From a22e8daf1f7c93469023239f442f19608ffbc970 Mon Sep 17 00:00:00 2001 From: Tim Bielawa Date: Fri, 7 Oct 2016 09:55:13 -0700 Subject: Refactor into a role --- .../byo/openshift-cluster/check-cert-expiry.yaml | 35 ------ .../openshift-cluster/check-cert-expiry.yaml | 44 -------- .../templates/cert-expiry-table.html.j2 | 124 --------------------- 3 files changed, 203 deletions(-) delete mode 100644 playbooks/byo/openshift-cluster/check-cert-expiry.yaml delete mode 100644 playbooks/common/openshift-cluster/check-cert-expiry.yaml delete mode 100644 playbooks/common/openshift-cluster/templates/cert-expiry-table.html.j2 (limited to 'playbooks') diff --git a/playbooks/byo/openshift-cluster/check-cert-expiry.yaml b/playbooks/byo/openshift-cluster/check-cert-expiry.yaml deleted file mode 100644 index 39efdbd36..000000000 --- a/playbooks/byo/openshift-cluster/check-cert-expiry.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# check-cert-expiry.yaml - A utility for cluster ops to scan through -# (critical) certificates for the ongoing operations of a cluster. - -# We do not support all Ansible versions. This is our safety net. -- include: ../../common/openshift-cluster/verify_ansible_version.yml - -- name: Generate the l_oo_all_hosts group - hosts: localhost - connection: local - become: no - gather_facts: no - tasks: - - include_vars: cluster_hosts.yml - - add_host: - name: "{{ item }}" - groups: l_oo_all_hosts - with_items: "{{ g_all_hosts | default([]) }}" - -# This may seem redundant, running `include_vars` again on the list of -# hosts in the group 'l_oo_all_hosts' which we just created. But the -# fact of the matter is that if we don't re-run include_vars on the -# new host group we created, then they will not have access to those -# same group variables they were birthed from. -# -# Go ahead and try to 'debug: var=g_all_hosts' later on (without this -# play) and you'll find that the result is UNDEFINED VARIABLE. -- name: Inject cluster hosts variables into l_oo_all_hosts - hosts: l_oo_all_hosts - gather_facts: no - tasks: - - include_vars: cluster_hosts.yml - -# This is where the actual business gets started: -- include: ../../common/openshift-cluster/check-cert-expiry.yaml diff --git a/playbooks/common/openshift-cluster/check-cert-expiry.yaml b/playbooks/common/openshift-cluster/check-cert-expiry.yaml deleted file mode 100644 index b585fd849..000000000 --- a/playbooks/common/openshift-cluster/check-cert-expiry.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# --- -# # This must be evaluated after cluster_hosts.yml has been evaluated on -# # 'localhost' to generate l_oo_all_hosts and then subsequently -# # evaluated again on the generated hosts group (l_oo_all_hosts). -# - include: evaluate_groups.yml -# tags: -# - always - -# # Initialize cluster facts for oo_all_hosts using the openshift_facts -# # role followed by the 'common' role -# - include: initialize_facts.yml -# tags: -# - always - -# # Get the version to install from the first master, then synchronize -# # that variable across all in oo_all_hosts -# - include: initialize_openshift_version.yml -# tags: -# - always - -# # Earlier 'initialize_facts' included the openshift_facts role and -# # used the openshift_facts module with the 'role' parameter set to -# # 'common'. Now we're applying the openshift_facts role AGAIN but just -# # to the subset of oo_all_hosts which require configuring. -# - name: Load openshift_facts -# hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config -# roles: -# - openshift_facts - -- hosts: all - become: yes - gather_facts: no - tasks: - - name: Check cert expirys on host - openshift_cert_expiry: - warning_days: 1500 - register: check_results - - name: Generate html - become: no - run_once: yes - template: - src: templates/cert-expiry-table.html.j2 - dest: /tmp/cert-table.html - delegate_to: localhost diff --git a/playbooks/common/openshift-cluster/templates/cert-expiry-table.html.j2 b/playbooks/common/openshift-cluster/templates/cert-expiry-table.html.j2 deleted file mode 100644 index f74d7f1ce..000000000 --- a/playbooks/common/openshift-cluster/templates/cert-expiry-table.html.j2 +++ /dev/null @@ -1,124 +0,0 @@ - - - - - OCP Certificate Expiry Report - {# For fancy icons and a pleasing font #} - - - - - - - - {# Each host has a header and table to itself #} - {% for host in play_hosts %} -

{{ host }}

- -

- {{ hostvars[host].check_results.msg }} -

- - - - {# These are hard-coded right now, but should be grabbed dynamically from the registered results #} - {%- for kind in ['ocp_certs', 'etcd', 'kubeconfigs', 'router', 'registry'] -%} - - - - - - - - - - - - - - {# A row for each certificate examined #} - {%- for v in hostvars[host].check_results.check_results[kind] -%} - - {# Let's add some flair and show status visually with fancy icons #} - {% if v.health == 'ok' %} - {% set health_icon = 'glyphicon glyphicon-ok' %} - {% elif v.health == 'warning' %} - {% set health_icon = 'glyphicon glyphicon-alert' %} - {% else %} - {% set health_icon = 'glyphicon glyphicon-remove' %} - {% endif %} - - - - - - - - - - {% endfor %} - {# end row generation per cert of this type #} - {% endfor %} - {# end generation for each kind of cert block #} -

{{ kind }}

 Certificate Common/Alt Name(s)HealthDays RemainingExpiration DatePath
{{ v.cert_cn }}{{ v.health }}{{ v.days_remaining }}{{ v.expiry }}{{ v.path }}
-
- {% endfor %} - {# end section generation for each host #} - - - - -- cgit v1.2.3