig(**options)
+ except ValueError as exc:
+ self.fail('Error parsing logging options - %s' % (exc))
+
+ def _get_environment(self):
+ """
+ If environment file is combined with explicit environment variables, the explicit environment variables
+ take precedence.
+ """
+ final_env = {}
+ if self.env_file:
+ parsed_env_file = utils.parse_env_file(self.env_file)
+ for name, value in parsed_env_file.items():
+ final_env[name] = str(value)
+ if self.env:
+ for name, value in self.env.items():
+ final_env[name] = str(value)
+ return final_env
+
+ def _get_network_id(self, network_name):
+ network_id = None
+ try:
+ for network in self.client.networks(names=[network_name]):
+ if network['Name'] == network_name:
+ network_id = network['Id']
+ break
+ except Exception as exc:
+ self.fail("Error getting network id for %s - %s" % (network_name, str(exc)))
+ return network_id
+
+
+
+class Container(DockerBaseClass):
+
+ def __init__(self, container, parameters):
+ super(Container, self).__init__()
+ self.raw = container
+ self.Id = None
+ self.container = container
+ if container:
+ self.Id = container['Id']
+ self.Image = container['Image']
+ self.log(self.container, pretty_print=True)
+ self.parameters = parameters
+ self.parameters.expected_links = None
+ self.parameters.expected_ports = None
+ self.parameters.expected_exposed = None
+ self.parameters.expected_volumes = None
+ self.parameters.expected_ulimits = None
+ self.parameters.expected_etc_hosts = None
+ self.parameters.expected_env = None
+
+ def fail(self, msg):
+ self.parameters.client.module.fail_json(msg=msg)
+
+ @property
+ def exists(self):
+ return True if self.container else False
+
+ @property
+ def running(self):
+ if self.container and self.container.get('State'):
+ if self.container['State'].get('Running') and not self.container['State'].get('Ghost', False):
+ return True
+ return False
+
+ def has_different_configuration(self, image):
+ '''
+ Diff parameters vs existing container config. Returns tuple: (True | False, List of differences)
+ '''
+ self.log('Starting has_different_configuration')
+ self.parameters.expected_entrypoint = self._get_expected_entrypoint()
+ self.parameters.expected_links = self._get_expected_links()
+ self.parameters.expected_ports = self._get_expected_ports()
+ self.parameters.expected_exposed = self._get_expected_exposed(image)
+ self.parameters.expected_volumes = self._get_expected_volumes(image)
+ self.parameters.expected_binds = self._get_expected_binds(image)
+ self.parameters.expected_ulimits = self._get_expected_ulimits(self.parameters.ulimits)
+ self.parameters.expected_etc_hosts = self._convert_simple_dict_to_list('etc_hosts')
+ self.parameters.expected_env = self._get_expected_env(image)
+ self.parameters.expected_cmd = self._get_expected_cmd()
+ self.parameters.expected_devices = self._get_expected_devices()
+
+ if not self.container.get('HostConfig'):
+ self.fail("has_config_diff: Error parsing container properties. HostConfig missing.")
+ if not self.container.get('Config'):
+ self.fail("has_config_diff: Error parsing container properties. Config missing.")
+ if not self.container.get('NetworkSettings'):
+ self.fail("has_config_diff: Error parsing container properties. NetworkSettings missing.")
+
+ host_config = self.container['HostConfig']
+ log_config = host_config.get('LogConfig', dict())
+ restart_policy = host_config.get('RestartPolicy', dict())
+ config = self.container['Config']
+ network = self.container['NetworkSettings']
+
+ # The previous version of the docker module ignored the detach state by
+ # assuming if the container was running, it must have been detached.
+ detach = not (config.get('AttachStderr') and config.get('AttachStdout'))
+
+ # "ExposedPorts": null returns None type & causes AttributeError - PR #5517
+ if config.get('ExposedPorts') is not None:
+ expected_exposed = [re.sub(r'/.+$', '', p) for p in config.get('ExposedPorts', dict()).keys()]
+ else:
+ expected_exposed = []
+
+ # Map parameters to container inspect results
+ config_mapping = dict(
+ image=config.get('Image'),
+ expected_cmd=config.get('Cmd'),
+ hostname=config.get('Hostname'),
+ user=config.get('User'),
+ detach=detach,
+ interactive=config.get('OpenStdin'),
+ capabilities=host_config.get('CapAdd'),
+ expected_devices=host_config.get('Devices'),
+ dns_servers=host_config.get('Dns'),
+ dns_opts=host_config.get('DnsOptions'),
+ dns_search_domains=host_config.get('DnsSearch'),
+ expected_env=(config.get('Env') or []),
+ expected_entrypoint=config.get('Entrypoint'),
+ expected_etc_hosts=host_config['ExtraHosts'],
+ expected_exposed=expected_exposed,
+ groups=host_config.get('GroupAdd'),
+ ipc_mode=host_config.get("IpcMode"),
+ labels=config.get('Labels'),
+ expected_links=host_config.get('Links'),
+ log_driver=log_config.get('Type'),
+ log_options=log_config.get('Config'),
+ mac_address=network.get('MacAddress'),
+ memory_swappiness=host_config.get('MemorySwappiness'),
+ network_mode=host_config.get('NetworkMode'),
+ oom_killer=host_config.get('OomKillDisable'),
+ oom_score_adj=host_config.get('OomScoreAdj'),
+ pid_mode=host_config.get('PidMode'),
+ privileged=host_config.get('Privileged'),
+ expected_ports=host_config.get('PortBindings'),
+ read_only=host_config.get('ReadonlyRootfs'),
+ restart_policy=restart_policy.get('Name'),
+ restart_retries=restart_policy.get('MaximumRetryCount'),
+ # Cannot test shm_size, as shm_size is not included in container inspection results.
+ # shm_size=host_config.get('ShmSize'),
+ security_opts=host_config.get("SecuriytOpt"),
+ stop_signal=config.get("StopSignal"),
+ tty=config.get('Tty'),
+ expected_ulimits=host_config.get('Ulimits'),
+ uts=host_config.get('UTSMode'),
+ expected_volumes=config.get('Volumes'),
+ expected_binds=host_config.get('Binds'),
+ volumes_from=host_config.get('VolumesFrom'),
+ volume_driver=host_config.get('VolumeDriver')
+ )
+
+ differences = []
+ for key, value in config_mapping.items():
+ self.log('check differences %s %s vs %s' % (key, getattr(self.parameters, key), str(value)))
+ if getattr(self.parameters, key, None) is not None:
+ if isinstance(getattr(self.parameters, key), list) and isinstance(value, list):
+ if len(getattr(self.parameters, key)) > 0 and isinstance(getattr(self.parameters, key)[0], dict):
+ # compare list of dictionaries
+ self.log("comparing list of dict: %s" % key)
+ match = self._compare_dictionary_lists(getattr(self.parameters, key), value)
+ else:
+ # compare two lists. Is list_a in list_b?
+ self.log("comparing lists: %s" % key)
+ set_a = set(getattr(self.parameters, key))
+ set_b = set(value)
+ match = (set_a <= set_b)
+ elif isinstance(getattr(self.parameters, key), dict) and isinstance(value, dict):
+ # compare two dicts
+ self.log("comparing two dicts: %s" % key)
+ match = self._compare_dicts(getattr(self.parameters, key), value)
+ else:
+ # primitive compare
+ self.log("primitive compare: %s" % key)
+ match = (getattr(self.parameters, key) == value)
+
+ if not match:
+ # no match. record the differences
+ item = dict()
+ item[key] = dict(
+ parameter=getattr(self.parameters, key),
+ container=value
+ )
+ differences.append(item)
+
+ has_differences = True if len(differences) > 0 else False
+ return has_differences, differences
+
+ def _compare_dictionary_lists(self, list_a, list_b):
+ '''
+ If all of list_a exists in list_b, return True
+ '''
+ if not isinstance(list_a, list) or not isinstance(list_b, list):
+ return False
+ matches = 0
+ for dict_a in list_a:
+ for dict_b in list_b:
+ if self._compare_dicts(dict_a, dict_b):
+ matches += 1
+ break
+ result = (matches == len(list_a))
+ return result
+
+ def _compare_dicts(self, dict_a, dict_b):
+ '''
+ If dict_a in dict_b, return True
+ '''
+ if not isinstance(dict_a, dict) or not isinstance(dict_b, dict):
+ return False
+ for key, value in dict_a.items():
+ if isinstance(value, dict):
+ match = self._compare_dicts(value, dict_b.get(key))
+ elif isinstance(value, list):
+ if len(value) > 0 and isinstance(value[0], dict):
+ match = self._compare_dictionary_lists(value, dict_b.get(key))
+ else:
+ set_a = set(value)
+ set_b = set(dict_b.get(key))
+ match = (set_a == set_b)
+ else:
+ match = (value == dict_b.get(key))
+ if not match:
+ return False
+ return True
+
+ def has_different_resource_limits(self):
+ '''
+ Diff parameters and container resource limits
+ '''
+ if not self.container.get('HostConfig'):
+ self.fail("limits_differ_from_container: Error parsing container properties. HostConfig missing.")
+
+ host_config = self.container['HostConfig']
+
+ config_mapping = dict(
+ cpu_period=host_config.get('CpuPeriod'),
+ cpu_quota=host_config.get('CpuQuota'),
+ cpuset_cpus=host_config.get('CpusetCpus'),
+ cpuset_mems=host_config.get('CpusetMems'),
+ cpu_shares=host_config.get('CpuShares'),
+ kernel_memory=host_config.get("KernelMemory"),
+ memory=host_config.get('Memory'),
+ memory_reservation=host_config.get('MemoryReservation'),
+ memory_swap=host_config.get('MemorySwap'),
+ oom_score_adj=host_config.get('OomScoreAdj'),
+ )
+
+ differences = []
+ for key, value in config_mapping.items():
+ if getattr(self.parameters, key, None) and getattr(self.parameters, key) != value:
+ # no match. record the differences
+ item = dict()
+ item[key] = dict(
+ parameter=getattr(self.parameters, key),
+ container=value
+ )
+ differences.append(item)
+ different = (len(differences) > 0)
+ return different, differences
+
+ def has_network_differences(self):
+ '''
+ Check if the container is connected to requested networks with expected options: links, aliases, ipv4, ipv6
+ '''
+ different = False
+ differences = []
+
+ if not self.parameters.networks:
+ return different, differences
+
+ if not self.container.get('NetworkSettings'):
+ self.fail("has_missing_networks: Error parsing container properties. NetworkSettings missing.")
+
+ connected_networks = self.container['NetworkSettings']['Networks']
+ for network in self.parameters.networks:
+ if connected_networks.get(network['name'], None) is None:
+ different = True
+ differences.append(dict(
+ parameter=network,
+ container=None
+ ))
+ else:
+ diff = False
+ if network.get('ipv4_address') and network['ipv4_address'] != connected_networks[network['name']].get('IPAddress'):
+ diff = True
+ if network.get('ipv6_address') and network['ipv6_address'] != connected_networks[network['name']].get('GlobalIPv6Address'):
+ diff = True
+ if network.get('aliases') and not connected_networks[network['name']].get('Aliases'):
+ diff = True
+ if network.get('aliases') and connected_networks[network['name']].get('Aliases'):
+ for alias in network.get('aliases'):
+ if alias not in connected_networks[network['name']].get('Aliases', []):
+ diff = True
+ if network.get('links') and not connected_networks[network['name']].get('Links'):
+ diff = True
+ if network.get('links') and connected_networks[network['name']].get('Links'):
+ expected_links = []
+ for link, alias in network['links'].items():
+ expected_links.append("%s:%s" % (link, alias))
+ for link in expected_links:
+ if link not in connected_networks[network['name']].get('Links', []):
+ diff = True
+ if diff:
+ different = True
+ differences.append(dict(
+ parameter=network,
+ container=dict(
+ name=network['name'],
+ ipv4_address=connected_networks[network['name']].get('IPAddress'),
+ ipv6_address=connected_networks[network['name']].get('GlobalIPv6Address'),
+ aliases=connected_networks[network['name']].get('Aliases'),
+ links=connected_networks[network['name']].get('Links')
+ )
+ ))
+ return different, differences
+
+ def has_extra_networks(self):
+ '''
+ Check if the container is connected to non-requested networks
+ '''
+ extra_networks = []
+ extra = False
+
+ if not self.container.get('NetworkSettings'):
+ self.fail("has_extra_networks: Error parsing container properties. NetworkSettings missing.")
