diff options
Diffstat (limited to 'roles/openshift_logging')
59 files changed, 559 insertions, 2462 deletions
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 570c41ecc..dd0f22d4b 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -55,6 +55,9 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_fluentd_use_journal`: NOTE: Fluentd will attempt to detect whether or not Docker is using the journald log driver when using the default of empty. - `openshift_logging_fluentd_journal_read_from_head`: If empty, Fluentd will use its internal default, which is false. - `openshift_logging_fluentd_hosts`: List of nodes that should be labeled for Fluentd to be deployed to. Defaults to ['--all']. +- `openshift_logging_fluentd_buffer_queue_limit`: Buffer queue limit for Fluentd. Defaults to 1024. +- `openshift_logging_fluentd_buffer_size_limit`: Buffer chunk limit for Fluentd. Defaults to 1m. + - `openshift_logging_es_host`: The name of the ES service Fluentd should send logs to. Defaults to 'logging-es'. - `openshift_logging_es_port`: The port for the ES service Fluentd should sent its logs to. Defaults to '9200'. @@ -65,6 +68,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_es_cluster_size`: The number of ES cluster members. Defaults to '1'. - `openshift_logging_es_cpu_limit`: The amount of CPU limit for the ES cluster. Unused if not set - `openshift_logging_es_memory_limit`: The amount of RAM that should be assigned to ES. Defaults to '8Gi'. +- `openshift_logging_es_log_appenders`: The list of rootLogger appenders for ES logs which can be: 'file', 'console'. Defaults to 'file'. - `openshift_logging_es_pv_selector`: A key/value map added to a PVC in order to select specific PVs. Defaults to 'None'. - `openshift_logging_es_pvc_dynamic`: Whether or not to add the dynamic PVC annotation for any generated PVCs. Defaults to 'False'. - `openshift_logging_es_pvc_size`: The requested size for the ES PVCs, when not provided the role will not generate any PVCs. Defaults to '""'. @@ -90,11 +94,69 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta - `openshift_logging_es_ops_pvc_prefix`: logging-es-ops - `openshift_logging_es_ops_recover_after_time`: 5m - `openshift_logging_es_ops_storage_group`: 65534 -- `openshift_logging_es_ops_number_of_shards`: The number of primary shards for every new index created in ES. Defaults to '1'. -- `openshift_logging_es_ops_number_of_replicas`: The number of replica shards per primary shard for every new index. Defaults to '0'. - `openshift_logging_kibana_ops_hostname`: The Operations Kibana hostname. Defaults to 'kibana-ops.example.com'. - `openshift_logging_kibana_ops_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_ops_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_ops_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_ops_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_ops_replica_count`: The number of replicas Kibana ops should be scaled up to. Defaults to 1. + +Elasticsearch can be exposed for external clients outside of the cluster. +- `openshift_logging_es_allow_external`: True (default is False) - if this is + True, Elasticsearch will be exposed as a Route +- `openshift_logging_es_hostname`: The external facing hostname to use for + the route and the TLS server certificate (default is "es." + + `openshift_master_default_subdomain`) +- `openshift_logging_es_cert`: The location of the certificate Elasticsearch + uses for the external TLS server cert (default is a generated cert) +- `openshift_logging_es_key`: The location of the key Elasticsearch + uses for the external TLS server cert (default is a generated key) +- `openshift_logging_es_ca_ext`: The location of the CA cert for the cert + Elasticsearch uses for the external TLS server cert (default is the internal + CA) +Elasticsearch OPS too, if using an OPS cluster: +- `openshift_logging_es_ops_allow_external`: True (default is False) - if this is + True, Elasticsearch will be exposed as a Route +- `openshift_logging_es_ops_hostname`: The external facing hostname to use for + the route and the TLS server certificate (default is "es-ops." + + `openshift_master_default_subdomain`) +- `openshift_logging_es_ops_cert`: The location of the certificate Elasticsearch + uses for the external TLS server cert (default is a generated cert) +- `openshift_logging_es_ops_key`: The location of the key Elasticsearch + uses for the external TLS server cert (default is a generated key) +- `openshift_logging_es_ops_ca_ext`: The location of the CA cert for the cert + Elasticsearch uses for the external TLS server cert (default is the internal + CA) + +### mux - secure_forward listener service +- `openshift_logging_use_mux`: Default `False`. If this is `True`, a service + called `mux` will be deployed. This service will act as a Fluentd + secure_forward forwarder for the node agent Fluentd daemonsets running in the + cluster. This can be used to reduce the number of connections to the + OpenShift API server, by using `mux` and configuring each node Fluentd to + send raw logs to mux and turn off the k8s metadata plugin. +- `openshift_logging_mux_allow_external`: Default `False`. If this is `True`, + the `mux` service will be deployed, and it will be configured to allow + Fluentd clients running outside of the cluster to send logs using + secure_forward. This allows OpenShift logging to be used as a central + logging service for clients other than OpenShift, or other OpenShift + clusters. +- `openshift_logging_use_mux_client`: Default `False`. If this is `True`, the + node agent Fluentd services will be configured to send logs to the mux + service rather than directly to Elasticsearch. +- `openshift_logging_mux_hostname`: Default is "mux." + + `openshift_master_default_subdomain`. This is the hostname *external*_ + clients will use to connect to mux, and will be used in the TLS server cert + subject. +- `openshift_logging_mux_port`: 24284 +- `openshift_logging_mux_cpu_limit`: 100m +- `openshift_logging_mux_memory_limit`: 512Mi +- `openshift_logging_mux_default_namespaces`: Default `["mux-undefined"]` - the + first value in the list is the namespace to use for undefined projects, + followed by any additional namespaces to create by default - users will + typically not need to set this +- `openshift_logging_mux_namespaces`: Default `[]` - additional namespaces to + create for _external_ mux clients to associate with their logs - users will + need to set this +- `openshift_logging_mux_buffer_queue_limit`: Default `[1024]` - Buffer queue limit for Mux. +- `openshift_logging_mux_buffer_size_limit`: Default `[1m]` - Buffer chunk limit for Mux. diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index d9c9a83d0..c243a6e4a 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -3,6 +3,10 @@ openshift_logging_use_ops: "{{ openshift_hosted_logging_enable_ops_cluster | def openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}" openshift_logging_namespace: logging +openshift_logging_nodeselector: null +openshift_logging_labels: {} +openshift_logging_label_key: "" +openshift_logging_label_value: "" openshift_logging_install_logging: True openshift_logging_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" @@ -22,10 +26,10 @@ openshift_logging_curator_ops_nodeselector: "{{ openshift_hosted_logging_curator openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" openshift_logging_kibana_cpu_limit: null -openshift_logging_kibana_memory_limit: null +openshift_logging_kibana_memory_limit: 736Mi openshift_logging_kibana_proxy_debug: false openshift_logging_kibana_proxy_cpu_limit: null -openshift_logging_kibana_proxy_memory_limit: null +openshift_logging_kibana_proxy_memory_limit: 96Mi openshift_logging_kibana_replica_count: 1 openshift_logging_kibana_edge_term_policy: Redirect @@ -46,10 +50,10 @@ openshift_logging_kibana_ca: "" openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default('kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" openshift_logging_kibana_ops_cpu_limit: null -openshift_logging_kibana_ops_memory_limit: null +openshift_logging_kibana_ops_memory_limit: 736Mi openshift_logging_kibana_ops_proxy_debug: false openshift_logging_kibana_ops_proxy_cpu_limit: null -openshift_logging_kibana_ops_proxy_memory_limit: null +openshift_logging_kibana_ops_proxy_memory_limit: 96Mi openshift_logging_kibana_ops_replica_count: 1 #The absolute path on the control node to the cert file to use @@ -68,10 +72,12 @@ openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nod openshift_logging_fluentd_cpu_limit: 100m openshift_logging_fluentd_memory_limit: 512Mi openshift_logging_fluentd_es_copy: false -openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal | default('') }}" +openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal if openshift_hosted_logging_use_journal is defined else (docker_log_driver == 'journald') | ternary(True, False) if docker_log_driver is defined else (openshift.docker.log_driver == 'journald') | ternary(True, False) if openshift.docker.log_driver is defined else openshift.docker.options | search('--log-driver=journald') if openshift.docker.options is defined else default(omit) }}" openshift_logging_fluentd_journal_source: "{{ openshift_hosted_logging_journal_source | default('') }}" openshift_logging_fluentd_journal_read_from_head: "{{ openshift_hosted_logging_journal_read_from_head | default('') }}" openshift_logging_fluentd_hosts: ['--all'] +openshift_logging_fluentd_buffer_queue_limit: 1024 +openshift_logging_fluentd_buffer_size_limit: 1m openshift_logging_es_host: logging-es openshift_logging_es_port: 9200 @@ -80,8 +86,10 @@ openshift_logging_es_client_cert: /etc/fluent/keys/cert openshift_logging_es_client_key: /etc/fluent/keys/key openshift_logging_es_cluster_size: "{{ openshift_hosted_logging_elasticsearch_cluster_size | default(1) }}" openshift_logging_es_cpu_limit: null +# the logging appenders for the root loggers to write ES logs. Valid values: 'file', 'console' +openshift_logging_es_log_appenders: ['file'] openshift_logging_es_memory_limit: "{{ openshift_hosted_logging_elasticsearch_instance_ram | default('8Gi') }}" -openshift_logging_es_pv_selector: null +openshift_logging_es_pv_selector: "{{ openshift_hosted_logging_storage_labels | default('') }}" openshift_logging_es_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_pvc_dynamic | default(False) }}" openshift_logging_es_pvc_size: "{{ openshift_hosted_logging_elasticsearch_pvc_size | default('') }}" openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default('logging-es') }}" @@ -93,6 +101,22 @@ openshift_logging_es_config: {} openshift_logging_es_number_of_shards: 1 openshift_logging_es_number_of_replicas: 0 +# for exposing es to external (outside of the cluster) clients +openshift_logging_es_allow_external: False +openshift_logging_es_hostname: "{{ 'es.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" + +#The absolute path on the control node to the cert file to use +#for the public facing es certs +openshift_logging_es_cert: "" + +#The absolute path on the control node to the key file to use +#for the public facing es certs +openshift_logging_es_key: "" + +#The absolute path on the control node to the CA file to use +#for the public facing es certs +openshift_logging_es_ca_ext: "" + # allow cluster-admin or cluster-reader to view operations index openshift_logging_es_ops_allow_cluster_reader: False @@ -104,19 +128,47 @@ openshift_logging_es_ops_client_key: /etc/fluent/keys/key openshift_logging_es_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}" openshift_logging_es_ops_cpu_limit: null openshift_logging_es_ops_memory_limit: "{{ openshift_hosted_logging_elasticsearch_ops_instance_ram | default('8Gi') }}" -openshift_logging_es_ops_pv_selector: None +openshift_logging_es_ops_pv_selector: "{{ openshift_hosted_loggingops_storage_labels | default('') }}" openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}" openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}" openshift_logging_es_ops_recover_after_time: 5m openshift_logging_es_ops_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}" openshift_logging_es_ops_nodeselector: "{{ openshift_hosted_logging_elasticsearch_ops_nodeselector | default('') | map_from_pairs }}" -openshift_logging_es_ops_number_of_shards: 1 -openshift_logging_es_ops_number_of_replicas: 0 + +# for exposing es-ops to external (outside of the cluster) clients +openshift_logging_es_ops_allow_external: False +openshift_logging_es_ops_hostname: "{{ 'es-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" + +#The absolute path on the control node to the cert file to use +#for the public facing es-ops certs +openshift_logging_es_ops_cert: "" + +#The absolute path on the control node to the key file to use +#for the public facing es-ops certs +openshift_logging_es_ops_key: "" + +#The absolute path on the control node to the CA file to use +#for the public facing es-ops certs +openshift_logging_es_ops_ca_ext: "" # storage related defaults openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_access_modes | default(['ReadWriteOnce']) }}" +# mux - secure_forward listener service +openshift_logging_mux_allow_external: False +openshift_logging_use_mux: "{{ openshift_logging_mux_allow_external | default(False) }}" +# this tells the fluentd node agent to use mux instead of sending directly to Elasticsearch +openshift_logging_use_mux_client: False +openshift_logging_mux_hostname: "{{ 'mux.