Merge pull request #8649 from rubenvp8510/migrate-hawkular-metrics-pvc

Migrate hawkular metrics to a new namespace

roles/openshift_metrics/defaults/main.yaml

@@ -60,7 +60,8 @@ openshift_metrics_resolution: 30s
 
 openshift_metrics_master_url: https://kubernetes.default.svc
 openshift_metrics_node_id: nodename
-openshift_metrics_project: openshift-infra
+openshift_metrics_old_project: openshift-infra
+openshift_metrics_project: openshift-metrics
 
 openshift_metrics_cassandra_pvc_prefix: metrics-cassandra
 openshift_metrics_cassandra_pvc_access: "{{ openshift_metrics_storage_access_modes | default(['ReadWriteOnce']) }}"

roles/openshift_metrics/tasks/clean_old_namespace.yaml

@@ -0,0 +1,17 @@
+---
+- name: remove metrics components on {{ openshift_metrics_old_project }}
+  command: >
+    {{ openshift_client_binary }} -n {{ openshift_metrics_old_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
+    delete --ignore-not-found --selector=metrics-infra
+    all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings,clusterrole
+  register: delete_metrics
+  changed_when: delete_metrics.stdout != 'No resources found'
+
+- name: remove rolebindings on {{ openshift_metrics_old_project }}
+  command: >
+    {{ openshift_client_binary }} -n {{ openshift_metrics_old_project }} --config={{ mktemp.stdout }}/admin.kubeconfig
+    delete --ignore-not-found
+    rolebinding/hawkular-view
+    clusterrolebinding/heapster-cluster-reader
+    clusterrolebinding/hawkular-metrics
+  changed_when: delete_metrics.stdout != 'No resources found'

roles/openshift_metrics/tasks/generate_cassandra_pvcs.yaml

@@ -1,17 +1,23 @@
 ---
-- name: Check to see if PVC already exists
+- name: Check to see if PVC already exists in actual namespace
   oc_obj:
     state: list
     kind: pvc
     name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
-    namespace: "{{ openshift_metrics_project }}"
-  register: _metrics_pvc
+    namespace: "{{openshift_metrics_project}}"
+  register: metrics_pvc
+
+# Migration process for PV to another namespace.
+- name: Check if we need to move cassandra PV to another namespace.
+  include_tasks: migrate_cassandra_pvcs.yaml
 
 # _metrics_pvc.results.results | length > 0 returns a false positive
 # so we check for the presence of 'stderr' to determine if the obj exists or not
 # the RC for existing and not existing is both 0
+
+# No PVC exist (either new or old namespace), so it's a new installation
 - when:
-    - _metrics_pvc.results.stderr is defined
+    - metrics_pvc.results.stderr is defined and not openshift_metrics_migrate_namespace
   block:
     - name: generate hawkular-cassandra persistent volume claims
       template:

roles/openshift_metrics/tasks/install_metrics.yaml

@@ -1,6 +1,48 @@
 ---
 - include_tasks: pre_install.yaml
 
+- name: Get annotations from {{ openshift_metrics_old_project }}
+  oc_obj:
+    state: list
+    kind: project
+    name: "{{ openshift_metrics_old_project }}"
+    namespace: "{{ openshift_metrics_old_project }}"
+  register: openshift_metrics_infra
+
+- name: Set {{openshift_metrics_old_project }} annotations fact.
+  set_fact:
+    openshift_metrics_old_project_annotations: >
+        { "openshift.io/sa.scc.mcs":"{{ openshift_metrics_infra.results.results[0].metadata.annotations['openshift.io/sa.scc.mcs'] }}",
+          "openshift.io/sa.scc.supplemental-groups": "{{ openshift_metrics_infra.results.results[0].metadata.annotations['openshift.io/sa.scc.supplemental-groups'] }}",
+          "openshift.io/sa.scc.uid-range": "{{ openshift_metrics_infra.results.results[0].metadata.annotations['openshift.io/sa.scc.uid-range'] }}"
+        }
+  when:
+    - openshift_metrics_infra.results is defined
+    - openshift_metrics_infra.results.results is defined
+    - openshift_metrics_infra.results.results[0] is defined
+    - openshift_metrics_infra.results.results[0].metadata is defined
+    - openshift_metrics_infra.results.results[0].metadata.annotations is defined
+    - openshift_metrics_infra.results.results[0].metadata.annotations['openshift.io/sa.scc.mcs'] is defined
+    - openshift_metrics_infra.results.results[0].metadata.annotations['openshift.io/sa.scc.supplemental-groups'] is defined
+    - openshift_metrics_infra.results.results[0].metadata.annotations['openshift.io/sa.scc.uid-range'] is defined
+
+- name: Generate template for project {{ openshift_metrics_project }} creation
+  template:
+    src: create_project.j2
+    dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-projects.yaml"
+  vars:
+    project_name: "{{ openshift_metrics_project }}"
+    annotations: "{{ openshift_metrics_old_project_annotations | default(false) }}"
+
+- name: Create {{ openshift_metrics_project }} namespace
+  oc_obj:
+    state: present
+    name: "{{ openshift_metrics_project }}"
+    kind: Project
+    files:
+      - "{{ mktemp.stdout }}/templates/hawkular-metrics-projects.yaml"
+    delete_after: true
+
 - name: Install Metrics
   include_tasks: "install_{{ include_file }}.yaml"
   with_items:

roles/openshift_metrics/tasks/main.yaml

@@ -49,3 +49,5 @@
   changed_when: False
   check_mode: no
   become: false
+
+- include_tasks: clean_old_namespace.yaml

roles/openshift_metrics/tasks/migrate_cassandra_pvcs.yaml

@@ -0,0 +1,99 @@
+---
+- name: Check to see if PVC exists in an old namespace
+  oc_obj:
+    state: list
+    kind: pvc
+    name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+    namespace: "{{openshift_metrics_old_project}}"
+  register: openshift_metrics_cassandra_old_pvc
+
+- name: Set PVC vars
+  set_fact:
+    pvc_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+    pvc_exists: "{{ openshift_metrics_cassandra_old_pvc.results.results[0] | length > 0 }}"
+
+- name: Set fact if we need to move to another namespace
+  set_fact:
+    openshift_metrics_migrate_namespace: "{{ pvc_exists and openshift_metrics_cassandra_old_pvc.results.results[0]['metadata']['name'] == pvc_name }}"
+
+- name: Migrate cassandra PV and PVC to another namespace
+  when: openshift_metrics_migrate_namespace
+  block:
+    - name: Get PV name attached to cassandra PVC
+      set_fact:
+        openshift_metrics_pv_name: "{{ openshift_metrics_cassandra_old_pvc['results']['results'][0]['spec']['volumeName'] }}"
+
+    - name: Get PV object attached to cassandra PVC.
+      oc_obj:
+        state: list
+        kind: pv
+        name: "{{ openshift_metrics_pv_name }}"
+        namespace: "{{ openshift_metrics_old_project }}"
+      register: metrics_pv
+
+    - name: Get PV persistent policy attached to cassandra PVC.
+      set_fact:
+        openshift_metrics_cassandra_pvc_persistent_policy: "{{ metrics_pv['results']['results'][0]['spec']['persistentVolumeReclaimPolicy'] }}"
+
+    - name: Set PV persistent volume reclaim policy to Retain
+      command: >
+       {{ openshift_client_binary }} -n {{ openshift_metrics_old_project }}
+        --config={{ mktemp.stdout }}/admin.kubeconfig
+        patch pv {{ openshift_metrics_pv_name }} -p '{"spec": {"persistentVolumeReclaimPolicy": "Retain"}}'
+
+    - name: Generate persistent volume claim templates for namespace {{ openshift_metrics_project }}
+      template:
+        src: pvc.j2
+        dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ metrics_pvc_index }}.yaml"
+      vars:
+        obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+        labels:
+          metrics-infra: hawkular-cassandra
+        access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}"
+        size: "{{ openshift_metrics_cassandra_pvc_size }}"
+        pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}"
+        storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}"
+        volume_name: "{{ openshift_metrics_pv_name }}"
+
+    - name: Create PVC persistent volume claim {{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }} for {{ openshift_metrics_project }}
+      oc_obj:
+        state: present
+        name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+        namespace: "{{ openshift_metrics_project }}"
+        kind: persistentvolumeclaim
+        files:
+          - "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ metrics_pvc_index }}.yaml"
+        delete_after: true
+
+    - name: Wait for Cassandra persistent volume claim to be created on {{ openshift_metrics_project }}
+      oc_obj:
+        state: list
+        kind: pvc
+        name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+        namespace: "{{openshift_metrics_project}}"
+      register: openshift_metrics_new_pvc
+      until: openshift_metrics_new_pvc.results.results[0] | length > 0
+
+    - set_fact:
+        openshift_metrics_pvc_uuid: "{{openshift_metrics_new_pvc['results']['results'][0]['metadata']['uid']}}"
+
+    - name: Attach PV to the new PVC
+      command: >
+       {{ openshift_client_binary }} -n {{ openshift_metrics_project }}
+        --config={{ mktemp.stdout }}/admin.kubeconfig
+        patch pv {{ openshift_metrics_pv_name }} -p '{"spec": {"claimRef": { "namespace": "{{ openshift_metrics_project }}", "name": "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}", "uid": "{{ openshift_metrics_pvc_uuid }}" }}}'
+
+    - name: Wait until the PV is attached to new PVC
+      oc_obj:
+        state: list
+        kind: pvc
+        name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ metrics_pvc_index }}"
+        namespace: "{{openshift_metrics_project}}"
+      register: openshift_metrics_new_pvc
+      until: openshift_metrics_new_pvc.results.results[0].spec.volumeName == openshift_metrics_pv_name
+
+    - name: Restore persistent volume reclaim policy
+      command: >
+       {{ openshift_client_binary }} -n {{ openshift_metrics_old_project }}
+        --config={{ mktemp.stdout }}/admin.kubeconfig
+        patch pv {{ openshift_metrics_pv_name }} -p '{"spec": {"persistentVolumeReclaimPolicy": "{{openshift_metrics_cassandra_pvc_persistent_policy}}"}}'

