roles/openshift_metrics/tasks/install.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

---

- name: Test if metrics-deployer service account exists
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_metrics_kubeconfig }}
    --namespace=openshift-infra
    get serviceaccount metrics-deployer -o json
  register: serviceaccount
  changed_when: false
  failed_when: false

- name: Create metrics-deployer Service Account
  shell: >
    echo {{ metrics_deployer_sa | to_json | quote }} |
    {{ openshift.common.client_binary }}
    --config={{ openshift_metrics_kubeconfig }}
    --namespace openshift-infra
    create -f -
  when: serviceaccount.rc == 1

- name: Test edit permissions
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_metrics_kubeconfig }}
    --namespace openshift-infra
    get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}'
  register: edit_rolebindings
  changed_when: false

- name: Add edit permission to the openshift-infra project to metrics-deployer SA
  command: >
    {{ openshift.common.client_binary }} adm
    --config={{ openshift_metrics_kubeconfig }}
    --namespace openshift-infra
    policy add-role-to-user edit
    system:serviceaccount:openshift-infra:metrics-deployer
  when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout"

- name: Test cluster-reader permissions
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_metrics_kubeconfig }}
    --namespace openshift-infra
    get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}'
  register: cluster_reader_clusterrolebindings
  changed_when: false

- name: Add cluster-reader permission to the openshift-infra project to heapster SA
  command: >
    {{ openshift.common.client_binary }} adm
    --config={{ openshift_metrics_kubeconfig }}
    --namespace openshift-infra
    policy add-cluster-role-to-user cluster-reader
    system:serviceaccount:openshift-infra:heapster
  when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout"

- name: Create metrics-deployer secret
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_metrics_kubeconfig }}
    --namespace openshift-infra
    secrets new metrics-deployer nothing=/dev/null
  register: metrics_deployer_secret
  changed_when: metrics_deployer_secret.rc == 0
  failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr"

# TODO: extend this to allow user passed in certs or generating cert with
# OpenShift CA
- name: Build metrics deployer command
  set_fact:
    deployer_cmd: "{{ openshift.common.client_binary }} process -f \
      {{ metrics_template_dir }}/metrics-deployer.yaml -v \
      HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \
        | {{ openshift.common.client_binary }} --namespace openshift-infra \
        --config={{ openshift_metrics_kubeconfig }} \
        create -o name -f -"

- name: Deploy Metrics
  shell: "{{ deployer_cmd }}"
  register: deploy_metrics
  failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0"
  changed_when: deploy_metrics.rc == 0

- set_fact:
    deployer_pod: "{{ deploy_metrics.stdout[1:2] }}"

# TODO: re-enable this once the metrics deployer validation issue is fixed
# when using dynamically provisioned volumes
- name: "Wait for image pull and deployer pod"
  shell: >
    {{ openshift.common.client_binary }}
    --namespace openshift-infra
    --config={{ openshift_metrics_kubeconfig }}
    get {{ deploy_metrics.stdout }}
  register: deploy_result
  until: "{{ 'Completed' in deploy_result.stdout }}"
  failed_when: False
  retries: 60
  delay: 10

- name: Configure master for metrics
  modify_yaml:
    dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
    yaml_key: assetConfig.metricsPublicURL
    yaml_value: "https://{{ metrics_hostname }}/hawkular/metrics"
  notify: restart master

- name: Store metrics public_url
  openshift_facts:
    role: master
    local_facts:
      metrics_public_url: "https://{{ metrics_hostname }}/hawkular/metrics"
  when: deploy_result | changed