diff options
Diffstat (limited to 'roles')
28 files changed, 322 insertions, 100 deletions
diff --git a/roles/lib_zabbix/library/zbx_item.py b/roles/lib_zabbix/library/zbx_item.py index 2cd00dd27..5dc3cff9b 100644 --- a/roles/lib_zabbix/library/zbx_item.py +++ b/roles/lib_zabbix/library/zbx_item.py @@ -107,6 +107,39 @@ def get_multiplier(inval): return rval, 0 +def get_zabbix_type(ztype): + ''' + Determine which type of discoverrule this is + ''' + _types = {'agent': 0, + 'SNMPv1': 1, + 'trapper': 2, + 'simple': 3, + 'SNMPv2': 4, + 'internal': 5, + 'SNMPv3': 6, + 'active': 7, + 'aggregate': 8, + 'web': 9, + 'external': 10, + 'database monitor': 11, + 'ipmi': 12, + 'ssh': 13, + 'telnet': 14, + 'calculated': 15, + 'JMX': 16, + 'SNMP trap': 17, + } + + for typ in _types.keys(): + if ztype in typ or ztype == typ: + _vtype = _types[typ] + break + else: + _vtype = 2 + + return _vtype + # The branches are needed for CRUD and error handling # pylint: disable=too-many-branches def main(): @@ -123,7 +156,7 @@ def main(): name=dict(default=None, type='str'), key=dict(default=None, type='str'), template_name=dict(default=None, type='str'), - zabbix_type=dict(default=2, type='int'), + zabbix_type=dict(default='trapper', type='str'), value_type=dict(default='int', type='str'), interval=dict(default=60, type='int'), delta=dict(default=0, type='int'), @@ -184,7 +217,7 @@ def main(): params = {'name': module.params.get('name', module.params['key']), 'key_': module.params['key'], 'hostid': templateid[0], - 'type': module.params['zabbix_type'], + 'type': get_zabbix_type(module.params['zabbix_type']), 'value_type': get_value_type(module.params['value_type']), 'applications': get_app_ids(module.params['applications'], app_name_ids), 'formula': formula, diff --git a/roles/lib_zabbix/tasks/create_template.yml b/roles/lib_zabbix/tasks/create_template.yml index d5168a9f4..ac9cf756b 100644 --- a/roles/lib_zabbix/tasks/create_template.yml +++ b/roles/lib_zabbix/tasks/create_template.yml @@ -38,7 +38,7 @@ units: "{{ item.units | default('', True) }}" template_name: "{{ template.name }}" applications: "{{ item.applications }}" - zabbix_type: "{{ item.zabbix_type | default(2, True) }}" + zabbix_type: "{{ item.zabbix_type | default('trapper') }}" interval: "{{ item.interval | default(60, True) }}" delta: "{{ item.delta | default(0, True) }}" with_items: template.zitems diff --git a/roles/openshift_ansible_inventory/tasks/main.yml b/roles/openshift_ansible_inventory/tasks/main.yml index 5fe77e38b..9cc15c0a8 100644 --- a/roles/openshift_ansible_inventory/tasks/main.yml +++ b/roles/openshift_ansible_inventory/tasks/main.yml @@ -3,8 +3,9 @@ name: openshift-ansible-inventory state: present -- template: - src: multi_ec2.yaml.j2 +- name: + copy: + content: "{{ oo_inventory_accounts | to_nice_yaml }}" dest: /etc/ansible/multi_ec2.yaml group: "{{ oo_inventory_group }}" owner: "{{ oo_inventory_owner }}" @@ -39,5 +40,5 @@ owner: root group: libra_ops recurse: yes - mode: '2750' + mode: '2770' when: oo_inventory_cache_location is defined diff --git a/roles/openshift_ansible_inventory/templates/multi_ec2.yaml.j2 b/roles/openshift_ansible_inventory/templates/multi_ec2.yaml.j2 deleted file mode 100644 index 8228ab915..000000000 --- a/roles/openshift_ansible_inventory/templates/multi_ec2.yaml.j2 +++ /dev/null @@ -1,26 +0,0 @@ -# multi ec2 inventory configs -cache_max_age: {{ oo_inventory_cache_max_age }} -cache_location: {{ oo_inventory_cache_location | default('~/.ansible/tmp/multi_ec2_inventory.cache') }} -accounts: -{% for account in oo_inventory_accounts %} - - name: {{ account.name }} - provider: {{ account.provider }} - provider_config: -{% for section, items in account.provider_config.items() %} - {{ section }}: -{% for property, value in items.items() %} - {{ property }}: {{ value }} -{% endfor %} -{% endfor %} - env_vars: - AWS_ACCESS_KEY_ID: {{ account.env_vars.