+
+ connected_networks = self.container['NetworkSettings'].get('Networks')
+ if connected_networks:
+ for network, network_config in connected_networks.items():
+ keep = False
+ if self.parameters.networks:
+ for expected_network in self.parameters.networks:
+ if expected_network['name'] == network:
+ keep = True
+ if not keep:
+ extra = True
+ extra_networks.append(dict(name=network, id=network_config['NetworkID']))
+ return extra, extra_networks
+
+ def _get_expected_devices(self):
+ if not self.parameters.devices:
+ return None
+ expected_devices = []
+ for device in self.parameters.devices:
+ parts = device.split(':')
+ if len(parts) == 1:
+ expected_devices.append(
+ dict(
+ CgroupPermissions='rwm',
+ PathInContainer=parts[0],
+ PathOnHost=parts[0]
+ ))
+ elif len(parts) == 2:
+ parts = device.split(':')
+ expected_devices.append(
+ dict(
+ CgroupPermissions='rwm',
+ PathInContainer=parts[1],
+ PathOnHost=parts[0]
+ )
+ )
+ else:
+ expected_devices.append(
+ dict(
+ CgroupPermissions=parts[2],
+ PathInContainer=parts[1],
+ PathOnHost=parts[0]
+ ))
+ return expected_devices
+
+ def _get_expected_entrypoint(self):
+ self.log('_get_expected_entrypoint')
+ if not self.parameters.entrypoint:
+ return None
+ return shlex.split(self.parameters.entrypoint)
+
+ def _get_expected_ports(self):
+ if not self.parameters.published_ports:
+ return None
+ expected_bound_ports = {}
+ for container_port, config in self.parameters.published_ports.items():
+ if isinstance(container_port, int):
+ container_port = "%s/tcp" % container_port
+ if len(config) == 1:
+ expected_bound_ports[container_port] = [{'HostIp': "0.0.0.0", 'HostPort': ""}]
+ elif isinstance(config[0], tuple):
+ expected_bound_ports[container_port] = []
+ for host_ip, host_port in config:
+ expected_bound_ports[container_port].append({'HostIp': host_ip, 'HostPort': str(host_port)})
+ else:
+ expected_bound_ports[container_port] = [{'HostIp': config[0], 'HostPort': str(config[1])}]
+ return expected_bound_ports
+
+ def _get_expected_links(self):
+ if self.parameters.links is None:
+ return None
+ self.log('parameter links:')
+ self.log(self.parameters.links, pretty_print=True)
+ exp_links = []
+ for link, alias in self.parameters.links.items():
+ exp_links.append("/%s:%s/%s" % (link, ('/' + self.parameters.name), alias))
+ return exp_links
+
+ def _get_expected_binds(self, image):
+ self.log('_get_expected_binds')
+ image_vols = []
+ if image:
+ image_vols = self._get_image_binds(image['ContainerConfig'].get('Volumes'))
+ param_vols = []
+ if self.parameters.volumes:
+ for vol in self.parameters.volumes:
+ host = None
+ if ':' in vol:
+ if len(vol.split(':')) == 3:
+ host, container, mode = vol.split(':')
+ if len(vol.split(':')) == 2:
+ parts = vol.split(':')
+ if parts[1] not in VOLUME_PERMISSIONS:
+ host, container, mode = vol.split(':') + ['rw']
+ if host:
+ param_vols.append("%s:%s:%s" % (host, container, mode))
+ result = list(set(image_vols + param_vols))
+ self.log("expected_binds:")
+ self.log(result, pretty_print=True)
+ return result
+
+ def _get_image_binds(self, volumes):
+ '''
+ Convert array of binds to array of strings with format host_path:container_path:mode
+
+ :param volumes: array of bind dicts
+ :return: array of strings
+ '''
+ results = []
+ if isinstance(volumes, dict):
+ results += self._get_bind_from_dict(volumes)
+ elif isinstance(volumes, list):
+ for vol in volumes:
+ results += self._get_bind_from_dict(vol)
+ return results
+
+ @staticmethod
+ def _get_bind_from_dict(volume_dict):
+ results = []
+ if volume_dict:
+ for host_path, config in volume_dict.items():
+ if isinstance(config, dict) and config.get('bind'):
+ container_path = config.get('bind')
+ mode = config.get('mode', 'rw')
+ results.append("%s:%s:%s" % (host_path, container_path, mode))
+ return results
+
+ def _get_expected_volumes(self, image):
+ self.log('_get_expected_volumes')
+ expected_vols = dict()
+ if image and image['ContainerConfig'].get('Volumes'):
+ expected_vols.update(image['ContainerConfig'].get('Volumes'))
+
+ if self.parameters.volumes:
+ for vol in self.parameters.volumes:
+ container = None
+ if ':' in vol:
+ if len(vol.split(':')) == 3:
+ host, container, mode = vol.split(':')
+ if len(vol.split(':')) == 2:
+ parts = vol.split(':')
+ if parts[1] not in VOLUME_PERMISSIONS:
+ host, container, mode = vol.split(':') + ['rw']
+ new_vol = dict()
+ if container:
+ new_vol[container] = dict()
+ else:
+ new_vol[vol] = dict()
+ expected_vols.update(new_vol)
+
+ if not expected_vols:
+ expected_vols = None
+ self.log("expected_volumes:")
+ self.log(expected_vols, pretty_print=True)
+ return expected_vols
+
+ def _get_expected_env(self, image):
+ self.log('_get_expected_env')
+ expected_env = dict()
+ if image and image['ContainerConfig'].get('Env'):
+ for env_var in image['ContainerConfig']['Env']:
+ parts = env_var.split('=', 1)
+ expected_env[parts[0]] = parts[1]
+ if self.parameters.env:
+ expected_env.update(self.parameters.env)
+ param_env = []
+ for key, value in expected_env.items():
+ param_env.append("%s=%s" % (key, value))
+ return param_env
+
+ def _get_expected_exposed(self, image):
+ self.log('_get_expected_exposed')
+ image_ports = []
+ if image:
+ image_ports = [re.sub(r'/.+$', '', p) for p in (image['ContainerConfig'].get('ExposedPorts') or {}).keys()]
+ param_ports = []
+ if self.parameters.ports:
+ param_ports = [str(p[0]) for p in self.parameters.ports]
+ result = list(set(image_ports + param_ports))
+ self.log(result, pretty_print=True)
+ return result
+
+ def _get_expected_ulimits(self, config_ulimits):
+ self.log('_get_expected_ulimits')
+ if config_ulimits is None:
+ return None
+ results = []
+ for limit in config_ulimits:
+ results.append(dict(
+ Name=limit.name,
+ Soft=limit.soft,
+ Hard=limit.hard
+ ))
+ return results
+
+ def _get_expected_cmd(self):
+ self.log('_get_expected_cmd')
+ if not self.parameters.command:
+ return None
+ return shlex.split(self.parameters.command)
+
+ def _convert_simple_dict_to_list(self, param_name, join_with=':'):
+ if getattr(self.parameters, param_name, None) is None:
+ return None
+ results = []
+ for key, value in getattr(self.parameters, param_name).items():
+ results.append("%s%s%s" % (key, join_with, value))
+ return results
+
+
+class ContainerManager(DockerBaseClass):
+ '''
+ Perform container management tasks
+ '''
+
+ def __init__(self, client):
+
+ super(ContainerManager, self).__init__()
+
+ self.client = client
+ self.parameters = TaskParameters(client)
+ self.check_mode = self.client.check_mode
+ self.results = {'changed': False, 'actions': []}
+ self.diff = {}
+ self.facts = {}
+
+ state = self.parameters.state
+ if state in ('stopped', 'started', 'present'):
+ self.present(state)
+ elif state == 'absent':
+ self.absent()
+
+ if not self.check_mode and not self.parameters.debug:
+ self.results.pop('actions')
+
+ if self.client.module._diff or self.parameters.debug:
+ self.results['diff'] = self.diff
+
+ if self.facts:
+ self.results['ansible_facts'] = {'docker_container': self.facts}
+
+ def present(self, state):
+ container = self._get_container(self.parameters.name)
+ image = self._get_image()
+
+ if not container.exists:
+ # New container
+ self.log('No container found')
+ new_container = self.container_create(self.parameters.image, self.parameters.create_parameters)
+ if new_container:
+ container = new_container
+ else:
+ # Existing container
+ different, differences = container.has_different_configuration(image)
+ image_different = False
+ if not self.parameters.ignore_image:
+ image_different = self._image_is_different(image, container)
+ if image_different or different or self.parameters.recreate:
+ self.diff['differences'] = differences
+ if image_different:
+ self.diff['image_different'] = True
+ self.log("differences")
+ self.log(differences, pretty_print=True)
+ if container.running:
+ self.container_stop(container.Id)
+ self.container_remove(container.Id)
+ new_container = self.container_create(self.parameters.image, self.parameters.create_parameters)
+ if new_container:
+ container = new_container
+
+ if container and container.exists:
+ container = self.update_limits(container)
+ container = self.update_networks(container)
+
+ if state == 'started' and not container.running:
+ container = self.container_start(container.Id)
+ elif state == 'started' and self.parameters.restart:
+ self.container_stop(container.Id)
+ container = self.container_start(container.Id)
+ elif state == 'stopped' and container.running:
+ self.container_stop(container.Id)
+ container = self._get_container(container.Id)
+
+ self.facts = container.raw
+
+ def absent(self):
+ container = self._get_container(self.parameters.name)
+ if container.exists:
+ if container.running:
+ self.container_stop(container.Id)
+ self.container_remove(container.Id)
+
+ def fail(self, msg, **kwargs):
+ self.client.module.fail_json(msg=msg, **kwargs)
+
+ def _get_container(self, container):
+ '''
+ Expects container ID or Name. Returns a container object
+ '''
+ return Container(self.client.get_container(container), self.parameters)
+
+ def _get_image(self):
+ if not self.parameters.image:
+ self.log('No image specified')
+ return None
+ repository, tag = utils.parse_repository_tag(self.parameters.image)
+ if not tag:
+ tag = "latest"
+ image = self.client.find_image(repository, tag)
+ if not self.check_mode:
+ if not image or self.parameters.pull:
+ self.log("Pull the image.")
