diff options
-rw-r--r-- | roles/openshift_metrics/README.md | 28 | ||||
-rw-r--r-- | roles/openshift_metrics/defaults/main.yaml | 27 | ||||
-rw-r--r-- | roles/openshift_metrics/tasks/cleanup.yaml | 4 | ||||
-rw-r--r-- | roles/openshift_metrics/tasks/generate_certificates.yaml | 8 | ||||
-rw-r--r-- | roles/openshift_metrics/tasks/generate_rolebindings.yaml | 2 | ||||
-rw-r--r-- | roles/openshift_metrics/tasks/install_hawkular.yaml | 18 | ||||
-rw-r--r-- | roles/openshift_metrics/tasks/main.yaml | 12 | ||||
-rw-r--r-- | roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 | 6 | ||||
-rw-r--r-- | roles/openshift_metrics/templates/hawkular_metrics_rc.j2 | 10 | ||||
-rw-r--r-- | roles/openshift_metrics/templates/heapster.j2 | 14 | ||||
-rw-r--r-- | roles/openshift_metrics/vars/main.yaml | 2 |
11 files changed, 66 insertions, 65 deletions
diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index ac5353886..b79b472d3 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -8,9 +8,9 @@ Requirements The following variables need to be set and will be validated: -- `metrics_hostname`: hostname used on the hawkular metrics route. +- `openshift_metrics_hostname`: hostname used on the hawkular metrics route. -- `metrics_project`: project (i.e. namespace) where the components will be +- `openshift_metrics_project`: project (i.e. namespace) where the components will be deployed. @@ -19,45 +19,45 @@ Role Variables For default values, see [`defaults/main.yaml`](defaults/main.yaml). -- `image_prefix`: Specify prefix for metrics components; e.g for +- `openshift_metrics_image_prefix`: Specify prefix for metrics components; e.g for "openshift/origin-metrics-deployer:v1.1", set prefix "openshift/origin-". -- `image_version`: Specify version for metrics components; e.g. for +- `openshift_metrics_image_version`: Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:v1.1", set version "v1.1". -- `master_url`: Internal URL for the master, for authentication retrieval. +- `openshift_metrics_master_url`: Internal URL for the master, for authentication retrieval. -- `hawkular_user_write_access`: If user accounts should be able to write +- `openshift_metrics_hawkular_user_write_access`: If user accounts should be able to write metrics. Defaults to 'false' so that only Heapster can write metrics and not individual users. It is recommended to disable user write access, if enabled any user will be able to write metrics to the system which can affect performance and use Cassandra disk usage to unpredictably increase. -- `hawkular_cassandra_nodes`: The number of Cassandra Nodes to deploy for the +- `openshift_metrics_hawkular_cassandra_nodes`: The number of Cassandra Nodes to deploy for the initial cluster. -- `hawkular_cassandra_storage_type`: Use `emptydir` for ephemeral storage (for +- `openshift_metrics_hawkular_cassandra_storage_type`: Use `emptydir` for ephemeral storage (for testing), `pv` to use persistent volumes (which need to be created before the installation) or `dynamic` for dynamic persistent volumes. -- `hawkular_cassandra_pv_prefix`: The name of persistent volume claims created +- `openshift_metrics_hawkular_cassandra_pv_prefix`: The name of persistent volume claims created for cassandra will be this with a serial number appended to the end, starting from 1. -- `hawkular_cassandra_pv_size`: The persistent volume size for each of the +- `openshift_metrics_hawkular_cassandra_pv_size`: The persistent volume size for each of the Cassandra nodes. -- `heapster_standalone`: Deploy only heapster, without the Hawkular Metrics and +- `openshift_metrics_heapster_standalone`: Deploy only heapster, without the Hawkular Metrics and Cassandra components. -- `heapster_allowed_users`: A comma-separated list of CN to accept. By +- `openshift_metrics_heapster_allowed_users`: A comma-separated list of CN to accept. By default, this is set to allow the OpenShift service proxy to connect. If you override this, make sure to add `system:master-proxy` to the list in order to allow horizontal pod autoscaling to function properly. -- `metrics_duration`: How many days metrics should be stored for. +- `openshift_metrics_duration`: How many days metrics should be stored for. -- `metrics_resolution`: How often metrics should be gathered. +- `openshift_metrics_resolution`: How often metrics should be gathered. Dependencies diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml index cb4fbdee2..8d2ff8a62 100644 --- a/roles/openshift_metrics/defaults/main.yaml +++ b/roles/openshift_metrics/defaults/main.yaml @@ -1,17 +1,18 @@ --- -image_prefix: docker.io/openshift/origin- -image_version: latest -master_url: https://kubernetes.default.svc.cluster.local +openshift_metrics_image_prefix: docker.io/openshift/origin- +openshift_metrics_image_version: latest +openshift_metrics_master_url: https://kubernetes.default.svc.cluster.local +openshift_metrics_project: openshift-infra -hawkular_user_write_access: False -hawkular_cassandra_nodes: 1 -hawkular_cassandra_storage_type: emptydir -hawkular_cassandra_pv_prefix: metrics-cassandra -hawkular_cassandra_pv_size: 10Gi +openshift_metrics_hawkular_user_write_access: False +openshift_metrics_hawkular_cassandra_nodes: 1 +openshift_metrics_hawkular_cassandra_storage_type: emptydir +openshift_metrics_hawkular_cassandra_pv_prefix: metrics-cassandra +openshift_metrics_hawkular_cassandra_pv_size: 10Gi -heapster_standalone: False -heapster_allowed_users: system:master-proxy +openshift_metrics_heapster_standalone: False +openshift_metrics_heapster_allowed_users: system:master-proxy -metrics_duration: 7 -metrics_resolution: 15s -metrics_node_id: nodename +openshift_metrics_duration: 7 +openshift_metrics_resolution: 15s +openshift_metrics_node_id: nodename diff --git a/roles/openshift_metrics/tasks/cleanup.yaml b/roles/openshift_metrics/tasks/cleanup.yaml index a61fed7b4..a29faef31 100644 --- a/roles/openshift_metrics/tasks/cleanup.yaml +++ b/roles/openshift_metrics/tasks/cleanup.yaml @@ -1,14 +1,14 @@ --- - name: remove metrics components command: > - {{ openshift.common.client_binary }} -n '{{ metrics_project }}' + {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}' delete --selector=metrics-infra all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings register: delete_metrics changed_when: "delete_metrics.stdout != 'No resources found'" - name: remove rolebindings command: > - {{ openshift.common.client_binary }} -n {{ metrics_project }} + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} delete --ignore-not-found rolebinding/hawkular-view clusterrolebinding/heapster-cluster-reader diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml index b1ecf46b9..9f6a3348e 100644 --- a/roles/openshift_metrics/tasks/generate_certificates.yaml +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -25,14 +25,14 @@ # TODO maybe there's an easier way to get the service accounts' ca crt? - name: get heapster service account secrets shell: > - {{ openshift.common.client_binary }} -n '{{ metrics_project }}' + {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}' get serviceaccount/default --template '{{ '{{range .secrets}}{{println .name}}{{end}}' }}' | grep ^default-token- register: sa_secret - name: get heapster service account ca command: > - {{ openshift.common.client_binary }} -n '{{ metrics_project }}' + {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}' get 'secret/{{ sa_secret.stdout }}' --template '{{ '{{index .data "ca.crt"}}' }}' register: sa_secret @@ -54,12 +54,12 @@ heapster.cert: "{{ heapster_secret.results[0].stdout }}" heapster.key: "{{ heapster_secret.results[1].stdout }}" heapster.client-ca: "{{ sa_secret.stdout }}" - heapster.allowed-users: "{{ heapster_allowed_users|b64encode }}" + heapster.allowed-users: "{{ openshift_metrics_heapster_allowed_users|b64encode }}" - name: generate hawkular-metrics certificates include: setup_certificate.yaml vars: component: hawkular-metrics - hostnames: "hawkular-metrics,{{ hawkular_metrics_hostname }}" + hostnames: "hawkular-metrics,{{ openshift_metrics_hawkular_metrics_hostname }}" - name: generate hawkular-cassandra certificates include: setup_certificate.yaml vars: diff --git a/roles/openshift_metrics/tasks/generate_rolebindings.yaml b/roles/openshift_metrics/tasks/generate_rolebindings.yaml index d1bc7374a..9a72b24fe 100644 --- a/roles/openshift_metrics/tasks/generate_rolebindings.yaml +++ b/roles/openshift_metrics/tasks/generate_rolebindings.yaml @@ -27,4 +27,4 @@ subjects: - kind: ServiceAccount name: heapster - namespace: "{{ metrics_project }}" + namespace: "{{ openshift_metrics_project }}" diff --git a/roles/openshift_metrics/tasks/install_hawkular.yaml b/roles/openshift_metrics/tasks/install_hawkular.yaml index 670396f6e..9a39cce34 100644 --- a/roles/openshift_metrics/tasks/install_hawkular.yaml +++ b/roles/openshift_metrics/tasks/install_hawkular.yaml @@ -10,35 +10,35 @@ vars: node: "{{ item }}" master: "{{ (item == '1')|string|lower }}" - with_sequence: count={{ hawkular_cassandra_nodes }} + with_sequence: count={{ openshift_metrics_hawkular_cassandra_nodes }} - name: generate hawkular-cassandra persistent volume claims template: src: pvc.j2 dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" vars: - obj_name: "{{ hawkular_cassandra_pv_prefix }}-{{ item }}" + obj_name: "{{ openshift_metrics_hawkular_cassandra_pv_prefix }}-{{ item }}" labels: metrics-infra: hawkular-cassandra access_modes: - ReadWriteOnce - size: "{{ hawkular_cassandra_pv_size }}" - with_sequence: count={{ hawkular_cassandra_nodes }} - when: hawkular_cassandra_storage_type == 'pv' + size: "{{ openshift_metrics_hawkular_cassandra_pv_size }}" + with_sequence: count={{ openshift_metrics_hawkular_cassandra_nodes }} + when: openshift_metrics_hawkular_cassandra_storage_type == 'pv' - name: generate hawkular-cassandra persistent volume claims (dynamic) template: src: pvc.j2 dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" vars: - obj_name: "{{ hawkular_cassandra_pv_prefix }}-{{ item }}" + obj_name: "{{ openshift_metrics_hawkular_cassandra_pv_prefix }}-{{ item }}" labels: metrics-infra: hawkular-cassandra annotations: volume.alpha.kubernetes.io/storage-class: dynamic access_modes: - ReadWriteOnce - size: "{{ hawkular_cassandra_pv_size }}" - with_sequence: count={{ hawkular_cassandra_nodes }} - when: hawkular_cassandra_storage_type == 'dynamic' + size: "{{ openshift_metrics_hawkular_cassandra_pv_size }}" + with_sequence: count={{ openshift_metrics_hawkular_cassandra_nodes }} + when: openshift_metrics_hawkular_cassandra_storage_type == 'dynamic' - name: generate the hawkular-metrics route template: src: route.j2 diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index e9a5fbebd..79aae1e0b 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,13 +1,13 @@ --- - name: check that hawkular_metrics_hostname is set - fail: msg='the hawkular_metrics_hostname variable is required' - when: "{{ hawkular_metrics_hostname is not defined }}" -- name: check the value of hawkular_cassandra_storage_type + fail: msg='the openshift_metrics_hawkular_metrics_hostname variable is required' + when: "{{ openshift_metrics_hawkular_metrics_hostname is not defined }}" +- name: check the value of openshift_metrics_hawkular_cassandra_storage_type fail: msg: > - hawkular_cassandra_storage_type ({{ hawkular_cassandra_storage_type }}) + openshift_metrics_hawkular_cassandra_storage_type ({{ openshift_metrics_hawkular_cassandra_storage_type }}) is invalid, must be one of: emptydir, pv, dynamic - when: hawkular_cassandra_storage_type not in hawkular_cassandra_storage_types + when: openshift_metrics_hawkular_cassandra_storage_type not in openshift_metrics_hawkular_cassandra_storage_types - name: Install Metrics include: "{{ role_path }}/tasks/install_{{ include_file }}.yaml" with_items: @@ -18,7 +18,7 @@ loop_var: include_file - name: create objects command: > - {{ openshift.common.client_binary }} -n '{{ metrics_project }}' + {{ openshift.common.client_binary }} -n '{{ openshift_metrics_project }}' apply -f {{ item }} with_fileglob: - "{{ mktemp.stdout }}/templates/*.yaml" diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index bb8866263..525f32859 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -20,7 +20,7 @@ spec: spec: serviceAccount: cassandra containers: - - image: "{{ image_prefix }}metrics-cassandra:{{ image_version }}" + - image: "{{ openshift_metrics_image_prefix }}metrics-cassandra:{{ openshift_metrics_image_version }}" name: hawkular-cassandra-{{ node }} ports: - name: cql-port @@ -83,11 +83,11 @@ spec: terminationGracePeriodSeconds: 1800 volumes: - name: cassandra-data -{% if hawkular_cassandra_storage_type == 'emptydir' %} +{% if