diff options
40 files changed, 775 insertions, 204 deletions
diff --git a/roles/lib_openshift/library/oadm_manage_node.py b/roles/lib_openshift/library/oadm_manage_node.py index 94fe5b019..8e217ac28 100644 --- a/roles/lib_openshift/library/oadm_manage_node.py +++ b/roles/lib_openshift/library/oadm_manage_node.py @@ -731,7 +731,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -1017,7 +1017,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py index c934d55b9..11b87a015 100644 --- a/roles/lib_openshift/library/oc_edit.py +++ b/roles/lib_openshift/library/oc_edit.py @@ -759,7 +759,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -1045,7 +1045,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py index 5a6f06b89..f67eb2552 100644 --- a/roles/lib_openshift/library/oc_label.py +++ b/roles/lib_openshift/library/oc_label.py @@ -735,7 +735,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -1021,7 +1021,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py index 6c4bd1a2d..e4b8ac26c 100644 --- a/roles/lib_openshift/library/oc_obj.py +++ b/roles/lib_openshift/library/oc_obj.py @@ -738,7 +738,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -1024,7 +1024,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index 6ee34bafb..982a43ba3 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -145,6 +145,12 @@ options: required: false default: None aliases: [] + port: + description: + - The Name of the service port or number of the container port the route will route traffic to + required: false + default: None + aliases: [] author: - "Kenny Woodson <kwoodson@redhat.com>" extends_documentation_fragment: [] @@ -763,7 +769,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -1049,7 +1055,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: @@ -1313,7 +1330,8 @@ class RouteConfig(object): tls_termination=None, service_name=None, wildcard_policy=None, - weight=None): + weight=None, + port=None): ''' constructor for handling route options ''' self.kubeconfig = kubeconfig self.name = sname @@ -1325,6 +1343,7 @@ class RouteConfig(object): self.cert = cert self.key = key self.service_name = service_name + self.port = port self.data = {} self.wildcard_policy = wildcard_policy if wildcard_policy is None: @@ -1349,12 +1368,15 @@ class RouteConfig(object): if self.tls_termination: self.data['spec']['tls'] = {} + self.data['spec']['tls']['termination'] = self.tls_termination + + if self.tls_termination != 'passthrough': + self.data['spec']['tls']['key'] = self.key + self.data['spec']['tls']['caCertificate'] = self.cacert + self.data['spec']['tls']['certificate'] = self.cert + if self.tls_termination == 'reencrypt': self.data['spec']['tls']['destinationCACertificate'] = self.destcacert - self.data['spec']['tls']['key'] = self.key - self.data['spec']['tls']['caCertificate'] = self.cacert - self.data['spec']['tls']['certificate'] = self.cert - self.data['spec']['tls']['termination'] = self.tls_termination self.data['spec']['to'] = {'kind': 'Service', 'name': self.service_name, @@ -1362,11 +1384,16 @@ class RouteConfig(object): self.data['spec']['wildcardPolicy'] = self.wildcard_policy + if self.port: + self.data['spec']['port'] = {} + self.data['spec']['port']['targetPort'] = self.port + # pylint: disable=too-many-instance-attributes,too-many-public-methods class Route(Yedit): ''' Class to wrap the oc command line tools ''' wildcard_policy = "spec.wildcardPolicy" host_path = "spec.host" + port_path = "spec.port.targetPort" service_path = "spec.to.name" weight_path = "spec.to.weight" cert_path = "spec.tls.certificate" @@ -1412,6 +1439,10 @@ class Route(Yedit): ''' return host ''' return self.get(Route.host_path) + def get_port(self): + ''' return port ''' + return self.get(Route.port_path) + def get_wildcard_policy(self): ''' return wildcardPolicy ''' return self.get(Route.wildcard_policy) @@ -1483,9 +1514,23 @@ class OCRoute(OpenShiftCLI): skip = [] return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=True) + @staticmethod + def get_cert_data(path, content): + '''get the data for a particular value''' + if not path and not content: + return None + + rval = None + if path and os.path.exists(path) and os.access(path, os.R_OK): + rval = open(path).read() + elif content: + rval = content + + return rval + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(params, files, check_mode=False): + def run_ansible(params, check_mode=False): ''' run the idempotent asnible code params comes from the ansible portion for this module @@ -1497,6 +1542,30 @@ class OCRoute(OpenShiftCLI): } check_mode: does the module support check mode. (module.check_mode) ''' + files = {'destcacert': {'path': params['dest_cacert_path'], + 'content': params['dest_cacert_content'], + 'value': None, }, + 'cacert': {'path': params['cacert_path'], + 'content': params['cacert_content'], + 'value': None, }, + 'cert': {'path': params['cert_path'], + 'content': params['cert_content'], + 'value': None, }, + 'key': {'path': params['key_path'], + 'content': params['key_content'], + 'value': None, }, } + + if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501 + + for key, option in files.items(): + if key == 'destcacert' and params['tls_termination'] != 'reencrypt': + continue + + option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501 + + if not option['value']: + return {'failed': True, + 'msg': 'Verify that you pass a value for %s' % key} rconfig = RouteConfig(params['name'], params['namespace'], @@ -1509,7 +1578,8 @@ class OCRoute(OpenShiftCLI): params['tls_termination'], params['service_name'], params['wildcard_policy'], - params['weight']) + params['weight'], + params['port']) oc_route = OCRoute(rconfig, verbose=params['debug']) @@ -1593,20 +1663,6 @@ class OCRoute(OpenShiftCLI): # -*- -*- -*- Begin included fragment: ansible/oc_route.py -*- -*- -*- -def get_cert_data(path, content): - '''get