From 27e341dae69dc5b796616bee591e34a87d144e4b Mon Sep 17 00:00:00 2001 From: Tim Bielawa Date: Thu, 9 Feb 2017 09:47:30 -0800 Subject: Make the cert expiry playbooks runnable --- playbooks/certificate_expiry/default.yaml | 10 ++++++++++ playbooks/certificate_expiry/easy-mode.yaml | 21 +++++++++++++++++++++ .../html_and_json_default_paths.yaml | 12 ++++++++++++ .../longer-warning-period-json-results.yaml | 13 +++++++++++++ .../certificate_expiry/longer_warning_period.yaml | 12 ++++++++++++ playbooks/certificate_expiry/roles | 1 + .../openshift_certificate_expiry/examples/playbooks | 1 + .../examples/playbooks/default.yaml | 10 ---------- .../examples/playbooks/easy-mode.yaml | 21 --------------------- .../playbooks/html_and_json_default_paths.yaml | 12 ------------ .../longer-warning-period-json-results.yaml | 13 ------------- .../examples/playbooks/longer_warning_period.yaml | 12 ------------ 12 files changed, 70 insertions(+), 68 deletions(-) create mode 100644 playbooks/certificate_expiry/default.yaml create mode 100644 playbooks/certificate_expiry/easy-mode.yaml create mode 100644 playbooks/certificate_expiry/html_and_json_default_paths.yaml create mode 100644 playbooks/certificate_expiry/longer-warning-period-json-results.yaml create mode 100644 playbooks/certificate_expiry/longer_warning_period.yaml create mode 120000 playbooks/certificate_expiry/roles create mode 120000 roles/openshift_certificate_expiry/examples/playbooks delete mode 100644 roles/openshift_certificate_expiry/examples/playbooks/default.yaml delete mode 100644 roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml delete mode 100644 roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml delete mode 100644 roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml delete mode 100644 roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml diff --git a/playbooks/certificate_expiry/default.yaml b/playbooks/certificate_expiry/default.yaml new file mode 100644 index 000000000..630135cae --- /dev/null +++ b/playbooks/certificate_expiry/default.yaml @@ -0,0 +1,10 @@ +--- +# Default behavior, you will need to ensure you run ansible with the +# -v option to see report results: + +- name: Check cert expirys + hosts: nodes:masters:etcd + become: yes + gather_facts: no + roles: + - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/easy-mode.yaml b/playbooks/certificate_expiry/easy-mode.yaml new file mode 100644 index 000000000..d0209426f --- /dev/null +++ b/playbooks/certificate_expiry/easy-mode.yaml @@ -0,0 +1,21 @@ +--- +# This example playbook is great if you're just wanting to try the +# role out. +# +# This example enables HTML and JSON reports +# +# The warning window is set very large so you will almost always get results back +# +# All certificates (healthy or not) are included in the results + +- name: Check cert expirys + hosts: nodes:masters:etcd + become: yes + gather_facts: no + vars: + openshift_certificate_expiry_warning_days: 1500 + openshift_certificate_expiry_save_json_results: yes + openshift_certificate_expiry_generate_html_report: yes + openshift_certificate_expiry_show_all: yes + roles: + - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/html_and_json_default_paths.yaml b/playbooks/certificate_expiry/html_and_json_default_paths.yaml new file mode 100644 index 000000000..d80cb6ff4 --- /dev/null +++ b/playbooks/certificate_expiry/html_and_json_default_paths.yaml @@ -0,0 +1,12 @@ +--- +# Generate HTML and JSON artifacts in their default paths: + +- name: Check cert expirys + hosts: nodes:masters:etcd + become: yes + gather_facts: no + vars: + openshift_certificate_expiry_generate_html_report: yes + openshift_certificate_expiry_save_json_results: yes + roles: + - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/longer-warning-period-json-results.yaml b/playbooks/certificate_expiry/longer-warning-period-json-results.yaml new file mode 100644 index 000000000..87a0f3be4 --- /dev/null +++ b/playbooks/certificate_expiry/longer-warning-period-json-results.yaml @@ -0,0 +1,13 @@ +--- +# Change the expiration warning window to 1500 days (good for testing +# the module out) and save the results as a JSON file: + +- name: Check cert expirys + hosts: nodes:masters:etcd + become: yes + gather_facts: no + vars: + openshift_certificate_expiry_warning_days: 1500 + openshift_certificate_expiry_save_json_results: yes + roles: + - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/longer_warning_period.yaml b/playbooks/certificate_expiry/longer_warning_period.yaml new file mode 100644 index 000000000..960457c4b --- /dev/null +++ b/playbooks/certificate_expiry/longer_warning_period.yaml @@ -0,0 +1,12 @@ +--- +# Change the expiration warning window to 1500 days (good for testing +# the module out): + +- name: Check cert expirys + hosts: nodes:masters:etcd + become: yes + gather_facts: no + vars: + openshift_certificate_expiry_warning_days: 1500 + roles: + - role: openshift_certificate_expiry diff --git a/playbooks/certificate_expiry/roles b/playbooks/certificate_expiry/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/certificate_expiry/roles @@ -0,0 +1 @@ +../../roles \ No newline at end of file diff --git a/roles/openshift_certificate_expiry/examples/playbooks b/roles/openshift_certificate_expiry/examples/playbooks new file mode 120000 index 000000000..586afb0d5 --- /dev/null +++ b/roles/openshift_certificate_expiry/examples/playbooks @@ -0,0 +1 @@ +../../../playbooks/certificate_expiry \ No newline at end of file diff --git a/roles/openshift_certificate_expiry/examples/playbooks/default.yaml b/roles/openshift_certificate_expiry/examples/playbooks/default.yaml deleted file mode 100644 index 630135cae..000000000 --- a/roles/openshift_certificate_expiry/examples/playbooks/default.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Default behavior, you will need to ensure you run ansible with the -# -v option to see report results: - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - roles: - - role: openshift_certificate_expiry diff --git a/roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml b/roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml deleted file mode 100644 index d0209426f..000000000 --- a/roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# This example playbook is great if you're just wanting to try the -# role out. -# -# This example enables HTML and JSON reports -# -# The warning window is set very large so you will almost always get results back -# -# All certificates (healthy or not) are included in the results - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_warning_days: 1500 - openshift_certificate_expiry_save_json_results: yes - openshift_certificate_expiry_generate_html_report: yes - openshift_certificate_expiry_show_all: yes - roles: - - role: openshift_certificate_expiry diff --git a/roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml b/roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml deleted file mode 100644 index d80cb6ff4..000000000 --- a/roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Generate HTML and JSON artifacts in their default paths: - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_generate_html_report: yes - openshift_certificate_expiry_save_json_results: yes - roles: - - role: openshift_certificate_expiry diff --git a/roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml b/roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml deleted file mode 100644 index 87a0f3be4..000000000 --- a/roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Change the expiration warning window to 1500 days (good for testing -# the module out) and save the results as a JSON file: - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_warning_days: 1500 - openshift_certificate_expiry_save_json_results: yes - roles: - - role: openshift_certificate_expiry diff --git a/roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml b/roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml deleted file mode 100644 index 960457c4b..000000000 --- a/roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Change the expiration warning window to 1500 days (good for testing -# the module out): - -- name: Check cert expirys - hosts: nodes:masters:etcd - become: yes - gather_facts: no - vars: - openshift_certificate_expiry_warning_days: 1500 - roles: - - role: openshift_certificate_expiry -- cgit v1.2.3 From f9b74b54c833a6254342a84533a1086571872cb5 Mon Sep 17 00:00:00 2001 From: Tim Bielawa Date: Thu, 9 Feb 2017 11:21:18 -0800 Subject: Include rpm/git paths in expiry README. --- playbooks/certificate_expiry/easy-mode.yaml | 3 -- roles/openshift_certificate_expiry/README.md | 65 +++++++++++++++++++--------- 2 files changed, 44 insertions(+), 24 deletions(-) diff --git a/playbooks/certificate_expiry/easy-mode.yaml b/playbooks/certificate_expiry/easy-mode.yaml index d0209426f..ae41c7c14 100644 --- a/playbooks/certificate_expiry/easy-mode.yaml +++ b/playbooks/certificate_expiry/easy-mode.yaml @@ -4,8 +4,6 @@ # # This example enables HTML and JSON reports # -# The warning window is set very large so you will almost always get results back -# # All certificates (healthy or not) are included in the results - name: Check cert expirys @@ -13,7 +11,6 @@ become: yes gather_facts: no vars: - openshift_certificate_expiry_warning_days: 1500 openshift_certificate_expiry_save_json_results: yes openshift_certificate_expiry_generate_html_report: yes openshift_certificate_expiry_show_all: yes diff --git a/roles/openshift_certificate_expiry/README.md b/roles/openshift_certificate_expiry/README.md index 327cc004b..df43c3770 