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: {{ account.env_vars.AWS_SECRET_ACCESS_KEY }} -{% if account.all_group is defined and account.hostvars is defined%} - all_group: {{ account.all_group }} - hostvars: -{% for property, value in account.hostvars.items() %} - {{ property }}: {{ value }} -{% endfor %} -{% endif %} - -{% endfor %} diff --git a/roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json index f213d99ca..268d680f4 100644 --- a/roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/image-streams/image-streams-centos7.json @@ -23,7 +23,8 @@ "iconClass": "icon-ruby", "tags": "builder,ruby", "supports": "ruby:2.0,ruby", - "version": "2.0" + "version": "2.0", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -53,7 +54,8 @@ "iconClass": "icon-nodejs", "tags": "builder,nodejs", "supports":"nodejs:0.10,nodejs:0.1,nodejs", - "version": "0.10" + "version": "0.10", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -83,7 +85,8 @@ "iconClass": "icon-perl", "tags": "builder,perl", "supports":"perl:5.16,perl", - "version": "5.16" + "version": "5.16", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -113,7 +116,8 @@ "iconClass": "icon-php", "tags": "builder,php", "supports":"php:5.5,php", - "version": "5.5" + "version": "5.5", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -143,7 +147,8 @@ "iconClass": "icon-python", "tags": "builder,python", "supports":"python:3.3,python", - "version": "3.3" + "version": "3.3", + "sampleRepo": "https://github.com/openshift/django-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -173,7 +178,8 @@ "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", "supports":"wildfly:8.1,jee,java", - "version": "8.1" + "version": "8.1", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" }, "from": { "Kind": "ImageStreamTag", diff --git a/roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json index 8c125f76a..aa62ebd53 100644 --- a/roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/image-streams/image-streams-rhel7.json @@ -23,7 +23,8 @@ "iconClass": "icon-ruby", "tags": "builder,ruby", "supports": "ruby:2.0,ruby", - "version": "2.0" + "version": "2.0", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -53,7 +54,8 @@ "iconClass": "icon-nodejs", "tags": "builder,nodejs", "supports":"nodejs:0.10,nodejs:0.1,nodejs", - "version": "0.10" + "version": "0.10", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -83,7 +85,8 @@ "iconClass": "icon-perl", "tags": "builder,perl", "supports":"perl:5.16,perl", - "version": "5.16" + "version": "5.16", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -113,7 +116,8 @@ "iconClass": "icon-php", "tags": "builder,php", "supports":"php:5.5,php", - "version": "5.5" + "version": "5.5", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" }, "from": { "Kind": "ImageStreamTag", @@ -143,7 +147,8 @@ "iconClass": "icon-python", "tags": "builder,python", "supports":"python:3.3,python", - "version": "3.3" + "version": "3.3", + "sampleRepo": "https://github.com/openshift/django-ex.git" }, "from": { "Kind": "ImageStreamTag", diff --git a/roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json index deac2010f..da5679444 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/cakephp-mysql.json @@ -201,6 +201,10 @@ { "name": "CAKEPHP_SECURITY_CIPHER_SEED", "value": "${CAKEPHP_SECURITY_CIPHER_SEED}" + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "value": "${OPCACHE_REVALIDATE_FREQ}" } ] } @@ -364,6 +368,11 @@ "description": "Security cipher seed for session hash", "generate": "expression", "from": "[0-9]{30}" + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "description": "The How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", + "value": "2" } ] } diff --git a/roles/openshift_examples/files/examples/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/quickstart-templates/cakephp.json index ec556ea13..f426e1dd6 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/cakephp.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/cakephp.json @@ -190,6 +190,10 @@ { "name": "CAKEPHP_SECURITY_CIPHER_SEED", "value": "${CAKEPHP_SECURITY_CIPHER_SEED}" + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "value": "${OPCACHE_REVALIDATE_FREQ}" } ] } @@ -261,6 +265,11 @@ "description": "Security cipher seed for session hash", "generate": "expression", "from": "[0-9]{30}" + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "description": "The How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", + "value": "2" } ] } diff --git a/roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json index 2cbcc0889..55f655102 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/dancer-mysql.json @@ -175,6 +175,10 @@ { "name": "SECRET_KEY_BASE", "value": "${SECRET_KEY_BASE}" + }, + { + "name": "PERL_APACHE2_RELOAD", + "value": "${PERL_APACHE2_RELOAD}" } ] } @@ -330,6 +334,11 @@ "value": "openshift/mysql-55-centos7" }, { + "name": "PERL_APACHE2_RELOAD", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules", + "value": "" + }, + { "name": "SECRET_KEY_BASE", "description": "Your secret key for verifying the integrity of signed cookies", "generate": "expression", diff --git a/roles/openshift_examples/files/examples/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/quickstart-templates/dancer.json index 43271dfc5..3ee19be83 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/dancer.