the data for a particular value''' - if not path and not content: - return None - - rval = None - if path and os.path.exists(path) and os.access(path, os.R_OK): - rval = open(path).read() - elif content: - rval = content - - return rval - - # pylint: disable=too-many-branches def main(): ''' @@ -1633,6 +1689,7 @@ def main(): host=dict(default=None, type='str'), wildcard_policy=dict(default=None, type='str'), weight=dict(default=None, type='int'), + port=dict(default=None, type='int'), ), mutually_exclusive=[('dest_cacert_path', 'dest_cacert_content'), ('cacert_path', 'cacert_content'), @@ -1640,30 +1697,8 @@ def main(): ('key_path', 'key_content'), ], supports_check_mode=True, ) - files = {'destcacert': {'path': module.params['dest_cacert_path'], - 'content': module.params['dest_cacert_content'], - 'value': None, }, - 'cacert': {'path': module.params['cacert_path'], - 'content': module.params['cacert_content'], - 'value': None, }, - 'cert': {'path': module.params['cert_path'], - 'content': module.params['cert_content'], - 'value': None, }, - 'key': {'path': module.params['key_path'], - 'content': module.params['key_content'], - 'value': None, }, } - - if module.params['tls_termination']: - for key, option in files.items(): - if key == 'destcacert' and module.params['tls_termination'] != 'reencrypt': - continue - - option['value'] = get_cert_data(option['path'], option['content']) - - if not option['value']: - module.fail_json(msg='Verify that you pass a value for %s' % key) - results = OCRoute.run_ansible(module.params, files, module.check_mode) + results = OCRoute.run_ansible(module.params, module.check_mode) if 'failed' in results: module.fail_json(**results) diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py index 63d818c66..48a629b5e 100644 --- a/roles/lib_openshift/library/oc_scale.py +++ b/roles/lib_openshift/library/oc_scale.py @@ -713,7 +713,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -999,7 +999,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py index 978c5741d..526474f17 100644 --- a/roles/lib_openshift/library/oc_secret.py +++ b/roles/lib_openshift/library/oc_secret.py @@ -759,7 +759,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -1045,7 +1045,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py index edaa97af5..a9baef765 100644 --- a/roles/lib_openshift/library/oc_service.py +++ b/roles/lib_openshift/library/oc_service.py @@ -765,7 +765,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -1051,7 +1051,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py index 7b34f298b..cd0847963 100644 --- a/roles/lib_openshift/library/oc_serviceaccount.py +++ b/roles/lib_openshift/library/oc_serviceaccount.py @@ -711,7 +711,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -997,7 +997,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py index 9a2bd81cd..e22ccbfc2 100644 --- a/roles/lib_openshift/library/oc_serviceaccount_secret.py +++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py @@ -711,7 +711,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -997,7 +997,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py index b3c4edd98..e44375ffa 100644 --- a/roles/lib_openshift/library/oc_version.py +++ b/roles/lib_openshift/library/oc_version.py @@ -683,7 +683,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -969,7 +969,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/src/ansible/oc_route.py b/roles/lib_openshift/src/ansible/oc_route.py index c87e6738f..f2f5c5095 100644 --- a/roles/lib_openshift/src/ansible/oc_route.py +++ b/roles/lib_openshift/src/ansible/oc_route.py @@ -2,20 +2,6 @@ # flake8: noqa -def get_cert_data(path, content): - '''get the data for a particular value''' - if not path and not content: - return None - - rval = None - if path and os.path.exists(path) and os.access(path, os.R_OK): - rval = open(path).read() - elif content: - rval = content - - return rval - - # pylint: disable=too-many-branches def main(): ''' @@ -42,6 +28,7 @@ def main(): host=dict(default=None, type='str'), wildcard_policy=dict(default=None, type='str'), weight=dict(default=None, type='int'), + port=dict(default=None, type='int'), ), mutually_exclusive=[('dest_cacert_path', 'dest_cacert_content'), ('cacert_path', 'cacert_content'), @@ -49,30 +36,8 @@ def main(): ('key_path', 'key_content'), ], supports_check_mode=True, ) - files = {'destcacert': {'path': module.params['dest_cacert_path'], - 'content': module.params['dest_cacert_content'], - 'value': None, }, - 'cacert': {'path': module.params['cacert_path'], - 'content': module.params['cacert_content'], - 'value': None, }, - 'cert': {'path': module.params['cert_path'], - 'content': module.params['cert_content'], - 'value': None, }, - 'key': {'path': module.params['key_path'], - 'content': module.params['key_content'], - 'value': None, }, } - - if module.params['tls_termination']: - for key, option in files.items(): - if key == 'destcacert' and module.params['tls_termination'] != 'reencrypt': - continue - - option['value'] = get_cert_data(option['path'], option['content']) - - if not option['value']: - module.fail_json(msg='Verify that you pass a value for %s' % key) - results = OCRoute.run_ansible(module.params, files, module.check_mode) + results = OCRoute.run_ansible(module.params, module.check_mode) if 'failed' in results: module.fail_json(**results) diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 42af2c01c..42388ad0b 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -64,9 +64,23 @@ class OCRoute(OpenShiftCLI): skip = [] return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=True) + @staticmethod + def get_cert_data(path, content): + '''get the data for a particular value''' + if not path and not content: + return None + + rval = None + if path and os.path.exists(path) and os.access(path, os.R_OK): + rval = open(path).read() + elif content: + rval = content + + return rval + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(params, files, check_mode=False): + def run_ansible(params, check_mode=False): ''' run the idempotent asnible code params comes from the ansible portion for this module @@ -78,6 +92,30 @@ class OCRoute(OpenShiftCLI): } check_mode: does the module support check mode. (module.check_mode) ''' + files = {'destcacert': {'path': params['dest_cacert_path'], + 'content': params['dest_cacert_content'], + 'value': None, }, + 'cacert': {'path': params['cacert_path'], + 'content': params['cacert_content'], + 'value': None, }, + 'cert': {'path': params['cert_path'], + 'content': params['cert_content'], + 'value': None, }, + 'key': {'path': params['key_path'], + 'content': params['key_content'], + 'value': None, }, } + + if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501 + + for key, option in files.items(): + if key == 'destcacert' and params['tls_termination'] != 'reencrypt': + continue + + option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501 + + if not option['value']: + return {'failed': True, + 'msg': 'Verify that you pass a value for %s' % key} rconfig = RouteConfig(params['name'], params['namespace'], @@ -90,7 +128,8 @@ class OCRoute(OpenShiftCLI): params['tls_termination'], params['service_name'], params['wildcard_policy'], - params['weight']) + params['weight'], + params['port']) oc_route = OCRoute(rconfig, verbose=params['debug']) diff --git a/roles/lib_openshift/src/doc/route b/roles/lib_openshift/src/doc/route index 1797d4d33..a12999c9e 100644 --- a/roles/lib_openshift/src/doc/route +++ b/roles/lib_openshift/src/doc/route @@ -99,6 +99,12 @@ options: required: false default: None aliases: [] + port: + description: + - The Name of the service port or number of the container port the route will route traffic to + required: false + default: None + aliases: [] author: - "Kenny Woodson <kwoodson@redhat.com>" extends_documentation_fragment: [] diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py index d0843c03e..a895b40b3 100644 --- a/roles/lib_openshift/src/lib/base.py +++ b/roles/lib_openshift/src/lib/base.py @@ -20,7 +20,7 @@ class OpenShiftCLI(object): ''' Constructor for OpenshiftCLI ''' self.namespace = namespace self.verbose = verbose - self.kubeconfig = kubeconfig + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) self.all_namespaces = all_namespaces # Pylint allows only 5 arguments to be passed. @@ -306,7 +306,18 @@ class Utils(object): return tmp @staticmethod - def create_tmpfile(prefix=None): + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): ''' Generates and returns a temporary file name ''' with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: diff --git a/roles/lib_openshift/src/lib/route.py b/roles/lib_openshift/src/lib/route.py index 3130e7358..3b54a24fb 100644 --- a/roles/lib_openshift/src/lib/route.py +++ b/roles/lib_openshift/src/lib/route.py @@ -19,7 +19,8 @@ class RouteConfig(object): tls_termination=None, service_name=None, wildcard_policy=None, - weight=None): + weight=None, + port=None): ''' constructor for handling route options ''' self.kubeconfig = kubeconfig self.name = sname @@ -31,6 +32,7 @@ class RouteConfig(object): self.cert = cert self.key = key self.service_name = service_name + self.port = port self.data = {} self.wildcard_policy = wildcard_policy if wildcard_policy is None: @@ -55,12 +57,15 @@ class RouteConfig(object): if self.tls_termination: self.data['spec']['tls'] = {} + self.data['spec']['tls']['termination'] = self.tls_termination + + if self.tls_termination != 'passthrough': + self.data['spec']['tls']['key'] = self.key + self.data['spec']['tls']['caCertificate'] = self.cacert + self.data['spec']['tls']['certificate'] = self.cert + if self.tls_termination == 'reencrypt': self.data['spec']['tls']['destinationCACertificate'] = self.destcacert - self.data['spec']['tls']['key'] = self.key - self.data['spec']['tls']['caCertificate'] = self.cacert - self.data['spec']['tls']['certificate'] = self.cert - self.data['spec']['tls']['termination'] = self.tls_termination self.data['spec']['to'] = {'kind': 'Service', 'name': self.service_name, @@ -68,11 +73,16 @@ class RouteConfig(object): self.data['spec']['wildcardPolicy'] = self.wildcard_policy + if self.port: + self.data['spec']['port'] = {} + self.data['spec']['port']['targetPort'] = self.port + # pylint: disable=too-many-instance-attributes,too-many-public-methods class Route(Yedit): ''' Class to wrap the oc command line tools ''' wildcard_policy = "spec.wildcardPolicy" host_path = "spec.host" + port_path = "spec.port.targetPort" service_path = "spec.to.name" weight_path = "spec.to.weight" cert_path = "spec.tls.certificate" @@ -118,6 +128,10 @@ class Route(Yedit): ''' return host ''' return self.get(Route.host_path) + def get_port(self): + ''' return port ''' + return self.get(Route.port_path) + def get_wildcard_policy(self): ''' return wildcardPolicy ''' return self.get(Route.wildcard_policy) diff --git a/roles/lib_openshift/src/test/integration/oc_route.yml b/roles/lib_openshift/src/test/integration/oc_route.yml index 620d5d5e7..b9d635eaa 100755 --- a/roles/lib_openshift/src/test/integration/oc_route.yml +++ b/roles/lib_openshift/src/test/integration/oc_route.yml @@ -75,3 +75,43 @@ - assert: that: "routeout.changed == False" msg: Route create not idempotent + + - name: delete route + oc_route: + name: test + namespace: default + state: absent + register: routeout + + - name: create route + oc_route: + name: test + namespace: default + tls_termination: passthrough + service_name: test + host: test.example + port: 8443 + register: routeout + + - assert: + that: + - "routeout.changed == True" + - "routeout.results['results'][0]['spec']['port']['targetPort'] == 8443" + msg: Route create not idempotent + + - name: create route + oc_route: + name: test + namespace: default + tls_termination: passthrough + service_name: test + host: test.example + port: 8444 + register: routeout + - debug: var=routeout + + - assert: + that: + - "routeout.changed == True" + - "routeout.results.results[0]['spec']['port']['targetPort'] == 8444" + msg: Route update not idempotent diff --git a/roles/lib_openshift/src/test/unit/oadm_manage_node.py b/roles/lib_openshift/src/test/unit/oadm_manage_node.py index 8fd6f9c55..b0786dfac 100755 --- a/roles/lib_openshift/src/test/unit/oadm_manage_node.py +++ b/roles/lib_openshift/src/test/unit/oadm_manage_node.py @@ -35,8 +35,9 @@ class ManageNodeTest(unittest.TestCase): ''' setup method will create a file and set to known configuration ''' pass + @mock.patch('oadm_manage_node.Utils.create_tmpfile_copy') @mock.patch('oadm_manage_node.ManageNode.openshift_cmd') - def test_list_pods(self, mock_openshift_cmd): + def test_list_pods(self, mock_openshift_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'node': ['ip-172-31-49-140.ec2.internal'], 'schedulable': None, @@ -106,6 +107,10 @@ class ManageNodeTest(unittest.TestCase): "returncode": 0} ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = ManageNode.run_ansible(params, False) # returned a single node @@ -113,8 +118,9 @@ class ManageNodeTest(unittest.TestCase): # returned 2 pods self.assertTrue(len(results['results']['nodes']['ip-172-31-49-140.ec2.internal']) == 2) + @mock.patch('oadm_manage_node.Utils.create_tmpfile_copy') @mock.patch('oadm_manage_node.ManageNode.openshift_cmd') - def test_schedulable_false(self, mock_openshift_cmd): + def test_schedulable_false(self, mock_openshift_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'node': ['ip-172-31-49-140.ec2.internal'], 'schedulable': False, @@ -162,6 +168,11 @@ class ManageNodeTest(unittest.TestCase): "results": "NAME STATUS AGE\n" + "ip-172-31-49-140.ec2.internal Ready,SchedulingDisabled 5h\n", "returncode": 0}] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = ManageNode.run_ansible(params, False) self.assertTrue(results['changed']) diff --git a/roles/lib_openshift/src/test/unit/oc_label.py b/roles/lib_openshift/src/test/unit/oc_label.py index 3f7162070..3176987b0 100755 --- a/roles/lib_openshift/src/test/unit/oc_label.py +++ b/roles/lib_openshift/src/test/unit/oc_label.py @@ -35,8 +35,9 @@ class OCLabelTest(unittest.TestCase): ''' setup method will create a file and set to known configuration ''' pass + @mock.patch('oc_label.Utils.create_tmpfile_copy') @mock.patch('oc_label.OCLabel._run') - def test_state_list(self, mock_cmd): + def test_state_list(self, mock_cmd, mock_tmpfile_copy): ''' Testing a label list ''' params = {'name': 'default', 'namespace': 'default', @@ -82,13 +83,18 @@ class OCLabelTest(unittest.TestCase): (0, ns, ''), ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = OCLabel.run_ansible(params, False) self.assertFalse(results['changed']) self.assertTrue(results['results']['labels'] == [{'storage_pv_quota': 'False'}]) + @mock.patch('oc_label.Utils.create_tmpfile_copy') @mock.patch('oc_label.OCLabel._run') - def test_state_present(self, mock_cmd): + def test_state_present(self, mock_cmd, mock_tmpfile_copy): ''' Testing a label list ''' params = {'name': 'default', 'namespace': 'default', @@ -171,6 +177,10 @@ class OCLabelTest(unittest.TestCase): (0, ns1, ''), ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = OCLabel.run_ansible(params, False) self.assertTrue(results['changed']) diff --git a/roles/lib_openshift/src/test/unit/oc_route.py b/roles/lib_openshift/src/test/unit/oc_route.py new file mode 100755 index 000000000..fcfa88cbf --- /dev/null +++ b/roles/lib_openshift/src/test/unit/oc_route.py @@ -0,0 +1,258 @@ +#!/usr/bin/env python2 +''' + Unit tests for oc route +''' +# To run: +# ./oc_serviceaccount.py +# +# . +# Ran 1 test in 0.002s +# +# OK + +import os +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error,wrong-import-position +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_route import OCRoute # noqa: E402 + + +class OCRouteTest(unittest.TestCase): + ''' + Test class for OCServiceAccount + ''' + + def setUp(self): + ''' setup method will create a file and set to known configuration ''' + pass + + @mock.patch('oc_route.OCRoute._run') + def test_list_route(self, mock_cmd): + ''' Testing getting a route ''' + + # Arrange + + # run_ansible input parameters + params = { + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'state': 'list', + 'debug': False, + 'name': 'test', + 'namespace': 'default', + 'tls_termination': 'passthrough', + 'dest_cacert_path': None, + 'cacert_path': None, + 'cert_path': None, + 'key_path': None, + 'dest_cacert_content': None, + 'cacert_content': None, + 'cert_content': None, + 'key_content': None, + 'service_name': 'testservice', + 'host': 'test.openshift.com', + 'wildcard_policy': None, + 'weight': None, + 'port': None + } + + route_result = '''{ + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "test", + "namespace": "default", + "selfLink": "/oapi/v1/namespaces/default/routes/test", + "uid": "1b127c67-ecd9-11e6-96eb-0e0d9bdacd26", + "resourceVersion": "439182", + "creationTimestamp": "2017-02-07T01:59:48Z" + }, + "spec": { + "host": "test.example", + "to": { + "kind": "Service", + "name": "test", + "weight": 100 + }, + "port": { + "targetPort": 8443 + }, + "tls": { + "termination": "passthrough" + }, + "wildcardPolicy": "None" + }, + "status": { + "ingress": [ + { + "host": "test.example", + "routerName": "router", + "conditions": [ + { + "type": "Admitted", + "status": "True", + "lastTransitionTime": "2017-02-07T01:59:48Z" + } + ], + "wildcardPolicy": "None" + } + ] + } + }''' + + # Return values of our mocked function call. These get returned once per call. + mock_cmd.side_effect = [ + # First call to mock + (0, route_result, ''), + ] + + # Act + results = OCRoute.run_ansible(params, False) + + # Assert + self.assertFalse(results['changed']) + self.assertEqual(results['state'], 'list') + self.assertEqual(results['results'][0]['metadata']['name'], 'test') + + # Making sure our mock was called as we expected + mock_cmd.assert_has_calls([ + mock.call(['oc', '-n', 'default', 'get', 'route', 'test', '-o', 'json'], None), + ]) + + @mock.patch('oc_route.Yedit._write') + @mock.patch('oc_route.OCRoute._run') + def test_create_route(self, mock_cmd, mock_write): + ''' Testing getting a route ''' + + # Arrange + + # run_ansible input parameters + params = { + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'state': 'present', + 'debug': False, + 'name': 'test', + 'namespace': 'default', + 'tls_termination': 'edge', + 'dest_cacert_path': None, + 'cacert_path': None, + 'cert_path': None, + 'key_path': None, + 'dest_cacert_content': None, + 'cacert_content': 'testing', + 'cert_content': 'testing', + 'key_content': 'testing', + 'service_name': 'testservice', + 'host': 'test.openshift.com', + 'wildcard_policy': None, + 'weight': None, + 'port': None + } + + route_result = '''{ + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "creationTimestamp": "2017-02-07T20:55:10Z", + "name": "test", + "namespace": "default", + "resourceVersion": "517745", + "selfLink": "/oapi/v1/namespaces/default/routes/test", + "uid": "b6f25898-ed77-11e6-9755-0e737db1e63a" + }, + "spec": { + "host": "test.openshift.com", + "tls": { + "caCertificate": "testing", + "certificate": "testing", + "key": "testing", + "termination": "edge" + }, + "to": { + "kind": "Service", + "name": "testservice", + "weight": 100 + }, + "wildcardPolicy": "None" + }, + "status": { + "ingress": [ + { + "conditions": [ + { + "lastTransitionTime": "2017-02-07T20:55:10Z", + "status": "True", + "type": "Admitted" + } + ], + "host": "test.openshift.com", + "routerName": "router", + "wildcardPolicy": "None" + } + ] + } + }''' + + test_route = '''\ +kind: Route +spec: + tls: + caCertificate: testing + termination: edge + certificate: testing + key: testing + to: + kind: Service + name: testservice + weight: 100 + host: test.openshift.com + wildcardPolicy: None +apiVersion: v1 +metadata: + namespace: default + name: test +''' + + # Return values of our mocked function call. These get returned once per call. + mock_cmd.side_effect = [ + # First call to mock + (1, '', 'Error from server: routes "test" not found'), + (1, '', 'Error from server: routes "test" not found'), + (0, 'route "test" created', ''), + (0, route_result, ''), + ] + + mock_write.assert_has_calls = [ + # First call to mock + mock.call('/tmp/test', test_route) + ] + + # Act + results = OCRoute.run_ansible(params, False) + + # Assert + self.assertTrue(results['changed']) + self.assertEqual(results['state'], 'present') + self.assertEqual(results['results']['results'][0]['metadata']['name'], 'test') + + # Making sure our mock was called as we expected + mock_cmd.assert_has_calls([ + mock.call(['oc', '-n', 'default', 'get', 'route', 'test', '-o', 'json'], None), + mock.call(['oc', '-n', 'default', 'create', '-f', '/tmp/test'], None), + ]) + + def tearDown(self): + '''TearDown method''' + pass + + +if __name__ == "__main__": + unittest.main() diff --git a/roles/lib_openshift/src/test/unit/oc_scale.py b/roles/lib_openshift/src/test/unit/oc_scale.py index d8d5a231f..f15eb164d 100755 --- a/roles/lib_openshift/src/test/unit/oc_scale.py +++ b/roles/lib_openshift/src/test/unit/oc_scale.py @@ -35,8 +35,9 @@ class OCScaleTest(unittest.TestCase): ''' setup method will create a file and set to known configuration ''' pass + @mock.patch('oc_scale.Utils.create_tmpfile_copy') @mock.patch('oc_scale.OCScale.openshift_cmd') - def test_state_list(self, mock_openshift_cmd): + def test_state_list(self, mock_openshift_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'name': 'router', 'namespace': 'default', @@ -70,13 +71,18 @@ class OCScaleTest(unittest.TestCase): 'results': dc, 'returncode': 0}] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = OCScale.run_ansible(params, False) self.assertFalse(results['changed']) self.assertEqual(results['result'][0], 2) + @mock.patch('oc_scale.Utils.create_tmpfile_copy') @mock.patch('oc_scale.OCScale.openshift_cmd') - def test_scale(self, mock_openshift_cmd): + def test_scale(self, mock_openshift_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'name': 'router', 'namespace': 'default', @@ -114,13 +120,18 @@ class OCScaleTest(unittest.TestCase): 'returncode': 0} ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = OCScale.run_ansible(params, False) self.assertFalse(results['changed']) self.assertEqual(results['result'][0], 3) + @mock.patch('oc_scale.Utils.create_tmpfile_copy') @mock.patch('oc_scale.OCScale.openshift_cmd') - def test_no_dc_scale(self, mock_openshift_cmd): + def test_no_dc_scale(self, mock_openshift_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'name': 'not_there', 'namespace': 'default', @@ -138,6 +149,10 @@ class OCScaleTest(unittest.TestCase): 'stdout': ""}, ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = OCScale.run_ansible(params, False) self.assertTrue(results['failed']) diff --git a/roles/lib_openshift/src/test/unit/oc_secret.py b/roles/lib_openshift/src/test/unit/oc_secret.py index c81f0514b..645aac82b 100755 --- a/roles/lib_openshift/src/test/unit/oc_secret.py +++ b/roles/lib_openshift/src/test/unit/oc_secret.py @@ -35,9 +35,10 @@ class OCSecretTest(unittest.TestCase): ''' setup method will create a file and set to known configuration ''' pass + @mock.patch('oc_secret.Utils.create_tmpfile_copy') @mock.patch('oc_secret.Utils._write') @mock.patch('oc_secret.OCSecret._run') - def test_adding_a_secret(self, mock_cmd, mock_write): + def test_adding_a_secret(self, mock_cmd, mock_write, mock_tmpfile_copy): ''' Testing adding a secret ''' # Arrange @@ -64,6 +65,10 @@ class