summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/lib_openshift/library/oadm_manage_node.py15
-rw-r--r--roles/lib_openshift/library/oc_edit.py15
-rw-r--r--roles/lib_openshift/library/oc_label.py15
-rw-r--r--roles/lib_openshift/library/oc_obj.py15
-rw-r--r--roles/lib_openshift/library/oc_route.py127
-rw-r--r--roles/lib_openshift/library/oc_scale.py15
-rw-r--r--roles/lib_openshift/library/oc_secret.py15
-rw-r--r--roles/lib_openshift/library/oc_service.py15
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount.py15
-rw-r--r--roles/lib_openshift/library/oc_serviceaccount_secret.py15
-rw-r--r--roles/lib_openshift/library/oc_version.py15
-rw-r--r--roles/lib_openshift/src/ansible/oc_route.py39
-rw-r--r--roles/lib_openshift/src/class/oc_route.py43
-rw-r--r--roles/lib_openshift/src/doc/route6
-rw-r--r--roles/lib_openshift/src/lib/base.py15
-rw-r--r--roles/lib_openshift/src/lib/route.py24
-rwxr-xr-xroles/lib_openshift/src/test/integration/oc_route.yml40
-rwxr-xr-xroles/lib_openshift/src/test/unit/oadm_manage_node.py15
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_label.py14
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_route.py258
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_scale.py21
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_secret.py7
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_service.py14
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_serviceaccount.py7
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py14
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_version.py7
-rw-r--r--roles/openshift_ca/tasks/main.yml2
-rw-r--r--roles/openshift_metrics/README.md4
-rw-r--r--roles/openshift_metrics/defaults/main.yaml4
-rw-r--r--roles/openshift_metrics/tasks/generate_certificates.yaml15
-rw-r--r--roles/openshift_metrics/tasks/generate_rolebindings.yaml18
-rw-r--r--roles/openshift_metrics/tasks/generate_serviceaccounts.yaml12
-rw-r--r--roles/openshift_metrics/tasks/generate_services.yaml13
-rw-r--r--roles/openshift_metrics/tasks/install_cassandra.yaml8
-rw-r--r--roles/openshift_metrics/tasks/install_heapster.yaml52
-rw-r--r--roles/openshift_metrics/tasks/install_metrics.yaml16
-rw-r--r--roles/openshift_metrics/tasks/pre_install.yaml27
-rw-r--r--roles/openshift_metrics/tasks/start_metrics.yaml3
-rw-r--r--roles/openshift_metrics/tasks/stop_metrics.yaml2
-rw-r--r--roles/openshift_metrics/templates/hawkular_cassandra_rc.j22
40 files changed, 775 insertions, 204 deletions
diff --git a/roles/lib_openshift/library/oadm_manage_node.py b/roles/lib_openshift/library/oadm_manage_node.py
index 94fe5b019..8e217ac28 100644
--- a/roles/lib_openshift/library/oadm_manage_node.py
+++ b/roles/lib_openshift/library/oadm_manage_node.py
@@ -731,7 +731,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -1017,7 +1017,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py
index c934d55b9..11b87a015 100644
--- a/roles/lib_openshift/library/oc_edit.py
+++ b/roles/lib_openshift/library/oc_edit.py
@@ -759,7 +759,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -1045,7 +1045,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py
index 5a6f06b89..f67eb2552 100644
--- a/roles/lib_openshift/library/oc_label.py
+++ b/roles/lib_openshift/library/oc_label.py
@@ -735,7 +735,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -1021,7 +1021,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py
index 6c4bd1a2d..e4b8ac26c 100644
--- a/roles/lib_openshift/library/oc_obj.py
+++ b/roles/lib_openshift/library/oc_obj.py
@@ -738,7 +738,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -1024,7 +1024,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index 6ee34bafb..982a43ba3 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -145,6 +145,12 @@ options:
required: false
default: None
aliases: []
+ port:
+ description:
+ - The Name of the service port or number of the container port the route will route traffic to
+ required: false
+ default: None
+ aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
@@ -763,7 +769,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -1049,7 +1055,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
@@ -1313,7 +1330,8 @@ class RouteConfig(object):
tls_termination=None,
service_name=None,
wildcard_policy=None,
- weight=None):
+ weight=None,
+ port=None):
''' constructor for handling route options '''
self.kubeconfig = kubeconfig
self.name = sname
@@ -1325,6 +1343,7 @@ class RouteConfig(object):
self.cert = cert
self.key = key
self.service_name = service_name
+ self.port = port
self.data = {}
self.wildcard_policy = wildcard_policy
if wildcard_policy is None:
@@ -1349,12 +1368,15 @@ class RouteConfig(object):
if self.tls_termination:
self.data['spec']['tls'] = {}
+ self.data['spec']['tls']['termination'] = self.tls_termination
+
+ if self.tls_termination != 'passthrough':
+ self.data['spec']['tls']['key'] = self.key
+ self.data['spec']['tls']['caCertificate'] = self.cacert
+ self.data['spec']['tls']['certificate'] = self.cert
+
if self.tls_termination == 'reencrypt':
self.data['spec']['tls']['destinationCACertificate'] = self.destcacert
- self.data['spec']['tls']['key'] = self.key
- self.data['spec']['tls']['caCertificate'] = self.cacert
- self.data['spec']['tls']['certificate'] = self.cert
- self.data['spec']['tls']['termination'] = self.tls_termination
self.data['spec']['to'] = {'kind': 'Service',
'name': self.service_name,
@@ -1362,11 +1384,16 @@ class RouteConfig(object):
self.data['spec']['wildcardPolicy'] = self.wildcard_policy
+ if self.port:
+ self.data['spec']['port'] = {}
+ self.data['spec']['port']['targetPort'] = self.port
+
# pylint: disable=too-many-instance-attributes,too-many-public-methods
class Route(Yedit):
''' Class to wrap the oc command line tools '''
wildcard_policy = "spec.wildcardPolicy"
host_path = "spec.host"
+ port_path = "spec.port.targetPort"
service_path = "spec.to.name"
weight_path = "spec.to.weight"
cert_path = "spec.tls.certificate"
@@ -1412,6 +1439,10 @@ class Route(Yedit):
''' return host '''
return self.get(Route.host_path)
+ def get_port(self):
+ ''' return port '''
+ return self.get(Route.port_path)
+
def get_wildcard_policy(self):
''' return wildcardPolicy '''
return self.get(Route.wildcard_policy)
@@ -1483,9 +1514,23 @@ class OCRoute(OpenShiftCLI):
skip = []
return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=True)
+ @staticmethod
+ def get_cert_data(path, content):
+ '''get the data for a particular value'''
+ if not path and not content:
+ return None
+
+ rval = None
+ if path and os.path.exists(path) and os.access(path, os.R_OK):
+ rval = open(path).read()
+ elif content:
+ rval = content
+
+ return rval
+
# pylint: disable=too-many-return-statements,too-many-branches
@staticmethod
- def run_ansible(params, files, check_mode=False):
+ def run_ansible(params, check_mode=False):
''' run the idempotent asnible code
params comes from the ansible portion for this module
@@ -1497,6 +1542,30 @@ class OCRoute(OpenShiftCLI):
}
check_mode: does the module support check mode. (module.check_mode)
'''
+ files = {'destcacert': {'path': params['dest_cacert_path'],
+ 'content': params['dest_cacert_content'],
+ 'value': None, },
+ 'cacert': {'path': params['cacert_path'],
+ 'content': params['cacert_content'],
+ 'value': None, },
+ 'cert': {'path': params['cert_path'],
+ 'content': params['cert_content'],
+ 'value': None, },
+ 'key': {'path': params['key_path'],
+ 'content': params['key_content'],
+ 'value': None, }, }
+
+ if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501
+
+ for key, option in files.items():
+ if key == 'destcacert' and params['tls_termination'] != 'reencrypt':
+ continue
+
+ option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501
+
+ if not option['value']:
+ return {'failed': True,
+ 'msg': 'Verify that you pass a value for %s' % key}
rconfig = RouteConfig(params['name'],
params['namespace'],
@@ -1509,7 +1578,8 @@ class OCRoute(OpenShiftCLI):
params['tls_termination'],
params['service_name'],
params['wildcard_policy'],
- params['weight'])
+ params['weight'],
+ params['port'])
oc_route = OCRoute(rconfig, verbose=params['debug'])
@@ -1593,20 +1663,6 @@ class OCRoute(OpenShiftCLI):
# -*- -*- -*- Begin included fragment: ansible/oc_route.py -*- -*- -*-
-def get_cert_data(path, content):
- '''get the data for a particular value'''
- if not path and not content:
- return None
-
- rval = None
- if path and os.path.exists(path) and os.access(path, os.R_OK):
- rval = open(path).read()
- elif content:
- rval = content
-
- return rval
-
-
# pylint: disable=too-many-branches
def main():
'''
@@ -1633,6 +1689,7 @@ def main():
host=dict(default=None, type='str'),
wildcard_policy=dict(default=None, type='str'),
weight=dict(default=None, type='int'),
+ port=dict(default=None, type='int'),
),
mutually_exclusive=[('dest_cacert_path', 'dest_cacert_content'),
('cacert_path', 'cacert_content'),
@@ -1640,30 +1697,8 @@ def main():
('key_path', 'key_content'), ],
supports_check_mode=True,
)
- files = {'destcacert': {'path': module.params['dest_cacert_path'],
- 'content': module.params['dest_cacert_content'],
- 'value': None, },
- 'cacert': {'path': module.params['cacert_path'],
- 'content': module.params['cacert_content'],
- 'value': None, },
- 'cert': {'path': module.params['cert_path'],
- 'content': module.params['cert_content'],
- 'value': None, },
- 'key': {'path': module.params['key_path'],
- 'content': module.params['key_content'],
- 'value': None, }, }
-
- if module.params['tls_termination']:
- for key, option in files.items():
- if key == 'destcacert' and module.params['tls_termination'] != 'reencrypt':
- continue
-
- option['value'] = get_cert_data(option['path'], option['content'])
-
- if not option['value']:
- module.fail_json(msg='Verify that you pass a value for %s' % key)
- results = OCRoute.run_ansible(module.params, files, module.check_mode)
+ results = OCRoute.run_ansible(module.params, module.check_mode)
if 'failed' in results:
module.fail_json(**results)
diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py
index 63d818c66..48a629b5e 100644
--- a/roles/lib_openshift/library/oc_scale.py
+++ b/roles/lib_openshift/library/oc_scale.py
@@ -713,7 +713,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -999,7 +999,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py
index 978c5741d..526474f17 100644
--- a/roles/lib_openshift/library/oc_secret.py
+++ b/roles/lib_openshift/library/oc_secret.py
@@ -759,7 +759,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -1045,7 +1045,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py
index edaa97af5..a9baef765 100644
--- a/roles/lib_openshift/library/oc_service.py
+++ b/roles/lib_openshift/library/oc_service.py
@@ -765,7 +765,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -1051,7 +1051,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py
index 7b34f298b..cd0847963 100644
--- a/roles/lib_openshift/library/oc_serviceaccount.py
+++ b/roles/lib_openshift/library/oc_serviceaccount.py
@@ -711,7 +711,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -997,7 +997,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py
index 9a2bd81cd..e22ccbfc2 100644
--- a/roles/lib_openshift/library/oc_serviceaccount_secret.py
+++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py
@@ -711,7 +711,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -997,7 +997,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py
index b3c4edd98..e44375ffa 100644
--- a/roles/lib_openshift/library/oc_version.py
+++ b/roles/lib_openshift/library/oc_version.py
@@ -683,7 +683,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -969,7 +969,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/src/ansible/oc_route.py b/roles/lib_openshift/src/ansible/oc_route.py
index c87e6738f..f2f5c5095 100644
--- a/roles/lib_openshift/src/ansible/oc_route.py
+++ b/roles/lib_openshift/src/ansible/oc_route.py
@@ -2,20 +2,6 @@
# flake8: noqa
-def get_cert_data(path, content):
- '''get the data for a particular value'''
- if not path and not content:
- return None
-
- rval = None
- if path and os.path.exists(path) and os.access(path, os.R_OK):
- rval = open(path).read()
- elif content:
- rval = content
-
- return rval
-
-
# pylint: disable=too-many-branches
def main():
'''
@@ -42,6 +28,7 @@ def main():
host=dict(default=None, type='str'),
wildcard_policy=dict(default=None, type='str'),
weight=dict(default=None, type='int'),
+ port=dict(default=None, type='int'),
),
mutually_exclusive=[('dest_cacert_path', 'dest_cacert_content'),
('cacert_path', 'cacert_content'),
@@ -49,30 +36,8 @@ def main():
('key_path', 'key_content'), ],
supports_check_mode=True,
)
- files = {'destcacert': {'path': module.params['dest_cacert_path'],
- 'content': module.params['dest_cacert_content'],
- 'value': None, },
- 'cacert': {'path': module.params['cacert_path'],
- 'content': module.params['cacert_content'],
- 'value': None, },
- 'cert': {'path': module.params['cert_path'],
- 'content': module.params['cert_content'],
- 'value': None, },
- 'key': {'path': module.params['key_path'],
- 'content': module.params['key_content'],
- 'value': None, }, }
-
- if module.params['tls_termination']:
- for key, option in files.items():
- if key == 'destcacert' and module.params['tls_termination'] != 'reencrypt':
- continue
-
- option['value'] = get_cert_data(option['path'], option['content'])
-
- if not option['value']:
- module.fail_json(msg='Verify that you pass a value for %s' % key)
- results = OCRoute.run_ansible(module.params, files, module.check_mode)
+ results = OCRoute.run_ansible(module.params, module.check_mode)
if 'failed' in results:
module.fail_json(**results)
diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py
index 42af2c01c..42388ad0b 100644
--- a/roles/lib_openshift/src/class/oc_route.py
+++ b/roles/lib_openshift/src/class/oc_route.py
@@ -64,9 +64,23 @@ class OCRoute(OpenShiftCLI):
skip = []
return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=True)
+ @staticmethod
+ def get_cert_data(path, content):
+ '''get the data for a particular value'''
+ if not path and not content:
+ return None
+
+ rval = None
+ if path and os.path.exists(path) and os.access(path, os.R_OK):
+ rval = open(path).read()
+ elif content:
+ rval = content
+
+ return rval
+
# pylint: disable=too-many-return-statements,too-many-branches
@staticmethod
- def run_ansible(params, files, check_mode=False):
+ def run_ansible(params, check_mode=False):
''' run the idempotent asnible code
params comes from the ansible portion for this module
@@ -78,6 +92,30 @@ class OCRoute(OpenShiftCLI):
}
check_mode: does the module support check mode. (module.check_mode)
'''
+ files = {'destcacert': {'path': params['dest_cacert_path'],
+ 'content': params['dest_cacert_content'],
+ 'value': None, },
+ 'cacert': {'path': params['cacert_path'],
+ 'content': params['cacert_content'],
+ 'value': None, },
+ 'cert': {'path': params['cert_path'],
+ 'content': params['cert_content'],
+ 'value': None, },
+ 'key': {'path': params['key_path'],
+ 'content': params['key_content'],
+ 'value': None, }, }
+
+ if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501
+
+ for key, option in files.items():
+ if key == 'destcacert' and params['tls_termination'] != 'reencrypt':
+ continue
+
+ option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501
+
+ if not option['value']:
+ return {'failed': True,
+ 'msg': 'Verify that you pass a value for %s' % key}
rconfig = RouteConfig(params['name'],
params['namespace'],
@@ -90,7 +128,8 @@ class OCRoute(OpenShiftCLI):
params['tls_termination'],
params['service_name'],
params['wildcard_policy'],
- params['weight'])
+ params['weight'],
+ params['port'])
oc_route = OCRoute(rconfig, verbose=params['debug'])
diff --git a/roles/lib_openshift/src/doc/route b/roles/lib_openshift/src/doc/route
index 1797d4d33..a12999c9e 100644
--- a/roles/lib_openshift/src/doc/route
+++ b/roles/lib_openshift/src/doc/route
@@ -99,6 +99,12 @@ options:
required: false
default: None
aliases: []
+ port:
+ description:
+ - The Name of the service port or number of the container port the route will route traffic to
+ required: false
+ default: None
+ aliases: []
author:
- "Kenny Woodson <kwoodson@redhat.com>"
extends_documentation_fragment: []
diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py
index d0843c03e..a895b40b3 100644
--- a/roles/lib_openshift/src/lib/base.py
+++ b/roles/lib_openshift/src/lib/base.py
@@ -20,7 +20,7 @@ class OpenShiftCLI(object):
''' Constructor for OpenshiftCLI '''
self.namespace = namespace
self.verbose = verbose
- self.kubeconfig = kubeconfig
+ self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig)
self.all_namespaces = all_namespaces
# Pylint allows only 5 arguments to be passed.
@@ -306,7 +306,18 @@ class Utils(object):
return tmp
@staticmethod
- def create_tmpfile(prefix=None):
+ def create_tmpfile_copy(inc_file):
+ '''create a temporary copy of a file'''
+ tmpfile = Utils.create_tmpfile('lib_openshift-')
+ Utils._write(tmpfile, open(inc_file).read())
+
+ # Cleanup the tmpfile
+ atexit.register(Utils.cleanup, [tmpfile])
+
+ return tmpfile
+
+ @staticmethod
+ def create_tmpfile(prefix='tmp'):
''' Generates and returns a temporary file name '''
with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp:
diff --git a/roles/lib_openshift/src/lib/route.py b/roles/lib_openshift/src/lib/route.py
index 3130e7358..3b54a24fb 100644
--- a/roles/lib_openshift/src/lib/route.py
+++ b/roles/lib_openshift/src/lib/route.py
@@ -19,7 +19,8 @@ class RouteConfig(object):
tls_termination=None,
service_name=None,
wildcard_policy=None,
- weight=None):
+ weight=None,
+ port=None):
''' constructor for handling route options '''
self.kubeconfig = kubeconfig
self.name = sname
@@ -31,6 +32,7 @@ class RouteConfig(object):
self.cert = cert
self.key = key
self.service_name = service_name
+ self.port = port
self.data = {}
self.wildcard_policy = wildcard_policy
if wildcard_policy is None:
@@ -55,12 +57,15 @@ class RouteConfig(object):
if self.tls_termination:
self.data['spec']['tls'] = {}
+ self.data['spec']['tls']['termination'] = self.tls_termination
+
+ if self.tls_termination != 'passthrough':
+ self.data['spec']['tls']['key'] = self.key
+ self.data['spec']['tls']['caCertificate'] = self.cacert
+ self.data['spec']['tls']['certificate'] = self.cert
+
if self.tls_termination == 'reencrypt':
self.data['spec']['tls']['destinationCACertificate'] = self.destcacert
- self.data['spec']['tls']['key'] = self.key
- self.data['spec']['tls']['caCertificate'] = self.cacert
- self.data['spec']['tls']['certificate'] = self.cert
- self.data['spec']['tls']['termination'] = self.tls_termination
self.data['spec']['to'] = {'kind': 'Service',
'name': self.service_name,
@@ -68,11 +73,16 @@ class RouteConfig(object):
self.data['spec']['wildcardPolicy'] = self.wildcard_policy
+ if self.port:
+ self.data['spec']['port'] = {}
+ self.data['spec']['port']['targetPort'] = self.port
+
# pylint: disable=too-many-instance-attributes,too-many-public-methods
class Route(Yedit):
''' Class to wrap the oc command line tools '''
wildcard_policy = "spec.wildcardPolicy"
host_path = "spec.host"
+ port_path = "spec.port.targetPort"
service_path = "spec.to.name"
weight_path = "spec.to.weight"
cert_path = "spec.tls.certificate"
@@ -118,6 +128,10 @@ class Route(Yedit):
''' return host '''
return self.get(Route.host_path)
+ def get_port(self):
+ ''' return port '''
+ return self.get(Route.port_path)
+
def get_wildcard_policy(self):
''' return wildcardPolicy '''
return self.get(Route.wildcard_policy)
diff --git a/roles/lib_openshift/src/test/integration/oc_route.yml b/roles/lib_openshift/src/test/integration/oc_route.yml
index 620d5d5e7..b9d635eaa 100755
--- a/roles/lib_openshift/src/test/integration/oc_route.yml
+++ b/roles/lib_openshift/src/test/integration/oc_route.yml
@@ -75,3 +75,43 @@
- assert:
that: "routeout.changed == False"
msg: Route create not idempotent
+
+ - name: delete route
+ oc_route:
+ name: test
+ namespace: default
+ state: absent
+ register: routeout
+
+ - name: create route
+ oc_route:
+ name: test
+ namespace: default
+ tls_termination: passthrough
+ service_name: test
+ host: test.example
+ port: 8443
+ register: routeout
+
+ - assert:
+ that:
+ - "routeout.changed == True"
+ - "routeout.results['results'][0]['spec']['port']['targetPort'] == 8443"
+ msg: Route create not idempotent
+
+ - name: create route
+ oc_route:
+ name: test
+ namespace: default
+ tls_termination: passthrough
+ service_name: test
+ host: test.example
+ port: 8444
+ register: routeout
+ - debug: var=routeout
+
+ - assert:
+ that:
+ - "routeout.changed == True"
+ - "routeout.results.results[0]['spec']['port']['targetPort'] == 8444"
+ msg: Route update not idempotent
diff --git a/roles/lib_openshift/src/test/unit/oadm_manage_node.py b/roles/lib_openshift/src/test/unit/oadm_manage_node.py
index 8fd6f9c55..b0786dfac 100755
--- a/roles/lib_openshift/src/test/unit/oadm_manage_node.py
+++ b/roles/lib_openshift/src/test/unit/oadm_manage_node.py
@@ -35,8 +35,9 @@ class ManageNodeTest(unittest.TestCase):
''' setup method will create a file and set to known configuration '''
pass
+ @mock.patch('oadm_manage_node.Utils.create_tmpfile_copy')
@mock.patch('oadm_manage_node.ManageNode.openshift_cmd')
- def test_list_pods(self, mock_openshift_cmd):
+ def test_list_pods(self, mock_openshift_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'node': ['ip-172-31-49-140.ec2.internal'],
'schedulable': None,
@@ -106,6 +107,10 @@ class ManageNodeTest(unittest.TestCase):
"returncode": 0}
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = ManageNode.run_ansible(params, False)
# returned a single node
@@ -113,8 +118,9 @@ class ManageNodeTest(unittest.TestCase):
# returned 2 pods
self.assertTrue(len(results['results']['nodes']['ip-172-31-49-140.ec2.internal']) == 2)
+ @mock.patch('oadm_manage_node.Utils.create_tmpfile_copy')
@mock.patch('oadm_manage_node.ManageNode.openshift_cmd')
- def test_schedulable_false(self, mock_openshift_cmd):
+ def test_schedulable_false(self, mock_openshift_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'node': ['ip-172-31-49-140.ec2.internal'],
'schedulable': False,
@@ -162,6 +168,11 @@ class ManageNodeTest(unittest.TestCase):
"results": "NAME STATUS AGE\n" +
"ip-172-31-49-140.ec2.internal Ready,SchedulingDisabled 5h\n",
"returncode": 0}]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = ManageNode.run_ansible(params, False)
self.assertTrue(results['changed'])
diff --git a/roles/lib_openshift/src/test/unit/oc_label.py b/roles/lib_openshift/src/test/unit/oc_label.py
index 3f7162070..3176987b0 100755
--- a/roles/lib_openshift/src/test/unit/oc_label.py
+++ b/roles/lib_openshift/src/test/unit/oc_label.py
@@ -35,8 +35,9 @@ class OCLabelTest(unittest.TestCase):
''' setup method will create a file and set to known configuration '''
pass
+ @mock.patch('oc_label.Utils.create_tmpfile_copy')
@mock.patch('oc_label.OCLabel._run')
- def test_state_list(self, mock_cmd):
+ def test_state_list(self, mock_cmd, mock_tmpfile_copy):
''' Testing a label list '''
params = {'name': 'default',
'namespace': 'default',
@@ -82,13 +83,18 @@ class OCLabelTest(unittest.TestCase):
(0, ns, ''),
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = OCLabel.run_ansible(params, False)
self.assertFalse(results['changed'])
self.assertTrue(results['results']['labels'] == [{'storage_pv_quota': 'False'}])
+ @mock.patch('oc_label.Utils.create_tmpfile_copy')
@mock.patch('oc_label.OCLabel._run')
- def test_state_present(self, mock_cmd):
+ def test_state_present(self, mock_cmd, mock_tmpfile_copy):
''' Testing a label list '''
params = {'name': 'default',
'namespace': 'default',
@@ -171,6 +177,10 @@ class OCLabelTest(unittest.TestCase):
(0, ns1, ''),
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = OCLabel.run_ansible(params, False)
self.assertTrue(results['changed'])
diff --git a/roles/lib_openshift/src/test/unit/oc_route.py b/roles/lib_openshift/src/test/unit/oc_route.py
new file mode 100755
index 000000000..fcfa88cbf
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/oc_route.py
@@ -0,0 +1,258 @@
+#!/usr/bin/env python2
+'''
+ Unit tests for oc route
+'''
+# To run:
+# ./oc_serviceaccount.py
+#
+# .
+# Ran 1 test in 0.002s
+#
+# OK
+
+import os
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error,wrong-import-position
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_route import OCRoute # noqa: E402
+
+
+class OCRouteTest(unittest.TestCase):
+ '''
+ Test class for OCServiceAccount
+ '''
+
+ def setUp(self):
+ ''' setup method will create a file and set to known configuration '''
+ pass
+
+ @mock.patch('oc_route.OCRoute._run')
+ def test_list_route(self, mock_cmd):
+ ''' Testing getting a route '''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'state': 'list',
+ 'debug': False,
+ 'name': 'test',
+ 'namespace': 'default',
+ 'tls_termination': 'passthrough',
+ 'dest_cacert_path': None,
+ 'cacert_path': None,
+ 'cert_path': None,
+ 'key_path': None,
+ 'dest_cacert_content': None,
+ 'cacert_content': None,
+ 'cert_content': None,
+ 'key_content': None,
+ 'service_name': 'testservice',
+ 'host': 'test.openshift.com',
+ 'wildcard_policy': None,
+ 'weight': None,
+ 'port': None
+ }
+
+ route_result = '''{
+ "kind": "Route",
+ "apiVersion": "v1",
+ "metadata": {
+ "name": "test",
+ "namespace": "default",
+ "selfLink": "/oapi/v1/namespaces/default/routes/test",
+ "uid": "1b127c67-ecd9-11e6-96eb-0e0d9bdacd26",
+ "resourceVersion": "439182",
+ "creationTimestamp": "2017-02-07T01:59:48Z"
+ },
+ "spec": {
+ "host": "test.example",
+ "to": {
+ "kind": "Service",
+ "name": "test",
+ "weight": 100
+ },
+ "port": {
+ "targetPort": 8443
+ },
+ "tls": {
+ "termination": "passthrough"
+ },
+ "wildcardPolicy": "None"
+ },
+ "status": {
+ "ingress": [
+ {
+ "host": "test.example",
+ "routerName": "router",
+ "conditions": [
+ {
+ "type": "Admitted",
+ "status": "True",
+ "lastTransitionTime": "2017-02-07T01:59:48Z"
+ }
+ ],
+ "wildcardPolicy": "None"
+ }
+ ]
+ }
+ }'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ # First call to mock
+ (0, route_result, ''),
+ ]
+
+ # Act
+ results = OCRoute.run_ansible(params, False)
+
+ # Assert
+ self.assertFalse(results['changed'])
+ self.assertEqual(results['state'], 'list')
+ self.assertEqual(results['results'][0]['metadata']['name'], 'test')
+
+ # Making sure our mock was called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', '-n', 'default', 'get', 'route', 'test', '-o', 'json'], None),
+ ])
+
+ @mock.patch('oc_route.Yedit._write')
+ @mock.patch('oc_route.OCRoute._run')
+ def test_create_route(self, mock_cmd, mock_write):
+ ''' Testing getting a route '''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ 'state': 'present',
+ 'debug': False,
+ 'name': 'test',
+ 'namespace': 'default',
+ 'tls_termination': 'edge',
+ 'dest_cacert_path': None,
+ 'cacert_path': None,
+ 'cert_path': None,
+ 'key_path': None,
+ 'dest_cacert_content': None,
+ 'cacert_content': 'testing',
+ 'cert_content': 'testing',
+ 'key_content': 'testing',
+ 'service_name': 'testservice',
+ 'host': 'test.openshift.com',
+ 'wildcard_policy': None,
+ 'weight': None,
+ 'port': None
+ }
+
+ route_result = '''{
+ "apiVersion": "v1",
+ "kind": "Route",
+ "metadata": {
+ "creationTimestamp": "2017-02-07T20:55:10Z",
+ "name": "test",
+ "namespace": "default",
+ "resourceVersion": "517745",
+ "selfLink": "/oapi/v1/namespaces/default/routes/test",
+ "uid": "b6f25898-ed77-11e6-9755-0e737db1e63a"
+ },
+ "spec": {
+ "host": "test.openshift.com",
+ "tls": {
+ "caCertificate": "testing",
+ "certificate": "testing",
+ "key": "testing",
+ "termination": "edge"
+ },
+ "to": {
+ "kind": "Service",
+ "name": "testservice",
+ "weight": 100
+ },
+ "wildcardPolicy": "None"
+ },
+ "status": {
+ "ingress": [
+ {
+ "conditions": [
+ {
+ "lastTransitionTime": "2017-02-07T20:55:10Z",
+ "status": "True",
+ "type": "Admitted"
+ }
+ ],
+ "host": "test.openshift.com",
+ "routerName": "router",
+ "wildcardPolicy": "None"
+ }
+ ]
+ }
+ }'''
+
+ test_route = '''\
+kind: Route
+spec:
+ tls:
+ caCertificate: testing
+ termination: edge
+ certificate: testing
+ key: testing
+ to:
+ kind: Service
+ name: testservice
+ weight: 100
+ host: test.openshift.com
+ wildcardPolicy: None
+apiVersion: v1
+metadata:
+ namespace: default
+ name: test
+'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ # First call to mock
+ (1, '', 'Error from server: routes "test" not found'),
+ (1, '', 'Error from server: routes "test" not found'),
+ (0, 'route "test" created', ''),
+ (0, route_result, ''),
+ ]
+
+ mock_write.assert_has_calls = [
+ # First call to mock
+ mock.call('/tmp/test', test_route)
+ ]
+
+ # Act
+ results = OCRoute.run_ansible(params, False)
+
+ # Assert
+ self.assertTrue(results['changed'])
+ self.assertEqual(results['state'], 'present')
+ self.assertEqual(results['results']['results'][0]['metadata']['name'], 'test')
+
+ # Making sure our mock was called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', '-n', 'default', 'get', 'route', 'test', '-o', 'json'], None),
+ mock.call(['oc', '-n', 'default', 'create', '-f', '/tmp/test'], None),
+ ])
+
+ def tearDown(self):
+ '''TearDown method'''
+ pass
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/roles/lib_openshift/src/test/unit/oc_scale.py b/roles/lib_openshift/src/test/unit/oc_scale.py
index d8d5a231f..f15eb164d 100755
--- a/roles/lib_openshift/src/test/unit/oc_scale.py
+++ b/roles/lib_openshift/src/test/unit/oc_scale.py
@@ -35,8 +35,9 @@ class OCScaleTest(unittest.TestCase):
''' setup method will create a file and set to known configuration '''
pass
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
@mock.patch('oc_scale.OCScale.openshift_cmd')
- def test_state_list(self, mock_openshift_cmd):
+ def test_state_list(self, mock_openshift_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'name': 'router',
'namespace': 'default',
@@ -70,13 +71,18 @@ class OCScaleTest(unittest.TestCase):
'results': dc,
'returncode': 0}]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = OCScale.run_ansible(params, False)
self.assertFalse(results['changed'])
self.assertEqual(results['result'][0], 2)
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
@mock.patch('oc_scale.OCScale.openshift_cmd')
- def test_scale(self, mock_openshift_cmd):
+ def test_scale(self, mock_openshift_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'name': 'router',
'namespace': 'default',
@@ -114,13 +120,18 @@ class OCScaleTest(unittest.TestCase):
'returncode': 0}
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = OCScale.run_ansible(params, False)
self.assertFalse(results['changed'])
self.assertEqual(results['result'][0], 3)
+ @mock.patch('oc_scale.Utils.create_tmpfile_copy')
@mock.patch('oc_scale.OCScale.openshift_cmd')
- def test_no_dc_scale(self, mock_openshift_cmd):
+ def test_no_dc_scale(self, mock_openshift_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'name': 'not_there',
'namespace': 'default',
@@ -138,6 +149,10 @@ class OCScaleTest(unittest.TestCase):
'stdout': ""},
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = OCScale.run_ansible(params, False)
self.assertTrue(results['failed'])
diff --git a/roles/lib_openshift/src/test/unit/oc_secret.py b/roles/lib_openshift/src/test/unit/oc_secret.py
index c81f0514b..645aac82b 100755
--- a/roles/lib_openshift/src/test/unit/oc_secret.py
+++ b/roles/lib_openshift/src/test/unit/oc_secret.py
@@ -35,9 +35,10 @@ class OCSecretTest(unittest.TestCase):
''' setup method will create a file and set to known configuration '''
pass
+ @mock.patch('oc_secret.Utils.create_tmpfile_copy')
@mock.patch('oc_secret.Utils._write')
@mock.patch('oc_secret.OCSecret._run')
- def test_adding_a_secret(self, mock_cmd, mock_write):
+ def test_adding_a_secret(self, mock_cmd, mock_write, mock_tmpfile_copy):
''' Testing adding a secret '''
# Arrange
@@ -64,6 +65,10 @@ class OCSecretTest(unittest.TestCase):
(0, 'secret/testsecretname', ''),
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
# Act
results = OCSecret.run_ansible(params, False)
diff --git a/roles/lib_openshift/src/test/unit/oc_service.py b/roles/lib_openshift/src/test/unit/oc_service.py
index 69f7dd49c..4a845e9f3 100755
--- a/roles/lib_openshift/src/test/unit/oc_service.py
+++ b/roles/lib_openshift/src/test/unit/oc_service.py
@@ -36,8 +36,9 @@ class OCServiceTest(unittest.TestCase):
''' setup method will create a file and set to known configuration '''
pass
+ @mock.patch('oc_service.Utils.create_tmpfile_copy')
@mock.patch('oc_service.OCService._run')
- def test_state_list(self, mock_cmd):
+ def test_state_list(self, mock_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'name': 'router',
'namespace': 'default',
@@ -108,13 +109,18 @@ class OCServiceTest(unittest.TestCase):
(0, service, '')
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = OCService.run_ansible(params, False)
self.assertFalse(results['changed'])
self.assertEqual(results['results']['results'][0]['metadata']['name'], 'router')
+ @mock.patch('oc_service.Utils.create_tmpfile_copy')
@mock.patch('oc_service.OCService._run')
- def test_create(self, mock_cmd):
+ def test_create(self, mock_cmd, mock_tmpfile_copy):
''' Testing a create service '''
params = {'name': 'router',
'namespace': 'default',
@@ -191,6 +197,10 @@ class OCServiceTest(unittest.TestCase):
(0, service, '')
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = OCService.run_ansible(params, False)
self.assertTrue(results['changed'])
diff --git a/roles/lib_openshift/src/test/unit/oc_serviceaccount.py b/roles/lib_openshift/src/test/unit/oc_serviceaccount.py
index dab751bb9..256b569eb 100755
--- a/roles/lib_openshift/src/test/unit/oc_serviceaccount.py
+++ b/roles/lib_openshift/src/test/unit/oc_serviceaccount.py
@@ -35,8 +35,9 @@ class OCServiceAccountTest(unittest.TestCase):
''' setup method will create a file and set to known configuration '''
pass
+ @mock.patch('oc_serviceaccount.Utils.create_tmpfile_copy')
@mock.patch('oc_serviceaccount.OCServiceAccount._run')
- def test_adding_a_serviceaccount(self, mock_cmd):
+ def test_adding_a_serviceaccount(self, mock_cmd, mock_tmpfile_copy):
''' Testing adding a serviceaccount '''
# Arrange
@@ -90,6 +91,10 @@ class OCServiceAccountTest(unittest.TestCase):
(0, valid_result_json, ''),
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
# Act
results = OCServiceAccount.run_ansible(params, False)
diff --git a/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py b/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py
index 08fc9f6df..4d555d412 100755
--- a/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py
+++ b/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py
@@ -35,9 +35,10 @@ class OCServiceAccountSecretTest(unittest.TestCase):
''' setup method will create a file and set to known configuration '''
pass
+ @mock.patch('oc_serviceaccount_secret.Utils.create_tmpfile_copy')
@mock.patch('oc_serviceaccount_secret.Yedit._write')
@mock.patch('oc_serviceaccount_secret.OCServiceAccountSecret._run')
- def test_adding_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write):
+ def test_adding_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write, mock_tmpfile_copy):
''' Testing adding a secret to a service account '''
# Arrange
@@ -137,6 +138,10 @@ metadata:
(0, oc_get_sa_after, ''), # Fourth call to the mock
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
# Act
results = OCServiceAccountSecret.run_ansible(params, False)
@@ -157,9 +162,10 @@ metadata:
mock.call(mock.ANY, builder_yaml_file)
])
+ @mock.patch('oc_serviceaccount_secret.Utils.create_tmpfile_copy')
@mock.patch('oc_serviceaccount_secret.Yedit._write')
@mock.patch('oc_serviceaccount_secret.OCServiceAccountSecret._run')
- def test_removing_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write):
+ def test_removing_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write, mock_tmpfile_copy):
''' Testing removing a secret to a service account '''
# Arrange
@@ -229,6 +235,10 @@ metadata:
(0, 'serviceaccount "builder" replaced', ''), # Third call to the mock
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
# Act
results = OCServiceAccountSecret.run_ansible(params, False)
diff --git a/roles/lib_openshift/src/test/unit/oc_version.py b/roles/lib_openshift/src/test/unit/oc_version.py
index f927948be..67dea415b 100755
--- a/roles/lib_openshift/src/test/unit/oc_version.py
+++ b/roles/lib_openshift/src/test/unit/oc_version.py
@@ -35,8 +35,9 @@ class OCVersionTest(unittest.TestCase):
''' setup method will create a file and set to known configuration '''
pass
+ @mock.patch('oc_version.Utils.create_tmpfile_copy')
@mock.patch('oc_version.OCVersion.openshift_cmd')
- def test_get(self, mock_openshift_cmd):
+ def test_get(self, mock_openshift_cmd, mock_tmpfile_copy):
''' Testing a get '''
params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig',
'state': 'list',
@@ -52,6 +53,10 @@ class OCVersionTest(unittest.TestCase):
"returncode": 0}
]
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
results = OCVersion.run_ansible(params)
self.assertFalse(results['changed'])
diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml
index 4efc77f11..ae3ad31c3 100644
--- a/roles/openshift_ca/tasks/main.yml
+++ b/roles/openshift_ca/tasks/main.yml
@@ -87,7 +87,7 @@
# This should NOT replace the CA due to --overwrite=false when a CA already exists.
- name: Create the master certificates if they do not already exist
command: >
- {{ openshift.common.client_binary }} adm create-master-certs
+ {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-master-certs
{% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %}
--certificate-authority {{ named_ca_certificate }}
{% endfor %}
diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md
index a61b0db5e..f4c61a75e 100644
--- a/roles/openshift_metrics/README.md
+++ b/roles/openshift_metrics/README.md
@@ -46,11 +46,11 @@ For default values, see [`defaults/main.yaml`](defaults/main.yaml).
testing), `pv` to use persistent volumes (which need to be created before the
installation) or `dynamic` for dynamic persistent volumes.
-- `openshift_metrics_cassandra_pv_prefix`: The name of persistent volume claims created
+- `openshift_metrics_cassandra_pvc_prefix`: The name of persistent volume claims created
for cassandra will be this with a serial number appended to the end, starting
from 1.
-- `openshift_metrics_cassandra_pv_size`: The persistent volume size for each of the
+- `openshift_metrics_cassandra_pvc_size`: The persistent volume claim size for each of the
Cassandra nodes.
- `openshift_metrics_heapster_standalone`: Deploy only heapster, without the Hawkular Metrics and
diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml
index dd5a20d5b..17614f716 100644
--- a/roles/openshift_metrics/defaults/main.yaml
+++ b/roles/openshift_metrics/defaults/main.yaml
@@ -17,7 +17,7 @@ openshift_metrics_hawkular_nodeselector: ""
openshift_metrics_cassandra_replicas: 1
openshift_metrics_cassandra_storage_type: emptydir
-openshift_metrics_cassandra_pv_size: 10Gi
+openshift_metrics_cassandra_pvc_size: 10Gi
openshift_metrics_cassandra_limits_memory: 2G
openshift_metrics_cassandra_limits_cpu: null
openshift_metrics_cassandra_requests_memory: 1G
@@ -44,7 +44,7 @@ openshift_metrics_master_url: https://kubernetes.default.svc.cluster.local
openshift_metrics_node_id: nodename
openshift_metrics_project: openshift-infra
-openshift_metrics_cassandra_pv_prefix: metrics-cassandra
+openshift_metrics_cassandra_pvc_prefix: metrics-cassandra
openshift_metrics_hawkular_user_write_access: False
diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml
index 16a967aa7..4925275e8 100644
--- a/roles/openshift_metrics/tasks/generate_certificates.yaml
+++ b/roles/openshift_metrics/tasks/generate_certificates.yaml
@@ -1,18 +1,4 @@
---
-- name: create certificate output directory
- file:
- path: "{{ openshift_metrics_certs_dir }}"
- state: directory
- mode: 0700
-
-- name: list existing secrets
- command: >
- {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
- --config={{ mktemp.stdout }}/admin.kubeconfig
- get secrets -o name
- register: metrics_secrets
- changed_when: false
-
- name: generate ca certificate chain
shell: >
{{ openshift.common.admin_binary }} ca create-signer-cert
@@ -22,5 +8,4 @@
--serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt'
--name="metrics-signer@$(date +%s)"
when: not '{{ openshift_metrics_certs_dir }}/ca.key' | exists
-- include: generate_heapster_certificates.yaml
- include: generate_hawkular_certificates.yaml
diff --git a/roles/openshift_metrics/tasks/generate_rolebindings.yaml b/roles/openshift_metrics/tasks/generate_rolebindings.yaml
index 6524c3f32..e050c8eb2 100644
--- a/roles/openshift_metrics/tasks/generate_rolebindings.yaml
+++ b/roles/openshift_metrics/tasks/generate_rolebindings.yaml
@@ -13,21 +13,3 @@
- kind: ServiceAccount
name: hawkular
changed_when: no
-
-- name: generate cluster-reader role binding for the heapster service account
- template:
- src: rolebinding.j2
- dest: "{{ mktemp.stdout }}/templates/heapster-rolebinding.yaml"
- vars:
- cluster: True
- obj_name: heapster-cluster-reader
- labels:
- metrics-infra: heapster
- roleRef:
- kind: ClusterRole
- name: cluster-reader
- subjects:
- - kind: ServiceAccount
- name: heapster
- namespace: "{{ openshift_metrics_project }}"
- changed_when: no
diff --git a/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml b/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml
index 94f34d860..e9d70f74f 100644
--- a/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml
+++ b/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml
@@ -13,15 +13,3 @@
- name: cassandra
secret: hawkular-cassandra-secrets
changed_when: no
-
-- name: Generating serviceaccount for heapster
- template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-sa.yaml
- vars:
- obj_name: heapster
- labels:
- metrics-infra: support
- secrets:
- - heapster-secrets
- - hawkular-metrics-certificate
- - hawkular-metrics-account
- changed_when: no
diff --git a/roles/openshift_metrics/tasks/generate_services.yaml b/roles/openshift_metrics/tasks/generate_services.yaml
index 903d52bff..47d3c5c2e 100644
--- a/roles/openshift_metrics/tasks/generate_services.yaml
+++ b/roles/openshift_metrics/tasks/generate_services.yaml
@@ -1,17 +1,4 @@
---
-- name: Generate service for heapster
- template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml
- vars:
- obj_name: heapster
- ports:
- - {port: 80, targetPort: http-endpoint}
- selector:
- name: "{{obj_name}}"
- labels:
- metrics-infra: "{{obj_name}}"
- name: "{{obj_name}}"
- changed_when: no
-
- name: Generate service for hawkular-metrics
template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml
vars:
diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml
index 9e25071af..df39c1e1f 100644
--- a/roles/openshift_metrics/tasks/install_cassandra.yaml
+++ b/roles/openshift_metrics/tasks/install_cassandra.yaml
@@ -27,12 +27,12 @@
src: pvc.j2
dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
vars:
- obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
+ obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}"
labels:
metrics-infra: hawkular-cassandra
access_modes:
- ReadWriteOnce
- size: "{{ openshift_metrics_cassandra_pv_size }}"
+ size: "{{ openshift_metrics_cassandra_pvc_size }}"
with_sequence: count={{ openshift_metrics_cassandra_replicas }}
when: openshift_metrics_cassandra_storage_type == 'pv'
changed_when: false
@@ -42,14 +42,14 @@
src: pvc.j2
dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml"
vars:
- obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}"
+ obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}"
labels:
metrics-infra: hawkular-cassandra
annotations:
volume.alpha.kubernetes.io/storage-class: dynamic
access_modes:
- ReadWriteOnce
- size: "{{ openshift_metrics_cassandra_pv_size }}"
+ size: "{{ openshift_metrics_cassandra_pvc_size }}"
with_sequence: count={{ openshift_metrics_cassandra_replicas }}
when: openshift_metrics_cassandra_storage_type == 'dynamic'
changed_when: false
diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml
index 44bab8ace..c490bcdd3 100644
--- a/roles/openshift_metrics/tasks/install_heapster.yaml
+++ b/roles/openshift_metrics/tasks/install_heapster.yaml
@@ -13,3 +13,55 @@
replica_count: "{{heapster_replica_count.stdout | default(0)}}"
node_selector: "{{openshift_metrics_heapster_nodeselector | default('') }}"
changed_when: no
+
+- set_fact:
+ heapster_sa_secrets: ["heapster-secrets"]
+
+- set_fact:
+ heapster_sa_secrets: "{{ heapster_sa_secrets + [item] }}"
+ with_items:
+ - hawkular-metrics-certificate
+ - hawkular-metrics-account
+ when: "not {{ openshift_metrics_heapster_standalone | bool }}"
+
+- name: Generating serviceaccount for heapster
+ template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-sa.yaml
+ vars:
+ obj_name: heapster
+ labels:
+ metrics-infra: support
+ secrets: "{{ heapster_sa_secrets }}"
+ changed_when: no
+
+- name: Generate service for heapster
+ template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml
+ vars:
+ obj_name: heapster
+ ports:
+ - {port: 80, targetPort: http-endpoint}
+ selector:
+ name: "{{obj_name}}"
+ labels:
+ metrics-infra: "{{obj_name}}"
+ name: "{{obj_name}}"
+ changed_when: no
+
+- name: generate cluster-reader role binding for the heapster service account
+ template:
+ src: rolebinding.j2
+ dest: "{{ mktemp.stdout }}/templates/heapster-rolebinding.yaml"
+ vars:
+ cluster: True
+ obj_name: heapster-cluster-reader
+ labels:
+ metrics-infra: heapster
+ roleRef:
+ kind: ClusterRole
+ name: cluster-reader
+ subjects:
+ - kind: ServiceAccount
+ name: heapster
+ namespace: "{{ openshift_metrics_project }}"
+ changed_when: no
+
+- include: generate_heapster_certificates.yaml
diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml
index ddaa54438..66925c113 100644
--- a/roles/openshift_metrics/tasks/install_metrics.yaml
+++ b/roles/openshift_metrics/tasks/install_metrics.yaml
@@ -1,14 +1,5 @@
---
-- name: Check that hawkular_metrics_hostname is set
- fail: msg='the openshift_metrics_hawkular_hostname variable is required'
- when: openshift_metrics_hawkular_hostname is not defined
-
-- name: Check the value of openshift_metrics_cassandra_storage_type
- fail:
- msg: >
- openshift_metrics_cassandra_storage_type ({{ openshift_metrics_cassandra_storage_type }})
- is invalid, must be one of: emptydir, pv, dynamic
- when: openshift_metrics_cassandra_storage_type not in openshift_metrics_cassandra_storage_types
+- include: pre_install.yaml
- name: Install Metrics
include: "{{ role_path }}/tasks/install_{{ include_file }}.yaml"
@@ -19,6 +10,11 @@
- cassandra
loop_control:
loop_var: include_file
+ when: "not {{ openshift_metrics_heapster_standalone | bool }}"
+
+- name: Install Heapster Standalone
+ include: install_heapster.yaml
+ when: "{{ openshift_metrics_heapster_standalone | bool }}"
- find: paths={{ mktemp.stdout }}/templates patterns=*.yaml
register: object_def_files
diff --git a/roles/openshift_metrics/tasks/pre_install.yaml b/roles/openshift_metrics/tasks/pre_install.yaml
new file mode 100644
index 000000000..262acd546
--- /dev/null
+++ b/roles/openshift_metrics/tasks/pre_install.yaml
@@ -0,0 +1,27 @@
+---
+- name: Check that hawkular_metrics_hostname is set
+ fail: msg='the openshift_metrics_hawkular_hostname variable is required'
+ when: openshift_metrics_hawkular_hostname is not defined
+
+- name: Check the value of openshift_metrics_cassandra_storage_type
+ fail:
+ msg: >
+ openshift_metrics_cassandra_storage_type ({{ openshift_metrics_cassandra_storage_type }})
+ is invalid, must be one of: emptydir, pv, dynamic
+ when:
+ - openshift_metrics_cassandra_storage_type not in openshift_metrics_cassandra_storage_types
+ - "not {{ openshift_metrics_heapster_standalone | bool }}"
+
+- name: create certificate output directory
+ file:
+ path: "{{ openshift_metrics_certs_dir }}"
+ state: directory
+ mode: 0700
+
+- name: list existing secrets
+ command: >
+ {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }}
+ --config={{ mktemp.stdout }}/admin.kubeconfig
+ get secrets -o name
+ register: metrics_secrets
+ changed_when: false
diff --git a/roles/openshift_metrics/tasks/start_metrics.yaml b/roles/openshift_metrics/tasks/start_metrics.yaml
index f02774e47..b5a1c8f06 100644
--- a/roles/openshift_metrics/tasks/start_metrics.yaml
+++ b/roles/openshift_metrics/tasks/start_metrics.yaml
@@ -19,6 +19,8 @@
with_items: "{{metrics_cassandra_rc.stdout_lines}}"
loop_control:
loop_var: object
+ when: metrics_cassandra_rc is defined
+ changed_when: "{{metrics_cassandra_rc | length > 0 }}"
- command: >
{{openshift.common.client_binary}}
@@ -40,6 +42,7 @@
with_items: "{{metrics_metrics_rc.stdout_lines}}"
loop_control:
loop_var: object
+ changed_when: "{{metrics_metrics_rc | length > 0 }}"
- command: >
{{openshift.common.client_binary}}
diff --git a/roles/openshift_metrics/tasks/stop_metrics.yaml b/roles/openshift_metrics/tasks/stop_metrics.yaml
index 5a73443a8..f69bb0f11 100644
--- a/roles/openshift_metrics/tasks/stop_metrics.yaml
+++ b/roles/openshift_metrics/tasks/stop_metrics.yaml
@@ -41,6 +41,7 @@
with_items: "{{metrics_hawkular_rc.stdout_lines}}"
loop_control:
loop_var: object
+ changed_when: "{{metrics_hawkular_rc | length > 0 }}"
- command: >
{{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig
@@ -62,3 +63,4 @@
loop_control:
loop_var: object
when: metrics_cassandra_rc is defined
+ changed_when: "{{metrics_cassandra_rc | length > 0 }}"
diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
index 876cb1915..6f6efc469 100644
--- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
+++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2
@@ -124,7 +124,7 @@ spec:
emptyDir: {}
{% else %}
persistentVolumeClaim:
- claimName: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ node }}"
+ claimName: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ node }}"
{% endif %}
- name: hawkular-cassandra-secrets
secret: