From 8db66f0929fecb26b3c4e71fe0797f20df13007a Mon Sep 17 00:00:00 2001 From: ewolinetz Date: Fri, 13 Jan 2017 15:04:57 -0600 Subject: Using oc_apply task for idempotent --- roles/openshift_logging/tasks/generate_certs.yaml | 46 ++++++++++++++++++++++ roles/openshift_logging/tasks/install_curator.yaml | 4 +- roles/openshift_logging/tasks/install_logging.yaml | 19 +++++---- roles/openshift_logging/tasks/oc_apply.yaml | 29 ++++++++++++++ 4 files changed, 87 insertions(+), 11 deletions(-) create mode 100644 roles/openshift_logging/tasks/oc_apply.yaml (limited to 'roles/openshift_logging/tasks') diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index 5e6498ad7..e16071e46 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -162,10 +162,56 @@ changed_when: no when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists +# check for secret/logging-kibana-proxy +- command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get secret/logging-kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.data.oauth-secret}' + register: kibana_secret_oauth_check + ignore_errors: yes + changed_when: no + check_mode: no + +- command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get secret/logging-kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.data.session-secret}' + register: kibana_secret_session_check + ignore_errors: yes + changed_when: no + check_mode: no + +# check for oauthclient secret +- command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get oauthclient/kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.secret}' + register: oauth_secret_check + ignore_errors: yes + changed_when: no + check_mode: no + +# set or generate as needed - name: Generate proxy session set_fact: session_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(200)}} check_mode: no + when: + - kibana_secret_session_check.stdout is not defined or kibana_secret_session_check.stdout == '' + +- name: Generate proxy session + set_fact: session_secret={{kibana_secret_session_check.stdout | b64decode }} + check_mode: no + when: + - kibana_secret_session_check.stdout is defined + - kibana_secret_session_check.stdout != '' - name: Generate oauth client secret set_fact: oauth_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}} check_mode: no + when: kibana_secret_oauth_check.stdout is not defined or kibana_secret_oauth_check.stdout == '' + or oauth_secret_check.stdout is not defined or oauth_secret_check.stdout == '' + or kibana_secret_oauth_check.stdout | b64decode != oauth_secret_check.stdout + +- name: Generate oauth client secret + set_fact: oauth_secret={{kibana_secret_oauth_check.stdout | b64decode}} + check_mode: no + when: + - kibana_secret_oauth_check is defined + - kibana_secret_oauth_check.stdout != '' + - oauth_secret_check.stdout is defined + - oauth_secret_check.stdout != '' + - kibana_secret_oauth_check.stdout | b64decode == oauth_secret_check.stdout diff --git a/roles/openshift_logging/tasks/install_curator.yaml b/roles/openshift_logging/tasks/install_curator.yaml index 5f3063380..35116ae2b 100644 --- a/roles/openshift_logging/tasks/install_curator.yaml +++ b/roles/openshift_logging/tasks/install_curator.yaml @@ -11,7 +11,9 @@ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-curator-ops -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}} register: curator_ops_replica_count - when: not ansible_check_mode + when: + - not ansible_check_mode + - openshift_logging_use_ops ignore_errors: yes changed_when: no diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 6a11baeb9..af03e9371 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -23,16 +23,15 @@ loop_control: loop_var: install_component -- name: Register API objects from generated templates - command: ls -1 {{mktemp.stdout}}/templates/ - register: logging_objects - check_mode: no - changed_when: no - -- name: Creating API objects from generated templates - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig apply -f {{mktemp.stdout}}/templates/{{file}} -n {{openshift_logging_namespace}} - with_items: "{{logging_objects.stdout_lines | sort}}" +- name: Create objects + include: oc_apply.yaml + vars: + - kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + - namespace: "{{ openshift_logging_namespace }}" + - file_name: "{{ file }}" + - file_content: "{{ lookup('file', file) | from_yaml }}" + with_fileglob: + - "{{ mktemp.stdout }}/templates/*.yaml" loop_control: loop_var: file when: not ansible_check_mode diff --git a/roles/openshift_logging/tasks/oc_apply.yaml b/roles/openshift_logging/tasks/oc_apply.yaml new file mode 100644 index 000000000..c362b7fca --- /dev/null +++ b/roles/openshift_logging/tasks/oc_apply.yaml @@ -0,0 +1,29 @@ +--- +- name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}} + shell: > + {{ openshift.common.client_binary }} + --config={{ kubeconfig }} + get {{file_content.kind}} {{file_content.metadata.name}} + -o jsonpath='{.metadata.resourceVersion}' + -n {{namespace}} || echo 0 + register: generation_init + changed_when: no + +- name: Applying {{file_name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + apply -f {{ file_name }} + -n {{ namespace }} + register: generation_apply + failed_when: "'error' in generation_apply.stderr" + changed_when: no + +- name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}} + shell: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + get {{file_content.kind}} {{file_content.metadata.name}} + -o jsonpath='{.metadata.resourceVersion}' + -n {{namespace}} || echo 0 + register: generation_changed + failed_when: "'error' in generation_changed.stderr" + changed_when: generation_changed.stdout | int > generation_init.stdout | int -- cgit v1.2.3