OCSecretTest(unittest.TestCase): (0, 'secret/testsecretname', ''), ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + # Act results = OCSecret.run_ansible(params, False) diff --git a/roles/lib_openshift/src/test/unit/oc_service.py b/roles/lib_openshift/src/test/unit/oc_service.py index 69f7dd49c..4a845e9f3 100755 --- a/roles/lib_openshift/src/test/unit/oc_service.py +++ b/roles/lib_openshift/src/test/unit/oc_service.py @@ -36,8 +36,9 @@ class OCServiceTest(unittest.TestCase): ''' setup method will create a file and set to known configuration ''' pass + @mock.patch('oc_service.Utils.create_tmpfile_copy') @mock.patch('oc_service.OCService._run') - def test_state_list(self, mock_cmd): + def test_state_list(self, mock_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'name': 'router', 'namespace': 'default', @@ -108,13 +109,18 @@ class OCServiceTest(unittest.TestCase): (0, service, '') ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = OCService.run_ansible(params, False) self.assertFalse(results['changed']) self.assertEqual(results['results']['results'][0]['metadata']['name'], 'router') + @mock.patch('oc_service.Utils.create_tmpfile_copy') @mock.patch('oc_service.OCService._run') - def test_create(self, mock_cmd): + def test_create(self, mock_cmd, mock_tmpfile_copy): ''' Testing a create service ''' params = {'name': 'router', 'namespace': 'default', @@ -191,6 +197,10 @@ class OCServiceTest(unittest.TestCase): (0, service, '') ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = OCService.run_ansible(params, False) self.assertTrue(results['changed']) diff --git a/roles/lib_openshift/src/test/unit/oc_serviceaccount.py b/roles/lib_openshift/src/test/unit/oc_serviceaccount.py index dab751bb9..256b569eb 100755 --- a/roles/lib_openshift/src/test/unit/oc_serviceaccount.py +++ b/roles/lib_openshift/src/test/unit/oc_serviceaccount.py @@ -35,8 +35,9 @@ class OCServiceAccountTest(unittest.TestCase): ''' setup method will create a file and set to known configuration ''' pass + @mock.patch('oc_serviceaccount.Utils.create_tmpfile_copy') @mock.patch('oc_serviceaccount.OCServiceAccount._run') - def test_adding_a_serviceaccount(self, mock_cmd): + def test_adding_a_serviceaccount(self, mock_cmd, mock_tmpfile_copy): ''' Testing adding a serviceaccount ''' # Arrange @@ -90,6 +91,10 @@ class OCServiceAccountTest(unittest.TestCase): (0, valid_result_json, ''), ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + # Act results = OCServiceAccount.run_ansible(params, False) diff --git a/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py b/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py index 08fc9f6df..4d555d412 100755 --- a/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py +++ b/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py @@ -35,9 +35,10 @@ class OCServiceAccountSecretTest(unittest.TestCase): ''' setup method will create a file and set to known configuration ''' pass + @mock.patch('oc_serviceaccount_secret.Utils.create_tmpfile_copy') @mock.patch('oc_serviceaccount_secret.Yedit._write') @mock.patch('oc_serviceaccount_secret.OCServiceAccountSecret._run') - def test_adding_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write): + def test_adding_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write, mock_tmpfile_copy): ''' Testing adding a secret to a service account ''' # Arrange @@ -137,6 +138,10 @@ metadata: (0, oc_get_sa_after, ''), # Fourth call to the mock ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + # Act results = OCServiceAccountSecret.run_ansible(params, False) @@ -157,9 +162,10 @@ metadata: mock.call(mock.ANY, builder_yaml_file) ]) + @mock.patch('oc_serviceaccount_secret.Utils.create_tmpfile_copy') @mock.patch('oc_serviceaccount_secret.Yedit._write') @mock.patch('oc_serviceaccount_secret.OCServiceAccountSecret._run') - def test_removing_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write): + def test_removing_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write, mock_tmpfile_copy): ''' Testing removing a secret to a service account ''' # Arrange @@ -229,6 +235,10 @@ metadata: (0, 'serviceaccount "builder" replaced', ''), # Third call to the mock ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + # Act results = OCServiceAccountSecret.run_ansible(params, False) diff --git a/roles/lib_openshift/src/test/unit/oc_version.py b/roles/lib_openshift/src/test/unit/oc_version.py index f927948be..67dea415b 100755 --- a/roles/lib_openshift/src/test/unit/oc_version.py +++ b/roles/lib_openshift/src/test/unit/oc_version.py @@ -35,8 +35,9 @@ class OCVersionTest(unittest.TestCase): ''' setup method will create a file and set to known configuration ''' pass + @mock.patch('oc_version.Utils.create_tmpfile_copy') @mock.patch('oc_version.OCVersion.openshift_cmd') - def test_get(self, mock_openshift_cmd): + def test_get(self, mock_openshift_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig', 'state': 'list', @@ -52,6 +53,10 @@ class OCVersionTest(unittest.TestCase): "returncode": 0} ] + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + results = OCVersion.run_ansible(params) self.assertFalse(results['changed']) diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 4efc77f11..ae3ad31c3 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -87,7 +87,7 @@ # This should NOT replace the CA due to --overwrite=false when a CA already exists. - name: Create the master certificates if they do not already exist command: > - {{ openshift.common.client_binary }} adm create-master-certs + {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-master-certs {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index a61b0db5e..f4c61a75e 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -46,11 +46,11 @@ For default values, see [`defaults/main.yaml`](defaults/main.yaml). testing), `pv` to use persistent volumes (which need to be