--- - name: Test if metrics-deployer service account exists command: > {{ openshift.common.client_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace=openshift-infra get serviceaccount metrics-deployer -o json register: serviceaccount changed_when: false failed_when: false - name: Create metrics-deployer Service Account shell: > echo {{ metrics_deployer_sa | to_json | quote }} | {{ openshift.common.client_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace openshift-infra create -f - when: serviceaccount.rc == 1 - name: Test edit permissions command: > {{ openshift.common.client_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace openshift-infra get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}' register: edit_rolebindings changed_when: false - name: Add edit permission to the openshift-infra project to metrics-deployer SA command: > {{ openshift.common.admin_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace openshift-infra policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" - name: Test cluster-reader permissions command: > {{ openshift.common.client_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace openshift-infra get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}' register: cluster_reader_clusterrolebindings changed_when: false - name: Add cluster-reader permission to the openshift-infra project to heapster SA command: > {{ openshift.common.admin_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace openshift-infra policy add-cluster-role-to-user cluster-reader system:serviceaccount:openshift-infra:heapster when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout" - name: Create metrics-deployer secret command: > {{ openshift.common.client_binary }} --config={{ openshift_metrics_kubeconfig }} --namespace openshift-infra secrets new metrics-deployer nothing=/dev/null register: metrics_deployer_secret changed_when: metrics_deployer_secret.rc == 0 failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr" # TODO: extend this to allow user passed in certs or generating cert with # OpenShift CA - name: Build metrics deployer command set_fact: deployer_cmd: "{{ openshift.common.client_binary }} process -f \ {{ metrics_template_dir }}/metrics-deployer.yaml -v \ HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \ | {{ openshift.common.client_binary }} --namespace openshift-infra \ --config={{ openshift_metrics_kubeconfig }} \ create -f -" - name: Deploy Metrics shell: "{{ deployer_cmd }}" register: deploy_metrics failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0" changed_when: deploy_metrics.rc == 0 - set_fact: deployer_pod: "{{ deploy_metrics.stdout[1:2] }}" # TODO: re-enable this once the metrics deployer validation issue is fixed # when using dynamically provisioned volumes - name: "Wait for image pull and deployer pod" shell: > {{ openshift.common.client_binary }} --namespace openshift-infra --config={{ openshift_metrics_kubeconfig }} get {{ deploy_metrics.stdout }} register: deploy_result until: "{{ 'Completed' in deploy_result.stdout }}" failed_when: "{{ 'Completed' not in deploy_result.stdout }}" retries: 60 delay: 10 - name: Configure master for metrics modify_yaml: dest: "{{ openshift.common.config_base }}/master/master-config.yaml" yaml_key: assetConfig.metricsPublicURL yaml_value: "https://{{ metrics_hostname }}/hawkular/metrics" notify: restart master - name: Store metrics public_url openshift_facts: role: master local_facts: metrics_public_url: "https://{{ metrics_hostname }}/hawkular/metrics" when: deploy_result | changed