shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
							---
- name: Create temp directory for doing work in on target
  command: mktemp -td openshift-metering-ansible-XXXXXX
  register: mktemp
  changed_when: False

- name: Ensures {{ mktemp.stdout }}/metering-manifests directories exists
  file:
    path: "{{ item }}"
    state: directory
  with_items:
  - "{{ mktemp.stdout }}/metering-manifests/operator"

- name: Copy operator files to temp directory
  copy:
    src: "{{ item }}"
    dest: "{{ mktemp.stdout }}/metering-manifests/operator/{{ item | basename }}"
  with_fileglob:
  - "files/operator/*.yaml"
  register: temp_operator_files

- name: Update Metering Operator deployment image
  yedit:
    src: "{{ mktemp.stdout }}/metering-manifests/operator/metering-operator-deployment.yaml"
    edits:
    - key: spec.template.spec.containers[0].image
      value: "{{ openshift_metering_operator_image }}"
    - key: spec.template.spec.containers[1].image
      value: "{{ openshift_metering_operator_image }}"
  when: openshift_metering_operator_image != ""

- name: Update Metering config
  yedit:
    src: "{{ mktemp.stdout }}/metering-manifests/operator/metering.yaml"
    edits:
    - key: spec
      value: "{{ openshift_metering_config }}"
  when: openshift_metering_config != None

- name: Update Metering config with custom database config for Hive metastore
  yedit:
    src: "{{ mktemp.stdout }}/metering-manifests/operator/metering.yaml"
    edits:
    - key: spec.presto.spec.hive.config.dbConnectionURL
      value: "{{ openshift_metering_hive_metastore_db_url }}"
    - key: spec.presto.spec.hive.config.dbDriver
      value: "{{ openshift_metering_hive_metastore_db_driver }}"
    - key: spec.presto.spec.hive.config.dbConnectionUsername
      value: "{{ openshift_metering_hive_metastore_db_username }}"
    - key: spec.presto.spec.hive.config.dbConnectionPassword
      value: "{{ openshift_metering_hive_metastore_db_password }}"
  when: openshift_metering_hive_metastore_db_use_custom | bool

- name: Update Metering config with custom default storage location
  yedit:
    src: "{{ mktemp.stdout }}/metering-manifests/operator/metering.yaml"
    edits:
    - key: spec.reporting-operator.spec.config.defaultStorage
      value:
        create: true
        isDefault: true
        name: "{{ openshift_metering_default_storage_name }}"
        type: "{{ openshift_metering_default_storage_type }}"
    - key: "spec.reporting-operator.spec.config.defaultStorage.{{ openshift_metering_default_storage_type }}"
      value: "{{ openshift_metering_default_storage_config[openshift_metering_default_storage_type] }}"
  when: openshift_metering_default_storage_use_custom | bool

- name: Update Metering config to enable or disable HDFS
  yedit:
    src: "{{ mktemp.stdout }}/metering-manifests/operator/metering.yaml"
    edits:
    - key: spec.hdfs.enabled
      value: "{{ openshift_metering_hdfs_enabled }}"
  when: openshift_metering_default_storage_use_custom | bool

- name: Update Metering config with AWS credentials
  yedit:
    src: "{{ mktemp.stdout }}/metering-manifests/operator/metering.yaml"
    edits:
    - key: "{{ item.key }}"
      value: "{{ item.value }}"
  # If the value is empty, then the credentials aren't set and we don't need to
  # make the edit
  when: item.value != ""
  with_items:
  - key: spec.reporting-operator.spec.config.awsAccessKeyID
    value: "{{ openshift_metering_aws_access_key_id }}"
  - key: spec.reporting-operator.spec.config.awsSecretAccessKey
    value: "{{ openshift_metering_aws_secret_access_key }}"
  - key: spec.presto.spec.config.awsAccessKeyID
    value: "{{ openshift_metering_aws_access_key_id }}"
  - key: spec.presto.spec.config.awsSecretAccessKey
    value: "{{ openshift_metering_aws_secret_access_key }}"
  # Hide secrets
  no_log: True

- name: Fetch updated operator manifests
  fetch:
    src: "{{ item.dest }}"
    dest: "/tmp/updated_manifests/"
    flat: true
  with_items: "{{ temp_operator_files.results }}"
  register: updated_operator_manifests
  loop_control:
    label: "{{ item.dest }}"

- name: "Create {{ __openshift_metering_namespace }} project"
  oc_project:
    state: present
    name: "{{ __openshift_metering_namespace }}"
    description: Openshift Metering
    node_selector: ""

- name: Create reporting operator cluster role
  oc_clusterrole:
    state: present
    name: "openshift-reporting-operator-{{ __openshift_metering_namespace }}"
    rules:
    # Grant namespace viewer access to allow authing to cluster monitoring Prometheus
    - apiGroups: [""]
      resources: ["namespaces"]
      verbs: ["get"]
    # Grant subject access review and token review access to allow metering
    # auth-proxy to authenticate requests using openshift authentication
    # methods
    - apiGroups:
      - authorization.k8s.io
      resources:
      - subjectaccessreviews
      verbs:
      - create
    - apiGroups:
      - authentication.k8s.io
      resources:
      - tokenreviews
      verbs:
      - create

# Grant access to reporting-operator so it can talk to prometheus and
# authenticate it's API using auth-proxy
- name: Create reporting operator clusterrolebinding
  oc_obj:
    state: present
    kind: ClusterRoleBinding
    name: "openshift-reporting-operator-{{ __openshift_metering_namespace }}"
    content:
      path: "{{ mktemp.stdout }}/openshift-reporting-operator-{{ __openshift_metering_namespace }}"
      data:
        apiVersion: v1
        kind: ClusterRoleBinding
        metadata:
          name: "openshift-reporting-operator-{{ __openshift_metering_namespace }}"
        roleRef:
          apiGroup: rbac.authorization.k8s.io
          kind: ClusterRole
          name: "openshift-reporting-operator-{{ __openshift_metering_namespace }}"
        subjects:
        - kind: ServiceAccount
          name: reporting-operator
          namespace: "{{ __openshift_metering_namespace }}"

- name: Install Metering CRDs
  oc_obj:
    state: present
    kind: "{{ obj.kind }}"
    name: "{{ obj.metadata.name }}"
    namespace: "{{ __openshift_metering_namespace }}"
    content:
      path: "/tmp/{{ obj.kind }}-{{ obj.metadata.name }}.yaml"
      data: "{{ obj }}"
  vars:
    obj: "{{ lookup('file', item) | from_yaml }}"
  with_fileglob:
  - "files/crds/*.yaml"

- name: Install Metering Operator
  oc_obj:
    state: present
    kind: "{{ obj.kind }}"
    name: "{{ obj.metadata.name }}"
    namespace: "{{ __openshift_metering_namespace }}"
    content:
      path: "/tmp/{{ obj.kind }}-{{ obj.metadata.name }}.yaml"
      data: "{{ obj }}"
  vars:
    obj: "{{ lookup('file', item.dest) | from_yaml }}"
  with_items: "{{ updated_operator_manifests.results }}"
  loop_control:
    label: "{{ item.dest }}"

- name: Delete temp directory
  file:
    name: "{{ mktemp.stdout }}"
    state: absent
  changed_when: False