Install web console server

files/origin-components/console-config.yaml

@@ -0,0 +1,21 @@
+kind: AssetConfig
+apiVersion: v1
+extensionDevelopment: false
+extensionProperties: null
+extensionScripts: null
+extensionStylesheets: null
+extensions: null
+loggingPublicURL: ""
+logoutURL: ""
+masterPublicURL: https://127.0.0.1:8443
+metricsPublicURL: ""
+publicURL: https://127.0.0.1:8443/console/
+servingInfo:
+  bindAddress: 0.0.0.0:8443
+  bindNetwork: tcp4
+  certFile: /var/serving-cert/tls.crt
+  clientCA: ""
+  keyFile: /var/serving-cert/tls.key
+  maxRequestsInFlight: 0
+  namedCertificates: null
+  requestTimeoutSeconds: 0

files/origin-components/console-template.yaml

@@ -0,0 +1,114 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: openshift-web-console
+  annotations:
+    openshift.io/display-name: OpenShift Web Console
+    description: The server for the OpenShift web console.
+    iconClass: icon-openshift
+    tags: openshift,infra
+    openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server
+    openshift.io/support-url: https://access.redhat.com
+    openshift.io/provider-display-name: Red Hat, Inc.
+parameters:
+- name: IMAGE
+  value: openshift/origin-web-console:latest
+- name: NAMESPACE
+  value: openshift-web-console
+- name: LOGLEVEL
+  value: "0"
+- name: API_SERVER_CONFIG
+- name: NODE_SELECTOR
+  value: "{}"
+- name: REPLICA_COUNT
+  value: "1"
+objects:
+
+# to create the web console server
+- apiVersion: apps/v1beta1
+  kind: Deployment
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+      webconsole: "true"
+  spec:
+    replicas: "${{REPLICA_COUNT}}"
+    strategy:
+      type: Recreate
+    template:
+      metadata:
+        name: webconsole
+        labels:
+          webconsole: "true"
+      spec:
+        serviceAccountName: webconsole
+        containers:
+        - name: webconsole
+          image: ${IMAGE}
+          imagePullPolicy: IfNotPresent
+          command:
+          - "/usr/bin/origin-web-console"
+          - "--audit-log-path=-"
+          - "--config=/var/webconsole-config/webconsole-config.yaml"
+          ports:
+          - containerPort: 8443
+          volumeMounts:
+          - mountPath: /var/serving-cert
+            name: serving-cert
+          - mountPath: /var/webconsole-config
+            name: webconsole-config
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8443
+              scheme: HTTPS
+        nodeSelector: "${{NODE_SELECTOR}}"
+        volumes:
+        - name: serving-cert
+          secret:
+            defaultMode: 420
+            secretName: webconsole-serving-cert
+        - name: webconsole-config
+          configMap:
+            defaultMode: 420
+            name: webconsole-config
+
+# to create the config for the web console
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole-config
+    labels:
+      app: openshift-web-console
+  data:
+    webconsole-config.yaml: ${API_SERVER_CONFIG}
+
+# to be able to assign powers to the process
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+
+# to be able to expose web console inside the cluster
+- apiVersion: v1
+  kind: Service
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+    annotations:
+      service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert
+  spec:
+    selector:
+      webconsole: "true"
+    ports:
+    - name: https
+      port: 443
+      targetPort: 8443

playbooks/deploy_cluster.yml

@@ -22,6 +22,9 @@
 
 - import_playbook: openshift-hosted/private/config.yml
 
+- import_playbook: openshift-web-console/private/config.yml
+  when: openshift_web_console_install | default(true) | bool
+
 - import_playbook: openshift-metrics/private/config.yml
   when: openshift_metrics_install_metrics | default(false) | bool
 

playbooks/openshift-logging/private/config.yml

@@ -16,6 +16,7 @@
   roles:
   - openshift_logging
 
+# TODO: Remove when master config property is removed
 - name: Update Master configs
   hosts: oo_masters:!oo_first_master
   tasks:

playbooks/openshift-metrics/private/config.yml

@@ -16,6 +16,7 @@
   roles:
   - role: openshift_metrics
 
+# TODO: Remove when master config property is removed
 - name: OpenShift Metrics
   hosts: oo_masters:!oo_first_master
   serial: 1