+ image, alreadyToLatest = self.client.pull_image(repository, tag)
+ if alreadyToLatest:
+ self.results['changed'] = False
+ else:
+ self.results['changed'] = True
+ self.results['actions'].append(dict(pulled_image="%s:%s" % (repository, tag)))
+ self.log("image")
+ self.log(image, pretty_print=True)
+ return image
+
+ def _image_is_different(self, image, container):
+ if image and image.get('Id'):
+ if container and container.Image:
+ if image.get('Id') != container.Image:
+ return True
+ return False
+
+ def update_limits(self, container):
+ limits_differ, different_limits = container.has_different_resource_limits()
+ if limits_differ:
+ self.log("limit differences:")
+ self.log(different_limits, pretty_print=True)
+ if limits_differ and not self.check_mode:
+ self.container_update(container.Id, self.parameters.update_parameters)
+ return self._get_container(container.Id)
+ return container
+
+ def update_networks(self, container):
+ has_network_differences, network_differences = container.has_network_differences()
+ updated_container = container
+ if has_network_differences:
+ if self.diff.get('differences'):
+ self.diff['differences'].append(dict(network_differences=network_differences))
+ else:
+ self.diff['differences'] = [dict(network_differences=network_differences)]
+ self.results['changed'] = True
+ updated_container = self._add_networks(container, network_differences)
+
+ if self.parameters.purge_networks:
+ has_extra_networks, extra_networks = container.has_extra_networks()
+ if has_extra_networks:
+ if self.diff.get('differences'):
+ self.diff['differences'].append(dict(purge_networks=extra_networks))
+ else:
+ self.diff['differences'] = [dict(purge_networks=extra_networks)]
+ self.results['changed'] = True
+ updated_container = self._purge_networks(container, extra_networks)
+ return updated_container
+
+ def _add_networks(self, container, differences):
+ for diff in differences:
+ # remove the container from the network, if connected
+ if diff.get('container'):
+ self.results['actions'].append(dict(removed_from_network=diff['parameter']['name']))
+ if not self.check_mode:
+ try:
+ self.client.disconnect_container_from_network(container.Id, diff['parameter']['id'])
+ except Exception as exc:
+ self.fail("Error disconnecting container from network %s - %s" % (diff['parameter']['name'],
+ str(exc)))
+ # connect to the network
+ params = dict(
+ ipv4_address=diff['parameter'].get('ipv4_address', None),
+ ipv6_address=diff['parameter'].get('ipv6_address', None),
+ links=diff['parameter'].get('links', None),
+ aliases=diff['parameter'].get('aliases', None)
+ )
+ self.results['actions'].append(dict(added_to_network=diff['parameter']['name'], network_parameters=params))
+ if not self.check_mode:
+ try:
+ self.log("Connecting container to network %s" % diff['parameter']['id'])
+ self.log(params, pretty_print=True)
+ self.client.connect_container_to_network(container.Id, diff['parameter']['id'], **params)
+ except Exception as exc:
+ self.fail("Error connecting container to network %s - %s" % (diff['parameter']['name'], str(exc)))
+ return self._get_container(container.Id)
+
+ def _purge_networks(self, container, networks):
+ for network in networks:
+ self.results['actions'].append(dict(removed_from_network=network['name']))
+ if not self.check_mode:
+ try:
+ self.client.disconnect_container_from_network(container.Id, network['name'])
+ except Exception as exc:
+ self.fail("Error disconnecting container from network %s - %s" % (network['name'],
+ str(exc)))
+ return self._get_container(container.Id)
+
+ def container_create(self, image, create_parameters):
+ self.log("create container")
+ self.log("image: %s parameters:" % image)
+ self.log(create_parameters, pretty_print=True)
+ self.results['actions'].append(dict(created="Created container", create_parameters=create_parameters))
+ self.results['changed'] = True
+ new_container = None
+ if not self.check_mode:
+ try:
+ new_container = self.client.create_container(image, **create_parameters)
+ except Exception as exc:
+ self.fail("Error creating container: %s" % str(exc))
+ return self._get_container(new_container['Id'])
+ return new_container
+
+ def container_start(self, container_id):
+ self.log("start container %s" % (container_id))
+ self.results['actions'].append(dict(started=container_id))
+ self.results['changed'] = True
+ if not self.check_mode:
+ try:
+ self.client.start(container=container_id)
+ except Exception as exc:
+ self.fail("Error starting container %s: %s" % (container_id, str(exc)))
+
+ if not self.parameters.detach:
+ status = self.client.wait(container_id)
+ output = self.client.logs(container_id, stdout=True, stderr=True, stream=False, timestamps=False)
+ if status != 0:
+ self.fail(output, status=status)
+ if self.parameters.cleanup:
+ self.container_remove(container_id, force=True)
+ insp = self._get_container(container_id)
+ if insp.raw:
+ insp.raw['Output'] = output
+ else:
+ insp.raw = dict(Output=output)
+ return insp
+ return self._get_container(container_id)
+
+ def container_remove(self, container_id, link=False, force=False):
+ volume_state = (not self.parameters.keep_volumes)
+ self.log("remove container container:%s v:%s link:%s force%s" % (container_id, volume_state, link, force))
+ self.results['actions'].append(dict(removed=container_id, volume_state=volume_state, link=link, force=force))
+ self.results['changed'] = True
+ response = None
+ if not self.check_mode:
+ try:
+ response = self.client.remove_container(container_id, v=volume_state, link=link, force=force)
+ except Exception as exc:
+ self.fail("Error removing container %s: %s" % (container_id, str(exc)))
+ return response
+
+ def container_update(self, container_id, update_parameters):
+ if update_parameters:
+ self.log("update container %s" % (container_id))
+ self.log(update_parameters, pretty_print=True)
+ self.results['actions'].append(dict(updated=container_id, update_parameters=update_parameters))
+ self.results['changed'] = True
+ if not self.check_mode and callable(getattr(self.client, 'update_container')):
+ try:
+ self.client.update_container(container_id, **update_parameters)
+ except Exception as exc:
+ self.fail("Error updating container %s: %s" % (container_id, str(exc)))
+ return self._get_container(container_id)
+
+ def container_kill(self, container_id):
+ self.results['actions'].append(dict(killed=container_id, signal=self.parameters.kill_signal))
+ self.results['changed'] = True
+ response = None
+ if not self.check_mode:
+ try:
+ if self.parameters.kill_signal:
+ response = self.client.kill(container_id, signal=self.parameters.kill_signal)
+ else:
+ response = self.client.kill(container_id)
+ except Exception as exc:
+ self.fail("Error killing container %s: %s" % (container_id, exc))
+ return response
+
+ def container_stop(self, container_id):
+ if self.parameters.force_kill:
+ self.container_kill(container_id)
+ return
+ self.results['actions'].append(dict(stopped=container_id, timeout=self.parameters.stop_timeout))
+ self.results['changed'] = True
+ response = None
+ if not self.check_mode:
+ try:
+ if self.parameters.stop_timeout:
+ response = self.client.stop(container_id, timeout=self.parameters.stop_timeout)
+ else:
+ response = self.client.stop(container_id)
+ except Exception as exc:
+ self.fail("Error stopping container %s: %s" % (container_id, str(exc)))
+ return response
+
+
+def main():
+ argument_spec = dict(
+ blkio_weight=dict(type='int'),
+ capabilities=dict(type='list'),
+ cleanup=dict(type='bool', default=False),
+ command=dict(type='str'),
+ cpu_period=dict(type='int'),
+ cpu_quota=dict(type='int'),
+ cpuset_cpus=dict(type='str'),
+ cpuset_mems=dict(type='str'),
+ cpu_shares=dict(type='int'),
+ detach=dict(type='bool', default=True),
+ devices=dict(type='list'),
+ dns_servers=dict(type='list'),
+ dns_opts=dict(type='list'),
+ dns_search_domains=dict(type='list'),
+ env=dict(type='dict'),
+ env_file=dict(type='path'),
+ entrypoint=dict(type='str'),
+ etc_hosts=dict(type='dict'),
+ exposed_ports=dict(type='list', aliases=['exposed', 'expose']),
+ force_kill=dict(type='bool', default=False, aliases=['forcekill']),
+ groups=dict(type='list'),
+ hostname=dict(type='str'),
+ ignore_image=dict(type='bool', default=False),
+ image=dict(type='str'),
+ interactive=dict(type='bool', default=False),
+ ipc_mode=dict(type='str'),
+ keep_volumes=dict(type='bool', default=True),
+ kernel_memory=dict(type='str'),
+ kill_signal=dict(type='str'),
+ labels=dict(type='dict'),
+ links=dict(type='list'),
+ log_driver=dict(type='str',
+ choices=['none', 'json-file', 'syslog', 'journald', 'gelf', 'fluentd', 'awslogs', 'splunk'],
+ default=None),
+ log_options=dict(type='dict', aliases=['log_opt']),
+ mac_address=dict(type='str'),
+ memory=dict(type='str', default='0'),
+ memory_reservation=dict(type='str'),
+ memory_swap=dict(type='str'),
+ memory_swappiness=dict(type='int'),
+ name=dict(type='str', required=True),
+ network_mode=dict(type='str'),
+ networks=dict(type='list'),
+ oom_killer=dict(type='bool'),
+ oom_score_adj=dict(type='int'),
+ paused=dict(type='bool', default=False),
+ pid_mode=dict(type='str'),
+ privileged=dict(type='bool', default=False),
+ published_ports=dict(type='list', aliases=['ports']),
+ pull=dict(type='bool', default=False),
+ purge_networks=dict(type='bool', default=False),
+ read_only=dict(type='bool', default=False),
+ recreate=dict(type='bool', default=False),
+ restart=dict(type='bool', default=False),
+ restart_policy=dict(type='str', choices=['no', 'on-failure', 'always', 'unless-stopped']),
+ restart_retries=dict(type='int', default=None),
+ shm_size=dict(type='str'),
+ security_opts=dict(type='list'),
+ state=dict(type='str', choices=['absent', 'present', 'started', 'stopped'], default='started'),
+ stop_signal=dict(type='str'),
+ stop_timeout=dict(type='int'),
+ trust_image_content=dict(type='bool', default=False),
+ tty=dict(type='bool', default=False),
+ ulimits=dict(type='list'),
+ user=dict(type='str'),
+ uts=dict(type='str'),
+ volumes=dict(type='list'),
+ volumes_from=dict(type='list'),
+ volume_driver=dict(type='str'),
+ )
+
+ required_if = [
+ ('state', 'present', ['image'])
+ ]
+
+ client = AnsibleDockerClient(
+ argument_spec=argument_spec,
+ required_if=required_if,
+ supports_check_mode=True
+ )
+
+ cm = ContainerManager(client)
+ client.module.exit_json(**cm.results)
+
+# import module snippets
+from ansible.module_utils.basic import *
+
+if __name__ == '__main__':
+ main() \ No newline at end of file
diff --git a/roles/openshift_health_checker/library/docker_info.py b/roles/openshift_health_checker/library/docker_info.py
new file mode 100644
index 000000000..7f712bcff
--- /dev/null
+++ b/roles/openshift_health_checker/library/docker_info.py
@@ -0,0 +1,24 @@
+# pylint: disable=missing-docstring
+"""
+Ansible module for determining information about the docker host.
+
+While there are several ansible modules that make use of the docker
+api to expose container and image facts in a remote host, they
+are unable to return specific information about the host machine
+itself. This module exposes the same information obtained through
+executing the `docker info` command on a docker host, in json format.
+"""
+
+from ansible.module_utils.docker_common import AnsibleDockerClient
+
+
+def main():
+ client = AnsibleDockerClient()
+
+ client.module.exit_json(
+ info=client.info(),
+ )
+
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/openshift_health_checker/openshift_checks/__init__.py b/roles/openshift_health_checker/openshift_checks/__init__.py
index 50f26765b..93547a2e0 100644
--- a/roles/openshift_health_checker/openshift_checks/__init__.py
+++ b/roles/openshift_health_checker/openshift_checks/__init__.py
@@ -8,9 +8,8 @@ import os
from abc import ABCMeta, abstractmethod, abstractproperty
from importlib import import_module
-# pylint import-error disabled because pylint cannot find the package
-# when installed in a virtualenv
-from ansible.module_utils.six.moves import add_metaclass, reduce # pylint: disable=import-error, redefined-builtin
+from ansible.module_utils import six
+from ansible.module_utils.six.moves import reduce # pylint: disable=import-error,redefined-builtin
class OpenShiftCheckException(Exception):
@@ -18,7 +17,7 @@ class OpenShiftCheckException(Exception):
pass
-@add_metaclass(ABCMeta)
+@six.add_metaclass(ABCMeta)
class OpenShiftCheck(object):
"""A base class for defining checks for an OpenShift cluster environment."""
@@ -64,7 +63,8 @@ def get_var(task_vars, *keys, **kwargs):
Ansible task_vars structures are Python dicts, often mapping strings to
other dicts. This helper makes it easier to get a nested value, raising
- OpenShiftCheckException when a key is not found.
+ OpenShiftCheckException when a key is not found or returning a default value
+ provided as a keyword argument.
"""
try:
value = reduce(operator.getitem, keys, task_vars)
diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
new file mode 100644
index 000000000..7a7498cb7
--- /dev/null
+++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
@@ -0,0 +1,168 @@
+# pylint: disable=missing-docstring
+from openshift_checks import OpenShiftCheck, get_var
+
+
+class DockerImageAvailability(OpenShiftCheck):
+ """Check that required Docker images are available.
+
+ This check attempts to ensure that required docker images are
+ either present locally, or able to be pulled down from available
+ registries defined in a host machine.
+ """
+
+ name = "docker_image_availability"
+ tags = ["preflight"]
+
+ skopeo_image = "openshift/openshift-ansible"
+
+ docker_image_base = {
+ "origin": {
+ "repo": "openshift",
+ "image": "origin",
+ },
+ "openshift-enterprise": {
+ "repo": "openshift3",
+ "image": "ose",
+ },
+ }
+
+ def run(self, tmp, task_vars):
+ required_images = self.required_images(task_vars)
+ missing_images = set(required_images) - set(self.local_images(required_images, task_vars))
+
+ # exit early if all images were found locally
+ if not missing_images:
+ return {"changed": False}
+
+ msg, failed, changed = self.update_skopeo_image(task_vars)
+
+ # exit early if Skopeo update fails
+ if failed:
+ return {
+ "failed": True,
+ "changed": changed,
+ "msg": "Failed to update Skopeo image ({img_name}). {msg}".format(img_name=self.skopeo_image, msg=msg),
+ }
+
+ registries = self.known_docker_registries(task_vars)
+ available_images = self.available_images(missing_images, registries, task_vars)
+ unavailable_images = set(missing_images) - set(available_images)
+
+ if unavailable_images:
+ return {
+ "failed": True,
+ "msg": (
+ "One or more required images are not available: {}.\n"
+ "Configured registries: {}"
+ ).format(", ".join(sorted(unavailable_images)), ", ".join(registries)),
+ "changed": changed,
+ }
+
+ return {"changed": changed}
+
+ def required_images(self, task_vars):
+ deployment_type = get_var(task_vars, "deployment_type")
+ image_base_name = self.docker_image_base[deployment_type]
+
+ openshift_release = get_var(task_vars, "openshift_release")
+ openshift_image_tag = get_var(task_vars, "openshift_image_tag")
+
+ is_containerized = get_var(task_vars, "openshift", "common", "is_containerized")
+
+ if is_containerized:
+ images = set(self.containerized_docker_images(image_base_name, openshift_release))
+ else:
+ images = set(self.rpm_docker_images(image_base_name, openshift_release))
+
+ # append images with qualified image tags to our list of required images.
+ # these are images with a (v0.0.0.0) tag, rather than a standard release
+ # format tag (v0.0). We want to check this set in both containerized and
+ # non-containerized installations.
+ images.update(
+ self.qualified_docker_images(self.image_from_base_name(image_base_name), "v" + openshift_image_tag)
+ )
+
+ return images
+
+ def local_images(self, images, task_vars):
+ """Filter a list of images and return those available locally."""
+ return [
+ image for image in images
+ if self.is_image_local(image, task_vars)
+ ]
+
+ def is_image_local(self, image, task_vars):
+ result = self.module_executor("docker_image_facts", {"name": image}, task_vars)
+ if result.get("failed", False):
+ return False
+
+ return bool(result.get("images", []))
+
+ def known_docker_registries(self, task_vars):
+ result = self.module_executor("docker_info", {}, task_vars)
+
+ if result.get("failed", False):
+ return []
+
+ docker_info = result.get("info", "")
+ return [registry.get("Name", "") for registry in docker_info.get("Registries", {})]
+
+ def available_images(self, images, registries, task_vars):
+ """Inspect existing images using Skopeo and return all images successfully inspected."""
+ return [
+ image for image in images
+ if self.is_image_available(image, registries, task_vars)
+ ]
+
+ def is_image_available(self, image, registries, task_vars):
+ for registry in registries:
+ if self.is_available_skopeo_image(image, registry, task_vars):
+ return True
+
+ return False
+
+ def is_available_skopeo_image(self, image, registry, task_vars):
+ """Uses Skopeo to determine if required image exists in a given registry."""
+
+ cmd_str = "skopeo inspect docker://{registry}/{image}".format(
+ registry=registry,
+ image=image,
+ )
+
+ args = {
+ "name": "skopeo_inspect",
+ "image": self.skopeo_image,
+ "command": cmd_str,
+ "detach": False,
+ "cleanup": True,
+ }
+ result = self.module_executor("docker_container", args, task_vars)
+ return result.get("failed", False)
+
+ def containerized_docker_images(self, base_name, version):
+ return [
+ "{image}:{version}".format(image=self.image_from_base_name(base_name), version=version)
+ ]
+
+ @staticmethod
+ def rpm_docker_images(base, version):
+ return [
+ "{image_repo}/registry-console:{version}".format(image_repo=base["repo"], version=version)
+ ]
+
+ @staticmethod
+ def qualified_docker_images(image_name, version):
+ return [
+ "{}-{}:{}".format(image_name, component, version)
+ for component in "haproxy-router docker-registry deployer pod".split()
+ ]
+
+ @staticmethod
+ def image_from_base_name(base):
+ return "".join([base["repo"], "/", base["image"]])
+
+ # ensures that the skopeo docker image exists, and updates it
+ # with latest if image was already present locally.
+ def update_skopeo_image(self, task_vars):
+ result = self.module_executor("docker_image", {"name": self.skopeo_image}, task_vars)
+ return result.get("msg", ""), result.get("failed", False), result.get("changed", False)
diff --git a/roles/openshift_health_checker/test/conftest.py b/roles/openshift_health_checker/test/conftest.py
new file mode 100644
index 000000000..bf717ae85
--- /dev/null
+++ b/roles/openshift_health_checker/test/conftest.py
@@ -0,0 +1,5 @@
+import os
+import sys
+
+# extend sys.path so that tests can import openshift_checks
+sys.path.insert(1, os.path.dirname(os.path.dirname(__file__)))
diff --git a/roles/openshift_health_checker/test/openshift_check_test.py b/roles/openshift_health_checker/test/openshift_check_test.py
new file mode 100644
index 000000000..c4c8cd1c2
--- /dev/null
+++ b/roles/openshift_health_checker/test/openshift_check_test.py
@@ -0,0 +1,40 @@
+import pytest
+
+from openshift_checks import get_var, OpenShiftCheckException
+
+
+# Fixtures
+
+
+@pytest.fixture()
+def task_vars():
+ return dict(foo=42, bar=dict(baz="openshift"))
+
+
+@pytest.fixture(params=[
+ ("notfound",),
+ ("multiple", "keys", "not", "in", "task_vars"),
+])
+def missing_keys(request):
+ return request.param
+
+
+# Tests
+
+
+@pytest.mark.parametrize("keys,expected", [
+ (("foo",), 42),
+ (("bar", "baz"), "openshift"),
+])
+def test_get_var_ok(task_vars, keys, expected):
+ assert get_var(task_vars, *keys) == expected
+
+
+def test_get_var_error(task_vars, missing_keys):
+ with pytest.raises(OpenShiftCheckException):
+ get_var(task_vars, *missing_keys)
+
+
+def test_get_var_default(task_vars, missing_keys):
+ default = object()
+ assert get_var(task_vars, *missing_keys, default=default) == default
diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml
index 0a6299c9b..32bcd8d08 100644
--- a/roles/openshift_hosted/defaults/main.yml
+++ b/roles/openshift_hosted/defaults/main.yml
@@ -14,11 +14,11 @@ openshift_hosted_router_edits:
openshift_hosted_routers:
- name: router
- replicas: "{{ replicas }}"
+ replicas: "{{ replicas | default(1) }}"
namespace: default
serviceaccount: router
- selector: "{{ openshift_hosted_router_selector }}"
- images: "{{ openshift_hosted_router_image }}"
+ selector: "{{ openshift_hosted_router_selector | default(None) }}"
+ images: "{{ openshift_hosted_router_image | default(None) }}"
edits: "{{ openshift_hosted_router_edits }}"
stats_port: 1936
ports:
diff --git a/roles/openshift_hosted/filter_plugins/filters.py b/roles/openshift_hosted/filter_plugins/filters.py
index cbfadfe9d..7f41529ac 100644
--- a/roles/openshift_hosted/filter_plugins/filters.py
+++ b/roles/openshift_hosted/filter_plugins/filters.py
@@ -21,14 +21,21 @@ class FilterModule(object):
if replicas is not None:
return replicas
+ replicas = 1
+
+ # Ignore boolean expression limit of 5.
+ # pylint: disable=too-many-boolean-expressions
if (isinstance(router_nodes, dict) and
'results' in router_nodes and
'results' in router_nodes['results'] and
- 'items' in router_nodes['results']['results']):
+ isinstance(router_nodes['results']['results'], list) and
+ len(router_nodes['results']['results']) > 0 and
+ 'items' in router_nodes['results']['results'][0]):
- return len(router_nodes['results']['results'][0]['items'])
+ if len(router_nodes['results']['results'][0]['items']) > 0:
+ replicas = len(router_nodes['results']['results'][0]['items'])
- return 1
+ return replicas
def filters(self):
''' returns a mapping of filters to methods '''
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index e9b590550..9626c23c1 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -15,21 +15,3 @@ dependencies:
- role: openshift_cli
- role: openshift_hosted_facts
- role: lib_openshift
-- role: openshift_projects
- openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
-- role: openshift_serviceaccounts
- openshift_serviceaccounts_names:
- - router
- - registry
- openshift_serviceaccounts_namespace: default
- openshift_serviceaccounts_sccs:
- - hostnetwork
- when: openshift.common.version_gte_3_2_or_1_2
-- role: openshift_serviceaccounts
- openshift_serviceaccounts_names:
- - router
- - registry
- openshift_serviceaccounts_namespace: default
- openshift_serviceaccounts_sccs:
- - privileged
- when: not openshift.common.version_gte_3_2_or_1_2
diff --git a/roles/openshift_hosted/tasks/main.yml b/roles/openshift_hosted/tasks/main.yml
index fe254f72d..6efe2f63c 100644
--- a/roles/openshift_hosted/tasks/main.yml
+++ b/roles/openshift_hosted/tasks/main.yml
@@ -1,4 +1,11 @@
---
+- name: Create projects
+ oc_project:
+ name: "{{ item.key }}"
+ node_selector:
+ - "{{ item.value.default_node_selector }}"
+ with_dict: "{{ openshift_projects }}"
+
- include: router/router.yml
when: openshift_hosted_manage_router | default(true) | bool
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index d89ce855a..0b8042473 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -56,12 +56,24 @@
openshift_hosted_registry_force:
- False
+- name: Create the registry service account
+ oc_serviceaccount:
+ name: "{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+
+- name: Grant the registry serivce account access to the appropriate scc
+ oc_adm_policy_user:
+ user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+ resource_kind: scc
+ resource_name: hostnetwork
+
- name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry
oc_adm_policy_user:
- user: system:serviceaccount:default:registry
+ user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
resource_kind: cluster-role
resource_name: system:registry
- state: present
- name: create the default registry service
oc_service:
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 3b7021eae..0861b9ec2 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -22,6 +22,30 @@
with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') |
oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}"
+- name: Create the router service account(s)
+ oc_serviceaccount:
+ name: "{{ item.serviceaccount }}"
+ namespace: "{{ item.namespace }}"
+ state: present
+ with_items: "{{ openshift_hosted_routers }}"
+
+- name: Grant the router serivce account(s) access to the appropriate scc
+ oc_adm_policy_user:
+ user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}"
+ namespace: "{{ item.namespace }}"
+ resource_kind: scc
+ resource_name: hostnetwork
+ with_items: "{{ openshift_hosted_routers }}"
+
+- name: Set additional permissions for router service account
+ oc_adm_policy_user:
+ user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}"
+ namespace: "{{ item.namespace }}"
+ resource_kind: cluster-role
+ resource_name: cluster-reader
+ when: item.namespace == 'default'
+ with_items: "{{ openshift_hosted_routers }}"
+
- name: Create OpenShift router
oc_adm_router:
name: "{{ item.name }}"
diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2
index f3336334a..ca6a23f21 100644
--- a/roles/openshift_hosted/templates/registry_config.j2
+++ b/roles/openshift_hosted/templates/registry_config.j2
@@ -71,7 +71,7 @@ middleware:
- name: openshift
options:
pullthrough: {{ openshift_hosted_registry_pullthrough | default(true) }}
- acceptschema2: {{ openshift_hosted_registry_acceptschema2 | default(false) }}
+ acceptschema2: {{ openshift_hosted_registry_acceptschema2 | default(true) }}
enforcequota: {{ openshift_hosted_registry_enforcequota | default(false) }}
{% if openshift_hosted_registry_storage_provider | default('') == 's3' and openshift_hosted_registry_storage_s3_cloudfront_baseurl is defined %}
storage:
diff --git a/roles/openshift_hosted/vars/main.yml b/roles/openshift_hosted/vars/main.yml
index 521578cd0..0821d0e7e 100644
--- a/roles/openshift_hosted/vars/main.yml
+++ b/roles/openshift_hosted/vars/main.yml
@@ -1,3 +1,13 @@
---
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
registry_config_secret_name: registry-config
+
+openshift_default_projects:
+ default:
+ default_node_selector: ''
+ logging:
+ default_node_selector: ''
+ openshift-infra:
+ default_node_selector: ''
+
+openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts(openshift_default_projects) }}"
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md
index 14b80304d..570c41ecc 100644
--- a/roles/openshift_logging/README.md
+++ b/roles/openshift_logging/README.md
@@ -72,6 +72,8 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log
- `openshift_logging_es_recover_after_time`: The amount of time ES will wait before it tries to recover. Defaults to '5m'.
- `openshift_logging_es_storage_group`: The storage group used for ES. Defaults to '65534'.
- `openshift_logging_es_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land.
+- `openshift_logging_es_number_of_shards`: The number of primary shards for every new index created in ES. Defaults to '1'.
+- `openshift_logging_es_number_of_replicas`: The number of replica shards per primary shard for every new index. Defaults to '0'.
When `openshift_logging_use_ops` is `True`, there are some additional vars. These work the
same as above for their non-ops counterparts, but apply to the OPS cluster instance:
@@ -88,6 +90,8 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta
- `openshift_logging_es_ops_pvc_prefix`: logging-es-ops
- `openshift_logging_es_ops_recover_after_time`: 5m
- `openshift_logging_es_ops_storage_group`: 65534
+- `openshift_logging_es_ops_number_of_shards`: The number of primary shards for every new index created in ES. Defaults to '1'.
+- `openshift_logging_es_ops_number_of_replicas`: The number of replica shards per primary shard for every new index. Defaults to '0'.
- `openshift_logging_kibana_ops_hostname`: The Operations Kibana hostname. Defaults to 'kibana-ops.example.com'.
- `openshift_logging_kibana_ops_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified.
