diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/lib_zabbix/library/zbx_action.py | 7 | ||||
| -rw-r--r-- | roles/lib_zabbix/library/zbx_graph.py | 331 | ||||
| -rw-r--r-- | roles/lib_zabbix/library/zbx_graphprototype.py | 331 | ||||
| -rw-r--r-- | roles/lib_zabbix/library/zbx_httptest.py | 10 | ||||
| -rw-r--r-- | roles/lib_zabbix/tasks/create_template.yml | 24 | ||||
| -rw-r--r-- | roles/openshift_common/tasks/main.yml | 13 | ||||
| -rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 2 | ||||
| -rw-r--r-- | roles/openshift_master/tasks/main.yml | 16 | ||||
| -rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 19 | ||||
| -rw-r--r-- | roles/openshift_master/templates/v1_partials/oauthConfig.j2 | 93 | ||||
| -rw-r--r-- | roles/openshift_node/tasks/main.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_node/templates/node.yaml.v1.j2 | 2 | ||||
| -rw-r--r-- | roles/os_zabbix/tasks/main.yml | 40 | ||||
| -rw-r--r-- | roles/os_zabbix/vars/template_openshift_master.yml | 34 | ||||
| -rw-r--r-- | roles/os_zabbix/vars/template_os_linux.yml | 12 |
15 files changed, 832 insertions, 103 deletions
diff --git a/roles/lib_zabbix/library/zbx_action.py b/roles/lib_zabbix/library/zbx_action.py index d64cebae1..24693e5db 100644 --- a/roles/lib_zabbix/library/zbx_action.py +++ b/roles/lib_zabbix/library/zbx_action.py @@ -89,6 +89,9 @@ def operation_differences(zabbix_ops, user_ops): for zab, user in zip(zabbix_ops, user_ops): for key, val in user.items(): if key == 'opconditions': + if len(zab[key]) != len(val): + rval[key] = val + break for z_cond, u_cond in zip(zab[key], user[key]): if not all([str(u_cond[op_key]) == z_cond[op_key] for op_key in \ ['conditiontype', 'operator', 'value']]): @@ -330,9 +333,9 @@ def get_action_operations(zapi, inc_operations): condition['operator'] = 0 if condition['value'] == 'acknowledged': - condition['operator'] = 1 + condition['value'] = 1 else: - condition['operator'] = 0 + condition['value'] = 0 return inc_operations diff --git a/roles/lib_zabbix/library/zbx_graph.py b/roles/lib_zabbix/library/zbx_graph.py new file mode 100644 index 000000000..121ec3dee --- /dev/null +++ b/roles/lib_zabbix/library/zbx_graph.py @@ -0,0 +1,331 @@ +#!/usr/bin/env python +''' + Ansible module for zabbix graphs +''' +# vim: expandtab:tabstop=4:shiftwidth=4 +# +# Zabbix graphs ansible module +# +# +# Copyright 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#--- +#- hosts: localhost +# gather_facts: no +# tasks: +# - zbx_graph: +# zbx_server: https://zabbixserver/zabbix/api_jsonrpc.php +# zbx_user: Admin +# zbx_password: zabbix +# name: Test Graph +# height: 300 +# width: 500 +# graph_items: +# - item_name: openshift.master.etcd.create.fail +# color: red +# line_style: bold +# - item_name: openshift.master.etcd.create.success +# color: red +# line_style: bold +# +# + +# This is in place because each module looks similar to each other. +# These need duplicate code as their behavior is very similar +# but different for each zabbix class. +# pylint: disable=duplicate-code + +# pylint: disable=import-error +from openshift_tools.monitoring.zbxapi import ZabbixAPI, ZabbixConnection + +def exists(content, key='result'): + ''' Check if key exists in content or the size of content[key] > 0 + ''' + if not content.has_key(key): + return False + + if not content[key]: + return False + + return True + +def get_graph_type(graphtype): + ''' + Possible values: + 0 - normal; + 1 - stacked; + 2 - pie; + 3 - exploded; + ''' + gtype = 0 + if 'stacked' in graphtype: + gtype = 1 + elif 'pie' in graphtype: + gtype = 2 + elif 'exploded' in graphtype: + gtype = 3 + + return gtype + +def get_show_legend(show_legend): + '''Get the value for show_legend + 0 - hide + 1 - (default) show + ''' + rval = 1 + if 'hide' == show_legend: + rval = 0 + + return rval + +def get_template_id(zapi, template_name): + ''' + get related templates + ''' + # Fetch templates by name + content = zapi.get_content('template', + 'get', + {'filter': {'host': template_name},}) + + if content.has_key('result'): + return content['result'][0]['templateid'] + + return None + +def get_color(color_in): + ''' Receive a color and translate