roles/openshift_metrics/tasks/oc_apply.yaml

@@ -9,6 +9,18 @@
   register: generation_init
   failed_when: false
   changed_when: no
+  when: namespace is defined
+
+- name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}}
+  command: >
+    {{ openshift_client_binary }}
+    --config={{ kubeconfig }}
+    get {{file_content.kind}} {{file_content.metadata.name}}
+    -o jsonpath='{.metadata.resourceVersion}'
+  register: generation_init_no_ns
+  failed_when: false
+  changed_when: no
+  when: namespace is not defined
 
 - name: Applying {{file_name}}
   command: >
@@ -18,6 +30,16 @@
   register: generation_apply
   failed_when: "'error' in generation_apply.stderr or (generation_apply.rc | int != 0)"
   changed_when: no
+  when: namespace is defined
+
+- name: Applying {{file_name}}
+  command: >
+    {{ openshift_client_binary }} --config={{ kubeconfig }}
+    apply -f {{ file_name }}
+  register: generation_apply
+  failed_when: "'error' in generation_apply.stderr or (generation_apply.rc | int != 0)"
+  changed_when: no
+  when: namespace is not defined
 
 - name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}}
   command: >
@@ -30,3 +52,17 @@
     init_version: "{{ (generation_init is defined) | ternary(generation_init.stdout, '0') }}"
   failed_when: "'error' in version_changed.stderr or version_changed.rc | int != 0"
   changed_when: version_changed.stdout | int  > init_version | int
+  when: namespace is defined
+
+
+- name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}}
+  command: >
+    {{ openshift_client_binary }} --config={{ kubeconfig }}
+    get {{file_content.kind}} {{file_content.metadata.name}}
+    -o jsonpath='{.metadata.resourceVersion}'
+  register: version_changed
+  vars:
+    init_version: "{{ (generation_init_no_ns is defined) | ternary(generation_init_no_ns.stdout, '0') }}"
+  failed_when: "'error' in version_changed.stderr or version_changed.rc | int != 0"
+  changed_when: version_changed.stdout | int  > init_version | int
+  when: namespace is not defined

roles/openshift_metrics/templates/create_project.j2

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Project
+metadata:
+{% if annotations is mapping %}
+  annotations:
+{% for key, value in annotations.items() %}
+    {{key}}: "{{value}}"
+{% endfor %}
+{% endif %}
+  name: {{ project_name }}

roles/openshift_metrics/templates/pvc.j2

@@ -18,6 +18,9 @@ metadata:
 {% endfor %}
 {% endif %}
 spec:
+{% if volume_name is defined %}
+  volumeName: {{volume_name}}
+{% endif %}
 {% if pv_selector is defined and pv_selector is mapping %}
   selector:
     matchLabels: