blob: 2fbb7d6065188c519f09eb3c106a03f6962a1942 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
---
- name: Test if metrics-deployer service account exists
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace=openshift-infra
get serviceaccount metrics-deployer -o json
register: serviceaccount
changed_when: false
failed_when: false
- name: Create metrics-deployer Service Account
shell: >
echo {{ metrics_deployer_sa | to_json | quote }} |
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
create -f -
when: serviceaccount.rc == 1
- name: Test edit permissions
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}'
register: edit_rolebindings
changed_when: false
- name: Add edit permission to the openshift-infra project to metrics-deployer SA
command: >
{{ openshift.common.admin_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
policy add-role-to-user edit
system:serviceaccount:openshift-infra:metrics-deployer
when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout"
- name: Test cluster-reader permissions
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}'
register: cluster_reader_clusterrolebindings
changed_when: false
- name: Add cluster-reader permission to the openshift-infra project to heapster SA
command: >
{{ openshift.common.admin_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
policy add-cluster-role-to-user cluster-reader
system:serviceaccount:openshift-infra:heapster
when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout"
- name: Create metrics-deployer secret
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_metrics_kubeconfig }}
--namespace openshift-infra
secrets new metrics-deployer nothing=/dev/null
register: metrics_deployer_secret
changed_when: metrics_deployer_secret.rc == 0
failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr"
# TODO: extend this to allow user passed in certs or generating cert with
# OpenShift CA
- name: Build metrics deployer command
set_fact:
deployer_cmd: "{{ openshift.common.client_binary }} process -f \
{{ metrics_template_dir }}/metrics-deployer.yaml -v \
HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \
| {{ openshift.common.client_binary }} --namespace openshift-infra \
--config={{ openshift_metrics_kubeconfig }} \
create -f -"
- name: Deploy Metrics
shell: "{{ deployer_cmd }}"
register: deploy_metrics
failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0"
changed_when: deploy_metrics.rc == 0
- set_fact:
deployer_pod: "{{ deploy_metrics.stdout[1:2] }}"
# TODO: re-enable this once the metrics deployer validation issue is fixed
# when using dynamically provisioned volumes
- name: "Wait for image pull and deployer pod"
shell: >
{{ openshift.common.client_binary }}
--namespace openshift-infra
--config={{ openshift_metrics_kubeconfig }}
get {{ deploy_metrics.stdout }}
register: deploy_result
until: "{{ 'Completed' in deploy_result.stdout }}"
failed_when: "{{ 'Completed' not in deploy_result.stdout }}"
retries: 60
delay: 10
- name: Configure master for metrics
modify_yaml:
dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
yaml_key: assetConfig.metricsPublicURL
yaml_value: "https://{{ metrics_hostname }}/hawkular/metrics"
notify: restart master
- name: Store metrics public_url
openshift_facts:
role: master
local_facts:
metrics_public_url: "https://{{ metrics_hostname }}/hawkular/metrics"
when: deploy_result | changed
|