forked from wkulhanek/openshift-prometheus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup_infranodes.yml
69 lines (67 loc) · 2.34 KB
/
setup_infranodes.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
---
- hosts: localhost
gather_facts: false
tasks:
# Find out which nodes are Infranodes and add them to a new group: infranodes
- name: Add Infranodes to a new infranodes Group
add_host:
name: "{{ item }}"
groups: infranodes
with_items: "{{ groups['nodes'] }}"
when:
- item | match("^infranode.*")
- name: Add Masters to a new masters Group
add_host:
name: "{{ item }}"
groups: masters
with_items: "{{ groups['nodes'] }}"
when:
- item | match("^master.*")
- hosts: infranodes
remote_user: ec2_user
become: yes
become_user: root
tasks:
# OpenShift Routers expose /metrics on port 1936. Therefore we need to open
# the port for both future and current sessions so that Prometheus can access
# the router metrics.
# Open Firewall Port 1936 for future sessions by adding the rule to
# the iptables file.
- name: Open Firewall port 1936 for future sessions
lineinfile:
dest: /etc/sysconfig/iptables
insertafter: '-A FORWARD -j REJECT --reject-with icmp-host-prohibited'
line: '-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 1936 -j ACCEPT'
state: present
# Open Firewall Port 1936 for current session by adding the rule to the
# current iptables configuration. We won't need to restart the iptables
# service - which will ensure all OpenShift rules stay in place.
- name: Open Firewall Port 1936 for current session
iptables:
action: insert
protocol: tcp
destination_port: 1936
state: present
chain: OS_FIREWALL_ALLOW
jump: ACCEPT
# Create Directory /var/lib/prometheus-data with correct permissions
# Make sure the directory has SELinux Type svirt_sandbox_file_t otherwise
# there is a permissions problem trying to mount it into the pod.
- name: Create directory /var/lib/prometheus-data
file:
path: /var/lib/prometheus-data
state: directory
group: root
owner: root
mode: 0777
setype: svirt_sandbox_file_t
# Add label "prometheus-host=true" to our infranodes
# Do that via the oc label command from the first master host
- hosts: masters[0]
remote_user: ec2_user
become: yes
become_user: root
tasks:
- name: Label Infranodes with prometheus-host=true
shell: oc label node {{ item }} prometheus-host=true --overwrite
with_items: "{{ groups['infranodes'] }}"