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_mux_port: 24284 +openshift_logging_mux_cpu_limit: 500m +openshift_logging_mux_memory_limit: 1Gi +# the namespace to use for undefined projects should come first, followed by any +# additional namespaces to create by default - users will typically not need to set this +openshift_logging_mux_default_namespaces: ["mux-undefined"] +# extra namespaces to create for mux clients - users will need to set this +openshift_logging_mux_namespaces: [] # following can be uncommented to provide values for configmaps -- take care when providing file contents as it may cause your cluster to not operate correctly #es_logging_contents: @@ -125,3 +177,5 @@ openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_acc #fluentd_config_contents: #fluentd_throttle_contents: #fluentd_secureforward_contents: +#fluentd_mux_config_contents: +#fluentd_mux_secureforward_contents: diff --git a/roles/openshift_logging/files/curator.yml b/roles/openshift_logging/files/curator.yml deleted file mode 100644 index 8d62d8e7d..000000000 --- a/roles/openshift_logging/files/curator.yml +++ /dev/null @@ -1,18 +0,0 @@ -# Logging example curator config file - -# uncomment and use this to override the defaults from env vars -#.defaults: -# delete: -# days: 30 -# runhour: 0 -# runminute: 0 - -# to keep ops logs for a different duration: -#.operations: -# delete: -# weeks: 8 - -# example for a normal project -#myapp: -# delete: -# weeks: 1 diff --git a/roles/openshift_logging/files/elasticsearch-logging.yml b/roles/openshift_logging/files/elasticsearch-logging.yml deleted file mode 100644 index 377abe21f..000000000 --- a/roles/openshift_logging/files/elasticsearch-logging.yml +++ /dev/null @@ -1,72 +0,0 @@ -# you can override this using by setting a system property, for example -Des.logger.level=DEBUG -es.logger.level: INFO -rootLogger: ${es.logger.level}, console, file -logger: - # log action execution errors for easier debugging - action: WARN - # reduce the logging for aws, too much is logged under the default INFO - com.amazonaws: WARN - io.fabric8.elasticsearch: ${PLUGIN_LOGLEVEL} - io.fabric8.kubernetes: ${PLUGIN_LOGLEVEL} - - # gateway - #gateway: DEBUG - #index.gateway: DEBUG - - # peer shard recovery - #indices.recovery: DEBUG - - # discovery - #discovery: TRACE - - index.search.slowlog: TRACE, index_search_slow_log_file - index.indexing.slowlog: TRACE, index_indexing_slow_log_file - - # search-guard - com.floragunn.searchguard: WARN - -additivity: - index.search.slowlog: false - index.indexing.slowlog: false - -appender: - console: - type: console - layout: - type: consolePattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - # Use the following log4j-extras RollingFileAppender to enable gzip compression of log files. - # For more information see https://logging.apache.org/log4j/extras/apidocs/org/apache/log4j/rolling/RollingFileAppender.html - #file: - #type: extrasRollingFile - #file: ${path.logs}/${cluster.name}.log - #rollingPolicy: timeBased - #rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz - #layout: - #type: pattern - #conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - index_search_slow_log_file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}_index_search_slowlog.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - index_indexing_slow_log_file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" diff --git a/roles/openshift_logging/files/es_migration.sh b/roles/openshift_logging/files/es_migration.sh deleted file mode 100644 index 339b5a1b2..000000000 --- a/roles/openshift_logging/files/es_migration.sh +++ /dev/null @@ -1,79 +0,0 @@ -CA=${1:-/etc/openshift/logging/ca.crt} -KEY=${2:-/etc/openshift/logging/system.admin.key} -CERT=${3:-/etc/openshift/logging/system.admin.crt} -openshift_logging_es_host=${4:-logging-es} -openshift_logging_es_port=${5:-9200} -namespace=${6:-logging} - -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# skip indices that contain a uuid -# get a list of unique project -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -function get_list_of_indices() { - curl -s --cacert $CA --key $KEY --cert $CERT https://$openshift_logging_es_host:$openshift_logging_es_port/_cat/indices | \ - awk -v daterx='[.]20[0-9]{2}[.][0-1]?[0-9][.][0-9]{1,2}$' \ - '$3 !~ "^[.]" && $3 !~ "^[^.]+[.][^.]+"daterx && $3 !~ "^project." && $3 ~ daterx {print gensub(daterx, "", "", $3)}' | \ - sort -u -} - -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# get a list of unique project.uuid -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -function get_list_of_proj_uuid_indices() { - curl -s --cacert $CA --key $KEY --cert $CERT https://$openshift_logging_es_host:$openshift_logging_es_port/_cat/indices | \ - awk -v daterx='[.]20[0-9]{2}[.][0-1]?[0-9][.][0-9]{1,2}$' \ - '$3 !~ "^[.]" && $3 ~ "^[^.]+[.][^.]+"daterx && $3 !~ "^project." && $3 ~ daterx {print gensub(daterx, "", "", $3)}' | \ - sort -u -} - -if [[ -z "$(oc get pods -l component=es -o jsonpath='{.items[?(@.status.phase == "Running")].metadata.name}')" ]]; then - echo "No Elasticsearch pods found running. Cannot update common data model." - exit 1 -fi - -count=$(get_list_of_indices | wc -l) -if [ $count -eq 0 ]; then - echo No matching indices found - skipping update_for_uuid -else - echo Creating aliases for $count index patterns . . . - { - echo '{"actions":[' - get_list_of_indices | \ - while IFS=. read proj ; do - # e.g. make test.uuid.* an alias of test.* so we can search for - # /test.uuid.*/_search and get both the test.uuid.* and - # the test.* indices - uid=$(oc get project "$proj" -o jsonpath='{.metadata.uid}' 2>/dev/null) - [ -n "$uid" ] && echo "{\"add\":{\"index\":\"$proj.*\",\"alias\":\"$proj.$uuid.*\"}}" - done - echo ']}' - } | curl -s --cacert $CA --key $KEY --cert $CERT -XPOST -d @- "https://$openshift_logging_es_host:$openshift_logging_es_port/_aliases" -fi - -count=$(get_list_of_proj_uuid_indices | wc -l) -if [ $count -eq 0 ] ; then - echo No matching indexes found - skipping update_for_common_data_model - exit 0 -fi - -echo Creating aliases for $count index patterns . . . -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# get a list of unique project.uuid -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -{ - echo '{"actions":[' - get_list_of_proj_uuid_indices | \ - while IFS=. read proj uuid ; do - # e.g. make project.test.uuid.* and alias of test.uuid.* so we can search for - # /project.test.uuid.*/_search and get both the test.uuid.* and - # the project.test.uuid.* indices - echo "{\"add\":{\"index\":\"$proj.$uuid.*\",\"alias\":\"${PROJ_PREFIX}$proj.$uuid.