summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/lib_dyn/library/dyn_record.py30
-rw-r--r--roles/openshift_master/tasks/main.yml6
-rw-r--r--roles/openshift_node/tasks/main.yml3
-rw-r--r--roles/openshift_node/templates/openshift.docker.node.service2
-rw-r--r--roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml37
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml39
-rw-r--r--roles/os_zabbix/vars/template_openshift_node.yml22
-rw-r--r--roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j24
8 files changed, 98 insertions, 45 deletions
diff --git a/roles/lib_dyn/library/dyn_record.py b/roles/lib_dyn/library/dyn_record.py
index f2796ccf2..7b80064f4 100644
--- a/roles/lib_dyn/library/dyn_record.py
+++ b/roles/lib_dyn/library/dyn_record.py
@@ -95,6 +95,26 @@ requirements: [ dyn ]
author: "Russell Harrison"
'''
+EXAMPLES = '''
+- name: Update CNAME record
+ local_action:
+ module: dyn_record
+ state: present
+ record_fqdn: www.example.com
+ zone: example.com
+ record_type: CNAME
+ record_value: web1.example.com
+
+- name: Update A record
+ local_action:
+ module: dyn_record
+ state: present
+ record_fqdn: web1.example.com
+ zone: example.com
+ record_value: 10.0.0.10
+ record_type: A
+'''
+
try:
IMPORT_ERROR = False
from dyn.tm.session import DynectSession
@@ -158,15 +178,15 @@ def main():
'''Ansible module for managing Dyn DNS records.'''
module = AnsibleModule(
argument_spec=dict(
- state=dict(required=True, choices=['present', 'absent', 'list']),
+ state=dict(default='present', choices=['present', 'absent', 'list']),
customer_name=dict(default=os.environ.get('DYNECT_CUSTOMER_NAME', None), type='str'),
user_name=dict(default=os.environ.get('DYNECT_USER_NAME', None), type='str', no_log=True),
user_password=dict(default=os.environ.get('DYNECT_PASSWORD', None), type='str', no_log=True),
- zone=dict(required=True),
- record_fqdn=dict(required=False),
- record_type=dict(required=False, choices=[
+ zone=dict(required=True, type='str'),
+ record_fqdn=dict(required=False, type='str'),
+ record_type=dict(required=False, type='str', choices=[
'A', 'AAAA', 'CNAME', 'PTR', 'TXT']),
- record_value=dict(required=False),
+ record_value=dict(required=False, type='str'),
record_ttl=dict(required=False, default=0, type='int'),
),
required_together=(
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 23dfacf79..dd66eeebb 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -221,6 +221,9 @@
template:
dest: "{{ openshift.master.session_secrets_file }}"
src: sessionSecretsFile.yaml.v1.j2
+ owner: root
+ group: root
+ mode: 0600
when: openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined
notify:
- restart master
@@ -235,6 +238,9 @@
dest: "{{ openshift_master_config_file }}"
src: master.yaml.v1.j2
backup: true
+ owner: root
+ group: root
+ mode: 0600
notify:
- restart master
- restart master api
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index acf2f74e3..43253d72b 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -84,6 +84,9 @@
dest: "{{ openshift_node_config_file }}"
src: node.yaml.v1.j2
backup: true
+ owner: root
+ group: root
+ mode: 0600
notify:
- restart node
diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service
index 7a11a10fa..df3e0a44a 100644
--- a/roles/openshift_node/templates/openshift.docker.node.service
+++ b/roles/openshift_node/templates/openshift.docker.node.service
@@ -11,7 +11,7 @@ PartOf=docker.service
[Service]
EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node
ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node
-ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system {{ openshift.node.node_image }}
+ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log {{ openshift.node.node_image }}
ExecStartPost=/usr/bin/sleep 10
ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node
Restart=always
diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
new file mode 100644
index 000000000..1efab9466
--- /dev/null
+++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml
@@ -0,0 +1,37 @@
+####
+#
+# OSE 3.0.z did not have 'oadm policy add-scc-to-user'.
