Pull in keynote demo changes

inventory/byo/hosts.ose.example

@@ -325,6 +325,30 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 #openshift_hosted_registry_storage_s3_chunksize=26214400
 #openshift_hosted_registry_pullthrough=true
 
+# Metrics Storage Options
+#
+# NFS Host Group
+# An NFS volume will be created with path "nfs_directory/volume_name"
+# on the host within the [nfs] host group.  For example, the volume
+# path using these options would be "/exports/metrics"
+#openshift_hosted_metrics_storage_kind=nfs
+#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_metrics_storage_nfs_directory=/exports
+#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)'
+#openshift_hosted_metrics_storage_volume_name=metrics
+#openshift_hosted_metrics_storage_volume_size=10Gi
+#
+# External NFS Host
+# NFS volume must already exist with path "nfs_directory/_volume_name" on
+# the storage_host. For example, the remote volume path using these
+# options would be "nfs.example.com:/exports/metrics"
+#openshift_hosted_metrics_storage_kind=nfs
+#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
+#openshift_hosted_metrics_storage_host=nfs.example.com
+#openshift_hosted_metrics_storage_nfs_directory=/exports
+#openshift_hosted_metrics_storage_volume_name=metrics
+#openshift_hosted_metrics_storage_volume_size=10Gi
+
 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet')
 # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
 

playbooks/common/openshift-master/config.yml

@@ -48,6 +48,12 @@
   - set_fact:
       openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default('10s', true) }}"
     when: openshift_hosted_metrics_resolution is not defined
+  - set_fact:
+      openshift_hosted_metrics_deployer_prefix: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_prefix') | default('openshift') }}"
+    when: openshift_hosted_metrics_deployer_prefix is not defined
+  - set_fact:
+      openshift_hosted_metrics_deployer_version: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_version') | default('latest') }}"
+    when: openshift_hosted_metrics_deployer_prefix is not defined
   roles:
   - openshift_facts
   post_tasks:

roles/openshift_facts/library/openshift_facts.py

@@ -1776,6 +1776,8 @@ class OpenShiftFacts(object):
             defaults['hosted'] = dict(
                 metrics=dict(
                     deploy=False,
+                    deployer_prefix='registry.access.redhat.com/openshift3/',
+                    deployer_version='3.3.0',
                     duration=7,
                     resolution='10s',
                     storage=dict(
@@ -1791,7 +1793,7 @@ class OpenShiftFacts(object):
                             filesystem='ext4',
                             volumeID='123'),
                         host=None,
-                        access_modes=['ReadWriteMany'],
+                        access_modes=['ReadWriteOnce'],
                         create_pv=True
                     )
                 ),

roles/openshift_metrics/tasks/main.yaml

@@ -1,64 +1,142 @@
 ---
-- name: Copy Configuration to temporary conf
+- fail:
+    msg: This role required openshift_master_default_subdomain or openshift_master_metrics_url be set
+  when: openshift.master.metrics_public_url | default(openshift_master_metrics_public_url | default(openshift.master.default_subdomain | default(openshift_master_default_subdomain | default(none)))) is none
+
+- name: Create temp directory for kubeconfig
+  command: mktemp -d /tmp/openshift-ansible-XXXXXX
+  register: mktemp
+  changed_when: False
+
+- set_fact:
+    openshift_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+
+- name: Copy the admin client config(s)
+  command: >
+    cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_metrics_kubeconfig }}
+  changed_when: False
+
+- name: Set hosted metrics facts
+  openshift_facts:
+    role: hosted
+    openshift_env: "{{ hostvars
+                       | oo_merge_hostvars(vars, inventory_hostname)
+                       | oo_openshift_env }}"
+    openshift_env_structures:
+    - 'openshift.hosted.metrics.*'
+
+- set_fact:
+    # Prefer the master facts over bare variables if present, prefer
+    # metrics_public_url over creating a default using default_subdomain
+    metrics_hostname: "{{ openshift.hosted.metrics.public_url
+                          | default('hawkular-metrics.' ~ (openshift.master.default_subdomain
+                          | default(openshift_master_default_subdomain )))
+                          | oo_hostname_from_url }}"
+    metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}"
+    metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}"
+    metrics_template_dir: "/usr/share/openshift/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}"
+    cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}"
+    cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}"
+
+- name: Test if metrics-deployer service account exists
   command: >
-    cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{hawkular_tmp_conf}}
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_metrics_kubeconfig }}
+    --namespace=openshift-infra
+    get serviceaccount metrics-deployer -o json
+  register: serviceaccount
   changed_when: false
+  failed_when: false
 