openshift_metrics_hawkular_cassandra_storage_type == 'emptydir' %} emptyDir: {} {% else %} persistentVolumeClaim: - claimName: "{{ hawkular_cassandra_pv_prefix }}-{{ node }}" + claimName: "{{ openshift_metrics_hawkular_cassandra_pv_prefix }}-{{ node }}" {% endif %} - name: hawkular-cassandra-secrets secret: diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index bcfe9dc84..6f1275809 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -18,7 +18,7 @@ spec: spec: serviceAccount: hawkular containers: - - image: {{image_prefix}}metrics-hawkular-metrics:{{image_version}} + - image: {{openshift_metrics_image_prefix}}metrics-hawkular-metrics:{{openshift_metrics_image_version}} name: hawkular-metrics ports: - name: http-endpoint @@ -36,7 +36,7 @@ spec: - "-Dhawkular.metrics.openshift.auth-methods=openshift-oauth,htpasswd" - "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization" - - "-Dhawkular.metrics.default-ttl={{metrics_duration}}" + - "-Dhawkular.metrics.default-ttl={{openshift_metrics_duration}}" - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra" - "-Dhawkular-alerts.cassandra-use-ssl" - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd" @@ -44,8 +44,8 @@ spec: - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization" - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" - - "-DKUBERNETES_MASTER_URL={{master_url}}" - - "-DUSER_WRITE_ACCESS={{hawkular_user_write_access}}" + - "-DKUBERNETES_MASTER_URL={{openshift_metrics_master_url}}" + - "-DUSER_WRITE_ACCESS={{openshift_metrics_hawkular_user_write_access}}" - "--hmw.keystore=/secrets/hawkular-metrics.keystore" - "--hmw.truststore=/secrets/hawkular-metrics.truststore" - "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password" @@ -59,7 +59,7 @@ spec: fieldRef: fieldPath: metadata.namespace - name: MASTER_URL - value: "{{ master_url }}" + value: "{{ openshift_metrics_master_url }}" - name: OPENSHIFT_KUBE_PING_NAMESPACE valueFrom: fieldRef: diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index 779be0145..e4b4b9739 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -20,29 +20,29 @@ spec: serviceAccountName: heapster containers: - name: heapster - image: {{image_prefix}}metrics-heapster:{{image_version}} + image: {{openshift_metrics_image_prefix}}metrics-heapster:{{openshift_metrics_image_version}} ports: - containerPort: 8082 name: "http-endpoint" command: - "heapster-wrapper.sh" - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users" - - "--source=kubernetes:{{master_url}}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" + - "--source=kubernetes:{{openshift_metrics_master_url}}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" - "--tls_cert=/secrets/heapster.cert" - "--tls_key=/secrets/heapster.key" - "--tls_client_ca=/secrets/heapster.client-ca" - "--allowed_users=%allowed_users%" - - "--metric_resolution={{metrics_resolution}}" -{% if not heapster_standalone %} + - "--metric_resolution={{openshift_metrics_resolution}}" +{% if not openshift_metrics_heapster_standalone %} - "--wrapper.username_file=/hawkular-account/hawkular-metrics.username" - "--wrapper.password_file=/hawkular-account/hawkular-metrics.password" - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status" - - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" + - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{openshift_metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" {% endif %} volumeMounts: - name: heapster-secrets mountPath: "/secrets" -{% if not heapster_standalone %} +{% if not openshift_metrics_heapster_standalone %} - name: hawkular-metrics-certificate mountPath: "/hawkular-cert" - name: hawkular-metrics-account @@ -56,7 +56,7 @@ spec: - name: heapster-secrets secret: secretName: heapster-secrets -{% if not heapster_standalone %} +{% if not openshift_metrics_heapster_standalone %} - name: hawkular-metrics-certificate secret: secretName: hawkular-metrics-certificate diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml index eb02a87fd..25307c23c 100644 --- a/roles/openshift_metrics/vars/main.yaml +++ b/roles/openshift_metrics/vars/main.yaml @@ -1,4 +1,4 @@ -hawkular_cassandra_storage_types: +openshift_metrics_hawkular_cassandra_storage_types: - emptydir - pv - dynamic |