playbooks/openshift-web-console/config.yml

@@ -0,0 +1,4 @@
+---
+- import_playbook: ../init/main.yml
+
+- import_playbook: private/config.yml

playbooks/openshift-web-console/private/config.yml

@@ -0,0 +1,31 @@
+---
+- name: Web Console Install Checkpoint Start
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set Web Console install 'In Progress'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_web_console:
+          status: "In Progress"
+          start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"
+
+- name: Web Console
+  hosts: oo_first_master
+  roles:
+  - openshift_web_console
+  vars:
+    first_master: "{{ groups.oo_first_master[0] }}"
+
+- name: Web Console Install Checkpoint End
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set Web Console install 'Complete'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_web_console:
+          status: "Complete"
+          end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"

playbooks/openshift-web-console/private/roles

@@ -0,0 +1 @@
+../../../roles/

roles/installer_checkpoint/callback_plugins/installer_checkpoint.py

@@ -31,6 +31,7 @@ class CallbackModule(CallbackBase):
             'installer_phase_node',
             'installer_phase_glusterfs',
             'installer_phase_hosted',
+            'installer_phase_web_console',
             'installer_phase_metrics',
             'installer_phase_logging',
             'installer_phase_prometheus',
@@ -80,6 +81,10 @@ class CallbackModule(CallbackBase):
                 'title': 'Hosted Install',
                 'playbook': 'playbooks/openshift-hosted/config.yml'
             },
+            'installer_phase_web_console': {
+                'title': 'Web Console Install',
+                'playbook': 'playbooks/openshift-web-console/config.yml'
+            },
             'installer_phase_metrics': {
                 'title': 'Metrics Install',
                 'playbook': 'playbooks/openshift-metrics/config.yml'

roles/openshift_logging/tasks/delete_logging.yaml

@@ -130,3 +130,14 @@
     name: openshift_logging_eventrouter
   when:
     not openshift_logging_install_eventrouter | default(false) | bool
+
+# Update asset config in openshift-web-console namespace
+- name: Remove Kibana route information from web console asset config
+  include_role:
+    name: openshift_web_console
+    tasks_from: update_asset_config.yml
+  vars:
+    asset_config_edits:
+      - key: loggingPublicURL
+        value: ""
+  when: openshift_web_console_install | default(true) | bool

roles/openshift_logging/tasks/install_logging.yaml

@@ -311,4 +311,16 @@
     openshift_logging_install_eventrouter | default(false) | bool
 
 
+# TODO: Remove when asset config is removed from master-config.yaml
 - include_tasks: update_master_config.yaml
+
+# Update asset config in openshift-web-console namespace
+- name: Add Kibana route information to web console asset config
+  include_role:
+    name: openshift_web_console
+    tasks_from: update_asset_config.yml
+  vars:
+    asset_config_edits:
+    - key: loggingPublicURL
+      value: "https://{{ openshift_logging_kibana_hostname }}"
+  when: openshift_web_console_install | default(true) | bool

roles/openshift_logging/tasks/update_master_config.yaml

@@ -1,4 +1,5 @@
 ---
+# TODO: Remove when asset config is removed from master-config.yaml
 - name: Adding Kibana route information to loggingPublicURL
   modify_yaml:
     dest: "{{ openshift.common.config_base }}/master/master-config.yaml"

roles/openshift_metrics/tasks/install_metrics.yaml

@@ -67,8 +67,20 @@
   with_items: "{{ hawkular_agent_object_defs.results }}"
   when: openshift_metrics_install_hawkular_agent | bool
 
+# TODO: Remove when asset config is removed from master-config.yaml
 - include_tasks: update_master_config.yaml
 