 - name: Create metrics-deployer Service Account
   shell: >
-    echo {{ deployer_service_account | to_json | quote }} |
-    {{ openshift.common.client_binary }} create
-    -n openshift-infra
-    --config={{hawkular_tmp_conf}}
-    -f -
-  register: deployer_create_service_account
-  failed_when: "'already exists' not in deployer_create_service_account.stderr and deployer_create_service_account.rc != 0"
-  changed_when: deployer_create_service_account.rc == 0
-
-- name: Create metrics-deployer Secret
-  command: >
+    echo {{ metrics_deployer_sa | to_json | quote }} |
     {{ openshift.common.client_binary }}
-    secrets new metrics-deployer
-    nothing=/dev/null
-    --config={{hawkular_tmp_conf}}
-    -n openshift-infra
-  register: deployer_create_secret
-  failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0"
-  changed_when: deployer_create_secret.rc == 0
-
-- name: Configure role/user permissions
+    --config={{ openshift_metrics_kubeconfig }}
+    --namespace openshift-infra
+    create -f -
+  when: serviceaccount.rc == 1
+
+- name: Test edit permissions
   command: >
-    {{ openshift.common.admin_binary }} {{item}}
-    --config={{hawkular_tmp_conf}}
-  with_items: "{{hawkular_permission_oc_commands}}"
-  register: hawkular_perm_task
-  failed_when: "'already exists' not in hawkular_perm_task.stderr and hawkular_perm_task.rc != 0"
-  changed_when: hawkular_perm_task.rc == 0
-
-- name: Check openshift_master_default_subdomain
-  fail: 
-    msg: "Default subdomain should be defined"
-  when: openshift.master.default_subdomain is not defined
-
-- name: Create Heapster and Hawkular/Cassandra Services
-  shell: >
-   {{ openshift.common.client_binary }} process -f \
-   /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \
-    HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} \
-    | {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f -
-  register: oex_heapster_services
-  failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0"
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_metrics_kubeconfig }}
+    --namespace openshift-infra
+    get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}'
+  register: edit_rolebindings
   changed_when: false
 
-- name: Clean temporary config file
+- name: Add edit permission to the openshift-infra project to metrics-deployer SA
+  command: >
+    {{ openshift.common.admin_binary }}
+    --config={{ openshift_metrics_kubeconfig }}
+    --namespace openshift-infra
+    policy add-role-to-user edit
+    system:serviceaccount:openshift-infra:metrics-deployer
+  when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout"
+
+- name: Test cluster-reader permissions
   command: >
-    rm -rf {{hawkular_tmp_conf}}
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_metrics_kubeconfig }}
+    --namespace openshift-infra
+    get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}'
+  register: cluster_reader_clusterrolebindings
   changed_when: false
 
+- name: Add cluster-reader permission to the openshift-infra project to heapster SA
+  command: >
+    {{ openshift.common.admin_binary }}
+    --config={{ openshift_metrics_kubeconfig }}
+    --namespace openshift-infra
+    policy add-cluster-role-to-user cluster-reader
+    system:serviceaccount:openshift-infra:heapster
+  when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout"
+
+# TODO: extend this to allow user passed in certs or generating cert with
+# OpenShift CA
+- name: Create metrics-deployer secret
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_metrics_kubeconfig }}
+    --namespace openshift-infra
+    secrets new metrics-deployer nothing=/dev/null
+  register: metrics_deployer_secret
+  changed_when: metrics_deployer_secret.rc == 0
+  failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr"
+
+- debug: var=openshift.hosted.metrics.deployer_prefix
+- debug: var=openshift.hosted.metrics.deployer_version
+
+
+- name: Deploy Metrics
+  shell: >
+    {{ openshift.common.client_binary }} process -f
+    {{ metrics_template_dir }}/metrics-deployer.yaml -v
+    HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{
+    metrics_persistence | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }},IMAGE_PREFIX={{ openshift.hosted.metrics.deployer_prefix }},IMAGE_VERSION={{ openshift.hosted.metrics.deployer_version }}
+    | {{ openshift.common.client_binary }} --namespace openshift-infra
+    --config={{ openshift_metrics_kubeconfig }}
+    create -f -
+  register: deploy_metrics
+  failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0"
+  changed_when: deploy_metrics.rc == 0
+
+# TODO: re-enable this once the metrics deployer validation issue is fixed
+# when using dynamically provisioned volumes
 - name: "Wait for image pull and deployer pod"
-  shell:  "{{ openshift.common.client_binary }} get pods -n openshift-infra | grep metrics-deployer.*Completed"
+  shell: >
+    {{ openshift.common.client_binary }}
+    --namespace openshift-infra
+    --config={{ openshift_metrics_kubeconfig }}
+    get pods | grep metrics-deployer.*Completed
   register: result
   until: result.rc == 0
   retries: 60
   delay: 10
 
+- name: Delete temp directory
+  file:
+    name: "{{ mktemp.stdout }}"
+    state: absent
+  changed_when: False

roles/openshift_metrics/vars/main.yaml

@@ -2,13 +2,13 @@ hawkular_permission_oc_commands:
     - policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra
     - policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster
 
-deployer_service_account:
-    apiVersion: v1
-    kind: ServiceAccount
-    metadata:
-      name: metrics-deployer
-    secrets:
-    - name: metrics-deployer
+metrics_deployer_sa:
+  apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    name: metrics-deployer
+  secrets:
+  - name: metrics-deployer
 
 
 hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig
@@ -16,4 +16,3 @@ hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig
 hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}true{% else %}false{% endif %}"
 
 hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}"
-