- `openshift_logging_kibana_ops_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified.
diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml
index ad9c1ce42..d9c9a83d0 100644
--- a/roles/openshift_logging/defaults/main.yml
+++ b/roles/openshift_logging/defaults/main.yml
@@ -1,9 +1,7 @@
---
-openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}"
-openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}"
openshift_logging_use_ops: "{{ openshift_hosted_logging_enable_ops_cluster | default('false') | bool }}"
openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
-openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' + openshift.master.api_port) }}"
+openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}"
openshift_logging_namespace: logging
openshift_logging_install_logging: True
openshift_logging_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
@@ -22,7 +20,7 @@ openshift_logging_curator_ops_cpu_limit: 100m
openshift_logging_curator_ops_memory_limit: null
openshift_logging_curator_ops_nodeselector: "{{ openshift_hosted_logging_curator_ops_nodeselector | default('') | map_from_pairs }}"
-openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' + openshift.common.dns_domain) }}"
+openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
openshift_logging_kibana_cpu_limit: null
openshift_logging_kibana_memory_limit: null
openshift_logging_kibana_proxy_debug: false
@@ -46,7 +44,7 @@ openshift_logging_kibana_key: ""
#for the public facing kibana certs
openshift_logging_kibana_ca: ""
-openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.' + openshift.common.dns_domain) }}"
+openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}"
openshift_logging_kibana_ops_cpu_limit: null
openshift_logging_kibana_ops_memory_limit: null
openshift_logging_kibana_ops_proxy_debug: false
@@ -54,6 +52,18 @@ openshift_logging_kibana_ops_proxy_cpu_limit: null
openshift_logging_kibana_ops_proxy_memory_limit: null
openshift_logging_kibana_ops_replica_count: 1
+#The absolute path on the control node to the cert file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_cert: ""
+
+#The absolute path on the control node to the key file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_key: ""
+
+#The absolute path on the control node to the CA file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_ca: ""
+
openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}"
openshift_logging_fluentd_cpu_limit: 100m
openshift_logging_fluentd_memory_limit: 512Mi
@@ -78,6 +88,10 @@ openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_
openshift_logging_es_recover_after_time: 5m
openshift_logging_es_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}"
openshift_logging_es_nodeselector: "{{ openshift_hosted_logging_elasticsearch_nodeselector | default('') | map_from_pairs }}"
+# openshift_logging_es_config is a hash to be merged into the defaults for the elasticsearch.yaml
+openshift_logging_es_config: {}
+openshift_logging_es_number_of_shards: 1
+openshift_logging_es_number_of_replicas: 0
# allow cluster-admin or cluster-reader to view operations index
openshift_logging_es_ops_allow_cluster_reader: False
@@ -97,9 +111,11 @@ openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_
openshift_logging_es_ops_recover_after_time: 5m
openshift_logging_es_ops_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}"
openshift_logging_es_ops_nodeselector: "{{ openshift_hosted_logging_elasticsearch_ops_nodeselector | default('') | map_from_pairs }}"
+openshift_logging_es_ops_number_of_shards: 1
+openshift_logging_es_ops_number_of_replicas: 0
# storage related defaults
-openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_access_modes | default('ReadWriteOnce') }}"
+openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_access_modes | default(['ReadWriteOnce']) }}"
# following can be uncommented to provide values for configmaps -- take care when providing file contents as it may cause your cluster to not operate correctly
diff --git a/roles/openshift_logging/files/generate-jks.sh b/roles/openshift_logging/files/generate-jks.sh
index 9fe557f83..b5ba7f9d1 100644
--- a/roles/openshift_logging/files/generate-jks.sh
+++ b/roles/openshift_logging/files/generate-jks.sh
@@ -1,4 +1,4 @@
-#! /bin/sh
+#! /bin/bash
set -ex
function usage() {
diff --git a/roles/openshift_logging/filter_plugins/openshift_logging.py b/roles/openshift_logging/filter_plugins/openshift_logging.py
index 9beffaef7..44b0b2d48 100644
--- a/roles/openshift_logging/filter_plugins/openshift_logging.py
+++ b/roles/openshift_logging/filter_plugins/openshift_logging.py
@@ -5,6 +5,18 @@
import random
+def es_storage(os_logging_facts, dc_name, pvc_claim, root='elasticsearch'):
+ '''Return a hash with the desired storage for the given ES instance'''
+ deploy_config = os_logging_facts[root]['deploymentconfigs'].get(dc_name)
+ if deploy_config:
+ storage = deploy_config['volumes']['elasticsearch-storage']
+ if storage.get('hostPath'):
+ return dict(kind='hostpath', path=storage.get('hostPath').get('path'))
+ if len(pvc_claim.strip()) > 0:
+ return dict(kind='pvc', pvc_claim=pvc_claim)
+ return dict(kind='emptydir')
+
+
def random_word(source_alpha, length):
''' Returns a random word given the source of characters to pick from and resulting length '''
return ''.join(random.choice(source_alpha) for i in range(length))
@@ -44,4 +56,5 @@ class FilterModule(object):
'random_word': random_word,
'entry_from_named_pair': entry_from_named_pair,
'map_from_pairs': map_from_pairs,
+ 'es_storage': es_storage
}
diff --git a/roles/openshift_logging/meta/main.yaml b/roles/openshift_logging/meta/main.yaml
index ab57242c8..9c480f73a 100644
--- a/roles/openshift_logging/meta/main.yaml
+++ b/roles/openshift_logging/meta/main.yaml
@@ -13,5 +13,4 @@ galaxy_info:
- cloud
dependencies:
- role: lib_openshift
-- role: openshift_master_facts
- role: openshift_facts
diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml
index 8fcf517ad..c1721895c 100644
--- a/roles/openshift_logging/tasks/generate_configmaps.yaml
+++ b/roles/openshift_logging/tasks/generate_configmaps.yaml
@@ -6,8 +6,17 @@
when: es_logging_contents is undefined
changed_when: no
+ - local_action: >
+ copy content="{{ config_source | combine(override_config,recursive=True) | to_nice_yaml }}"
+ dest="{{local_tmp.stdout}}/elasticsearch-gen-template.yml"
+ vars:
+ config_source: "{{lookup('file','templates/elasticsearch.yml.j2') | from_yaml }}"
+ override_config: "{{openshift_logging_es_config | from_yaml}}"
+ when: es_logging_contents is undefined
+ changed_when: no
+
- template:
- src: elasticsearch.yml.j2
+ src: "{{local_tmp.stdout}}/elasticsearch-gen-template.yml"
dest: "{{mktemp.stdout}}/elasticsearch.yml"
vars:
- allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}"
diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml
index c6e2ccbc0..6e3204589 100644
--- a/roles/openshift_logging/tasks/generate_jks.yaml
+++ b/roles/openshift_logging/tasks/generate_jks.yaml
@@ -20,12 +20,6 @@
register: truststore_jks
check_mode: no
-- name: Create temp directory for doing work in
- local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
- register: local_tmp
- changed_when: False
- check_mode: no
-
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
when: elasticsearch_jks.stat.exists
@@ -92,7 +86,3 @@
src: "{{local_tmp.stdout}}/truststore.jks"
dest: "{{generated_certs_dir}}/truststore.jks"
when: not truststore_jks.stat.exists
-
-- name: Cleaning up temp dir
- local_action: file path="{{local_tmp.stdout}}" state=absent
- changed_when: False
diff --git a/roles/openshift_logging/tasks/generate_pvcs.yaml b/roles/openshift_logging/tasks/generate_pvcs.yaml
index e1629908f..fa7a86c27 100644
--- a/roles/openshift_logging/tasks/generate_pvcs.yaml
+++ b/roles/openshift_logging/tasks/generate_pvcs.yaml
@@ -15,8 +15,7 @@
vars:
obj_name: "{{claim_name}}"
size: "{{es_pvc_size}}"
- access_modes:
- - "{{ es_access_modes }}"
+ access_modes: "{{ es_access_modes | list }}"
pv_selector: "{{es_pv_selector}}"
with_items:
- "{{es_pvc_pool | default([])}}"
@@ -35,8 +34,7 @@
annotations:
volume.alpha.kubernetes.io/storage-class: "dynamic"
size: "{{es_pvc_size}}"
- access_modes:
- - "{{ es_access_modes }}"
+ access_modes: "{{ es_access_modes | list }}"
pv_selector: "{{es_pv_selector}}"
with_items:
- "{{es_pvc_pool|default([])}}"
diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml
index 7af17a708..e77da7a24 100644
--- a/roles/openshift_logging/tasks/generate_routes.yaml
+++ b/roles/openshift_logging/tasks/generate_routes.yaml
@@ -16,12 +16,12 @@
changed_when: false
- name: Generating logging routes
- template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml
+ template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-route.yaml
tags: routes
vars:
- obj_name: "{{route_info.name}}"
- route_host: "{{route_info.host}}"
- service_name: "{{route_info.name}}"
+ obj_name: "logging-kibana"
+ route_host: "{{openshift_logging_kibana_hostname}}"
+ service_name: "logging-kibana"
tls_key: "{{kibana_key | default('') | b64decode}}"
tls_cert: "{{kibana_cert | default('') | b64decode}}"
tls_ca_cert: "{{kibana_ca | b64decode}}"
@@ -31,10 +31,47 @@
component: support
logging-infra: support
provider: openshift
- with_items:
- - {name: logging-kibana, host: "{{openshift_logging_kibana_hostname}}"}
- - {name: logging-kibana-ops, host: "{{openshift_logging_kibana_ops_hostname}}"}
- loop_control:
- loop_var: route_info
- when: (route_info.name == 'logging-kibana-ops' and openshift_logging_use_ops | bool) or route_info.name == 'logging-kibana'
+ changed_when: no
+
+- set_fact: kibana_ops_key={{ lookup('file', openshift_logging_kibana_ops_key) | b64encode }}
+ when:
+ - openshift_logging_use_ops | bool
+ - "{{ openshift_logging_kibana_ops_key | trim | length > 0 }}"
+ changed_when: false
+
+- set_fact: kibana_ops_cert={{ lookup('file', openshift_logging_kibana_ops_cert)| b64encode }}
+ when:
+ - openshift_logging_use_ops | bool
+ - "{{openshift_logging_kibana_ops_cert | trim | length > 0}}"
+ changed_when: false
+
+- set_fact: kibana_ops_ca={{ lookup('file', openshift_logging_kibana_ops_ca)| b64encode }}
+ when:
+ - openshift_logging_use_ops | bool
+ - "{{openshift_logging_kibana_ops_ca | trim | length > 0}}"
+ changed_when: false
+
+- set_fact: kibana_ops_ca={{key_pairs | entry_from_named_pair('ca_file') }}
+ when:
+ - openshift_logging_use_ops | bool
+ - kibana_ops_ca is not defined
+ changed_when: false
+
+- name: Generating logging ops routes
+ template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-ops-route.yaml
+ tags: routes
+ vars:
+ obj_name: "logging-kibana-ops"
+ route_host: "{{openshift_logging_kibana_ops_hostname}}"
+ service_name: "logging-kibana-ops"
+ tls_key: "{{kibana_ops_key | default('') | b64decode}}"
+ tls_cert: "{{kibana_ops_cert | default('') | b64decode}}"
+ tls_ca_cert: "{{kibana_ops_ca | b64decode}}"
+ tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
+ edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}"
+ labels:
+ component: support
+ logging-infra: support
+ provider: openshift
+ when: openshift_logging_use_ops | bool
changed_when: no
diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml
index 0f8e7ae58..f396bcc6d 100644
--- a/roles/openshift_logging/tasks/generate_secrets.yaml
+++ b/roles/openshift_logging/tasks/generate_secrets.yaml
@@ -31,8 +31,6 @@
- fluentd
loop_control:
loop_var: component
- when: secret_name not in openshift_logging_facts.{{component}}.secrets or
- secret_keys | difference(openshift_logging_facts.{{component}}.secrets["{{secret_name}}"]["keys"]) | length != 0
check_mode: no
changed_when: no
@@ -50,8 +48,6 @@
kibana_key_file: "{{key_pairs | entry_from_named_pair('kibana_internal_key')| b64decode }}"
kibana_cert_file: "{{key_pairs | entry_from_named_pair('kibana_internal_cert')| b64decode }}"
server_tls_file: "{{key_pairs | entry_from_named_pair('server_tls')| b64decode }}"
- when: secret_name not in openshift_logging_facts.kibana.secrets or
- secret_keys | difference(openshift_logging_facts.kibana.secrets["{{secret_name}}"]["keys"]) | length != 0
check_mode: no
changed_when: no
@@ -66,8 +62,6 @@
secret_name: logging-elasticsearch
secret_keys: ["admin-cert", "searchguard.key", "admin-ca", "key", "truststore", "admin-key", "searchguard.truststore"]
register: logging_es_secret
- when: secret_name not in openshift_logging_facts.elasticsearch.secrets or
- secret_keys | difference(openshift_logging_facts.elasticsearch.secrets["{{secret_name}}"]["keys"]) | length != 0
check_mode: no
changed_when: no
diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml
index a0ad12d94..28fad420b 100644
--- a/roles/openshift_logging/tasks/install_elasticsearch.yaml
+++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml
@@ -2,6 +2,13 @@
- name: Getting current ES deployment size
set_fact: openshift_logging_current_es_size={{ openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | length }}
+- set_fact: openshift_logging_es_pvc_prefix="logging-es"
+ when: "not openshift_logging_es_pvc_prefix or openshift_logging_es_pvc_prefix == ''"
+
+- set_fact: es_pvc_pool={{[]}}
+
+- set_fact: openshift_logging_es_pvc_prefix="{{ openshift_logging_es_pvc_prefix | default('logging-es') }}"
+
- name: Generate PersistentVolumeClaims
include: "{{ role_path}}/tasks/generate_pvcs.yaml"
vars:
@@ -42,10 +49,12 @@
es_cluster_name: "{{component}}"
es_cpu_limit: "{{openshift_logging_es_cpu_limit }}"
es_memory_limit: "{{openshift_logging_es_memory_limit}}"
- volume_names: "{{es_pvc_pool | default([])}}"
- pvc_claim: "{{(volume_names | length > item.0) | ternary(volume_names[item.0], None)}}"
+ pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}"
deploy_name: "{{item.1}}"
es_node_selector: "{{openshift_logging_es_nodeselector | default({}) }}"
+ es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim)}}"
+ es_number_of_shards: "{{ openshift_logging_es_number_of_shards }}"
+ es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas }}"
with_indexed_items:
- "{{ es_dc_pool }}"
check_mode: no
@@ -56,6 +65,8 @@
- name: Getting current ES deployment size
set_fact: openshift_logging_current_es_ops_size={{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | length }}
+- set_fact: openshift_logging_es_ops_pvc_prefix="{{ openshift_logging_es_ops_pvc_prefix | default('logging-es-ops') }}"
+
- name: Validate Elasticsearch cluster size for Ops