it to a hex representation of the color + + Will have a few setup by default + ''' + colors = {'black': '000000', + 'red': 'FF0000', + 'pink': 'FFC0CB', + 'purple': '800080', + 'orange': 'FFA500', + 'gold': 'FFD700', + 'yellow': 'FFFF00', + 'green': '008000', + 'cyan': '00FFFF', + 'aqua': '00FFFF', + 'blue': '0000FF', + 'brown': 'A52A2A', + 'gray': '808080', + 'grey': '808080', + 'silver': 'C0C0C0', + } + if colors.has_key(color_in): + return colors[color_in] + + return color_in + +def get_line_style(style): + '''determine the line style + ''' + line_style = {'line': 0, + 'filled': 1, + 'bold': 2, + 'dot': 3, + 'dashed': 4, + 'gradient': 5, + } + + if line_style.has_key(style): + return line_style[style] + + return 0 + +def get_calc_function(func): + '''Determine the caclulation function''' + rval = 2 # default to avg + if 'min' in func: + rval = 1 + elif 'max' in func: + rval = 4 + elif 'all' in func: + rval = 7 + elif 'last' in func: + rval = 9 + + return rval + +def get_graph_item_type(gtype): + '''Determine the graph item type + ''' + rval = 0 # simple graph type + if 'sum' in gtype: + rval = 2 + + return rval + +def get_graph_items(zapi, gitems): + '''Get graph items by id''' + + r_items = [] + for item in gitems: + content = zapi.get_content('item', + 'get', + {'filter': {'name': item['item_name']}}) + _ = item.pop('item_name') + color = get_color(item.pop('color')) + drawtype = get_line_style(item.get('line_style', 'line')) + func = get_calc_function(item.get('calc_func', 'avg')) + g_type = get_graph_item_type(item.get('graph_item_type', 'simple')) + + if content.has_key('result'): + tmp = {'itemid': content['result'][0]['itemid'], + 'color': color, + 'drawtype': drawtype, + 'calc_fnc': func, + 'type': g_type, + } + r_items.append(tmp) + + return r_items + +def compare_gitems(zabbix_items, user_items): + '''Compare zabbix results with the user's supplied items + return True if user_items are equal + return False if any of the values differ + ''' + if len(zabbix_items) != len(user_items): + return False + + for u_item in user_items: + for z_item in zabbix_items: + if u_item['itemid'] == z_item['itemid']: + if not all([str(value) == z_item[key] for key, value in u_item.items()]): + return False + + return True + +# The branches are needed for CRUD and error handling +# pylint: disable=too-many-branches +def main(): + ''' + ansible zabbix module for zbx_graphs + ''' + + module = AnsibleModule( + argument_spec=dict( + zbx_server=dict(default='https://localhost/zabbix/api_jsonrpc.php', type='str'), + zbx_user=dict(default=os.environ.get('ZABBIX_USER', None), type='str'), + zbx_password=dict(default=os.environ.get('ZABBIX_PASSWORD', None), type='str'), + zbx_debug=dict(default=False, type='bool'), + name=dict(default=None, type='str'), + height=dict(default=None, type='int'), + width=dict(default=None, type='int'), + graph_type=dict(default='normal', type='str'), + show_legend=dict(default='show', type='str'), + state=dict(default='present', type='str'), + graph_items=dict(default=None, type='list'), + ), + #supports_check_mode=True + ) + + zapi = ZabbixAPI(ZabbixConnection(module.params['zbx_server'], + module.params['zbx_user'], + module.params['zbx_password'], + module.params['zbx_debug'])) + + #Set the instance and the template for the rest of the calls + zbx_class_name = 'graph' + state = module.params['state'] + + content = zapi.get_content(zbx_class_name, + 'get', + {'filter': {'name': module.params['name']}, + #'templateids': templateid, + 'selectGraphItems': 'extend', + }) + + #******# + # GET + #******# + if state == 'list': + module.exit_json(changed=False, results=content['result'], state="list") + + #******# + # DELETE + #******# + if state == 'absent': + if not exists(content): + module.exit_json(changed=False, state="absent") + + content = zapi.get_content(zbx_class_name, 'delete', [content['result'][0]['graphid']]) + module.exit_json(changed=True, results=content['result'], state="absent") + + # Create and Update + if state == 'present': + + params = {'name': module.params['name'], + 'height': module.params['height'], + 'width': module.params['width'], + 'graphtype': get_graph_type(module.params['graph_type']), + 'show_legend': get_show_legend(module.params['show_legend']), + 'gitems': get_graph_items(zapi, module.params['graph_items']), + } + + # Remove any None valued params + _ = [params.pop(key, None) for key in params.keys() if params[key] is None] + + #******# + # CREATE + #******# + if not exists(content): + content = zapi.get_content(zbx_class_name, 'create', params) + + if content.has_key('error'): + module.exit_json(failed=True, changed=True, results=content['error'], state="present") + + module.exit_json(changed=True, results=content['result'], state='present') + + + ######## + # UPDATE + ######## + differences = {} + zab_results = content['result'][0] + for key, value in params.items(): + + if key == 'gitems': + if not compare_gitems(zab_results[key], value): + differences[key] = value + + elif zab_results[key] != value and zab_results[key] != str(value): + differences[key] = value + + if not differences: + module.exit_json(changed=False, results=zab_results, state="present") + + # We have differences and need to update + differences['graphid'] = zab_results['graphid'] + content = zapi.get_content(zbx_class_name, 'update', differences) + + if content.has_key('error'): + module.exit_json(failed=True, changed=False, results=content['error'], state="present") + + module.exit_json(changed=True, results=content['result'], state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_zabbix/library/zbx_graphprototype.py b/roles/lib_zabbix/library/zbx_graphprototype.py new file mode 100644 index 000000000..8287c1e2d --- /dev/null +++ b/roles/lib_zabbix/library/zbx_graphprototype.py @@ -0,0 +1,331 @@ +#!/usr/bin/env python +''' + Ansible module for zabbix graphprototypes +''' +# vim: expandtab:tabstop=4:shiftwidth=4 +# +# Zabbix graphprototypes ansible module +# +# +# Copyright 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#--- +#- hosts: localhost +# gather_facts: no +# tasks: +# - zbx_graphprototype: +# zbx_server: https://zabbixserver/zabbix/api_jsonrpc.php +# zbx_user: Admin +# zbx_password: zabbix +# name: Test Graph +# height: 300 +# width: 500 +# graph_items: +# - item_name: Bytes per second IN on network interface {#OSO_NET_INTERFACE} +# color: red +# line_style: bold +# item_type: prototype +# - item_name: Template OS Linux: Bytes per second OUT on network interface {#OSO_NET_INTERFACE} +# item_type: prototype +# +# + +# This is in place because each module looks similar to each other. +# These need duplicate code as their behavior is very similar +# but different for each zabbix class. +# pylint: disable=duplicate-code + +# pylint: disable=import-error +from openshift_tools.monitoring.zbxapi import ZabbixAPI, ZabbixConnection + +def exists(content, key='result'): + ''' Check if key exists in content or the size of content[key] > 0 + ''' + if not content.has_key(key): + return False + + if not content[key]: + return False + + return True + +def get_graph_type(graphtype): + ''' + Possible values: + 0 - normal; + 1 - stacked; + 2 - pie; + 3 - exploded; + ''' + gtype = 0 + if 'stacked' in graphtype: + gtype = 1 + elif 'pie' in graphtype: + gtype = 2 + elif 'exploded' in graphtype: + gtype = 3 + + return gtype + +def get_show_legend(show_legend): + '''Get the value for show_legend + 0 - hide + 1 - (default) show + ''' + rval = 1 + if 'hide' == show_legend: + rval = 0 + + return rval + +def get_template_id(zapi, template_name): + ''' + get related templates + ''' + # Fetch templates by name + content = zapi.get_content('template', + 'get', + {'filter': {'host': template_name},}) + + if content.has_key('result'): + return content['result'][0]['templateid'] + + return None + +def get_color(color_in='black'): + ''' Receive a color and translate it to a hex representation of the color + + Will have a few setup by default + ''' + colors = {'black': '000000', + 'red': 'FF0000', + 'pink': 'FFC0CB', + 'purple': '800080', + 'orange': 'FFA500', + 'gold': 'FFD700', + 'yellow': 'FFFF00', + 'green': '008000', + 'cyan': '00FFFF', + 'aqua': '00FFFF', + 'blue': '0000FF', + 'brown': 'A52A2A', + 'gray': '808080', + 'grey': '808080', + 'silver': 'C0C0C0', + } + if colors.has_key(color_in): + return colors[color_in] + + return color_in + +def get_line_style(style): + '''determine the line style + ''' + line_style = {'line': 0, + 'filled': 1, + 'bold': 2, + 'dot': 3, + 'dashed': 4, + 'gradient': 5, + } + + if line_style.has_key(style): + return line_style[style] + + return 0 + +def get_calc_function(func): + '''Determine the caclulation function''' + rval = 2 # default to avg + if 'min' in func: + rval = 1 + elif 'max' in func: + rval = 4 + elif 'all' in func: + rval = 7 + elif 'last' in func: + rval = 9 + + return rval + +def get_graph_item_type(gtype): + '''Determine the graph item type + ''' + rval = 0 # simple graph type + if 'sum' in gtype: + rval = 2 + + return rval + +def get_graph_items(zapi, gitems): + '''Get graph items by id''' + + r_items = [] + for item in gitems: + content = zapi.get_content('item%s' % item.get('item_type', ''), + 'get', + {'filter': {'name': item['item_name']}}) + _ = item.pop('item_name') + color = get_color(item.pop('color', 'black')) + drawtype = get_line_style(item.get('line_style', 'line')) + func = get_calc_function(item.get('calc_func', 'avg')) + g_type = get_graph_item_type(item.get('graph_item_type', 'simple')) + + if content.has_key('result'): + tmp = {'itemid': content['result'][0]['itemid'], + 'color': color, + 'drawtype': drawtype, + 'calc_fnc': func, + 'type': g_type, + } + r_items.append(tmp) + + return r_items + +def compare_gitems(zabbix_items, user_items): + '''Compare zabbix results with the user's supplied items + return True if user_items are equal + return False if any of the values differ + ''' + if len(zabbix_items) != len(user_items): + return False + + for u_item in user_items: + for z_item in zabbix_items: + if u_item['itemid'] == z_item['itemid']: + if not all([str(value) == z_item[key] for key, value in u_item.items()]): + return False + + return True + +# The branches are needed for CRUD and error handling +# pylint: disable=too-many-branches +def main(): + ''' + ansible zabbix module for zbx_graphprototypes + ''' + + module = AnsibleModule( + argument_spec=dict( + zbx_server=dict(default='https://localhost/zabbix/api_jsonrpc.php', type='str'), + zbx_user=dict(default=os.environ.get('ZABBIX_USER', None), type='str'), + zbx_password=dict(default=os.environ.get('ZABBIX_PASSWORD', None), type='str'), + zbx_debug=dict(default=False, type='bool'), + name=dict(default=None, type='str'), + height=dict(default=None, type='int'), + width=dict(default=None, type='int'), + graph_type=dict(default='normal', type='str'), + show_legend=dict(default='show', type='str'), + state=dict(default='present', type='str'), + graph_items=dict(default=None, type='list'), + ), + #supports_check_mode=True + ) + + zapi = ZabbixAPI(ZabbixConnection(module.params['zbx_server'], + module.params['zbx_user'], + module.params['zbx_password'], + module.params['zbx_debug'])) + + #Set the instance and the template for the rest of the calls + zbx_class_name = 'graphprototype' + state = module.params['state'] + + content = zapi.get_content(zbx_class_name, + 'get', + {'filter': {'name': module.params['name']}, + #'templateids': templateid, + 'selectGraphItems': 'extend', + }) + + #******# + # GET + #******# + if state == 'list': + module.exit_json(changed=False, results=content['result'], state="list") + + #******# + # DELETE + #******# + if state == 'absent': + if not exists(content): + module.exit_json(changed=False, state="absent") + + content = zapi.get_content(zbx_class_name, 'delete', [content['result'][0]['graphid']]) + module.exit_json(changed=True, results=content['result'], state="absent") + + # Create and Update + if state == 'present': + + params = {'name': module.params['name'], + 'height': module.params['height'], + 'width': module.params['width'], + 'graphtype': get_graph_type(module.params['graph_type']), + 'show_legend': get_show_legend(module.params['show_legend']), + 'gitems': get_graph_items(zapi, module.params['graph_items']), + } + + # Remove any None valued params + _ = [params.pop(key, None) for key in params.keys() if params[key] is None] + + #******# + # CREATE + #******# + if not exists(content): + content = zapi.get_content(zbx_class_name, 'create', params) + + if content.has_key('error'): + module.exit_json(failed=True, changed=True, results=content['error'], state="present") + + module.exit_json(changed=True, results=content['result'], state='present') + + + ######## + # UPDATE + ######## + differences = {} + zab_results = content['result'][0] + for key, value in params.items(): + + if key == 'gitems': + if not compare_gitems(zab_results[key], value): + differences[key] = value + + elif zab_results[key] != value and zab_results[key] != str(value): + differences[key] = value + + if not differences: + module.exit_json(changed=False, results=zab_results, state="present") + + # We have differences and need to update + differences['graphid'] = zab_results['graphid'] + content = zapi.get_content(zbx_class_name, 'update', differences) + + if content.has_key('error'): + module.exit_json(failed=True, changed=False, results=content['error'], state="present") + + module.exit_json(changed=True, results=content['result'], state="present") + + module.exit_json(failed=True, + changed=False, + results='Unknown state passed. %s' % state, + state="unknown") + +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, locally-disabled +# import module snippets. This are required +from ansible.module_utils.basic import * + +main() diff --git a/roles/lib_zabbix/library/zbx_httptest.py b/roles/lib_zabbix/library/zbx_httptest.py index 96733b3d1..6b28117ad 100644 --- a/roles/lib_zabbix/library/zbx_httptest.py +++ b/roles/lib_zabbix/library/zbx_httptest.py @@ -131,6 +131,14 @@ def steps_equal(zab_steps, user_steps): return True +def process_steps(steps): + '''Preprocess the step parameters''' + for idx, step in enumerate(steps): + if not step.has_key('no'): + step['no'] = idx + 1 + + return steps + # The branches are needed for CRUD and error handling # pylint: disable=too-many-branches def main(): @@ -218,7 +226,7 @@ def main(): 'hostid': hostid, 'agent': module.params['agent'], 'retries': module.params['retries'], - 'steps': module.params['steps'], + 'steps': process_steps(module.params['steps']), 'applicationid': get_app_id(zapi, module.params['application']), 'delay': module.params['interval'], 'verify_host': get_verify_host(module.params['verify_host']), diff --git a/roles/lib_zabbix/tasks/create_template.yml b/roles/lib_zabbix/tasks/create_template.yml index 2992505bf..47749389e 100644 --- a/roles/lib_zabbix/tasks/create_template.yml +++ b/roles/lib_zabbix/tasks/create_template.yml @@ -105,3 +105,27 @@ description: "{{ item.description | default('', True) }}" with_items: template.ztriggerprototypes when: template.ztriggerprototypes is defined + +- name: Create Graphs + zbx_graph: + zbx_server: "{{ server }}" + zbx_user: "{{ user }}" + zbx_password: "{{ password }}" + name: "{{ item.name }}" + height: "{{ item.height }}" + width: "{{ item.width }}" + graph_items: "{{ item.graph_items }}" + with_items: template.zgraphs + when: template.zgraphs is defined + +- name: Create Graph Prototypes + zbx_graphprototype: + zbx_server: "{{ server }}" + zbx_user: "{{ user }}" + zbx_password: "{{ password }}" + name: "{{ item.name }}" + height: "{{ item.height }}" + width: "{{ item.width }}" + graph_items: "{{ item.graph_items }}" + with_items: template.zgraphprototypes + when: template.zgraphprototypes is defined diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index e9df4e364..55065b3de 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -3,6 +3,10 @@ msg: Flannel can not be used with openshift sdn when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_flannel | default(false) | bool +- fail: + msg: openshift_hostname must be 64 characters or less + when: openshift_hostname is defined and openshift_hostname | length > 64 + - name: Set common Cluster facts openshift_facts: role: common @@ -18,3 +22,12 @@ deployment_type: "{{ openshift_deployment_type }}" use_fluentd: "{{ openshift_use_fluentd | default(None) }}" use_flannel: "{{ openshift_use_flannel | default(None) }}" + + # For enterprise versions < 3.1 and origin versions < 1.1 we want to set the + # hostname by default. +- set_fact: + set_hostname_default: "{{ not openshift.common.version_greater_than_3_1_or_1_1 }}" + +- name: Set hostname + hostname: name={{ openshift.common.hostname }} + when: openshift_set_hostname | default(set_hostname_default) | bool diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 6006bfa9d..b60e42c71 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1074,7 +1074,7 @@ class OpenShiftFacts(object): if 'node' in roles: node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16', - iptables_sync_period='5s') + iptables_sync_period='5s', set_node_ip=False) defaults['node'] = node return defaults diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 185bfb8f3..2cf2a53c4 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -1,13 +1,16 @@ --- -# TODO: add validation for openshift_master_identity_providers # TODO: add ability to configure certificates given either a local file to # point to or certificate contents, set in default cert locations. -- assert: - that: - - openshift_master_oauth_grant_method in openshift_master_valid_grant_methods - when: openshift_master_oauth_grant_method is defined +# Authentication Variable Validation +# TODO: validate the different identity provider kinds as well +- fail: + msg: > + Invalid OAuth grant method: {{ openshift_master_oauth_grant_method }} + when: openshift_master_oauth_grant_method is defined and openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods + +# HA Variable Validation - fail: msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations" when: openshift_master_ha | bool and ((openshift_master_cluster_method is not defined) or (openshift_master_cluster_method is defined and openshift_master_cluster_method not in ["native", "pacemaker"])) @@ -172,6 +175,9 @@ - restart master - restart master api +- set_fact: + translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1') }}" + # TODO: add the validate parameter when there is a validation command to run - name: Create master config template: diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 2a37c06d9..9f4a17f0a 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -107,7 +107,24 @@ networkConfig: {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.master.portal_net }} -{% include 'v1_partials/oauthConfig.j2' %} +oauthConfig: + assetPublicURL: {{ openshift.master.public_console_url }}/ + grantConfig: + method: {{ openshift.master.oauth_grant_method }} + identityProviders: +{% for line in translated_identity_providers.splitlines() %} + {{ line }} +{% endfor %} + masterCA: ca.crt + masterPublicURL: {{ openshift.master.public_api_url }} + masterURL: {{ openshift.master.api_url }} + sessionConfig: + sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }} + sessionName: {{ openshift.master.session_name }} + sessionSecretsFile: {{ openshift.master.session_secrets_file }} + tokenConfig: + accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }} + authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }} pauseControllers: false policyConfig: bootstrapPolicyFile: {{ openshift_master_policy }} diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 deleted file mode 100644 index 8a4f5a746..000000000 --- a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 +++ /dev/null @@ -1,93 +0,0 @@ -{% macro identity_provider_config(identity_provider) %} - apiVersion: v1 - kind: {{ identity_provider.kind }} -{% if identity_provider.kind == 'HTPasswdPasswordIdentityProvider' %} - file: {{ identity_provider.filename }} -{% elif identity_provider.kind == 'BasicAuthPasswordIdentityProvider' %} - url: {{ identity_provider.url }} -{% for key in ('ca', 'certFile', 'keyFile') %} -{% if key in identity_provider %} - {{ key }}: "{{ identity_provider[key] }}" -{% endif %} -{% endfor %} -{% elif identity_provider.kind == 'LDAPPasswordIdentityProvider' %} - attributes: -{% for attribute_key in identity_provider.attributes %} - {{ attribute_key }}: -{% for attribute_value in identity_provider.attributes[attribute_key] %} - - {{ attribute_value }} -{% endfor %} -{% endfor %} -{% for key in ('bindDN', 'bindPassword', 'ca') %} - {{ key }}: "{{ identity_provider[key] }}" -{% endfor %} -{% for key in ('insecure', 'url') %} - {{ key }}: {{ identity_provider[key] }} -{% endfor %} -{% elif identity_provider.kind == 'RequestHeaderIdentityProvider' %} - headers: {{ identity_provider.headers }} -{% if 'clientCA' in identity_provider %} - clientCA: {{ identity_provider.clientCA }} -{% endif %} -{% elif identity_provider.kind == 'GitHubIdentityProvider' %} - clientID: {{ identity_provider.clientID }} - clientSecret: {{ identity_provider.clientSecret }} -{% elif identity_provider.kind == 'GoogleIdentityProvider' %} - clientID: {{ identity_provider.clientID }} - clientSecret: {{ identity_provider.clientSecret }} -{% if 'hostedDomain' in identity_provider %} - hostedDomain: {{ identity_provider.hostedDomain }} -{% endif %} -{% elif identity_provider.kind == 'OpenIDIdentityProvider' %} - clientID: {{ identity_provider.clientID }} - clientSecret: {{ identity_provider.clientSecret }} - claims: - id: identity_provider.claims.id -{% for claim_key in ('preferredUsername', 'name', 'email') %} -{% if claim_key in identity_provider.claims %} - {{ claim_key }}: {{ identity_provider.claims[claim_key] }} -{% endif %} -{% endfor %} - urls: - authorize: {{ identity_provider.urls.authorize }} - token: {{ identity_provider.urls.token }} -{% if 'userInfo' in identity_provider.urls %} - userInfo: {{ identity_provider.userInfo }} -{% endif %} -{% if 'extraScopes' in identity_provider %} - extraScopes: -{% for scope in identity_provider.extraScopes %} - - {{ scope }} -{% endfor %} -{% endif %} -{% if 'extraAuthorizeParameters' in identity_provider %} - extraAuthorizeParameters: -{% for param_key, param_value in identity_provider.extraAuthorizeParameters.iteritems() %} - {{ param_key }}: {{ param_value }} -{% endfor %} -{% endif %} -{% endif %} -{% endmacro %} -oauthConfig: - assetPublicURL: {{ openshift.master.public_console_url }}/ - grantConfig: - method: {{ openshift.master.oauth_grant_method }} - identityProviders: -{% for identity_provider in openshift.master.identity_providers %} - - name: {{ identity_provider.name }} - challenge: {{ identity_provider.challenge }} - login: {{ identity_provider.login }} - provider: -{{ identity_provider_config(identity_provider) }} -{%- endfor %} - masterCA: ca.crt - masterPublicURL: {{ openshift.master.public_api_url }} - masterURL: {{ openshift.master.api_url }} - sessionConfig: - sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }} - sessionName: {{ openshift.master.session_name }} - sessionSecretsFile: {{ openshift.master.session_secrets_file }} - tokenConfig: - accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }} - authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }} -{# Comment to preserve newline after authorizeTokenMaxAgeSeconds #} diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index d11bc5123..42d984a09 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -34,6 +34,7 @@ schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" + set_node_ip: "{{ openshift_set_node_ip | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 7d2f506e3..41a303dee 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -23,7 +23,9 @@ networkConfig: {% if openshift.common.use_openshift_sdn %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} +{% if openshift.node.set_node_ip | bool %} nodeIP: {{ openshift.common.ip }} +{% endif %} nodeName: {{ openshift.common.hostname | lower }} podManifestConfig: servingInfo: diff --git a/roles/os_zabbix/tasks/main.yml b/roles/os_zabbix/tasks/main.yml index 59c89bb02..d0b307a3d 100644 --- a/roles/os_zabbix/tasks/main.yml +++ b/roles/os_zabbix/tasks/main.yml @@ -8,15 +8,35 @@ register: templates - include_vars: template_heartbeat.yml + tags: + - heartbeat - include_vars: template_os_linux.yml + tags: + - linux - include_vars: template_docker.yml + tags: + - docker - include_vars: template_openshift_master.yml + tags: + - openshift_master - include_vars: template_openshift_node.yml + tags: + - openshift_node - include_vars: template_ops_tools.yml + tags: + - ops_tools - include_vars: template_app_zabbix_server.yml + tags: + - zabbix_server - include_vars: template_app_zabbix_agent.yml + tags: + - zabbix_agent - include_vars: template_performance_copilot.yml + tags: + - pcp - include_vars: template_aws.yml + tags: + - aws - name: Include