*\"}}" - done - echo ']}' -} | curl -s --cacert $CA --key $KEY --cert $CERT -XPOST -d @- "https://$openshift_logging_es_host:$openshift_logging_es_port/_aliases" diff --git a/roles/openshift_logging/files/fluent.conf b/roles/openshift_logging/files/fluent.conf deleted file mode 100644 index aeaa705ee..000000000 --- a/roles/openshift_logging/files/fluent.conf +++ /dev/null @@ -1,35 +0,0 @@ -# This file is the fluentd configuration entrypoint. Edit with care. - -@include configs.d/openshift/system.conf - -# In each section below, pre- and post- includes don't include anything initially; -# they exist to enable future additions to openshift conf as needed. - -## sources -## ordered so that syslog always runs last... -@include configs.d/openshift/input-pre-*.conf -@include configs.d/dynamic/input-docker-*.conf -@include configs.d/dynamic/input-syslog-*.conf -@include configs.d/openshift/input-post-*.conf -## - -<label @INGRESS> -## filters - @include configs.d/openshift/filter-pre-*.conf - @include configs.d/openshift/filter-retag-journal.conf - @include configs.d/openshift/filter-k8s-meta.conf - @include configs.d/openshift/filter-kibana-transform.conf - @include configs.d/openshift/filter-k8s-flatten-hash.conf - @include configs.d/openshift/filter-k8s-record-transform.conf - @include configs.d/openshift/filter-syslog-record-transform.conf - @include configs.d/openshift/filter-viaq-data-model.conf - @include configs.d/openshift/filter-post-*.conf -## - -## matches - @include configs.d/openshift/output-pre-*.conf - @include configs.d/openshift/output-operations.conf - @include configs.d/openshift/output-applications.conf - # no post - applications.conf matches everything left -## -</label> diff --git a/roles/openshift_logging/files/fluentd-throttle-config.yaml b/roles/openshift_logging/files/fluentd-throttle-config.yaml deleted file mode 100644 index 375621ff1..000000000 --- a/roles/openshift_logging/files/fluentd-throttle-config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# Logging example fluentd throttling config file - -#example-project: -# read_lines_limit: 10 -# -#.operations: -# read_lines_limit: 100 diff --git a/roles/openshift_logging/files/logging-deployer-sa.yaml b/roles/openshift_logging/files/logging-deployer-sa.yaml deleted file mode 100644 index 334c9402b..000000000 --- a/roles/openshift_logging/files/logging-deployer-sa.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: logging-deployer -secrets: -- name: logging-deployer diff --git a/roles/openshift_logging/files/secure-forward.conf b/roles/openshift_logging/files/secure-forward.conf deleted file mode 100644 index f4483df79..000000000 --- a/roles/openshift_logging/files/secure-forward.conf +++ /dev/null @@ -1,24 +0,0 @@ -# @type secure_forward - -# self_hostname ${HOSTNAME} -# shared_key <SECRET_STRING> - -# secure yes -# enable_strict_verification yes - -# ca_cert_path /etc/fluent/keys/your_ca_cert -# ca_private_key_path /etc/fluent/keys/your_private_key - # for private CA secret key -# ca_private_key_passphrase passphrase - -# <server> - # or IP -# host server.fqdn.example.com -# port 24284 -# </server> -# <server> - # ip address to connect -# host 203.0.113.8 - # specify hostlabel for FQDN verification if ipaddress is used for host -# hostlabel server.fqdn.example.com -# </server> diff --git a/roles/openshift_logging/filter_plugins/openshift_logging.py b/roles/openshift_logging/filter_plugins/openshift_logging.py index 44b0b2d48..eac086e81 100644 --- a/roles/openshift_logging/filter_plugins/openshift_logging.py +++ b/roles/openshift_logging/filter_plugins/openshift_logging.py @@ -42,7 +42,7 @@ def map_from_pairs(source, delim="="): if source == '': return dict() - return dict(source.split(delim) for item in source.split(",")) + return dict(item.split(delim) for item in source.split(",")) # pylint: disable=too-few-public-methods diff --git a/roles/openshift_logging/handlers/main.yml b/roles/openshift_logging/handlers/main.yml index ffb812271..69c5a1663 100644 --- a/roles/openshift_logging/handlers/main.yml +++ b/roles/openshift_logging/handlers/main.yml @@ -4,6 +4,15 @@ when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool)) notify: Verify API Server +- name: restart master api + systemd: name={{ openshift.common.service_type }}-master-api state=restarted + when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + notify: Verify API Server + +- name: restart master controllers + systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + - name: Verify API Server # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. diff --git a/roles/openshift_logging/library/openshift_logging_facts.py b/roles/openshift_logging/library/openshift_logging_facts.py index 64bc33435..35accfb78 100644 --- a/roles/openshift_logging/library/openshift_logging_facts.py +++ b/roles/openshift_logging/library/openshift_logging_facts.py @@ -37,7 +37,7 @@ LOGGING_INFRA_KEY = "logging-infra" # selectors for filtering resources DS_FLUENTD_SELECTOR = LOGGING_INFRA_KEY + "=" + "fluentd" LOGGING_SELECTOR = LOGGING_INFRA_KEY + "=" + "support" -ROUTE_SELECTOR = "component=support, logging-infra=support, provider=openshift" +ROUTE_SELECTOR = "component=support,logging-infra=support,provider=openshift" COMPONENTS = ["kibana", "curator", "elasticsearch", "fluentd", "kibana_ops", "curator_ops", "elasticsearch_ops"] @@ -318,7 +318,7 @@ def main(): ''' The main method ''' module = AnsibleModule( # noqa: F405 argument_spec=dict( - admin_kubeconfig={"required": True, "type": "str"}, + admin_kubeconfig={"default": "/etc/origin/master/admin.kubeconfig", "type": "str"}, oc_bin={"required": True, "type": "str"}, openshift_logging_namespace={"required": True, "type": "str"} ), diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml index 188ea246c..6d023a02d 100644 --- a/roles/openshift_logging/tasks/delete_logging.yaml +++ b/roles/openshift_logging/tasks/delete_logging.yaml @@ -1,113 +1,97 @@ --- -- name: stop logging - include: stop_cluster.yaml - # delete the deployment objects that we had created - name: delete logging api objects - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete {{ item }} --selector logging-infra -n {{ openshift_logging_namespace }} --ignore-not-found=true + oc_obj: + state: absent + kind: "{{ item }}" + namespace: "{{ openshift_logging_namespace }}" + selector: "logging-infra" with_items: - dc - rc - svc - routes - templates - - daemonset - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 - + - ds # delete the oauthclient - name: delete oauthclient kibana-proxy - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete oauthclient kibana-proxy --ignore-not-found=true - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 + oc_obj: + state: absent + kind: oauthclient + namespace: "{{ openshift_logging_namespace }}" + name: kibana-proxy # delete any image streams that we may have created - name: delete logging is - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete is -l logging-infra=support -n {{ openshift_logging_namespace }} --ignore-not-found=true - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 + oc_obj: + state: absent + kind: is + namespace: "{{ openshift_logging_namespace }}" + selector: "logging-infra=support" # delete our old secrets - name: delete logging secrets - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete secret {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true + oc_secret: + state: absent + namespace: "{{ openshift_logging_namespace }}" + name: "{{ item }}" with_items: - logging-fluentd - logging-elasticsearch - logging-kibana - logging-kibana-proxy - logging-curator - ignore_errors: yes - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 - -# delete role bindings -- name: delete rolebindings - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete rolebinding {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true - with_items: - - logging-elasticsearch-view-role - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 - -# delete cluster role bindings -- name: delete cluster role bindings - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete clusterrolebindings {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true - with_items: - - rolebinding-reader - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 - -# delete cluster roles -- name: delete cluster roles - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete clusterroles {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true - with_items: - - rolebinding-reader - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 + - logging-mux # delete our service accounts - name: delete service accounts oc_serviceaccount: - name: "{{ item }}" - namespace: "{{ openshift_logging_namespace }}" state: absent + namespace: "{{ openshift_logging_namespace }}" + name: "{{ item }}" with_items: - aggregated-logging-elasticsearch - aggregated-logging-kibana - aggregated-logging-curator - aggregated-logging-fluentd -# delete our roles -- name: delete roles - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete clusterrole {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true +# delete role bindings +- name: delete rolebindings + oc_obj: + state: absent + kind: rolebinding + namespace: "{{ openshift_logging_namespace }}" + name: logging-elasticsearch-view-role + +# delete cluster role bindings +- name: delete cluster role bindings + oc_obj: + state: absent + kind: clusterrolebindings + namespace: "{{ openshift_logging_namespace }}" + name: rolebinding-reader + +# delete cluster roles +- name: delete cluster roles + oc_obj: + state: absent + kind: clusterrole + namespace: "{{ openshift_logging_namespace }}" + name: "{{ item }}" with_items: + - rolebinding-reader - daemonset-admin - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 # delete our configmaps - name: delete configmaps - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete configmap {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true + oc_obj: + state: absent + kind: configmap + namespace: "{{ openshift_logging_namespace }}" + name: "{{ item }}" with_items: - logging-curator - logging-elasticsearch - logging-fluentd - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 + - logging-mux diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index 740e490e1..9c8f0986a 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -17,7 +17,7 @@ - name: Generate certificates command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig ca create-signer-cert + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig ca create-signer-cert --key={{generated_certs_dir}}/ca.key --cert={{generated_certs_dir}}/ca.crt --serial={{generated_certs_dir}}/ca.serial.txt --name=logging-signer-test check_mode: no @@ -45,6 +45,39 @@ - procure_component: kibana-internal hostnames: "kibana, kibana-ops, {{openshift_logging_kibana_hostname}}, {{openshift_logging_kibana_ops_hostname}}" +- include: procure_server_certs.yaml + loop_control: + loop_var: cert_info + with_items: + - procure_component: mux + hostnames: "logging-mux, {{openshift_logging_mux_hostname}}" + when: openshift_logging_use_mux | bool + +- include: procure_shared_key.yaml + loop_control: + loop_var: shared_key_info + with_items: + - procure_component: mux + when: openshift_logging_use_mux | bool + +- include: procure_server_certs.yaml + loop_control: + loop_var: cert_info + with_items: + - procure_component: es + hostnames: "es, {{openshift_logging_es_hostname}}" + when: openshift_logging_es_allow_external | bool + +- include: procure_server_certs.yaml + loop_control: + loop_var: cert_info + with_items: + - procure_component: es-ops + hostnames: "es-ops, {{openshift_logging_es_ops_hostname}}" + when: + - openshift_logging_es_allow_external | bool + - openshift_logging_use_ops | bool + - name: Copy proxy TLS configuration file copy: src=server-tls.json dest={{generated_certs_dir}}/server-tls.json when: server_tls_json is undefined @@ -85,6 +118,22 @@ loop_control: loop_var: node_name +- name: Generate PEM cert for mux + include: generate_pems.yaml component={{node_name}} + with_items: + - system.logging.mux + loop_control: + loop_var: node_name + when: openshift_logging_use_mux | bool + +- name: Generate PEM cert for Elasticsearch external route + include: generate_pems.yaml component={{node_name}} + with_items: + - system.logging.es + loop_control: + loop_var: node_name + when: openshift_logging_es_allow_external | bool + - name: Creating necessary JKS certs include: generate_jks.yaml diff --git a/roles/openshift_logging/tasks/generate_clusterrolebindings.yaml b/roles/openshift_logging/tasks/generate_clusterrolebindings.yaml deleted file mode 100644 index 56f590717..000000000 --- a/roles/openshift_logging/tasks/generate_clusterrolebindings.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Generate ClusterRoleBindings - template: src=clusterrolebinding.j2 dest={{mktemp.stdout}}/templates/logging-15-{{obj_name}}-clusterrolebinding.yaml - vars: - acct_name: aggregated-logging-elasticsearch - obj_name: rolebinding-reader - crb_usernames: ["system:serviceaccount:{{openshift_logging_namespace}}:{{acct_name}}"] - subjects: - - kind: ServiceAccount - name: "{{acct_name}}" - namespace: "{{openshift_logging_namespace}}" - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/generate_clusterroles.yaml b/roles/openshift_logging/tasks/generate_clusterroles.yaml deleted file mode 100644 index 0b8b1014c..000000000 --- a/roles/openshift_logging/tasks/generate_clusterroles.