fail: msg="The openshift_logging_es_ops_cluster_size may not be scaled down more than 1 less (or 0) the number of Elasticsearch nodes already deployed"
vars:
@@ -66,6 +77,9 @@
- "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}"
check_mode: no
+- set_fact: openshift_logging_es_ops_pvc_prefix="logging-es-ops"
+ when: "not openshift_logging_es_ops_pvc_prefix or openshift_logging_es_ops_pvc_prefix == ''"
+
- set_fact: es_pvc_pool={{[]}}
- name: Generate PersistentVolumeClaims for Ops
@@ -111,8 +125,7 @@
logging_component: elasticsearch
deploy_name_prefix: "logging-{{component}}"
image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}"
- volume_names: "{{es_pvc_pool | default([])}}"
- pvc_claim: "{{(volume_names | length > item.0) | ternary(volume_names[item.0], None)}}"
+ pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}"
deploy_name: "{{item.1}}"
es_cluster_name: "{{component}}"
es_cpu_limit: "{{openshift_logging_es_ops_cpu_limit }}"
@@ -121,7 +134,10 @@
es_recover_after_nodes: "{{es_ops_recover_after_nodes}}"
es_recover_expected_nodes: "{{es_ops_recover_expected_nodes}}"
openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}"
- es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) | map_from_pairs }}"
+ es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) }}"
+ es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim,root='elasticsearch_ops')}}"
+ es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards }}"
+ es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas }}"
with_indexed_items:
- "{{ es_ops_dc_pool | default([]) }}"
when:
diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml
index 4c718805e..c7f4a2f93 100644
--- a/roles/openshift_logging/tasks/main.yaml
+++ b/roles/openshift_logging/tasks/main.yaml
@@ -3,6 +3,17 @@
msg: Only one Fluentd nodeselector key pair should be provided
when: "{{ openshift_logging_fluentd_nodeselector.keys() | count }} > 1"
+- name: Set default image variables based on deployment_type
+ include_vars: "{{ item }}"
+ with_first_found:
+ - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+ - "default_images.yml"
+
+- name: Set logging image facts
+ set_fact:
+ openshift_logging_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}"
+ openshift_logging_image_version: "{{ openshift_logging_image_version | default(__openshift_logging_image_version) }}"
+
- name: Create temp directory for doing work in
command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
register: mktemp
@@ -12,6 +23,14 @@
- debug: msg="Created temp dir {{mktemp.stdout}}"
+- name: Create local temp directory for doing work in
+ local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
+ register: local_tmp
+ changed_when: False
+ check_mode: no
+
+- debug: msg="Created local temp dir {{local_tmp.stdout}}"
+
- name: Copy the admin client config(s)
command: >
cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
@@ -37,3 +56,8 @@
tags: logging_cleanup
changed_when: False
check_mode: no
+
+- name: Cleaning up local temp dir
+ local_action: file path="{{local_tmp.stdout}}" state=absent
+ tags: logging_cleanup
+ changed_when: False
diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2
index f2d098f10..07e8c0c98 100644
--- a/roles/openshift_logging/templates/elasticsearch.yml.j2
+++ b/roles/openshift_logging/templates/elasticsearch.yml.j2
@@ -6,9 +6,8 @@ script:
indexed: on
index:
- number_of_shards: 1
- number_of_replicas: 0
- auto_expand_replicas: 0-2
+ number_of_shards: {{ es_number_of_shards | default ('1') }}
+ number_of_replicas: {{ es_number_of_replicas | default ('0') }}
unassigned.node_left.delayed_timeout: 2m
translog:
flush_threshold_size: 256mb
@@ -29,6 +28,7 @@ cloud:
discovery:
type: kubernetes
zen.ping.multicast.enabled: false
+ zen.minimum_master_nodes: {{es_min_masters}}
gateway:
expected_master_nodes: ${NODE_QUORUM}
@@ -37,6 +37,8 @@ gateway:
recover_after_time: ${RECOVER_AFTER_TIME}
io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
+io.fabric8.elasticsearch.kibana.mapping.app: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
+io.fabric8.elasticsearch.kibana.mapping.ops: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
openshift.config:
use_common_data_model: true
@@ -47,7 +49,7 @@ openshift.searchguard:
keystore.path: /etc/elasticsearch/secret/admin.jks
truststore.path: /etc/elasticsearch/secret/searchguard.truststore
-openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default ('false')}}
+openshift.operations.allow_cluster_reader: "{{allow_cluster_reader | default (false)}}"
path:
data: /elasticsearch/persistent/${CLUSTER_NAME}/data
diff --git a/roles/openshift_logging/templates/es-storage-emptydir.partial b/roles/openshift_logging/templates/es-storage-emptydir.partial
new file mode 100644
index 000000000..ccd01a816
--- /dev/null
+++ b/roles/openshift_logging/templates/es-storage-emptydir.partial
@@ -0,0 +1 @@
+ emptyDir: {}
diff --git a/roles/openshift_logging/templates/es-storage-hostpath.partial b/roles/openshift_logging/templates/es-storage-hostpath.partial
new file mode 100644
index 000000000..07ddad9ba
--- /dev/null
+++ b/roles/openshift_logging/templates/es-storage-hostpath.partial
@@ -0,0 +1,2 @@
+ hostPath:
+ path: {{es_storage['path']}}
diff --git a/roles/openshift_logging/templates/es-storage-pvc.partial b/roles/openshift_logging/templates/es-storage-pvc.partial
new file mode 100644
index 000000000..fcbff68de
--- /dev/null
+++ b/roles/openshift_logging/templates/es-storage-pvc.partial
@@ -0,0 +1,2 @@
+ persistentVolumeClaim:
+ claimName: {{es_storage['pvc_claim']}}
diff --git a/roles/openshift_logging/templates/es.j2 b/roles/openshift_logging/templates/es.j2
index 81ae070be..16185fc1d 100644
--- a/roles/openshift_logging/templates/es.j2
+++ b/roles/openshift_logging/templates/es.j2
@@ -103,9 +103,4 @@ spec:
configMap:
name: logging-elasticsearch
- name: elasticsearch-storage
-{% if pvc_claim is defined and pvc_claim | trim | length > 0 %}
- persistentVolumeClaim:
- claimName: {{pvc_claim}}
-{% else %}
- emptyDir: {}
-{% endif %}
+{% include 'es-storage-'+ es_storage['kind'] + '.partial' %}
diff --git a/roles/openshift_logging/templates/pvc.j2 b/roles/openshift_logging/templates/pvc.j2
index f19a3a750..07d81afff 100644
--- a/roles/openshift_logging/templates/pvc.j2
+++ b/roles/openshift_logging/templates/pvc.j2
@@ -1,7 +1,7 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: {{obj_name}}
+ name: "{{obj_name}}"
labels:
logging-infra: support
{% if annotations is defined %}
diff --git a/roles/openshift_logging/vars/default_images.yml b/roles/openshift_logging/vars/default_images.yml
new file mode 100644
index 000000000..1a77808f6
--- /dev/null
+++ b/roles/openshift_logging/vars/default_images.yml
@@ -0,0 +1,3 @@
+---
+__openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}"
+__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}"
diff --git a/roles/openshift_logging/vars/main.yaml b/roles/openshift_logging/vars/main.yaml
index 07cc05683..c3064cee9 100644
--- a/roles/openshift_logging/vars/main.yaml
+++ b/roles/openshift_logging/vars/main.yaml
@@ -1,6 +1,8 @@
---
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
es_node_quorum: "{{openshift_logging_es_cluster_size|int/2 + 1}}"
+es_min_masters_default: "{{ (openshift_logging_es_cluster_size | int / 2 | round(0,'floor') + 1) | int }}"
+es_min_masters: "{{ (openshift_logging_es_cluster_size == 1) | ternary(1, es_min_masters_default)}}"
es_recover_after_nodes: "{{openshift_logging_es_cluster_size|int - 1}}"
es_recover_expected_nodes: "{{openshift_logging_es_cluster_size|int}}"
es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size|int/2 + 1}}"
diff --git a/roles/openshift_logging/vars/openshift-enterprise.yml b/roles/openshift_logging/vars/openshift-enterprise.yml
new file mode 100644
index 000000000..9679d209a
--- /dev/null
+++ b/roles/openshift_logging/vars/openshift-enterprise.yml
@@ -0,0 +1,3 @@
+---
+__openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}"
+__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default(openshift_release | default ('3.5.0') ) }}"
diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml
index 9a883feed..f67aee88b 100644
--- a/roles/openshift_manage_node/tasks/main.yml
+++ b/roles/openshift_manage_node/tasks/main.yml
@@ -39,7 +39,7 @@
delegate_to: "{{ openshift_master_host }}"
- name: Set node schedulability
- oadm_manage_node:
+ oc_adm_manage_node:
node: "{{ openshift.node.nodename | lower }}"
schedulable: "{{ 'true' if openshift.node.schedulable | bool else 'false' }}"
retries: 10
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 2ef61cddf..98e0da1a2 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -249,7 +249,7 @@
# Using curl here since the uri module requires python-httplib2 and
# wait_for port doesn't provide health information.
command: >
- curl --silent
+ curl --silent --tlsv1.2
{% if openshift.common.version_gte_3_2_or_1_2 | bool %}
--cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
{% else %}
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index aec48386e..938ac2a12 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -35,6 +35,15 @@ assetConfig:
keyFile: master.server.key
maxRequestsInFlight: 0
requestTimeoutSeconds: 0
+{% if openshift_master_min_tls_version is defined %}
+ minTLSVersion: {{ openshift_master_min_tls_version }}
+{% endif %}
+{% if openshift_master_cipher_suites is defined %}
+ cipherSuites:
+{% for cipher_suite in openshift_master_cipher_suites %}
+ - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
{% if openshift_master_ha | bool %}
{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %}
auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
@@ -256,5 +265,14 @@ servingInfo:
{% endfor %}
{% endfor %}
{% endif %}
+{% if openshift_master_min_tls_version is defined %}
+ minTLSVersion: {{ openshift_master_min_tls_version }}
+{% endif %}
+{% if openshift_master_cipher_suites is defined %}
+ cipherSuites:
+{% for cipher_suite in openshift_master_cipher_suites %}
+ - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
volumeConfig:
dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }}
diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml
index db4a0e1fc..1d3db8a1a 100644
--- a/roles/openshift_metrics/defaults/main.yaml
+++ b/roles/openshift_metrics/defaults/main.yaml
@@ -1,8 +1,6 @@
---
openshift_metrics_start_cluster: True
openshift_metrics_install_metrics: True
-openshift_metrics_image_prefix: docker.io/openshift/origin-
-openshift_metrics_image_version: latest
openshift_metrics_startup_timeout: 500
openshift_metrics_hawkular_replicas: 1
@@ -47,7 +45,7 @@ openshift_metrics_node_id: nodename
openshift_metrics_project: openshift-infra
openshift_metrics_cassandra_pvc_prefix: "{{ openshift_hosted_metrics_storage_volume_name | default('metrics-cassandra') }}"
-openshift_metrics_cassandra_pvc_access: "{{ openshift_hosted_metrics_storage_access_modes | default('ReadWriteOnce') }}"
+openshift_metrics_cassandra_pvc_access: "{{ openshift_hosted_metrics_storage_access_modes | default(['ReadWriteOnce']) }}"
openshift_metrics_hawkular_user_write_access: False
diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh
index c8d5bb3d2..b2537f448 100755
--- a/roles/openshift_metrics/files/import_jks_certs.sh
+++ b/roles/openshift_metrics/files/import_jks_certs.sh
@@ -21,11 +21,7 @@ set -ex
function import_certs() {
dir=$CERT_DIR
hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 -d)
- hawkular_cassandra_keystore_password=$(echo $CASSANDRA_KEYSTORE_PASSWD | base64 -d)
hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d)
- hawkular_cassandra_truststore_password=$(echo $CASSANDRA_TRUSTSTORE_PASSWD | base64 -d)
-
- cassandra_alias=`keytool -noprompt -list -keystore $dir/hawkular-cassandra.truststore -storepass ${hawkular_cassandra_truststore_password} | sed -n '7~2s/,.*$//p'`
hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'`
if [ ! -f $dir/hawkular-metrics.keystore ]; then
@@ -39,56 +35,7 @@ function import_certs() {
-deststorepass $hawkular_metrics_keystore_password
fi
- if [ ! -f $dir/hawkular-cassandra.keystore ]; then
- echo "Creating the Hawkular Cassandra keystore from the PEM file"
- keytool -importkeystore -v \
- -srckeystore $dir/hawkular-cassandra.pkcs12 \
- -destkeystore $dir/hawkular-cassandra.keystore \
- -srcstoretype PKCS12 \
- -deststoretype JKS \
- -srcstorepass $hawkular_cassandra_keystore_password \
- -deststorepass $hawkular_cassandra_keystore_password
- fi
-
- if [[ ! ${cassandra_alias[*]} =~ hawkular-metrics ]]; then
- echo "Importing the Hawkular Certificate into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics \
- -file $dir/hawkular-metrics.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
-
- if [[ ! ${hawkular_alias[*]} =~ hawkular-cassandra ]]; then
- echo "Importing the Cassandra Certificate into the Hawkular Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
- -file $dir/hawkular-cassandra.crt \
- -keystore $dir/hawkular-metrics.truststore \
- -trustcacerts \
- -storepass $hawkular_metrics_truststore_password
- fi
-
- if [[ ! ${cassandra_alias[*]} =~ hawkular-cassandra ]]; then
- echo "Importing the Hawkular Cassandra Certificate into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \
- -file $dir/hawkular-cassandra.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
-
- cert_alias_names=(ca metricca cassandraca)
-
- for cert_alias in ${cert_alias_names[*]}; do
- if [[ ! ${cassandra_alias[*]} =~ "$cert_alias" ]]; then
- echo "Importing the CA Certificate with alias $cert_alias into the Cassandra Truststore"
- keytool -noprompt -import -v -trustcacerts -alias $cert_alias \
- -file ${dir}/ca.crt \
- -keystore $dir/hawkular-cassandra.truststore \
- -trustcacerts \
- -storepass $hawkular_cassandra_truststore_password
- fi
- done
+ cert_alias_names=(ca metricca)
for cert_alias in ${cert_alias_names[*]}; do
if [[ ! ${hawkular_alias[*]} =~ "$cert_alias" ]]; then
diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml
new file mode 100644
index 000000000..ffb812271
--- /dev/null
+++ b/roles/openshift_metrics/handlers/main.yml
@@ -0,0 +1,26 @@
+---
+- name: restart master
+ systemd: name={{ openshift.common.service_type }}-master state=restarted
+ when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool))
+ notify: Verify API Server
+
+- name: Verify API Server
+ # Using curl here since the uri module requires python-httplib2 and
+ # wait_for port doesn't provide health information.
+ command: >
+ curl --silent --tlsv1.2
+ {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
+ --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+ {% else %}
+ --cacert {{ openshift.common.config_base }}/master/ca.crt
+ {% endif %}
+ {{ openshift.master.api_url }}/healthz/ready
+ args:
+ # Disables the following warning:
+ # Consider using get_url or uri module rather than running curl
+ warn: no
+ register: api_available_output
+ until: api_available_output.stdout == 'ok'
+ retries: 120
+ delay: 1
+ changed_when: false
diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
index 61a240a33..01fc1ef64 100644
--- a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml
@@ -13,9 +13,6 @@
hostnames: hawkular-cassandra
changed_when: no
-- slurp: src={{ mktemp.stdout }}/hawkular-cassandra-truststore.pwd
- register: cassandra_truststore_password
-
- slurp: src={{ mktemp.stdout }}/hawkular-metrics-truststore.pwd
register: hawkular_truststore_password
@@ -67,11 +64,8 @@
- hawkular-metrics.pwd
- hawkular-metrics.htpasswd
- hawkular-cassandra.crt
+ - hawkular-cassandra.key
- hawkular-cassandra.pem
- - hawkular-cassandra.keystore
- - hawkular-cassandra-keystore.pwd
- - hawkular-cassandra.truststore
- - hawkular-cassandra-truststore.pwd
changed_when: false
- set_fact:
@@ -136,38 +130,21 @@
- name: generate cassandra secret template
template:
src: secret.j2
- dest: "{{ mktemp.stdout }}/templates/cassandra_secrets.yaml"
+ dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-certs.yaml"
vars:
- name: hawkular-cassandra-secrets
+ name: hawkular-cassandra-certs
labels:
- metrics-infra: hawkular-cassandra
+ metrics-infra: hawkular-cassandra-certs
+ annotations:
+ service.alpha.openshift.io/originating-service-name: hawkular-cassandra
data:
- cassandra.keystore: >
- {{ hawkular_secrets['hawkular-cassandra.keystore'] }}
- cassandra.keystore.password: >
- {{ hawkular_secrets['hawkular-cassandra-keystore.pwd'] }}
- cassandra.keystore.alias: "{{ 'hawkular-cassandra'|b64encode }}"
- cassandra.truststore: >
- {{ hawkular_secrets['hawkular-cassandra.truststore'] }}
- cassandra.truststore.password: >
- {{ hawkular_secrets['hawkular-cassandra-truststore.pwd'] }}
- cassandra.pem: >
- {{ hawkular_secrets['hawkular-cassandra.pem'] }}
- when: name not in metrics_secrets
- changed_when: no
-
-- name: generate cassandra-certificate secret template
- template:
- src: secret.j2
- dest: "{{ mktemp.stdout }}/templates/cassandra_certificate.yaml"
- vars:
- name: hawkular-cassandra-certificate
- labels:
- metrics-infra: hawkular-cassandra
- data:
- cassandra.certificate: >
+ tls.crt: >
{{ hawkular_secrets['hawkular-cassandra.crt'] }}
- cassandra-ca.certificate: >
- {{ hawkular_secrets['hawkular-cassandra.pem'] }}
- when: name not in metrics_secrets.stdout_lines
+ tls.key: >
+ {{ hawkular_secrets['hawkular-cassandra.key'] }}
+ tls.peer.truststore.crt: >
+ {{ hawkular_secrets['hawkular-cassandra.crt'] }}
+ tls.client.truststore.crt: >
+ {{ hawkular_secrets['hawkular-metrics.crt'] }}
+ when: name not in metrics_secrets
changed_when: no
diff --git a/roles/openshift_metrics/tasks/import_jks_certs.yaml b/roles/openshift_metrics/tasks/import_jks_certs.yaml
index 2a67dad0e..e098145e9 100644
--- a/roles/openshift_metrics/tasks/import_jks_certs.yaml
+++ b/roles/openshift_metrics/tasks/import_jks_certs.yaml
@@ -1,12 +1,4 @@
---
-- stat: path="{{mktemp.stdout}}/hawkular-cassandra.keystore"
- register: cassandra_keystore
- check_mode: no
-
-- stat: path="{{mktemp.stdout}}/hawkular-cassandra.truststore"
- register: cassandra_truststore
- check_mode: no
-
- stat: path="{{mktemp.stdout}}/hawkular-metrics.keystore"
register: metrics_keystore
check_mode: no
@@ -19,9 +11,6 @@
- slurp: src={{ mktemp.stdout }}/hawkular-metrics-keystore.pwd
register: metrics_keystore_password
- - slurp: src={{ mktemp.stdout }}/hawkular-cassandra-keystore.pwd
- register: cassandra_keystore_password
-
- fetch:
dest: "{{local_tmp.stdout}}/"
src: "{{ mktemp.stdout }}/{{item}}"
@@ -29,18 +18,14 @@
changed_when: False
with_items:
- hawkular-metrics.pkcs12
- - hawkular-cassandra.pkcs12
- hawkular-metrics.crt
- - hawkular-cassandra.crt
- ca.crt
- local_action: command {{role_path}}/files/import_jks_certs.sh
environment:
CERT_DIR: "{{local_tmp.stdout}}"
METRICS_KEYSTORE_PASSWD: "{{metrics_keystore_password.content}}"
- CASSANDRA_KEYSTORE_PASSWD: "{{cassandra_keystore_password.content}}"
METRICS_TRUSTSTORE_PASSWD: "{{hawkular_truststore_password.content}}"
- CASSANDRA_TRUSTSTORE_PASSWD: "{{cassandra_truststore_password.content}}"
changed_when: False
- copy:
@@ -49,6 +34,4 @@
with_fileglob: "{{local_tmp.stdout}}/*.*store"
when: not metrics_keystore.stat.exists or
- not metrics_truststore.stat.exists or
- not cassandra_keystore.stat.exists or
- not cassandra_truststore.stat.exists
+ not metrics_truststore.stat.exists
diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml
index 66c81562b..a467c1a51 100644
--- a/roles/openshift_metrics/tasks/install_cassandra.yaml
+++ b/roles/openshift_metrics/tasks/install_cassandra.yaml
@@ -22,6 +22,9 @@
with_sequence: count={{ openshift_metrics_cassandra_replicas }}
changed_when: false
+- set_fact: openshift_metrics_cassandra_pvc_prefix="hawkular-metrics"
+ when: "not openshift_metrics_cassandra_pvc_prefix or openshift_metrics_cassandra_pvc_prefix == ''"
+
- name: generate hawkular-cassandra persistent volume claims
template:
src: pvc.j2
@@ -30,8 +33,7 @@
obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}"
labels:
metrics-infra: hawkular-cassandra
- access_modes:
- - "{{ openshift_metrics_cassandra_pvc_access }}"
+ access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
size: "{{ openshift_metrics_cassandra_pvc_size }}"
with_sequence: count={{ openshift_metrics_cassandra_replicas }}
when:
@@ -49,8 +51,7 @@
metrics-infra: hawkular-cassandra
annotations:
volume.alpha.kubernetes.io/storage-class: dynamic
- access_modes:
- - "{{ openshift_metrics_cassandra_pvc_access }}"
+ access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
size: "{{ openshift_metrics_cassandra_pvc_size }}"
with_sequence: count={{ openshift_metrics_cassandra_replicas }}
when: openshift_metrics_cassandra_storage_type == 'dynamic'
diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml
index 66a3abdbd..ffe6f63a2 100644
--- a/roles/openshift_metrics/tasks/install_metrics.yaml
+++ b/roles/openshift_metrics/tasks/install_metrics.yaml
@@ -34,6 +34,8 @@
file_content: "{{ item.content | b64decode | from_yaml }}"
with_items: "{{ object_defs.results }}"
+- include: update_master_config.yaml
+
- command: >
{{openshift.common.client_binary}}
--config={{mktemp.stdout}}/admin.kubeconfig
diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml
index 1eebff3bf..c8d222c60 100644
--- a/roles/openshift_metrics/tasks/main.yaml
+++ b/roles/openshift_metrics/tasks/main.yaml
@@ -1,4 +1,16 @@
---
+
+- name: Set default image variables based on deployment_type
+ include_vars: "{{ item }}"
+ with_first_found:
+ - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+ - "default_images.yml"
+
+- name: Set metrics image facts
+ set_fact:
+ openshift_metrics_image_prefix: "{{ openshift_metrics_image_prefix | default(__openshift_metrics_image_prefix) }}"
+ openshift_metrics_image_version: "{{ openshift_metrics_image_version | default(__openshift_metrics_image_version) }}"
+
- name: Create temp directory for doing work in on target
command: mktemp -td openshift-metrics-ansible-XXXXXX
register: mktemp
diff --git a/roles/openshift_metrics/tasks/update_master_config.yaml b/roles/openshift_metrics/tasks/update_master_config.yaml
new file mode 100644
index 000000000..20fc45fd4
--- /dev/null
+++ b/roles/openshift_metrics/tasks/update_master_config.yaml
@@ -0,0 +1,9 @@
+---
+- name: Adding metrics route information to metricsPublicURL
+ modify_yaml:
+ dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ yaml_key: assetConfig.metricsPublicURL
+ yaml_value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics"
+ notify: restart master
+ tags:
+ - update_master_config
diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
index 504476dc4..889317847 100644
--- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
@@ -48,11 +48,6 @@ spec:
- "--require_node_auth=true"
- "--enable_client_encryption=true"
- "--require_client_auth=true"
- - "--keystore_file=/secret/cassandra.keystore"
- - "--keystore_password_file=/secret/cassandra.keystore.password"
- - "--truststore_file=/secret/cassandra.truststore"
- - "--truststore_password_file=/secret/cassandra.truststore.password"
- - "--cassandra_pem_file=/secret/cassandra.pem"
env:
- name: CASSANDRA_MASTER
value: "{{ master }}"
@@ -60,6 +55,10 @@ spec:
value: "/cassandra_data"
- name: JVM_OPTS
value: "-Dcassandra.commitlog.ignorereplayerrors=true"
+ - name: TRUSTSTORE_NODES_AUTHORITIES
+ value: "/hawkular-cassandra-certs/tls.peer.truststore.crt"
+ - name: TRUSTSTORE_CLIENT_AUTHORITIES
+ value: "/hawkular-cassandra-certs/tls.client.truststore.crt"
- name: POD_NAMESPACE
valueFrom:
fieldRef:
@@ -76,12 +75,12 @@ spec:
volumeMounts:
- name: cassandra-data
mountPath: "/cassandra_data"
- - name: hawkular-cassandra-secrets
- mountPath: "/secret"
-{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none)
+ - name: hawkular-cassandra-certs
+ mountPath: "/hawkular-cassandra-certs"
+{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none)
or (openshift_metrics_cassandra_limits_memory is defined and openshift_metrics_cassandra_limits_memory is not none)
or (openshift_metrics_cassandra_requests_cpu is defined and openshift_metrics_cassandra_requests_cpu is not none)
- or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none))
+ or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none))
%}
resources:
{% if (openshift_metrics_cassandra_limits_cpu is not none
@@ -95,8 +94,8 @@ spec:
memory: "{{openshift_metrics_cassandra_limits_memory}}"
{% endif %}
{% endif %}
-{% if (openshift_metrics_cassandra_requests_cpu is not none
- or openshift_metrics_cassandra_requests_memory is not none)
+{% if (openshift_metrics_cassandra_requests_cpu is not none
+ or openshift_metrics_cassandra_requests_memory is not none)
%}
requests:
{% if openshift_metrics_cassandra_requests_cpu is not none %}
@@ -129,6 +128,6 @@ spec:
persistentVolumeClaim:
claimName: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ node }}"
{% endif %}
- - name: hawkular-cassandra-secrets
+ - name: hawkular-cassandra-certs
secret:
- secretName: hawkular-cassandra-secrets
+ secretName: hawkular-cassandra-certs
diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2
index 8fbfa8b5d..c2e56ba21 100644
--- a/roles/openshift_metrics/templates/pvc.j2
+++ b/roles/openshift_metrics/templates/pvc.j2
@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: {{obj_name}}
+ name: "{{obj_name}}"
{% if labels is not defined %}
labels:
- logging-infra: support
+ metrics-infra: support
{% elif labels %}
labels:
{% for key, value in labels.iteritems() %}
diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2
index 370890c7d..5b9dba122 100644
--- a/roles/openshift_metrics/templates/secret.j2
+++ b/roles/openshift_metrics/templates/secret.j2
@@ -2,6 +2,12 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ name }}"
+{% if annotations is defined%}
+ annotations:
+{% for key, value in annotations.iteritems() %}
+ {{key}}: {{value}}
+{% endfor %}
+{% endif %}
labels:
{% for k, v in labels.iteritems() %}
{{ k }}: {{ v }}
diff --git a/roles/openshift_metrics/vars/default_images.yml b/roles/openshift_metrics/vars/default_images.yml
new file mode 100644
index 000000000..678c4104c
--- /dev/null
+++ b/roles/openshift_metrics/vars/default_images.yml
@@ -0,0 +1,3 @@
+---
+__openshift_metrics_image_prefix: "{{ openshift_hosted_metrics_deployer_prefix | default('docker.io/openshift/origin-') }}"
+__openshift_metrics_image_version: "{{ openshift_hosted_metrics_deployer_version | default('latest') }}"
diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml
index 4a3724e3f..47aa76dd2 100644
--- a/roles/openshift_metrics/vars/main.yaml
+++ b/roles/openshift_metrics/vars/main.yaml
@@ -8,3 +8,4 @@ openshift_metrics_cassandra_storage_types:
- emptydir
- pv
- dynamic
+- nfs
diff --git a/roles/openshift_metrics/vars/openshift-enterprise.yml b/roles/openshift_metrics/vars/openshift-enterprise.yml
new file mode 100644
index 000000000..f28c3ce48
--- /dev/null
+++ b/roles/openshift_metrics/vars/openshift-enterprise.yml
@@ -0,0 +1,3 @@
+---
+__openshift_metrics_image_prefix: "{{ openshift_hosted_metrics_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}"
+__openshift_metrics_image_version: "{{ openshift_hosted_metrics_deployer_version | default(openshift_release | default ('3.5.0') ) }}"
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 691227915..626248306 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -153,7 +153,7 @@
# Using curl here since the uri module requires python-httplib2 and
# wait_for port doesn't provide health information.
command: >
- curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt
+ curl --silent --tlsv1.2 --cacert {{ openshift.common.config_base }}/node/ca.crt
{{ openshift_node_master_api_url }}/healthz/ready
args:
# Disables the following warning:
diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2
index d3c3feb68..f2f929232 100644
--- a/roles/openshift_node/templates/node.yaml.v1.j2
+++ b/roles/openshift_node/templates/node.yaml.v1.j2
@@ -40,6 +40,15 @@ servingInfo:
certFile: server.crt
clientCA: ca.crt
keyFile: server.key
+{% if openshift_node_min_tls_version is defined %}
+ minTLSVersion: {{ openshift_node_min_tls_version }}
+{% endif %}
+{% if openshift_node_cipher_suites is defined %}
+ cipherSuites:
+{% for cipher_suite in openshift_node_cipher_suites %}
+ - {{ cipher_suite }}
+{% endfor %}
+{% endif %}
volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes
proxyArguments:
proxy-mode:
diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service
index 6ec88f85e..c42bdb7c3 100644
--- a/roles/openshift_node/templates/openshift.docker.node.service
+++ b/roles/openshift_node/templates/openshift.docker.node.service
@@ -6,6 +6,8 @@ PartOf=docker.service
Requires=docker.service
{% if openshift.common.use_openshift_sdn %}
Requires=openvswitch.service
+After=ovsdb-server.service
+After=ovs-vswitchd.service
{% endif %}
Wants={{ openshift.common.service_type }}-master.service
Requires={{ openshift.common.service_type }}-node-dep.service
@@ -15,7 +17,7 @@ After={{ openshift.common.service_type }}-node-dep.service
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
-ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION}
+ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION}
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
SyslogIdentifier={{ openshift.common.service_type }}-node
diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node_upgrade/tasks/main.yml
index 2f79931df..6ae8dbc12 100644
--- a/roles/openshift_node_upgrade/tasks/main.yml
+++ b/roles/openshift_node_upgrade/tasks/main.yml
@@ -51,24 +51,39 @@
failed_when: false
when: openshift.common.is_containerized | bool
+- name: Stop rpm based services
+ service:
+ name: "{{ item }}"
+ state: stopped
+ with_items:
+ - "{{ openshift.common.service_type }}-node"
+ - openvswitch
+ failed_when: false
+ when: not openshift.common.is_containerized | bool
+
- name: Upgrade openvswitch
package:
name: openvswitch
state: latest
- register: ovs_pkg
when: not openshift.common.is_containerized | bool
- name: Restart openvswitch
systemd:
name: openvswitch
- state: restarted
+ state: started
when:
- not openshift.common.is_containerized | bool
- - ovs_pkg | changed
# Mandatory Docker restart, ensure all containerized services are running:
- include: docker/restart.yml
+- name: Update oreg value
+ yedit:
+ src: "{{ openshift.common.config_base }}/node/node-config.yaml"
+ key: 'imageConfig.format'
+ value: "{{ oreg_url }}"
+ when: oreg_url is defined
+
- name: Restart rpm node service
service:
name: "{{ openshift.common.service_type }}-node"
diff --git a/roles/openshift_node_upgrade/templates/openshift.docker.node.service b/roles/openshift_node_upgrade/templates/openshift.docker.node.service
index 6ec88f85e..0ff398152 100644
--- a/roles/openshift_node_upgrade/templates/openshift.docker.node.service
+++ b/roles/openshift_node_upgrade/templates/openshift.docker.node.service
@@ -15,7 +15,7 @@ After={{ openshift.common.service_type }}-node-dep.service
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
-ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION}
+ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION}
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
SyslogIdentifier={{ openshift.common.service_type }}-node
diff --git a/roles/openshift_projects/meta/main.yml b/roles/openshift_projects/meta/main.yml
deleted file mode 100644
index 107a70b83..000000000
--- a/roles/openshift_projects/meta/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-galaxy_info:
- author: Jason DeTiberus
- description: OpenShift Projects
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 1.9
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - cloud
-dependencies:
-- { role: openshift_facts }
diff --git a/roles/openshift_projects/tasks/main.yml b/roles/openshift_projects/tasks/main.yml
deleted file mode 100644
index 30d58afd3..000000000
--- a/roles/openshift_projects/tasks/main.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-- name: Create temp directory for kubeconfig
- command: mktemp -d /tmp/openshift-ansible-XXXXXX
- register: mktemp
- changed_when: False
-
-- name: Copy the admin client config(s)
- command: >
- cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
- changed_when: False
-
-- name: Determine if projects exist
- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
- get projects {{ item.key }} -o json
- with_dict: "{{ openshift_projects }}"
- failed_when: false
- changed_when: false
- register: project_test
-
-- name: Create projects
- command: >
- {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig
- new-project {{ item.item.key }}
- {% if item.item.value.default_node_selector | default(none) != none %}
- {{ '--node-selector=' ~ item.item.value.default_node_selector }}
- {% endif %}
- when: item.rc == 1
- with_items:
- - "{{ project_test.results }}"
-
-- name: Update project default node selector if necessary
- command: >
- {{ openshift.common.client_binary }}
- --config={{ mktemp.stdout }}/admin.kubeconfig patch namespace {{ item.item.key }}
- -p '{"metadata": {"annotations": {"openshift.io/node-selector": "{{ item.item.value.default_node_selector }}"}}}'
- when: "{{ item.rc == 0 and item.item.value.default_node_selector | default(none) != none
- and item.item.value.default_node_selector | default(none) != (item.stdout | from_json).metadata.annotations['openshift.io/node-selector'] | default(none) }}"
- with_items:
- - "{{ project_test.results }}"
- register: annotate_project
-
-- name: Delete temp directory
- file:
- name: "{{ mktemp.stdout }}"
- state: absent
- changed_when: False
diff --git a/roles/openshift_projects/vars/main.yml b/roles/openshift_projects/vars/main.yml
deleted file mode 100644
index 9967e26f4..000000000
--- a/roles/openshift_projects/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
diff --git a/roles/openshift_serviceaccounts/meta/main.yml b/roles/openshift_serviceaccounts/meta/main.yml
deleted file mode 100644
index 7a30c220f..000000000
--- a/roles/openshift_serviceaccounts/meta/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-galaxy_info:
- author: OpenShift Operations
- description: OpenShift Service Accounts
- company: Red Hat, Inc.
- license: Apache License, Version 2.0
- min_ansible_version: 1.9
- platforms:
- - name: EL
- versions:
- - 7
- categories:
- - cloud
-dependencies:
-- { role: openshift_facts }
-- { role: lib_openshift }
diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
deleted file mode 100644
index b8cbe9a84..000000000
--- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-####
-#
-# OSE 3.0.z did not have 'oadm policy add-scc-to-user'.
-#
-####
-
-- name: tmp dir for openshift
- file:
- path: /tmp/openshift
- state: directory
- owner: root
- mode: 0700
-
-- name: Create service account configs
- template:
- src: serviceaccount.j2
- dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
- with_items: '{{ openshift_serviceaccounts_names }}'
-
-- name: Get current security context constraints
- shell: >
- {{ openshift.common.client_binary }} get scc privileged -o yaml
- --output-version=v1 > /tmp/openshift/scc.yaml
- changed_when: false
-
-- name: Add security context constraint for {{ item }}
- lineinfile:
- dest: /tmp/openshift/scc.yaml
- line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}"
- insertafter: "^users:$"
- when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
- with_nested:
- - '{{ openshift_serviceaccounts_names }}'
- - '{{ scc_test.results }}'
-
-- name: Apply new scc rules for service accounts
- command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
deleted file mode 100644
index 1d570fa5b..000000000
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-- name: create the service account
- oc_serviceaccount:
- name: "{{ item }}"
- namespace: "{{ openshift_serviceaccounts_namespace }}"
- state: present
- with_items:
- - "{{ openshift_serviceaccounts_names }}"
-
-- name: test if scc needs to be updated
- command: >
- {{ openshift.common.client_binary }} get scc {{ item }} -o yaml
- changed_when: false
- failed_when: false
- register: scc_test
- with_items: "{{ openshift_serviceaccounts_sccs }}"
-
-- name: Grant the user access to the appropriate scc
- command: >
- {{ openshift.common.client_binary }} adm policy add-scc-to-user
- {{ item.1.item }} system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
- when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users | default([]) }}"
- with_nested:
- - "{{ openshift_serviceaccounts_names }}"
- - "{{ scc_test.results }}"
-
-- include: legacy_add_scc_to_user.yml
- when: not openshift.common.version_gte_3_1_or_1_1
diff --git a/roles/openshift_serviceaccounts/templates/serviceaccount.j2 b/roles/openshift_serviceaccounts/templates/serviceaccount.j2
deleted file mode 100644
index c5f12421f..000000000
--- a/roles/openshift_serviceaccounts/templates/serviceaccount.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ item.0 }}