additional cr fixes

filter_plugins/oo_filters.py

@@ -11,6 +11,7 @@ import pkg_resources
 import re
 import json
 import yaml
+import random
 
 from ansible import errors
 from collections import Mapping
@@ -921,6 +922,14 @@ Ex:
         # '+', .split() returns an array of the original string.
         return str(version).split('+')[0]
 
+def oo_random_word(length,source='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'):
+    """Generates a random string of given length from a set of alphanumeric characters.
+       The default source uses [a-z][A-Z][0-9]
+       Ex:
+       - oo_random_word(3)                => aB9
+       - oo_random_word(4, source='012')  => 0123
+    """
+    return ''.join(random.choice(source) for i in range(length))
 
 class FilterModule(object):
     """ Custom ansible filter mapping """
@@ -961,4 +970,5 @@ class FilterModule(object):
             "oo_openshift_loadbalancer_frontends": oo_openshift_loadbalancer_frontends,
             "oo_openshift_loadbalancer_backends": oo_openshift_loadbalancer_backends,
             "to_padded_yaml": to_padded_yaml,
+            "oo_random_word": oo_random_word
         }

roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml

@@ -13,22 +13,26 @@
     hostnames: hawkular-cassandra
   changed_when: no
 
+- slurp: src={{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd
+  register: cassandra_truststore_password
+
 - name: check existing aliases on the hawkular-cassandra truststore
   shell: >
     keytool -noprompt -list
     -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra.truststore
-    -storepass "$(<
-    '{{ openshift_metrics_certs_dir|quote }}/hawkular-cassandra-truststore.pwd')"
+    -storepass {{cassandra_truststore_password.content | b64decode }}
     | sed -n '7~2s/,.*$//p'
   register: hawkular_cassandra_truststore_aliases
   changed_when: false
 
+- slurp: src={{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd
+  register: hawkular_truststore_password
+
 - name: check existing aliases on the hawkular-metrics truststore
   shell: >
     keytool -noprompt -list
     -keystore {{ openshift_metrics_certs_dir|quote }}/hawkular-metrics.truststore
-    -storepass "$(<
-    '{{ openshift_metrics_certs_dir|quote }}/hawkular-metrics-truststore.pwd')"
+    -storepass {{ hawkular_truststore_password.content | b64decode }}
     | sed -n '7~2s/,.*$//p'
   register: hawkular_metrics_truststore_aliases
   changed_when: false
@@ -39,8 +43,7 @@
     -alias hawkular-metrics
     -file '{{ openshift_metrics_certs_dir }}/hawkular-metrics.crt'
     -keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore'
-    -storepass "$(<
-    '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')"
+    -storepass {{cassandra_truststore_password.content | b64decode }}
   when: >
     'hawkular-metrics' not in
     hawkular_cassandra_truststore_aliases.stdout_lines
@@ -51,8 +54,7 @@
     -alias hawkular-cassandra
     -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt'
     -keystore '{{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore'
-    -storepass "$(<
-    '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')"
+    -storepass {{ hawkular_truststore_password.content | b64decode }}
   when: >
     'hawkular-cassandra' not in
     hawkular_metrics_truststore_aliases.stdout_lines
@@ -63,8 +65,7 @@
     -alias hawkular-cassandra
     -file '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.crt'
     -keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore'
-    -storepass "$(<
-    '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')"
+    -storepass {{cassandra_truststore_password.content | b64decode }}
   when: >
     'hawkular-cassandra' not in
     hawkular_cassandra_truststore_aliases.stdout_lines
@@ -75,8 +76,7 @@
     -alias '{{ item }}'
     -file '{{ openshift_metrics_certs_dir }}/ca.crt'
     -keystore '{{ openshift_metrics_certs_dir }}/hawkular-cassandra.truststore'
-    -storepass "$(<
-    '{{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd')"
+    -storepass {{cassandra_truststore_password.content | b64decode }}
   with_items:
   - ca
   - metricca
@@ -89,8 +89,7 @@
     -alias '{{ item }}'
     -file '{{ openshift_metrics_certs_dir }}/ca.crt'
     -keystore '{{ openshift_metrics_certs_dir }}/hawkular-metrics.truststore'
-    -storepass "$(<
-    '{{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd')"
+    -storepass {{ hawkular_truststore_password.content | b64decode }}
   with_items:
   - ca
   - metricca

