Install web console server

Author: spadgett

files/origin-components/console-config.yaml

@@ -0,0 +1,21 @@
+kind: AssetConfig
+apiVersion: v1
+extensionDevelopment: false
+extensionProperties: null
+extensionScripts: null
+extensionStylesheets: null
+extensions: null
+loggingPublicURL: ""
+logoutURL: ""
+masterPublicURL: https://127.0.0.1:8443
+metricsPublicURL: ""
+publicURL: https://127.0.0.1:8443/console/
+servingInfo:
+  bindAddress: 0.0.0.0:8443
+  bindNetwork: tcp4
+  certFile: /var/serving-cert/tls.crt
+  clientCA: ""
+  keyFile: /var/serving-cert/tls.key
+  maxRequestsInFlight: 0
+  namedCertificates: null
+  requestTimeoutSeconds: 0

files/origin-components/console-template.yaml

@@ -0,0 +1,114 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: openshift-web-console
+  annotations:
+    openshift.io/display-name: OpenShift Web Console
+    description: The server for the OpenShift web console.
+    iconClass: icon-openshift
+    tags: openshift,infra
+    openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server
+    openshift.io/support-url: https://access.redhat.com
+    openshift.io/provider-display-name: Red Hat, Inc.
+parameters:
+- name: IMAGE
+  value: openshift/origin-web-console:latest
+- name: NAMESPACE
+  value: openshift-web-console
+- name: LOGLEVEL
+  value: "0"
+- name: API_SERVER_CONFIG
+- name: NODE_SELECTOR
+  value: "{}"
+- name: REPLICA_COUNT
+  value: "1"
+objects:
+
+# to create the web console server
+- apiVersion: apps/v1beta1
+  kind: Deployment
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+      webconsole: "true"
+  spec:
+    replicas: "${{REPLICA_COUNT}}"
+    strategy:
+      type: Recreate
+    template:
+      metadata:
+        name: webconsole
+        labels:
+          webconsole: "true"
+      spec:
+        serviceAccountName: webconsole
+        containers:
+        - name: webconsole
+          image: ${IMAGE}
+          imagePullPolicy: IfNotPresent
+          command:
+          - "/usr/bin/origin-web-console"
+          - "--audit-log-path=-"
+          - "--config=/var/webconsole-config/webconsole-config.yaml"
+          ports:
+          - containerPort: 8443
+          volumeMounts:
+          - mountPath: /var/serving-cert
+            name: serving-cert
+          - mountPath: /var/webconsole-config
+            name: webconsole-config
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8443
+              scheme: HTTPS
+        nodeSelector: "${{NODE_SELECTOR}}"
+        volumes:
+        - name: serving-cert
+          secret:
+            defaultMode: 420
+            secretName: webconsole-serving-cert
+        - name: webconsole-config
+          configMap:
+            defaultMode: 420
+            name: webconsole-config
+
+# to create the config for the web console
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole-config
+    labels:
+      app: openshift-web-console
+  data:
+    webconsole-config.yaml: ${API_SERVER_CONFIG}
+
+# to be able to assign powers to the process
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+
+# to be able to expose web console inside the cluster
+- apiVersion: v1
+  kind: Service
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+    annotations:
+      service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert
+  spec:
+    selector:
+      webconsole: "true"
+    ports:
+    - name: https
+      port: 443
+      targetPort: 8443

playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml

@@ -22,6 +22,10 @@
 
 - import_playbook: validator.yml
 
+# Install the web console before upgrading the masters since 3.9 masters will
+# immediately begin proxying to the webconsole service.
+- import_playbook: ../../../../openshift-web-console/private/config.yml
+
 - name: Flag pre-upgrade checks complete for hosts without errors
   hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config
   tasks:

playbooks/deploy_cluster.yml

@@ -22,6 +22,9 @@
 
 - import_playbook: openshift-hosted/private/config.yml
 
+- import_playbook: openshift-web-console/private/config.yml
+  when: openshift_web_console_install | default(true) | bool
+
 - import_playbook: openshift-metrics/private/config.yml
   when: openshift_metrics_install_metrics | default(false) | bool
 

playbooks/openshift-logging/private/config.yml

@@ -16,6 +16,7 @@
   roles:
   - openshift_logging
 
+# TODO: Remove when master config property is removed
 - name: Update Master configs
   hosts: oo_masters:!oo_first_master
   tasks:

playbooks/openshift-metrics/private/config.yml

@@ -16,6 +16,7 @@
   roles:
   - role: openshift_metrics
 
+# TODO: Remove when master config property is removed
 - name: OpenShift Metrics
   hosts: oo_masters:!oo_first_master
   serial: 1

playbooks/openshift-web-console/config.yml

@@ -0,0 +1,4 @@
+---
+- import_playbook: ../init/main.yml
+
+- import_playbook: private/config.yml

playbooks/openshift-web-console/private/config.yml

@@ -0,0 +1,31 @@
+---
+- name: Web Console Install Checkpoint Start
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set Web Console install 'In Progress'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_web_console:
+          status: "In Progress"
+          start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"
+
+- name: Web Console
+  hosts: oo_first_master
+  roles:
+  - openshift_web_console
+  vars:
+    first_master: "{{ groups.oo_first_master[0] }}"
+
+- name: Web Console Install Checkpoint End
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Set Web Console install 'Complete'
+    run_once: true
+    set_stats:
+      data:
+        installer_phase_web_console:
+          status: "Complete"
+          end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}"