created before the installation) or `dynamic` for dynamic persistent volumes. -- `openshift_metrics_cassandra_pv_prefix`: The name of persistent volume claims created +- `openshift_metrics_cassandra_pvc_prefix`: The name of persistent volume claims created for cassandra will be this with a serial number appended to the end, starting from 1. -- `openshift_metrics_cassandra_pv_size`: The persistent volume size for each of the +- `openshift_metrics_cassandra_pvc_size`: The persistent volume claim size for each of the Cassandra nodes. - `openshift_metrics_heapster_standalone`: Deploy only heapster, without the Hawkular Metrics and diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml index dd5a20d5b..17614f716 100644 --- a/roles/openshift_metrics/defaults/main.yaml +++ b/roles/openshift_metrics/defaults/main.yaml @@ -17,7 +17,7 @@ openshift_metrics_hawkular_nodeselector: "" openshift_metrics_cassandra_replicas: 1 openshift_metrics_cassandra_storage_type: emptydir -openshift_metrics_cassandra_pv_size: 10Gi +openshift_metrics_cassandra_pvc_size: 10Gi openshift_metrics_cassandra_limits_memory: 2G openshift_metrics_cassandra_limits_cpu: null openshift_metrics_cassandra_requests_memory: 1G @@ -44,7 +44,7 @@ openshift_metrics_master_url: https://kubernetes.default.svc.cluster.local openshift_metrics_node_id: nodename openshift_metrics_project: openshift-infra -openshift_metrics_cassandra_pv_prefix: metrics-cassandra +openshift_metrics_cassandra_pvc_prefix: metrics-cassandra openshift_metrics_hawkular_user_write_access: False diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml index 16a967aa7..4925275e8 100644 --- a/roles/openshift_metrics/tasks/generate_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -1,18 +1,4 @@ --- -- name: create certificate output directory - file: - path: "{{ openshift_metrics_certs_dir }}" - state: directory - mode: 0700 - -- name: list existing secrets - command: > - {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} - --config={{ mktemp.stdout }}/admin.kubeconfig - get secrets -o name - register: metrics_secrets - changed_when: false - - name: generate ca certificate chain shell: > {{ openshift.common.admin_binary }} ca create-signer-cert @@ -22,5 +8,4 @@ --serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt' --name="metrics-signer@$(date +%s)" when: not '{{ openshift_metrics_certs_dir }}/ca.key' | exists -- include: generate_heapster_certificates.yaml - include: generate_hawkular_certificates.yaml diff --git a/roles/openshift_metrics/tasks/generate_rolebindings.yaml b/roles/openshift_metrics/tasks/generate_rolebindings.yaml index 6524c3f32..e050c8eb2 100644 --- a/roles/openshift_metrics/tasks/generate_rolebindings.yaml +++ b/roles/openshift_metrics/tasks/generate_rolebindings.yaml @@ -13,21 +13,3 @@ - kind: ServiceAccount name: hawkular changed_when: no - -- name: generate cluster-reader role binding for the heapster service account - template: - src: rolebinding.j2 - dest: "{{ mktemp.stdout }}/templates/heapster-rolebinding.yaml" - vars: - cluster: True - obj_name: heapster-cluster-reader - labels: - metrics-infra: heapster - roleRef: - kind: ClusterRole - name: cluster-reader - subjects: - - kind: ServiceAccount - name: heapster - namespace: "{{ openshift_metrics_project }}" - changed_when: no diff --git a/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml b/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml index 94f34d860..e9d70f74f 100644 --- a/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml +++ b/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml @@ -13,15 +13,3 @@ - name: cassandra secret: hawkular-cassandra-secrets changed_when: no - -- name: Generating serviceaccount for heapster - template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-sa.yaml - vars: - obj_name: heapster - labels: - metrics-infra: support - secrets: - - heapster-secrets - - hawkular-metrics-certificate - - hawkular-metrics-account - changed_when: no diff --git a/roles/openshift_metrics/tasks/generate_services.yaml b/roles/openshift_metrics/tasks/generate_services.yaml index 903d52bff..47d3c5c2e 100644 --- a/roles/openshift_metrics/tasks/generate_services.yaml +++ b/roles/openshift_metrics/tasks/generate_services.yaml @@ -1,17 +1,4 @@ --- -- name: Generate service for heapster - template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml - vars: - obj_name: heapster - ports: - - {port: 80, targetPort: http-endpoint} - selector: - name: "{{obj_name}}" - labels: - metrics-infra: "{{obj_name}}" - name: "{{obj_name}}" - changed_when: no - - name: Generate service for hawkular-metrics template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml vars: diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml index 9e25071af..df39c1e1f 100644 --- a/roles/openshift_metrics/tasks/install_cassandra.yaml +++ b/roles/openshift_metrics/tasks/install_cassandra.yaml @@ -27,12 +27,12 @@ src: pvc.j2 dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" vars: - obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}" + obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}" labels: metrics-infra: hawkular-cassandra access_modes: - ReadWriteOnce - size: "{{ openshift_metrics_cassandra_pv_size }}" + size: "{{ openshift_metrics_cassandra_pvc_size }}" with_sequence: count={{ openshift_metrics_cassandra_replicas }} when: openshift_metrics_cassandra_storage_type == 'pv' changed_when: false @@ -42,14 +42,14 @@ src: pvc.j2 dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" vars: - obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}" + obj_name: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ item }}" labels: metrics-infra: hawkular-cassandra annotations: volume.alpha.kubernetes.io/storage-class: dynamic access_modes: - ReadWriteOnce - size: "{{ openshift_metrics_cassandra_pv_size }}" + size: "{{ openshift_metrics_cassandra_pvc_size }}" with_sequence: count={{ openshift_metrics_cassandra_replicas }} when: openshift_metrics_cassandra_storage_type == 'dynamic' changed_when: false diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml index 44bab8ace..c490bcdd3 100644 --- a/roles/openshift_metrics/tasks/install_heapster.yaml +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -13,3 +13,55 @@ replica_count: "{{heapster_replica_count.stdout | default(0)}}" node_selector: "{{openshift_metrics_heapster_nodeselector | default('') }}" changed_when: no + +- set_fact: + heapster_sa_secrets: ["heapster-secrets"] + +- set_fact: + heapster_sa_secrets: "{{ heapster_sa_secrets + [item] }}" + with_items: + - hawkular-metrics-certificate + - hawkular-metrics-account + when: "not {{ openshift_metrics_heapster_standalone | bool }}" + +- name: Generating serviceaccount for heapster + template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-sa.yaml + vars: + obj_name: heapster + labels: + metrics-infra: support + secrets: "{{ heapster_sa_secrets }}" + changed_when: no + +- name: Generate service for heapster + template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml + vars: + obj_name: heapster + ports: + - {port: 80, targetPort: http-endpoint} + selector: + name: "{{obj_name}}" + labels: + metrics-infra: "{{obj_name}}" + name: "{{obj_name}}" + changed_when: no + +- name: generate cluster-reader role binding for the heapster service account + template: + src: rolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/heapster-rolebinding.yaml" + vars: + cluster: True + obj_name: heapster-cluster-reader + labels: + metrics-infra: heapster + roleRef: + kind: ClusterRole + name: cluster-reader + subjects: + - kind: ServiceAccount + name: heapster + namespace: "{{ openshift_metrics_project }}" + changed_when: no + +- include: generate_heapster_certificates.yaml diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index ddaa54438..66925c113 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -1,14 +1,5 @@ --- -- name: Check that hawkular_metrics_hostname is set - fail: msg='the openshift_metrics_hawkular_hostname variable is required' - when: openshift_metrics_hawkular_hostname is not defined - -- name: Check the value of openshift_metrics_cassandra_storage_type - fail: - msg: > - openshift_metrics_cassandra_storage_type ({{ openshift_metrics_cassandra_storage_type }}) - is invalid, must be one of: emptydir, pv, dynamic - when: openshift_metrics_cassandra_storage_type not in openshift_metrics_cassandra_storage_types +- include: pre_install.yaml - name: Install Metrics include: "{{ role_path }}/tasks/install_{{ include_file }}.yaml" @@ -19,6 +10,11 @@ - cassandra loop_control: loop_var: include_file + when: "not {{ openshift_metrics_heapster_standalone | bool }}" + +- name: Install Heapster Standalone + include: install_heapster.yaml + when: "{{ openshift_metrics_heapster_standalone | bool }}" - find: paths={{ mktemp.stdout }}/templates patterns=*.yaml register: object_def_files diff --git a/roles/openshift_metrics/tasks/pre_install.yaml b/roles/openshift_metrics/tasks/pre_install.yaml new file mode 100644 index 000000000..262acd546 --- /dev/null +++ b/roles/openshift_metrics/tasks/pre_install.yaml @@ -0,0 +1,27 @@ +--- +- name: Check that hawkular_metrics_hostname is set + fail: msg='the openshift_metrics_hawkular_hostname variable is required' + when: openshift_metrics_hawkular_hostname is not defined + +- name: Check the value of openshift_metrics_cassandra_storage_type + fail: + msg: > + openshift_metrics_cassandra_storage_type ({{ openshift_metrics_cassandra_storage_type }}) + is invalid, must be one of: emptydir, pv, dynamic + when: + - openshift_metrics_cassandra_storage_type not in openshift_metrics_cassandra_storage_types + - "not {{ openshift_metrics_heapster_standalone | bool }}" + +- name: create certificate output directory + file: + path: "{{ openshift_metrics_certs_dir }}" + state: directory + mode: 0700 + +- name: list existing secrets + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get secrets -o name + register: metrics_secrets + changed_when: false diff --git a/roles/openshift_metrics/tasks/start_metrics.yaml b/roles/openshift_metrics/tasks/start_metrics.yaml index f02774e47..b5a1c8f06 100644 --- a/roles/openshift_metrics/tasks/start_metrics.yaml +++ b/roles/openshift_metrics/tasks/start_metrics.yaml @@ -19,6 +19,8 @@ with_items: "{{metrics_cassandra_rc.stdout_lines}}" loop_control: loop_var: object + when: metrics_cassandra_rc is defined + changed_when: "{{metrics_cassandra_rc | length > 0 }}" - command: > {{openshift.common.client_binary}} @@ -40,6 +42,7 @@ with_items: "{{metrics_metrics_rc.stdout_lines}}" loop_control: loop_var: object + changed_when: "{{metrics_metrics_rc | length > 0 }}" - command: > {{openshift.common.client_binary}} diff --git a/roles/openshift_metrics/tasks/stop_metrics.yaml b/roles/openshift_metrics/tasks/stop_metrics.yaml index 5a73443a8..f69bb0f11 100644 --- a/roles/openshift_metrics/tasks/stop_metrics.yaml +++ b/roles/openshift_metrics/tasks/stop_metrics.yaml @@ -41,6 +41,7 @@ with_items: "{{metrics_hawkular_rc.stdout_lines}}" loop_control: loop_var: object + changed_when: "{{metrics_hawkular_rc | length > 0 }}" - command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig @@ -62,3 +63,4 @@ loop_control: loop_var: object when: metrics_cassandra_rc is defined + changed_when: "{{metrics_cassandra_rc | length > 0 }}" diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 876cb1915..6f6efc469 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -124,7 +124,7 @@ spec: emptyDir: {} {% else %} persistentVolumeClaim: - claimName: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ node }}" + claimName: "{{ openshift_metrics_cassandra_pvc_prefix }}-{{ node }}" {% endif %} - name: hawkular-cassandra-secrets secret: |