roles/openshift_metrics/tasks/install_cassandra.yaml

@@ -0,0 +1,54 @@
+---
+- shell: >
+    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }}
+    --config={{ mktemp.stdout }}/admin.kubeconfig
+    get rc hawkular-cassandra-{{node}} -o jsonpath='{.spec.replicas}' || echo 0
+  vars:
+    node: "{{ item }}"
+  register: cassandra_replica_count
+  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
+  changed_when: false
+  failed_when: false
+
+- name: generate hawkular-cassandra replication controllers
+  template:
+    src: hawkular_cassandra_rc.j2
+    dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-rc{{ item }}.yaml"
+  vars:
+    node: "{{ item }}"
+    master: "{{ (item == '1')|string|lower }}"
+    replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}"
+  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
+  changed_when: false
+
+- name: generate hawkular-cassandra persistent volume claims
+  template:
+    src: pvc.j2
+    dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
+  vars:
+    obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
+    labels:
+      metrics-infra: hawkular-cassandra
+    access_modes:
+    - ReadWriteOnce
+    size: "{{ openshift_metrics_cassandra_pv_size }}"
+  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
+  when: openshift_metrics_cassandra_storage_type == 'pv'
+  changed_when: false
+
+- name: generate hawkular-cassandra persistent volume claims (dynamic)
+  template:
+    src: pvc.j2
+    dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
+  vars:
+    obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
+    labels:
+      metrics-infra: hawkular-cassandra
+    annotations:
+      volume.alpha.kubernetes.io/storage-class: dynamic
+    access_modes:
+    - ReadWriteOnce
+    size: "{{ openshift_metrics_cassandra_pv_size }}"
+  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
+  when: openshift_metrics_cassandra_storage_type == 'dynamic'
+  changed_when: false

roles/openshift_metrics/tasks/install_hawkular.yaml

@@ -1,9 +1,10 @@
 ---
-- shell: >
+- command: >
     {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }}
     --config={{ mktemp.stdout }}/admin.kubeconfig
-    get rc hawkular-metrics -o jsonpath='{.spec.replicas}' || echo 0
+    get rc hawkular-metrics -o jsonpath='{.spec.replicas}'
   register: hawkular_metrics_replica_count
+  failed_when: false
   changed_when: false
 
 - name: generate hawkular-metrics replication controller
@@ -11,60 +12,7 @@
     src: hawkular_metrics_rc.j2
     dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_rc.yaml"
   vars:
-    replica_count: "{{hawkular_metrics_replica_count.stdout}}"
-  changed_when: false
-
-- shell: >
-    {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }}
-    --config={{ mktemp.stdout }}/admin.kubeconfig
-    get rc hawkular-cassandra-{{node}} -o jsonpath='{.spec.replicas}' || echo 0
-  vars:
-    node: "{{ item }}"
-  register: cassandra_replica_count
-  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
-  changed_when: false
-
-- name: generate hawkular-cassandra replication controllers
-  template:
-    src: hawkular_cassandra_rc.j2
-    dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-rc{{ item }}.yaml"
-  vars:
-    node: "{{ item }}"
-    master: "{{ (item == '1')|string|lower }}"
-    replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}"
-  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
-  changed_when: false
-
-- name: generate hawkular-cassandra persistent volume claims
-  template:
-    src: pvc.j2
-    dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
-  vars:
-    obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
-    labels:
-      metrics-infra: hawkular-cassandra
-    access_modes:
-    - ReadWriteOnce
-    size: "{{ openshift_metrics_cassandra_pv_size }}"
-  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
-  when: openshift_metrics_cassandra_storage_type == 'pv'
-  changed_when: false
-
-- name: generate hawkular-cassandra persistent volume claims (dynamic)
-  template:
-    src: pvc.j2
-    dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
-  vars:
-    obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
-    labels:
-      metrics-infra: hawkular-cassandra
-    annotations:
-      volume.alpha.kubernetes.io/storage-class: dynamic
-    access_modes:
-    - ReadWriteOnce
-    size: "{{ openshift_metrics_cassandra_pv_size }}"
-  with_sequence: count={{ openshift_metrics_cassandra_replicas }}
-  when: openshift_metrics_cassandra_storage_type == 'dynamic'
+    replica_count: "{{hawkular_metrics_replica_count.stdout | default(0)}}"
   changed_when: false
 