+#
+####
+
+- name: tmp dir for openshift
+ file:
+ path: /tmp/openshift
+ state: directory
+ owner: root
+ mode: 700
+
+- name: Create service account configs
+ template:
+ src: serviceaccount.j2
+ dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
+ with_items: openshift_serviceaccounts_names
+
+- name: Get current security context constraints
+ shell: >
+ {{ openshift.common.client_binary }} get scc privileged -o yaml
+ --output-version=v1 > /tmp/openshift/scc.yaml
+ changed_when: false
+
+- name: Add security context constraint for {{ item }}
+ lineinfile:
+ dest: /tmp/openshift/scc.yaml
+ line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}"
+ insertafter: "^users:$"
+ when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
+ with_nested:
+ - openshift_serviceaccounts_names
+ - scc_test.results
+
+- name: Apply new scc rules for service accounts
+ command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index 89d9e3aa7..f34fa7b74 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -32,42 +32,5 @@
- openshift_serviceaccounts_names
- scc_test.results
-####
-#
-# Support for 3.0.z
-#
-####
-
-- name: tmp dir for openshift
- file:
- path: /tmp/openshift
- state: directory
- owner: root
- mode: 700
- when: not openshift.common.version_gte_3_1_or_1_1
-
-- name: Create service account configs
- template:
- src: serviceaccount.j2
- dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
- with_items: openshift_serviceaccounts_names
- when: not openshift.common.version_gte_3_1_or_1_1
-
-- name: Get current security context constraints
- shell: >
- {{ openshift.common.client_binary }} get scc privileged -o yaml
- --output-version=v1 > /tmp/openshift/scc.yaml
- changed_when: false
- when: not openshift.common.version_gte_3_1_or_1_1
-
-- name: Add security context constraint for {{ item }}
- lineinfile:
- dest: /tmp/openshift/scc.yaml
- line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}"
- insertafter: "^users:$"
- with_items: openshift_serviceaccounts_names
- when: not openshift.common.version_gte_3_1_or_1_1
-
-- name: Apply new scc rules for service accounts
- command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"
+- include: legacy_add_scc_to_user.yml
when: not openshift.common.version_gte_3_1_or_1_1
diff --git a/roles/os_zabbix/vars/template_openshift_node.yml b/roles/os_zabbix/vars/template_openshift_node.yml
index b0488656d..c36c593df 100644
--- a/roles/os_zabbix/vars/template_openshift_node.yml
+++ b/roles/os_zabbix/vars/template_openshift_node.yml
@@ -26,7 +26,29 @@ g_template_openshift_node:
applications:
- Openshift Node
+ - key: openshift.node.registry-pods.healthy_pct
+ description: Shows the percentage of healthy registries in the cluster
+ type: int
+ applications:
+ - Openshift Node
+
+ - key: openshift.node.registry.service.ping
+ description: Ping docker-registry service from node
+ type: int
+ applications:
+ - Openshift Node
+
ztriggers:
+ - name: 'One or more Docker Registries is unhealthy according to {HOST.NAME}'
+ expression: '{Template Openshift Node:openshift.node.registry-pods.healthy_pct.last(#2)}<100 and {Template Openshift Node:openshift.node.registry-pods.healthy_pct.last(#1)}<100'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
+ priority: avg
+
+ - name: 'Docker Registry service is unhealthy according to {HOST.NAME}'
+ expression: '{Template Openshift Node:openshift.node.registry.service.ping.last(#2)}<1 and {Template Openshift Node:openshift.node.registry.service.ping.last(#1)}<1'
+ url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/openshift_registry.asciidoc'
+ priority: avg
+
- name: 'Openshift Node process not running on {HOST.NAME}'
expression: '{Template Openshift Node:openshift.node.process.count.max(#3)}<1'
url: 'https://github.com/openshift/ops-sop/blob/node/V3/Alerts/openshift_node.asciidoc'
diff --git a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2 b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
index 453a9a3b4..d85d8b94e 100644
--- a/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
+++ b/roles/oso_host_monitoring/templates/oso-rhel7-host-monitoring.service.j2
@@ -57,11 +57,13 @@ ExecStart=/usr/bin/docker run --name {{ osohm_host_monitoring }}
-v /var/lib/docker:/var/lib/docker:ro \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/run/openvswitch:/var/run/openvswitch \
-{% if hostvars[inventory_hostname]['ec2_tag_host-type'] == 'master' %}
+{% if hostvars[inventory_hostname]['oo_hosttype'] == 'master' %}
-v /etc/origin/master/admin.kubeconfig:/etc/origin/master/admin.kubeconfig \
-v /etc/origin/master/master.etcd-client.crt:/etc/origin/master/master.etcd-client.crt \
-v /etc/origin/master/master.etcd-client.key:/etc/origin/master/master.etcd-client.key \
-v /etc/origin/master/master-config.yaml:/etc/origin/master/master-config.yaml \
+{% elif hostvars[inventory_hostname]['oo_hosttype'] == 'node' %}
+ -v /etc/origin/node:/etc/origin/node \
{% endif %}
{{ osohm_docker_registry_url }}{{ osohm_host_monitoring }}