playbooks/openshift-web-console/private/roles

@@ -0,0 +1 @@
+../../../roles/

roles/installer_checkpoint/callback_plugins/installer_checkpoint.py

@@ -31,6 +31,7 @@ def v2_playbook_on_stats(self, stats):
             'installer_phase_node',
             'installer_phase_glusterfs',
             'installer_phase_hosted',
+            'installer_phase_web_console',
             'installer_phase_metrics',
             'installer_phase_logging',
             'installer_phase_prometheus',
@@ -80,6 +81,10 @@ def v2_playbook_on_stats(self, stats):
                 'title': 'Hosted Install',
                 'playbook': 'playbooks/openshift-hosted/config.yml'
             },
+            'installer_phase_web_console': {
+                'title': 'Web Console Install',
+                'playbook': 'playbooks/openshift-web-console/config.yml'
+            },
             'installer_phase_metrics': {
                 'title': 'Metrics Install',
                 'playbook': 'playbooks/openshift-metrics/config.yml'

roles/openshift_logging/tasks/delete_logging.yaml

@@ -130,3 +130,14 @@
     name: openshift_logging_eventrouter
   when:
     not openshift_logging_install_eventrouter | default(false) | bool
+
+# Update asset config in openshift-web-console namespace
+- name: Remove Kibana route information from web console asset config
+  include_role:
+    name: openshift_web_console
+    tasks_from: update_asset_config.yml
+  vars:
+    asset_config_edits:
+      - key: loggingPublicURL
+        value: ""
+  when: openshift_web_console_install | default(true) | bool

roles/openshift_logging/tasks/install_logging.yaml

@@ -311,4 +311,16 @@
     openshift_logging_install_eventrouter | default(false) | bool
 
 
+# TODO: Remove when asset config is removed from master-config.yaml
 - include_tasks: update_master_config.yaml
+
+# Update asset config in openshift-web-console namespace
+- name: Add Kibana route information to web console asset config
+  include_role:
+    name: openshift_web_console
+    tasks_from: update_asset_config.yml
+  vars:
+    asset_config_edits:
+    - key: loggingPublicURL
+      value: "https://{{ openshift_logging_kibana_hostname }}"
+  when: openshift_web_console_install | default(true) | bool

roles/openshift_logging/tasks/update_master_config.yaml

@@ -1,4 +1,5 @@
 ---
+# TODO: Remove when asset config is removed from master-config.yaml
 - name: Adding Kibana route information to loggingPublicURL
   modify_yaml:
     dest: "{{ openshift.common.config_base }}/master/master-config.yaml"

roles/openshift_metrics/tasks/install_metrics.yaml

@@ -67,8 +67,20 @@
   with_items: "{{ hawkular_agent_object_defs.results }}"
   when: openshift_metrics_install_hawkular_agent | bool
 
+# TODO: Remove when asset config is removed from master-config.yaml
 - include_tasks: update_master_config.yaml
 
+# Update asset config in openshift-web-console namespace
+- name: Add metrics route information to web console asset config
+  include_role:
+    name: openshift_web_console
+    tasks_from: update_asset_config.yml
+  vars:
+    asset_config_edits:
+      - key: metricsPublicURL
+        value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics"
+  when: openshift_web_console_install | default(true) | bool
+
 - command: >
     {{openshift_client_binary}}
     --config={{mktemp.stdout}}/admin.kubeconfig

roles/openshift_metrics/tasks/uninstall_metrics.yaml

@@ -18,3 +18,14 @@
     clusterrolebinding/heapster-cluster-reader
     clusterrolebinding/hawkular-metrics
   changed_when: delete_metrics.stdout != 'No resources found'
+
+# Update asset config in openshift-web-console namespace
+- name: Remove metrics route information from web console asset config
+  include_role:
+    name: openshift_web_console
+    tasks_from: update_asset_config.yml
+  vars:
+    asset_config_edits:
+      - key: metricsPublicURL
+        value: ""
+  when: openshift_web_console_install | default(true) | bool

roles/openshift_metrics/tasks/update_master_config.yaml

@@ -1,4 +1,5 @@
 ---
+# TODO: Remove when asset config is removed from master-config.yaml
 - name: Adding metrics route information to metricsPublicURL
   modify_yaml:
     dest: "{{ openshift.common.config_base }}/master/master-config.yaml"

roles/openshift_metrics/vars/openshift-enterprise.yml

@@ -1,3 +1,3 @@
 ---
 __openshift_metrics_image_prefix: "registry.access.redhat.com/openshift3/"
-__openshift_metrics_image_version: "v3.7"
+__openshift_metrics_image_version: "v3.9"

roles/openshift_web_console/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+openshift_web_console_nodeselector: {"region":"infra"}

roles/openshift_web_console/meta/main.yaml

@@ -0,0 +1,19 @@
+---
+galaxy_info:
+  author: OpenShift Development <[email protected]>
+  description: Deploy OpenShift web console
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 2.4
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  - name: Fedora
+    versions:
+    - all
+  categories:
+  - openshift
+dependencies:
+- role: lib_openshift
+- role: openshift_facts