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/dancer.json @@ -157,6 +157,12 @@ { "containerPort": 8080 } + ], + "env": [ + { + "name": "PERL_APACHE2_RELOAD", + "value": "${PERL_APACHE2_RELOAD}" + } ] } ] @@ -195,6 +201,11 @@ "description": "Your secret key for verifying the integrity of signed cookies", "generate": "expression", "from": "[a-z0-9]{127}" + }, + { + "name": "PERL_APACHE2_RELOAD", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules", + "value": "" } ] } diff --git a/roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json index 017b5be19..8760b074c 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/nodejs-mongodb.json @@ -102,6 +102,12 @@ "github": { "secret": "${GITHUB_WEBHOOK_SECRET}" } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } } ] } @@ -298,6 +304,12 @@ "from": "[a-zA-Z0-9]{40}" }, { + "name": "GENERIC_WEBHOOK_SECRET", + "description": "A secret string used to configure the Generic webhook", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { "name": "DATABASE_SERVICE_NAME", "description": "Database service name", "value": "mongodb" @@ -328,7 +340,7 @@ { "name": "MONGODB_IMAGE", "description": "Image to use for mongodb", - "value": "openshift/mongodb-24-centos7" + "value": "openshift/mongodb-24-centos7" } ] } diff --git a/roles/openshift_examples/files/examples/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/quickstart-templates/nodejs.json index 55488ab41..e047266e3 100644 --- a/roles/openshift_examples/files/examples/quickstart-templates/nodejs.json +++ b/roles/openshift_examples/files/examples/quickstart-templates/nodejs.json @@ -102,6 +102,12 @@ "github": { "secret": "${GITHUB_WEBHOOK_SECRET}" } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } } ] } @@ -213,6 +219,12 @@ "from": "[a-zA-Z0-9]{40}" }, { + "name": "GENERIC_WEBHOOK_SECRET", + "description": "A secret string used to configure the Generic webhook", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { "name": "DATABASE_SERVICE_NAME", "description": "Database service name" }, diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 44f8cbb31..8cd3aa2d4 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -21,6 +21,7 @@ import ConfigParser import copy import os from distutils.util import strtobool +from distutils.version import LooseVersion def hostname_valid(hostname): @@ -362,6 +363,33 @@ def set_metrics_facts_if_unset(facts): facts['common']['use_cluster_metrics'] = use_cluster_metrics return facts +def set_project_cfg_facts_if_unset(facts): + """ Set Project Configuration facts if not already present in facts dict + dict: + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with the generated Project Configuration + facts if they were not already present + + """ + + config = { + 'default_node_selector': '', + 'project_request_message': '', + 'project_request_template': '', + 'mcs_allocator_range': 's0:/2', + 'mcs_labels_per_project': 5, + 'uid_allocator_range': '1000000000-1999999999/10000' + } + + if 'master' in facts: + for key, value in config.items(): + if key not in facts['master']: + facts['master'][key] = value + + return facts + def set_identity_providers_if_unset(facts): """ Set identity_providers fact if not already present in facts dict @@ -478,7 +506,7 @@ def set_aggregate_facts(facts): def set_deployment_facts_if_unset(facts): """ Set Facts that vary based on deployment_type. This currently includes common.service_type, common.config_base, master.registry_url, - node.registry_url + node.registry_url, node.storage_plugin_deps Args: facts (dict): existing facts @@ -486,8 +514,9 @@ def set_deployment_facts_if_unset(facts): dict: the facts dict updated with the generated deployment_type facts """ - # Perhaps re-factor this as a map? - # pylint: disable=too-many-branches + # disabled to avoid breaking up facts related to deployment type into + # multiple methods for now. + # pylint: disable=too-many-statements, too-many-branches if 'common' in facts: deployment_type = facts['common']['deployment_type'] if 'service_type' not in facts['common']: @@ -507,7 +536,15 @@ def set_deployment_facts_if_unset(facts): if deployment_type in ['enterprise', 'online']: data_dir = '/var/lib/openshift' facts['common']['data_dir'] = data_dir - facts['common']['version'] = get_openshift_version() + facts['common']['version'] = version = get_openshift_version() + if version is not None: + if deployment_type == 'origin': + version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('1.0.6') + else: + version_gt_3_1_or_1_1 = LooseVersion(version) > LooseVersion('3.0.2.900') + else: + version_gt_3_1_or_1_1 = True + facts['common']['version_greater_than_3_1_or_1_1'] = version_gt_3_1_or_1_1 for role in ('master', 'node'): if role in facts: @@ -520,6 +557,25 @@ def set_deployment_facts_if_unset(facts): registry_url = 'aep3/aep-${component}:${version}' facts[role]['registry_url'] = registry_url + if 'master' in facts: + deployment_type = facts['common']['deployment_type'] + openshift_features = ['Builder', 'S2IBuilder', 'WebConsole'] + if 'disabled_features' in facts['master']: + if deployment_type == 'atomic-enterprise': + curr_disabled_features = set(facts['master']['disabled_features']) + facts['master']['disabled_features'] = list(curr_disabled_features.union(openshift_features)) + else: + if deployment_type == 'atomic-enterprise': + facts['master']['disabled_features'] = openshift_features + + if 'node' in facts: + deployment_type = facts['common']['deployment_type'] + if 'storage_plugin_deps' not in facts['node']: + if deployment_type in ['openshift-enterprise', 'atomic-enterprise']: + facts['node']['storage_plugin_deps'] = ['ceph', 'glusterfs'] + else: + facts['node']['storage_plugin_deps'] = [] + return facts @@ -638,7 +694,7 @@ def get_openshift_version(): Returns: version: the current openshift version """ - version = '' + version = None if os.path.isfile('/usr/bin/openshift'): _, output, _ = module.run_command(['/usr/bin/openshift', 'version']) @@ -813,6 +869,7 @@ class OpenShiftFacts(object): facts = merge_facts(facts, local_facts) facts['current_config'] = get_current_config(facts) facts = set_url_facts_if_unset(facts) + facts = set_project_cfg_facts_if_unset(facts) facts = set_fluentd_facts_if_unset(facts) facts = set_node_schedulability(facts) facts = set_master_selectors(facts) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index fca41307d..3a886935f 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -52,11 +52,17 @@ default_subdomain: "{{ osm_default_subdomain | default(None) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" default_node_selector: "{{ osm_default_node_selector | default(None) }}" + project_request_message: "{{ osm_project_request_message | default(None) }}" + project_request_template: "{{ osm_project_request_template | default(None) }}" + mcs_allocator_range: "{{ osm_mcs_allocator_range | default(None) }}" + mcs_labels_per_project: "{{ osm_mcs_labels_per_project | default(None) }}" + uid_allocator_range: "{{ osm_uid_allocator_range | default(None) }}" router_selector: "{{ openshift_router_selector | default(None) }}" registry_selector: "{{ openshift_registry_selector | default(None) }}" api_server_args: "{{ osm_api_server_args | default(None) }}" controller_args: "{{ osm_controller_args | default(None) }}" infra_nodes: "{{ num_infra | default(None) }}" + disabled_features: "{{ osm_disabled_features | default(None) }}" - name: Install Master package yum: pkg={{ openshift.common.service_type }}-master{{ openshift_version }} state=present diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 6e45eaad7..73a0bc6cc 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -1,5 +1,7 @@ apiLevels: +{% if openshift.common.deployment_type == "enterprise" %} - v1beta3 +{% endif %} - v1 apiVersion: v1 assetConfig: @@ -20,6 +22,9 @@ corsAllowedOrigins: {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - {{ custom_origin }} {% endfor %} +{% if 'disabled_features' in openshift.master %} +disabledFeatures: {{ openshift.master.disabled_features | to_json }} +{% endif %} {% if openshift.master.embedded_dns | bool %} dnsConfig: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} @@ -66,7 +71,9 @@ kubeletClientInfo: {% if openshift.master.embedded_kube | bool %} kubernetesMasterConfig: apiLevels: +{% if openshift.common.deployment_type == "enterprise" %} - v1beta3 +{% endif %} - v1 apiServerArguments: {{ api_server_args if api_server_args is defined else 'null' }} controllerArguments: {{ controller_args if controller_args is defined else 'null' }} @@ -74,6 +81,9 @@ kubernetesMasterConfig: masterCount: 1 masterIP: "" podEvictionTimeout: "" + proxyClientInfo: + certFile: master.proxy-client.crt + keyFile: master.proxy-client.key schedulerConfigFile: {{ openshift_master_scheduler_conf }} servicesNodePortRange: "" servicesSubnet: {{ openshift.master.portal_net }} @@ -97,15 +107,14 @@ policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} openshiftInfrastructureNamespace: openshift-infra openshiftSharedResourcesNamespace: openshift -{# TODO: Allow users to override projectConfig items #} projectConfig: - defaultNodeSelector: "{{ openshift.master.default_node_selector | default("") }}" - projectRequestMessage: "" - projectRequestTemplate: "" + defaultNodeSelector: "{{ openshift.master.default_node_selector }}" + projectRequestMessage: "{{ openshift.master.project_request_message }}" + projectRequestTemplate: "{{ openshift.master.project_request_template }}" securityAllocator: - mcsAllocatorRange: s0:/2 - mcsLabelsPerProject: 5 - uidAllocatorRange: 1000000000-1999999999/10000 + mcsAllocatorRange: "{{ openshift.master.mcs_allocator_range }}" + mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} + uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" routingConfig: subdomain: "{{ openshift.master.default_subdomain | default("") }}" serviceAccountConfig: diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml index 5c9639ea5..cfd1ceabf 100644 --- a/roles/openshift_master_ca/tasks/main.yml +++ b/roles/openshift_master_ca/tasks/main.yml @@ -18,5 +18,4 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_master_config_dir }} --overwrite=false - args: - creates: "{{ openshift_master_config_dir }}/master.server.key" + when: master_certs_missing diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 0d75a9eb3..e4602337e 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -20,6 +20,8 @@ - admin.kubeconfig - master.kubelet-client.crt - master.kubelet-client.key + - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}" + - "{{ 'master.proxy-client.key' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}" - openshift-master.crt - openshift-master.key - openshift-master.kubeconfig @@ -41,6 +43,5 @@ --public-master={{ item.openshift.master.public_api_url }} --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} --overwrite=false - args: - creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt" + when: master_certs_missing with_items: masters_needing_certs diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index a7d63befa..aea60b75c 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -30,6 +30,9 @@ kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" + docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" + docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" + storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. @@ -68,12 +71,14 @@ register: docker_check # TODO: Enable secure registry when code available in origin -- name: Secure Registry +- name: Secure Registry and Logs Options lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ -{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'" +{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ +{% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ +{% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" when: docker_check.stat.isreg notify: - restart docker @@ -120,9 +125,8 @@ notify: - restart docker -- name: Allow NFS access for VMs - seboolean: name=virt_use_nfs state=yes persistent=yes - when: ansible_selinux and ansible_selinux.status == "enabled" +- name: Additional storage plugin configuration + include: storage_plugins/main.yml - name: Start and enable node service: name={{ openshift.common.service_type }}-node enabled=yes state=started diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml new file mode 100644 index 000000000..b6936618a --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -0,0 +1,5 @@ +--- +- name: Install Ceph storage plugin dependencies + yum: + pkg: ceph-common + state: installed diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml new file mode 100644 index 000000000..b812e81df --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -0,0 +1,12 @@ +--- +- name: Install GlusterFS storage plugin dependencies + yum: + pkg: glusterfs-fuse + state: installed + +- name: Set seboolean to allow gluster storage plugin access from containers + seboolean: + name: virt_use_fusefs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml new file mode 100644 index 000000000..39c7b9390 --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/main.yml @@ -0,0 +1,13 @@ +--- +# The NFS storage plugin is always enabled since it doesn't require any +# additional package dependencies +- name: NFS storage plugin configuration + include: nfs.yml + +- name: GlusterFS storage plugin configuration + include: glusterfs.yml + when: "'glusterfs' in openshift.node.storage_plugin_deps" + +- name: Ceph storage plugin configuration + include: ceph.yml + when: "'ceph' in openshift.node.storage_plugin_deps" diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml new file mode 100644 index 000000000..1edf21d9b --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -0,0 +1,7 @@ +--- +- name: Set seboolean to allow nfs storage plugin access from containers + seboolean: + name: virt_use_nfs + state: yes + persistent: yes + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/roles/os_zabbix/tasks/main.yml b/roles/os_zabbix/tasks/main.yml index a503b24d7..82bf78b57 100644 --- a/roles/os_zabbix/tasks/main.yml +++ b/roles/os_zabbix/tasks/main.yml @@ -15,6 +15,7 @@ - include_vars: template_ops_tools.yml - include_vars: template_app_zabbix_server.yml - include_vars: template_app_zabbix_agent.yml +- include_vars: template_performance_copilot.yml - name: Include Template Heartbeat include: ../../lib_zabbix/tasks/create_template.yml @@ -79,3 +80,11 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + +- name: Include Template Performance Copilot + include: ../../lib_zabbix/tasks/create_template.yml + vars: + template: "{{ g_template_performance_copilot }}" + server: "{{ ozb_server }}" + user: "{{ ozb_user }}" + password: "{{ ozb_password }}" diff --git a/roles/os_zabbix/vars/template_app_zabbix_agent.yml b/roles/os_zabbix/vars/template_app_zabbix_agent.yml index 6349b6384..d636d4822 100644 --- a/roles/os_zabbix/vars/template_app_zabbix_agent.yml +++ b/roles/os_zabbix/vars/template_app_zabbix_agent.yml @@ -6,14 +6,14 @@ g_template_app_zabbix_agent: applications: - Zabbix agent value_type: character - zabbix_type: 0 + zabbix_type: agent - key: agent.ping applications: - Zabbix agent description: The agent always returns 1 for this item. It could be used in combination with nodata() for availability check. value_type: int - zabbix_type: 0 + zabbix_type: agent ztriggers: - name: '[Reboot] Zabbix agent on {HOST.NAME} is unreachable for 15 minutes' diff --git a/roles/os_zabbix/vars/template_app_zabbix_server.yml b/roles/os_zabbix/vars/template_app_zabbix_server.yml index aeec16254..43517113b 100644 --- a/roles/os_zabbix/vars/template_app_zabbix_server.yml +++ b/roles/os_zabbix/vars/template_app_zabbix_server.yml @@ -8,7 +8,7 @@ g_template_app_zabbix_server: description: A simple count of the number of partition creates output by the housekeeper script. units: '' value_type: int - zabbix_type: 5 + zabbix_type: internal - key: housekeeper_drops applications: @@ -16,7 +16,7 @@ g_template_app_zabbix_server: description: A simple count of the number of partition drops output by the housekeeper script. units: '' value_type: int - zabbix_type: 5 + zabbix_type: internal - key: housekeeper_errors applications: @@ -24,7 +24,7 @@ g_template_app_zabbix_server: description: A simple count of the number of errors output by the housekeeper script. units: '' value_type: int - zabbix_type: 5 + zabbix_type: internal - key: housekeeper_total applications: @@ -33,7 +33,7 @@ g_template_app_zabbix_server: script. units: '' value_type: int - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,alerter,avg,busy] applications: @@ -41,7 +41,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,configuration syncer,avg,busy] applications: @@ -49,7 +49,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,db watchdog,avg,busy] applications: @@ -57,7 +57,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,discoverer,avg,busy] applications: @@ -65,7 +65,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,escalator,avg,busy] applications: @@ -73,7 +73,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,history syncer,avg,busy] applications: @@ -81,7 +81,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,housekeeper,avg,busy] applications: @@ -89,7 +89,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,http poller,avg,busy] applications: @@ -97,7 +97,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,icmp pinger,avg,busy] applications: @@ -105,7 +105,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,ipmi poller,avg,busy] applications: @@ -113,7 +113,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,java poller,avg,busy] applications: @@ -121,7 +121,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,node watcher,avg,busy] applications: @@ -129,7 +129,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,poller,avg,busy] applications: @@ -137,7 +137,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,proxy poller,avg,busy] applications: @@ -145,7 +145,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,self-monitoring,avg,busy] applications: @@ -153,7 +153,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,snmp trapper,avg,busy] applications: @@ -161,7 +161,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,timer,avg,busy] applications: @@ -169,7 +169,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,trapper,avg,busy] applications: @@ -177,7 +177,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[process,unreachable poller,avg,busy] applications: @@ -185,7 +185,7 @@ g_template_app_zabbix_server: description: '' units: '%' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[queue,10m] applications: @@ -193,7 +193,7 @@ g_template_app_zabbix_server: description: '' units: '' value_type: int - zabbix_type: 5 + zabbix_type: internal interval: 600 - key: zabbix[queue] @@ -202,7 +202,7 @@ g_template_app_zabbix_server: description: '' units: '' value_type: int - zabbix_type: 5 + zabbix_type: internal interval: 600 - key: zabbix[rcache,buffer,pfree] @@ -211,7 +211,7 @@ g_template_app_zabbix_server: description: '' units: '' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[wcache,history,pfree] applications: @@ -219,7 +219,7 @@ g_template_app_zabbix_server: description: '' units: '' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[wcache,text,pfree] applications: @@ -227,7 +227,7 @@ g_template_app_zabbix_server: description: '' units: '' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[wcache,trend,pfree] applications: @@ -235,7 +235,7 @@ g_template_app_zabbix_server: description: '' units: '' value_type: float - zabbix_type: 5 + zabbix_type: internal - key: zabbix[wcache,values] applications: @@ -243,7 +243,7 @@ g_template_app_zabbix_server: description: '' units: '' value_type: float - zabbix_type: 5 + zabbix_type: internal delta: 1 # speed per second ztriggers: diff --git a/roles/os_zabbix/vars/template_docker.yml b/roles/os_zabbix/vars/template_docker.yml index 395e054de..bfabf50c5 100644 --- a/roles/os_zabbix/vars/template_docker.yml +++ b/roles/os_zabbix/vars/template_docker.yml @@ -7,6 +7,11 @@ g_template_docker: - Docker Daemon value_type: int + - key: docker.info_elapsed_ms + applications: + - Docker Daemon + value_type: int + - key: docker.storage.is_loopback applications: - Docker Storage diff --git a/roles/os_zabbix/vars/template_os_linux.yml b/roles/os_zabbix/vars/template_os_linux.yml index 3ae1500bc..aeeec4b8d 100644 --- a/roles/os_zabbix/vars/template_os_linux.yml +++ b/roles/os_zabbix/vars/template_os_linux.yml @@ -246,15 +246,15 @@ g_template_os_linux: # CPU Utilization # - name: 'CPU idle less than 5% on {HOST.NAME}' - expression: '{Template OS Linux:kernel.all.cpu.idle.last()}<5 and {Template OS Linux:kernel.all.cpu.idle.last(#2)}<5' + expression: '{Template OS Linux:kernel.all.cpu.idle.max(#5)}<5' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_cpu_idle.asciidoc' priority: average description: 'CPU is less than 5% idle' - name: 'CPU idle less than 10% on {HOST.NAME}' - expression: '{Template OS Linux:kernel.all.cpu.idle.last()}<10 and {Template OS Linux:kernel.all.cpu.idle.last(#2)}<10' + expression: '{Template OS Linux:kernel.all.cpu.idle.max(#5)}<10' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_cpu_idle.asciidoc' - priority: warn + priority: average description: 'CPU is less than 10% idle' dependencies: - 'CPU idle less than 5% on {HOST.NAME}' diff --git a/roles/os_zabbix/vars/template_performance_copilot.yml b/roles/os_zabbix/vars/template_performance_copilot.yml new file mode 100644 index 000000000..b62fa0228 --- /dev/null +++ b/roles/os_zabbix/vars/template_performance_copilot.yml @@ -0,0 +1,14 @@ +--- +g_template_performance_copilot: + name: Template Performance Copilot + zitems: + - key: pcp.ping + applications: + - Performance Copilot + value_type: int + + ztriggers: + - name: 'pcp.ping failed on {HOST.NAME}' + expression: '{Template Performance Copilot:pcp.ping.max(#3)}<1' + url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_pcp_ping.asciidoc' + priority: average |