+# Update asset config in openshift-web-console namespace
+- name: Add metrics route information to web console asset config
+  include_role:
+    name: openshift_web_console
+    tasks_from: update_asset_config.yml
+  vars:
+    asset_config_edits:
+      - key: metricsPublicURL
+        value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics"
+  when: openshift_web_console_install | default(true) | bool
+
 - command: >
     {{openshift_client_binary}}
     --config={{mktemp.stdout}}/admin.kubeconfig

roles/openshift_metrics/tasks/uninstall_metrics.yaml

@@ -18,3 +18,14 @@
     clusterrolebinding/heapster-cluster-reader
     clusterrolebinding/hawkular-metrics
   changed_when: delete_metrics.stdout != 'No resources found'
+
+# Update asset config in openshift-web-console namespace
+- name: Remove metrics route information from web console asset config
+  include_role:
+    name: openshift_web_console
+    tasks_from: update_asset_config.yml
+  vars:
+    asset_config_edits:
+      - key: metricsPublicURL
+        value: ""
+  when: openshift_web_console_install | default(true) | bool

roles/openshift_metrics/tasks/update_master_config.yaml

@@ -1,4 +1,5 @@
 ---
+# TODO: Remove when asset config is removed from master-config.yaml
 - name: Adding metrics route information to metricsPublicURL
   modify_yaml:
     dest: "{{ openshift.common.config_base }}/master/master-config.yaml"

roles/openshift_web_console/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+# TODO: This is temporary and will be updated to use taints and tolerations so that the console runs on the masters
+openshift_web_console_nodeselector: {"region":"infra"}

roles/openshift_web_console/meta/main.yaml

@@ -0,0 +1,19 @@
+---
+galaxy_info:
+  author: OpenShift Development <dev@lists.openshift.redhat.com>
+  description: Deploy OpenShift web console
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 2.4
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  - name: Fedora
+    versions:
+    - all
+  categories:
+  - openshift
+dependencies:
+- role: lib_openshift
+- role: openshift_facts

roles/openshift_web_console/tasks/install.yml

@@ -0,0 +1,79 @@
+---
+# Fact setting
+- name: Set default image variables based on deployment type
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+    - "default_images.yml"
+
+- name: Set openshift_web_console facts
+  set_fact:
+    openshift_web_console_prefix: "{{ openshift_web_console_prefix | default(__openshift_web_console_prefix) }}"
+    openshift_web_console_version: "{{ openshift_web_console_version | default(__openshift_web_console_version) }}"
+    openshift_web_console_image_name: "{{ openshift_web_console_image_name | default(__openshift_web_console_image_name) }}"
+    # Default the replica count to the number of masters.
+    openshift_web_console_replica_count: "{{ openshift_web_console_replica_count | default(groups.oo_masters_to_config | length) }}"
+
+- name: Ensure openshift-web-console project exists
+  oc_project:
+    name: openshift-web-console
+    state: present
+
+- name: Make temp directory for asset config files
+  command: mktemp -d /tmp/console-ansible-XXXXXX
+  register: mktemp
+  changed_when: False
+  become: no
+
+- name: Copy asset config template to temp directory
+  copy:
+    src: "{{ __console_files_location }}/{{ item }}"
+    dest: "{{ mktemp.stdout }}/{{ item }}"
+  with_items:
+    - "{{ __console_template_file }}"
+    - "{{ __console_config_file }}"
+
+- name: Update asset config properties
+  yedit:
+    src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
+    edits:
+      - key: logoutURL
+        value: "{{ openshift.master.logout_url | default('') }}"
+      - key: publicURL
+        # Must have a trailing slash
+        value: "{{ openshift.master.public_console_url }}/"
+      - key: masterPublicURL
+        value: "{{ openshift.master.public_api_url }}"
+
+- slurp:
+    src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
+  register: config
+
+- name: Apply template file
+  shell: >
+    {{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/{{ __console_template_file }}"
+    --param API_SERVER_CONFIG="{{ config['content'] | b64decode }}"
+    --param IMAGE="{{ openshift_web_console_prefix }}{{ openshift_web_console_image_name }}:{{ openshift_web_console_version }}"
+    --param NODE_SELECTOR={{ openshift_web_console_nodeselector | to_json | quote }}
+    --param REPLICA_COUNT="{{ openshift_web_console_replica_count }}"
+    | {{ openshift_client_binary }} apply -f -
+
+- name: Verify that the web console is running
+  command: >
+    curl -k https://webconsole.openshift-web-console.svc/healthz
+  args:
+    # Disables the following warning:
+    # Consider using get_url or uri module rather than running curl
+    warn: no
+  register: console_health
+  until: console_health.stdout == 'ok'
+  retries: 120
+  delay: 1
+  changed_when: false
+
+- name: Remove temp directory
+  file:
+    state: absent
+    name: "{{ mktemp.stdout }}"
+  changed_when: False
+  become: no

roles/openshift_web_console/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+# do any asserts here
+
+- include_tasks: install.yml
+  when: openshift_web_console_install | default(true) | bool
+
+- include_tasks: remove.yml
+  when: not openshift_web_console_install | default(true) | bool

roles/openshift_web_console/tasks/remove.yml

@@ -0,0 +1,5 @@
+---
+- name: Remove openshift-web-console project
+  oc_project:
+    name: openshift-web-console
+    state: absent

roles/openshift_web_console/tasks/update_asset_config.yml

@@ -0,0 +1,70 @@
+---
+# This task updates asset config values in the webconsole-config config map in
+# the openshift-web-console namespace. The values to set are pased in the
+# variable `asset_config_edits`, which is an array of objects with `key` and
+# `value` properties in the same format as `yedit` module `edits`. Only
+# properties passed are updated.
+#
+# Note that this triggers a redeployment on the console and a brief downtime
+# since it uses a `Recreate` strategy.
+#
+# Example usage:
+#
+# - include_role:
+#     name: openshift_web_console
+#     tasks_from: update_asset_config.yml
+#   vars:
+#     asset_config_edits:
+#       - key: loggingPublicURL
+#         value: "https://{{ openshift_logging_kibana_hostname }}"
+#   when: openshift_web_console_install | default(true) | bool
+
+- name: Read web console config map
+  oc_configmap:
+    namespace: openshift-web-console
+    name: webconsole-config
+    state: list
+  register: webconsole_config
+
+- name: Make temp directory
+  command: mktemp -d /tmp/console-ansible-XXXXXX
+  register: mktemp
+  changed_when: False
+  become: no
+
+- name: Copy asset config to temp file
+  copy:
+    content: "{{webconsole_config.results.results[0].data['webconsole-config.yaml']}}"
+    dest: "{{ mktemp.stdout }}/webconsole-config.yaml"
+
+- name: Change asset config properties
+  yedit:
+    src: "{{ mktemp.stdout }}/webconsole-config.yaml"
+    edits: "{{asset_config_edits}}"
+
+- name: Update web console config map
+  oc_configmap:
+    namespace: openshift-web-console
+    name: webconsole-config
+    state: present
+    from_file:
+      webconsole-config.yaml: "{{ mktemp.stdout }}/webconsole-config.yaml"
+
+- name: Remove temp directory
+  file:
+    state: absent
+    name: "{{ mktemp.stdout }}"
+  changed_when: False
+  become: no
+
+# There's currently no command to trigger a rollout for a k8s deployment
+# without changing the pod spec. Add an annotation to force a rollout after
+# the config map has been edited.
+- name: Rollout updated web console deployment
+  oc_edit:
+    kind: deployments
+    name: webconsole
+    namespace: openshift-web-console
+    separator: '#'
+    content:
+      spec#template#metadata#annotations#installer-triggered-rollout: "{{ ansible_date_time.iso8601_micro }}"

roles/openshift_web_console/vars/default_images.yml

@@ -0,0 +1,4 @@
+---
+__openshift_web_console_prefix: "docker.io/openshift/"
+__openshift_web_console_version: "latest"
+__openshift_web_console_image_name: "origin-web-console"

roles/openshift_web_console/vars/main.yml

@@ -0,0 +1,5 @@
+---
+__console_files_location: "../../../files/origin-components/"
+
+__console_template_file: "console-template.yaml"
+__console_config_file: "console-config.yaml"

roles/openshift_web_console/vars/openshift-enterprise.yml

@@ -0,0 +1,4 @@
+---
+__openshift_web_console_prefix: "registry.access.redhat.com/openshift3/"
+__openshift_web_console_version: "v3.9"
+__openshift_web_console_image_name: "ose-web-console"