Template Heartbeat include: ../../lib_zabbix/tasks/create_template.yml @@ -25,6 +45,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - heartbeat - name: Include Template os_linux include: ../../lib_zabbix/tasks/create_template.yml @@ -33,6 +55,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - linux - name: Include Template docker include: ../../lib_zabbix/tasks/create_template.yml @@ -41,6 +65,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - docker - name: Include Template Openshift Master include: ../../lib_zabbix/tasks/create_template.yml @@ -49,6 +75,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - openshift_master - name: Include Template Openshift Node include: ../../lib_zabbix/tasks/create_template.yml @@ -57,6 +85,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - openshift_node - name: Include Template Ops Tools include: ../../lib_zabbix/tasks/create_template.yml @@ -65,6 +95,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - ops_tools - name: Include Template App Zabbix Server include: ../../lib_zabbix/tasks/create_template.yml @@ -73,6 +105,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - zabbix_server - name: Include Template App Zabbix Agent include: ../../lib_zabbix/tasks/create_template.yml @@ -81,6 +115,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - zabbix_agent - name: Include Template Performance Copilot include: ../../lib_zabbix/tasks/create_template.yml @@ -89,6 +125,8 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - pcp - name: Include Template AWS include: ../../lib_zabbix/tasks/create_template.yml @@ -97,3 +135,5 @@ server: "{{ ozb_server }}" user: "{{ ozb_user }}" password: "{{ ozb_password }}" + tags: + - aws diff --git a/roles/os_zabbix/vars/template_openshift_master.yml b/roles/os_zabbix/vars/template_openshift_master.yml index 512adad4c..8236cf135 100644 --- a/roles/os_zabbix/vars/template_openshift_master.yml +++ b/roles/os_zabbix/vars/template_openshift_master.yml @@ -244,3 +244,37 @@ g_template_openshift_master: expression: '{Template Openshift Master:openshift.master.etcd.ping.last(#1)}=0 and {Template Openshift Master:openshift.master.etcd.ping.last(#2)}=0' url: 'https://github.com/openshift/ops-sop/blob/master/V3/Alerts/check_etcd.asciidoc' priority: high + + zgraphs: + - name: Openshift Master API Server Latency Pods LIST Quantiles + width: 900 + height: 200 + graph_items: + - item_name: openshift.master.apiserver.latency.summary.pods.quantile.list.5 + color: red + - item_name: openshift.master.apiserver.latency.summary.pods.quantile.list.9 + color: blue + - item_name: openshift.master.apiserver.latency.summary.pods.quantile.list.99 + color: orange + + - name: Openshift Master API Server Latency Pods WATCHLIST Quantiles + width: 900 + height: 200 + graph_items: + - item_name: openshift.master.apiserver.latency.summary.pods.quantile.watchlist.5 + color: red + - item_name: openshift.master.apiserver.latency.summary.pods.quantile.watchlist.9 + color: blue + - item_name: openshift.master.apiserver.latency.summary.pods.quantile.watchlist.99 + color: orange + + - name: Openshift Master Scheduler End to End Latency Quantiles + width: 900 + height: 200 + graph_items: + - item_name: openshift.master.scheduler.e2e.scheduling.latency.quantile.5 + color: red + - item_name: openshift.master.scheduler.e2e.scheduling.latency.quantile.9 + color: blue + - item_name: openshift.master.scheduler.e2e.scheduling.latency.quantile.99 + color: orange diff --git a/roles/os_zabbix/vars/template_os_linux.yml b/roles/os_zabbix/vars/template_os_linux.yml index 04665be62..79d52ef9b 100644 --- a/roles/os_zabbix/vars/template_os_linux.yml +++ b/roles/os_zabbix/vars/template_os_linux.yml @@ -304,3 +304,15 @@ g_template_os_linux: description: 'CPU is less than 10% idle' dependencies: - 'CPU idle less than 5% on {HOST.NAME}' + + zgraphprototypes: + - name: Network Interface Usage + width: 1000 + height: 400 + graph_items: + - item_name: "Bytes per second IN on network interface {#OSO_NET_INTERFACE}" + item_type: prototype + color: red + - item_name: "Bytes per second OUT on network interface {#OSO_NET_INTERFACE}" + item_type: prototype + color: blue |