100644 --- a/roles/openshift_certificate_expiry/README.md +++ b/roles/openshift_certificate_expiry/README.md @@ -51,11 +51,11 @@ How to use the Certificate Expiration Checking Role. Run one of the example playbooks using an inventory file representative of your existing cluster. Some example playbooks are -included in this repo, or you can read on below after this example to +included in this role, or you can read on below after this example to craft you own. ``` -$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml +$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/easy-mode.yaml ``` Using the `easy-mode.yaml` playbook will produce: @@ -65,16 +65,19 @@ Using the `easy-mode.yaml` playbook will produce: * A stylized HTML report in `/tmp/` +> **Note:** If you are running from an RPM install use +> `/usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/easy-mode.yaml` +> instead + ## More Example Playbooks > **Note:** These Playbooks are available to run directly out of the -> [examples/playbooks/](examples/playbooks/) directory. +> [/playbooks/certificate_expiry/](../../playbooks/certificate_expiry/) directory. This example playbook is great if you're just wanting to **try the -role out**. This playbook enables HTML and JSON reports. The warning -window is set very large so you will almost always get results back. -All certificates (healthy or not) are included in the results: +role out**. This playbook enables HTML and JSON reports. All +certificates (healthy or not) are included in the results: ```yaml --- @@ -83,7 +86,6 @@ All certificates (healthy or not) are included in the results: become: yes gather_facts: no vars: - openshift_certificate_expiry_warning_days: 1500 openshift_certificate_expiry_save_json_results: yes openshift_certificate_expiry_generate_html_report: yes openshift_certificate_expiry_show_all: yes @@ -91,11 +93,16 @@ All certificates (healthy or not) are included in the results: - role: openshift_certificate_expiry ``` +**From git:** +``` +$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/easy-mode.yaml +``` +**From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/easy-mode.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/easy-mode.yaml ``` -> [View This Playbook](examples/playbooks/easy-mode.yaml) +> [View This Playbook](../../playbooks/certificate_expiry/easy-mode.yaml) *** @@ -111,12 +118,16 @@ Default behavior: - role: openshift_certificate_expiry ``` +**From git:** ``` -$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/default.yaml +$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/default.yaml +``` +**From openshift-ansible-playbooks rpm:** +``` +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/default.yaml ``` - -> [View This Playbook](examples/playbooks/default.yaml) +> [View This Playbook](../../playbooks/certificate_expiry/default.yaml) *** @@ -136,12 +147,16 @@ Generate HTML and JSON artifacts in their default paths: - role: openshift_certificate_expiry ``` +**From git:** ``` -$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/html_and_json_default_paths.yaml +$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/html_and_json_default_paths.yaml +``` +**From openshift-ansible-playbooks rpm:** +``` +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/html_and_json_default_paths.yaml ``` - -> [View This Playbook](examples/playbooks/html_and_json_default_paths.yaml) +> [View This Playbook](../../playbooks/certificate_expiry/html_and_json_default_paths.yaml) *** @@ -160,12 +175,16 @@ the module out): - role: openshift_certificate_expiry ``` +**From git:** ``` -$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/longer_warning_period.yaml +$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/longer_warning_period.yaml +``` +**From openshift-ansible-playbooks rpm:** +``` +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/longer_warning_period.yaml ``` - -> [View This Playbook](examples/playbooks/longer_warning_period.yaml) +> [View This Playbook](../../playbooks/certificate_expiry/longer_warning_period.yaml) *** @@ -185,12 +204,16 @@ the module out) and save the results as a JSON file: - role: openshift_certificate_expiry ``` +**From git:** ``` -$ ansible-playbook -v -i HOSTS ./roles/openshift_certificate_expiry/examples/playbooks/longer-warning-period-json-results.yaml +$ ansible-playbook -v -i HOSTS playbooks/certificate_expiry/longer-warning-period-json-results.yaml +``` +**From openshift-ansible-playbooks rpm:** +``` +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/certificate_expiry/longer-warning-period-json-results.yaml ``` - -> [View This Playbook](examples/playbooks/longer-warning-period-json-results.yaml) +> [View This Playbook](../../playbooks/certificate_expiry/longer-warning-period-json-results.yaml) -- cgit v1.2.3