 - name: read hawkular-metrics route destination ca certificate

roles/openshift_metrics/tasks/install_heapster.yaml

@@ -1,13 +1,14 @@
 ---
-- shell: >
+- command: >
     {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }}
     --config={{ mktemp.stdout }}/admin.kubeconfig
-    get rc heapster -o jsonpath='{.spec.replicas}' || echo 0
+    get rc heapster -o jsonpath='{.spec.replicas}'
   register: heapster_replica_count
+  failed_when: false
   changed_when: no
 
 - name: Generate heapster replication controller
   template: src=heapster.j2 dest={{mktemp.stdout}}/templates/metrics-heapster-rc.yaml
   vars:
-    replica_count: "{{heapster_replica_count.stdout}}"
+    replica_count: "{{heapster_replica_count.stdout | default(0)}}"
   changed_when: no

roles/openshift_metrics/tasks/install_metrics.yaml

@@ -16,6 +16,7 @@
     - support
     - heapster
     - hawkular
+    - cassandra
   loop_control:
     loop_var: include_file
 

roles/openshift_metrics/tasks/setup_certificate.yaml

@@ -11,20 +11,28 @@
     --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.key'|exists
 
+- slurp: src={{item}}
+  register: component_certs
+  with_items:
+    - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.key'
+    - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.crt'
+  when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists
+
 - name: generate {{ component }} certificate
-  shell: >
-    cat
-    '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.key'
-    '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.crt'
-    > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.pem'
+  copy:
+    dest: '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'
+    content: "{{ component_certs.results | map(attribute='content') | map('b64decode') | join('')  }}"
   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists
 
 - name: generate random password for the {{ component }} keystore
-  shell: >
-    tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
-    > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd'
+  copy:
+      content: "{{ 15 | oo_random_word }}"
+      dest: '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd'
   when: >
     not '{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'|exists
+  
+- slurp: src={{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd
+  register: keystore_password
 
 - name: create the {{ component }} pkcs12 from the pem file
   command: >
@@ -32,27 +40,24 @@
     -in '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'
     -out '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'
     -name '{{ component }}' -noiter -nomaciter
-    -password
-    'file:{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'
+    -password 'pass:{{keystore_password.content | b64decode }}'
   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'|exists
 
 - name: create the {{ component }} keystore from the pkcs12 file
-  shell: >
-    p=$(< {{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd)
-    &&
+  command: >
     keytool -v -importkeystore
     -srckeystore '{{ openshift_metrics_certs_dir | quote }}/{{ component | quote }}.pkcs12'
     -srcstoretype PKCS12
     -destkeystore '{{ openshift_metrics_certs_dir | quote }}/{{ component | quote}}.keystore'
     -deststoretype JKS
-    -deststorepass "$p"
-    -srcstorepass "$p"
+    -deststorepass '{{keystore_password.content | b64decode }}'
+    -srcstorepass '{{keystore_password.content | b64decode }}'
   when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.keystore'|exists
 
 - name: generate random password for the {{ component }} truststore
-  shell: >
-    tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c15
-    > '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-truststore.pwd'
+  copy:
+      content: "{{ 15 | oo_random_word }}"
+      dest: '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-truststore.pwd'
   when: >
     not
     '{{ openshift_metrics_certs_dir | quote }}/{{ component| quote  }}-truststore.pwd'|exists