Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add playbooks to regenerate TLS certificates for openshift-monitoring #11472

Merged
merged 1 commit into from Apr 8, 2019
Merged

Add playbooks to regenerate TLS certificates for openshift-monitoring #11472

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
125 changes: 125 additions & 0 deletions playbooks/openshift-monitoring/private/redeploy-certificates.yml
View file
Open in desktop
@@ -0,0 +1,125 @@
---
- name: Update monitoring certificates
hosts: oo_first_master
vars:
roles:
- lib_openshift
- openshift_facts
tasks:
- name: Remove TLS secret
oc_obj:
name: "{{ item }}"
kind: secret
state: absent
namespace: openshift-monitoring
with_items:
- alertmanager-main-tls
- grafana-tls
- kube-state-metrics-tls
- node-exporter-tls
- prometheus-k8s-tls

- name: Remove Prometheus pods
oc_obj:
selector: "app=prometheus"
kind: pod
state: absent
namespace: openshift-monitoring

- name: Verify that the Prometheus is running
oc_obj:
namespace: openshift-monitoring
kind: statefulset
state: list
name: prometheus-k8s
register: prometheus_ss
until:
- prometheus_ss.results.results[0].status.readyReplicas is defined
- prometheus_ss.results.results[0].status.readyReplicas > 0
retries: 60
delay: 10
changed_when: false

- name: Remove Alertmanager pods
oc_obj:
selector: "app=alertmanager"
kind: pod
state: absent
namespace: openshift-monitoring

- name: Verify that the Alertmanager is running
oc_obj:
namespace: openshift-monitoring
kind: statefulset
state: list
name: alertmanager-main
register: alertmanager_ss
until:
- alertmanager_ss.results.results[0].status.readyReplicas is defined
- alertmanager_ss.results.results[0].status.readyReplicas > 0
retries: 60
delay: 10
changed_when: false

- name: Remove kube-state-metrics pods
oc_obj:
selector: "app=kube-state-metrics"
kind: pod
state: absent
namespace: openshift-monitoring

- name: Verify that the Kube State Metrics is running
oc_obj:
namespace: openshift-monitoring
kind: deployment
state: list
name: kube-state-metrics
register: kube_state_metrics_deployment
until:
- kube_state_metrics_deployment.results.results[0].status.readyReplicas is defined
- kube_state_metrics_deployment.results.results[0].status.readyReplicas > 0
retries: 60
delay: 10
changed_when: false

- name: Remove grafana pods
oc_obj:
selector: "app=grafana"
kind: pod
state: absent
namespace: openshift-monitoring

- name: Verify that the Grafana is running
oc_obj:
namespace: openshift-monitoring
kind: deployment
state: list
name: grafana
register: grafana_deployment
until:
- grafana_deployment.results.results[0].status.readyReplicas is defined
- grafana_deployment.results.results[0].status.readyReplicas > 0
retries: 60
delay: 10
changed_when: false

- name: Remove node-exporter pods
oc_obj:
selector: "app=node-exporter"
kind: pod
state: absent
namespace: openshift-monitoring

- name: Verify that the node-exporter is running
oc_obj:
namespace: openshift-monitoring
kind: daemonset
state: list
name: node-exporter
register: node_exporter_ds
until:
- node_exporter_ds.results.results[0].status.numberReady is defined
- node_exporter_ds.results.results[0].status.numberReady > 0
retries: 60
delay: 10
changed_when: false
4 changes: 4 additions & 0 deletions playbooks/openshift-monitoring/redeploy-certificates.yml
View file
Open in desktop
@@ -0,0 +1,4 @@
---
- import_playbook: ../init/main.yml

- import_playbook: private/redeploy-certificates.yml
3 changes: 3 additions & 0 deletions playbooks/redeploy-certificates.yml
View file
Open in desktop
Expand Up @@ -30,3 +30,6 @@

- import_playbook: openshift-console/private/redeploy-certificates.yml
when: openshift_console_install | default(true) | bool

- import_playbook: openshift-monitoring/private/redeploy-certificates.yml
when: openshift_cluster_monitoring_operator_install | default(true) | bool