blob: d7d984118f70686cf943fcb9cd88523b6adffdba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
---
- fail:
msg: This role required openshift_master_default_subdomain or openshift_master_metrics_url be set
when: openshift.master.metrics_public_url | default(openshift_master_metrics_public_url | default(openshift.master.default_subdomain | default(openshift_master_default_subdomain | default(none)))) is none
- name: Create temp directory for kubeconfig
command: mktemp -d /tmp/openshift-ansible-XXXXXX
register: mktemp
changed_when: False
- set_fact:
openshift_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
- name: Copy the admin client config(s)
command: >
cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_metrics_kubeconfig }}
changed_when: False
- name: Set hosted metrics facts
openshift_facts:
role: hosted
openshift_env: "{{ hostvars
| oo_merge_hostvars(vars, inventory_hostname)
| oo_openshift_env }}"
openshift_env_structures:
- 'openshift.hosted.metrics.*'
- set_fact:
# Prefer the master facts over bare variables if present, prefer
# metrics_public_url over creating a default using default_subdomain
metrics_hostname: "{{ openshift.hosted.metrics.public_url
| default('hawkular-metrics.' ~ (openshift.master.default_subdomain
| default(openshift_master_default_subdomain )))
| oo_hostname_from_url }}"
metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}"
metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}"
metrics_template_dir: "/usr/share/openshift/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}"
cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}"
cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}"
- name: Test if metrics-deployer service account exists
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace=openshift-infra
get serviceaccount metrics-deployer -o json
register: serviceaccount
changed_when: false
failed_when: false
- name: Create metrics-deployer Service Account
shell: >
echo {{ metrics_deployer_sa | to_json | quote }} |
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
create -f -
when: serviceaccount.rc == 1
- name: Test edit permissions
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}'
register: edit_rolebindings
changed_when: false
- name: Add edit permission to the openshift-infra project to metrics-deployer SA
command: >
{{ openshift.common.admin_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
policy add-role-to-user edit
system:serviceaccount:openshift-infra:metrics-deployer
when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout"
- name: Test cluster-reader permissions
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}'
register: cluster_reader_clusterrolebindings
changed_when: false
- name: Add cluster-reader permission to the openshift-infra project to heapster SA
command: >
{{ openshift.common.admin_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
policy add-cluster-role-to-user cluster-reader
system:serviceaccount:openshift-infra:heapster
when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout"
# TODO: extend this to allow user passed in certs or generating cert with
# OpenShift CA
- name: Create metrics-deployer secret
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
secrets new metrics-deployer nothing=/dev/null
register: metrics_deployer_secret
changed_when: metrics_deployer_secret.rc == 0
failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr"
- debug: var=openshift.hosted.metrics.deployer_prefix
- debug: var=openshift.hosted.metrics.deployer_version
- name: Deploy Metrics
shell: >
{{ openshift.common.client_binary }} process -f
{{ metrics_template_dir }}/metrics-deployer.yaml -v
HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{
metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }},IMAGE_PREFIX={{ openshift.hosted.metrics.deployer_prefix }},IMAGE_VERSION={{ openshift.hosted.metrics.deployer_version }}
| {{ openshift.common.client_binary }} --namespace openshift-infra
--config={{ openshift_metrics_kubeconfig }}
create -f -
register: deploy_metrics
failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0"
changed_when: deploy_metrics.rc == 0
# TODO: re-enable this once the metrics deployer validation issue is fixed
# when using dynamically provisioned volumes
- name: "Wait for image pull and deployer pod"
shell: >
{{ openshift.common.client_binary }}
--namespace openshift-infra
--config={{ openshift_metrics_kubeconfig }}
get pods | grep metrics-deployer.*Completed
register: result
until: result.rc == 0
retries: 60
delay: 10
- name: Delete temp directory
file:
name: "{{ mktemp.stdout }}"
state: absent
changed_when: False
|