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Generate ClusterRole for cluster-reader - template: src=clusterrole.j2 dest={{mktemp.stdout}}/templates/logging-10-{{obj_name}}-clusterrole.yaml - vars: - obj_name: rolebinding-reader - rules: - - resources: [clusterrolebindings] - verbs: - - get - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml deleted file mode 100644 index 18df00647..000000000 --- a/roles/openshift_logging/tasks/generate_configmaps.yaml +++ /dev/null @@ -1,126 +0,0 @@ ---- -- block: - - copy: - src: elasticsearch-logging.yml - dest: "{{mktemp.stdout}}/elasticsearch-logging.yml" - when: es_logging_contents is undefined - changed_when: no - - - local_action: > - template src=elasticsearch.yml.j2 - dest="{{local_tmp.stdout}}/elasticsearch-gen-template.yml" - vars: - - allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}" - when: es_config_contents is undefined - changed_when: no - - - copy: - content: "{{ config_source | combine(override_config,recursive=True) | to_nice_yaml }}" - dest: "{{mktemp.stdout}}/elasticsearch.yml" - vars: - config_source: "{{lookup('file','{{local_tmp.stdout}}/elasticsearch-gen-template.yml') | from_yaml }}" - override_config: "{{openshift_logging_es_config | from_yaml}}" - when: es_logging_contents is undefined - changed_when: no - - - copy: - content: "{{es_logging_contents}}" - dest: "{{mktemp.stdout}}/elasticsearch-logging.yml" - when: es_logging_contents is defined - changed_when: no - - - copy: - content: "{{es_config_contents}}" - dest: "{{mktemp.stdout}}/elasticsearch.yml" - when: es_config_contents is defined - changed_when: no - - - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-elasticsearch - --from-file=logging.yml={{mktemp.stdout}}/elasticsearch-logging.yml --from-file=elasticsearch.yml={{mktemp.stdout}}/elasticsearch.yml -o yaml --dry-run - register: es_configmap - changed_when: no - - - copy: - content: "{{es_configmap.stdout}}" - dest: "{{mktemp.stdout}}/templates/logging-elasticsearch-configmap.yaml" - when: es_configmap.stdout is defined - changed_when: no - check_mode: no - -- block: - - copy: - src: curator.yml - dest: "{{mktemp.stdout}}/curator.yml" - when: curator_config_contents is undefined - changed_when: no - - - copy: - content: "{{curator_config_contents}}" - dest: "{{mktemp.stdout}}/curator.yml" - when: curator_config_contents is defined - changed_when: no - - - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-curator - --from-file=config.yaml={{mktemp.stdout}}/curator.yml -o yaml --dry-run - register: curator_configmap - changed_when: no - - - copy: - content: "{{curator_configmap.stdout}}" - dest: "{{mktemp.stdout}}/templates/logging-curator-configmap.yaml" - when: curator_configmap.stdout is defined - changed_when: no - check_mode: no - -- block: - - copy: - src: fluent.conf - dest: "{{mktemp.stdout}}/fluent.conf" - when: fluentd_config_contents is undefined - changed_when: no - - - copy: - src: fluentd-throttle-config.yaml - dest: "{{mktemp.stdout}}/fluentd-throttle-config.yaml" - when: fluentd_throttle_contents is undefined - changed_when: no - - - copy: - src: secure-forward.conf - dest: "{{mktemp.stdout}}/secure-forward.conf" - when: fluentd_securefoward_contents is undefined - changed_when: no - - - copy: - content: "{{fluentd_config_contents}}" - dest: "{{mktemp.stdout}}/fluent.conf" - when: fluentd_config_contents is defined - changed_when: no - - - copy: - content: "{{fluentd_throttle_contents}}" - dest: "{{mktemp.stdout}}/fluentd-throttle-config.yaml" - when: fluentd_throttle_contents is defined - changed_when: no - - - copy: - content: "{{fluentd_secureforward_contents}}" - dest: "{{mktemp.stdout}}/secure-forward.conf" - when: fluentd_secureforward_contents is defined - changed_when: no - - - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-fluentd - --from-file=fluent.conf={{mktemp.stdout}}/fluent.conf --from-file=throttle-config.yaml={{mktemp.stdout}}/fluentd-throttle-config.yaml - --from-file=secure-forward.conf={{mktemp.stdout}}/secure-forward.conf -o yaml --dry-run - register: fluentd_configmap - changed_when: no - - - copy: - content: "{{fluentd_configmap.stdout}}" - dest: "{{mktemp.stdout}}/templates/logging-fluentd-configmap.yaml" - when: fluentd_configmap.stdout is defined - changed_when: no - check_mode: no diff --git a/roles/openshift_logging/tasks/generate_deploymentconfigs.yaml b/roles/openshift_logging/tasks/generate_deploymentconfigs.yaml deleted file mode 100644 index 8aea4e81f..000000000 --- a/roles/openshift_logging/tasks/generate_deploymentconfigs.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- name: Generate kibana deploymentconfig - template: src=kibana.j2 dest={{mktemp.stdout}}/logging-kibana-dc.yaml - vars: - component: kibana - deploy_name: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-kibana:{{openshift_logging_image_version}}" - proxy_image: "{{openshift_logging_image_prefix}}logging-auth-proxy:{{openshift_logging_image_version}}" - es_host: logging-es - es_port: "{{openshift_logging_es_port}}" - check_mode: no - changed_when: no - -- name: Generate OPS kibana deploymentconfig - template: src=kibana.j2 dest={{mktemp.stdout}}/logging-kibana-ops-dc.yaml - vars: - component: kibana-ops - deploy_name: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-kibana:{{openshift_logging_image_version}}" - proxy_image: "{{openshift_logging_image_prefix}}logging-auth-proxy:{{openshift_logging_image_version}}" - es_host: logging-es-ops - es_port: "{{openshift_logging_es_ops_port}}" - check_mode: no - changed_when: no - -- name: Generate elasticsearch deploymentconfig - template: src=es.j2 dest={{mktemp.stdout}}/logging-es-dc.yaml - vars: - component: es - deploy_name_prefix: "logging-{{component}}" - deploy_name: "{{deploy_name_prefix}}-abc123" - image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}" - es_cluster_name: "{{component}}" - check_mode: no - changed_when: no - -- name: Generate OPS elasticsearch deploymentconfig - template: src=es.j2 dest={{mktemp.stdout}}/logging-es-ops-dc.yaml - vars: - component: es-ops - deploy_name_prefix: "logging-{{component}}" - deploy_name: "{{deploy_name_prefix}}-abc123" - image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}" - es_cluster_name: "{{component}}" - check_mode: no - changed_when: no - -- name: Generate curator deploymentconfig - template: src=curator.j2 dest={{mktemp.stdout}}/logging-curator-dc.yaml - vars: - component: curator - deploy_name: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-curator:{{openshift_logging_image_version}}" - check_mode: no - changed_when: no - -- name: Generate OPS curator deploymentconfig - template: src=curator.j2 dest={{mktemp.stdout}}/logging-curator-ops-dc.yaml - vars: - component: curator-ops - deploy_name: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-curator:{{openshift_logging_image_version}}" - openshift_logging_es_host: logging-es-ops - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/generate_pems.yaml b/roles/openshift_logging/tasks/generate_pems.yaml index 289b72ea6..e8cececfb 100644 --- a/roles/openshift_logging/tasks/generate_pems.yaml +++ b/roles/openshift_logging/tasks/generate_pems.yaml @@ -15,6 +15,7 @@ -subj "/CN={{component}}/OU=OpenShift/O=Logging/subjectAltName=DNS.1=localhost{{cert_ext.stdout}}" -days 712 -nodes when: - not key_file.stat.exists + - cert_ext is defined - cert_ext.stdout is defined check_mode: no @@ -24,7 +25,7 @@ -subj "/CN={{component}}/OU=OpenShift/O=Logging" -days 712 -nodes when: - not key_file.stat.exists - - cert_ext.stdout is undefined + - cert_ext is undefined or cert_ext is defined and cert_ext.stdout is undefined check_mode: no - name: Sign cert request with CA for {{component}} diff --git a/roles/openshift_logging/tasks/generate_pvcs.yaml b/roles/openshift_logging/tasks/generate_pvcs.yaml deleted file mode 100644 index fa7a86c27..000000000 --- a/roles/openshift_logging/tasks/generate_pvcs.yaml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Init pool of PersistentVolumeClaim names - set_fact: es_pvc_pool={{es_pvc_pool|default([]) + [pvc_name]}} - vars: - pvc_name: "{{es_pvc_prefix}}-{{item| int}}" - start: "{{es_pvc_names | map('regex_search', es_pvc_prefix+'.*')|select('string')|list|length}}" - with_sequence: start={{start}} end={{ (start|int > es_cluster_size|int - 1) | ternary(start, es_cluster_size|int - 1)}} - when: - - "{{ es_dc_names|default([]) | length <= es_cluster_size|int }}" - - es_pvc_size | search('^\d.*') - check_mode: no - -- name: Generating PersistentVolumeClaims - template: src=pvc.j2 dest={{mktemp.stdout}}/templates/logging-{{obj_name}}-pvc.yaml - vars: - obj_name: "{{claim_name}}" - size: "{{es_pvc_size}}" - access_modes: "{{ es_access_modes | list }}" - pv_selector: "{{es_pv_selector}}" - with_items: - - "{{es_pvc_pool | default([])}}" - loop_control: - loop_var: claim_name - when: - - not es_pvc_dynamic - - es_pvc_pool is defined - check_mode: no - changed_when: no - -- name: Generating PersistentVolumeClaims - Dynamic - template: src=pvc.j2 dest={{mktemp.stdout}}/templates/logging-{{obj_name}}-pvc.yaml - vars: - obj_name: "{{claim_name}}" - annotations: - volume.alpha.kubernetes.io/storage-class: "dynamic" - size: "{{es_pvc_size}}" - access_modes: "{{ es_access_modes | list }}" - pv_selector: "{{es_pv_selector}}" - with_items: - - "{{es_pvc_pool|default([])}}" - loop_control: - loop_var: claim_name - when: - - es_pvc_dynamic - - es_pvc_pool is defined - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/generate_rolebindings.yaml b/roles/openshift_logging/tasks/generate_rolebindings.yaml deleted file mode 100644 index 7dc9530df..000000000 --- a/roles/openshift_logging/tasks/generate_rolebindings.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Generate RoleBindings - template: src=rolebinding.j2 dest={{mktemp.stdout}}/templates/logging-{{obj_name}}-rolebinding.yaml - vars: - obj_name: logging-elasticsearch-view-role - roleRef: - name: view - subjects: - - kind: ServiceAccount - name: aggregated-logging-elasticsearch - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml deleted file mode 100644 index e77da7a24..000000000 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -- set_fact: kibana_key={{ lookup('file', openshift_logging_kibana_key) | b64encode }} - when: "{{ openshift_logging_kibana_key | trim | length > 0 }}" - changed_when: false - -- set_fact: kibana_cert={{ lookup('file', openshift_logging_kibana_cert)| b64encode }} - when: "{{openshift_logging_kibana_cert | trim | length > 0}}" - changed_when: false - -- set_fact: kibana_ca={{ lookup('file', openshift_logging_kibana_ca)| b64encode }} - when: "{{openshift_logging_kibana_ca | trim | length > 0}}" - changed_when: false - -- set_fact: kibana_ca={{key_pairs | entry_from_named_pair('ca_file') }} - when: kibana_ca is not defined - changed_when: false - -- name: Generating logging routes - template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-route.yaml - tags: routes - vars: - obj_name: "logging-kibana" - route_host: "{{openshift_logging_kibana_hostname}}" - service_name: "logging-kibana" - tls_key: "{{kibana_key | default('') | b64decode}}" - tls_cert: "{{kibana_cert | default('') | b64decode}}" - tls_ca_cert: "{{kibana_ca | b64decode}}" - tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" - edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}" - labels: - component: support - logging-infra: support - provider: openshift - changed_when: no - -- set_fact: kibana_ops_key={{ lookup('file', openshift_logging_kibana_ops_key) | b64encode }} - when: - - openshift_logging_use_ops | bool - - "{{ openshift_logging_kibana_ops_key | trim | length > 0 }}" - changed_when: false - -- set_fact: kibana_ops_cert={{ lookup('file', openshift_logging_kibana_ops_cert)| b64encode }} - when: - - openshift_logging_use_ops | bool - - "{{openshift_logging_kibana_ops_cert | trim | length > 0}}" - changed_when: false - -- set_fact: kibana_ops_ca={{ lookup('file', openshift_logging_kibana_ops_ca)| b64encode }} - when: - - openshift_logging_use_ops | bool - - "{{openshift_logging_kibana_ops_ca | trim | length > 0}}" - changed_when: false - -- set_fact: kibana_ops_ca={{key_pairs | entry_from_named_pair('ca_file') }} - when: - - openshift_logging_use_ops | bool - - kibana_ops_ca is not defined - changed_when: false - -- name: Generating logging ops routes - template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-ops-route.yaml - tags: routes - vars: - obj_name: "logging-kibana-ops" - route_host: "{{openshift_logging_kibana_ops_hostname}}" - service_name: "logging-kibana-ops" - tls_key: "{{kibana_ops_key | default('') | b64decode}}" - tls_cert: "{{kibana_ops_cert | default('') | b64decode}}" - tls_ca_cert: "{{kibana_ops_ca | b64decode}}" - tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" - edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}" - labels: - component: support - logging-infra: support - provider: openshift - when: openshift_logging_use_ops | bool - changed_when: no diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml deleted file mode 100644 index f396bcc6d..000000000 --- a/roles/openshift_logging/tasks/generate_secrets.yaml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Retrieving the cert to use when generating secrets for the logging components - slurp: src="{{generated_certs_dir}}/{{item.file}}" - register: key_pairs - with_items: - - { name: "ca_file", file: "ca.crt" } - - { name: "kibana_key", file: "system.logging.kibana.key"} - - { name: "kibana_cert", file: "system.logging.kibana.crt"} - - { name: "curator_key", file: "system.logging.curator.key"} - - { name: "curator_cert", file: "system.logging.curator.crt"} - - { name: "fluentd_key", file: "system.logging.fluentd.key"} - - { name: "fluentd_cert", file: "system.logging.fluentd.crt"} - - { name: "kibana_internal_key", file: "kibana-internal.key"} - - { name: "kibana_internal_cert", file: "kibana-internal.crt"} - - { name: "server_tls", file: "server-tls.json"} - -- name: Generating secrets for logging components - template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml - vars: - secret_name: "logging-{{component}}" - secret_key_file: "{{component}}_key" - secret_cert_file: "{{component}}_cert" - secrets: - - {key: ca, value: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"} - - {key: key, value: "{{key_pairs | entry_from_named_pair(secret_key_file)| b64decode }}"} - - {key: cert, value: "{{key_pairs | entry_from_named_pair(secret_cert_file)| b64decode }}"} - secret_keys: ["ca", "cert", "key"] - with_items: - - kibana - - curator - - fluentd - loop_control: - loop_var: component - check_mode: no - changed_when: no - -- name: Generating secrets for kibana proxy - template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{secret_name}}-secret.yaml - vars: - secret_name: logging-kibana-proxy - secrets: - - {key: oauth-secret, value: "{{oauth_secret}}"} - - {key: session-secret, value: "{{session_secret}}"} - - {key: server-key, value: "{{kibana_key_file}}"} - - {key: server-cert, value: "{{kibana_cert_file}}"} - - {key: server-tls, value: "{{server_tls_file}}"} - secret_keys: ["server-tls.json", "server-key", "session-secret", "oauth-secret", "server-cert"] - kibana_key_file: "{{key_pairs | entry_from_named_pair('kibana_internal_key')| b64decode }}" - kibana_cert_file: "{{key_pairs | entry_from_named_pair('kibana_internal_cert')| b64decode }}" - server_tls_file: "{{key_pairs | entry_from_named_pair('server_tls')| b64decode }}" - check_mode: no - changed_when: no - -- name: Generating secrets for elasticsearch - command: > - {{openshift.common.client_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new {{secret_name}} - key={{generated_certs_dir}}/logging-es.jks truststore={{generated_certs_dir}}/truststore.jks - searchguard.key={{generated_certs_dir}}/elasticsearch.jks searchguard.truststore={{generated_certs_dir}}/truststore.jks - admin-key={{generated_certs_dir}}/system.admin.key admin-cert={{generated_certs_dir}}/system.admin.crt - admin-ca={{generated_certs_dir}}/ca.crt admin.jks={{generated_certs_dir}}/system.admin.jks -o yaml - vars: - secret_name: logging-elasticsearch - secret_keys: ["admin-cert", "searchguard.key", "admin-ca", "key", "truststore", "admin-key", "searchguard.truststore"] - register: logging_es_secret - check_mode: no - changed_when: no - -- copy: content="{{logging_es_secret.stdout}}" dest={{mktemp.stdout}}/templates/logging-elasticsearch-secret.yaml - when: logging_es_secret.stdout is defined - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/generate_serviceaccounts.yaml b/roles/openshift_logging/tasks/generate_serviceaccounts.yaml deleted file mode 100644 index 21bcdfecb..000000000 --- a/roles/openshift_logging/tasks/generate_serviceaccounts.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Generating serviceaccounts - template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/logging-{{component}}-sa.yaml - vars: - obj_name: aggregated-logging-{{component}} - with_items: - - elasticsearch - - kibana - - fluentd - - curator - loop_control: - loop_var: component - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/generate_services.yaml b/roles/openshift_logging/tasks/generate_services.yaml deleted file mode 100644 index 5091c1209..000000000 --- a/roles/openshift_logging/tasks/generate_services.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -- name: Generating logging-es service - template: src=service.j2 dest={{mktemp.stdout}}/templates/logging-es-svc.yaml - vars: - obj_name: logging-es - ports: - - {port: 9200, targetPort: restapi} - labels: - logging-infra: support - selector: - provider: openshift - component: es - check_mode: no - changed_when: no - -- name: Generating logging-es-cluster service - template: src=service.j2 dest={{mktemp.stdout}}/templates/logging-es-cluster-svc.yaml - vars: - obj_name: logging-es-cluster - ports: - - {port: 9300} - labels: - logging-infra: support - selector: - provider: openshift - component: es - check_mode: no - changed_when: no - -- name: Generating logging-kibana service - template: src=service.j2 dest={{mktemp.stdout}}/templates/logging-kibana-svc.yaml - vars: - obj_name: logging-kibana - ports: - - {port: 443, targetPort: oaproxy} - labels: - logging-infra: support - selector: - provider: openshift - component: kibana - check_mode: no - changed_when: no - -- name: Generating logging-es-ops service - template: src=service.j2 dest={{mktemp.stdout}}/templates/logging-es-ops-svc.yaml - vars: - obj_name: logging-es-ops - ports: - - {port: 9200, targetPort: restapi} - labels: - logging-infra: support - selector: - provider: openshift - component: es-ops - when: openshift_logging_use_ops | bool - check_mode: no - changed_when: no - -- name: Generating logging-es-ops-cluster service - template: src=service.j2 dest={{mktemp.stdout}}/templates/logging-es-ops-cluster-svc.yaml - vars: - obj_name: logging-es-ops-cluster - ports: - - {port: 9300} - labels: - logging-infra: support - selector: - provider: openshift - component: es-ops - when: openshift_logging_use_ops | bool - check_mode: no - changed_when: no - -- name: Generating logging-kibana-ops service - template: src=service.j2 dest={{mktemp.stdout}}/templates/logging-kibana-ops-svc.yaml - vars: - obj_name: logging-kibana-ops - ports: - - {port: 443, targetPort: oaproxy} - labels: - logging-infra: support - selector: - provider: openshift - component: kibana-ops - when: openshift_logging_use_ops | bool - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/install_curator.yaml b/roles/openshift_logging/tasks/install_curator.yaml deleted file mode 100644 index ab8e207f1..000000000 --- a/roles/openshift_logging/tasks/install_curator.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Check Curator current replica count - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-curator - -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}} - register: curator_replica_count - when: not ansible_check_mode - ignore_errors: yes - changed_when: no - -- name: Check Curator ops current replica count - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-curator-ops - -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}} - register: curator_ops_replica_count - when: - - not ansible_check_mode - - openshift_logging_use_ops | bool - ignore_errors: yes - changed_when: no - -- name: Generate curator deploymentconfig - template: src=curator.j2 dest={{mktemp.stdout}}/templates/logging-curator-dc.yaml - vars: - component: curator - logging_component: curator - deploy_name: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-curator:{{openshift_logging_image_version}}" - es_host: logging-es - es_port: "{{openshift_logging_es_port}}" - curator_cpu_limit: "{{openshift_logging_curator_cpu_limit }}" - curator_memory_limit: "{{openshift_logging_curator_memory_limit }}" - replicas: "{{curator_replica_count.stdout | default (0)}}" - curator_node_selector: "{{openshift_logging_curator_nodeselector | default({})}}" - check_mode: no - changed_when: no - -- name: Generate OPS curator deploymentconfig - template: src=curator.j2 dest={{mktemp.stdout}}/templates/logging-curator-ops-dc.yaml - vars: - component: curator-ops - logging_component: curator - deploy_name: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-curator:{{openshift_logging_image_version}}" - es_host: logging-es-ops - es_port: "{{openshift_logging_es_ops_port}}" - curator_cpu_limit: "{{openshift_logging_curator_ops_cpu_limit }}" - curator_memory_limit: "{{openshift_logging_curator_ops_memory_limit }}" - replicas: "{{curator_ops_replica_count.stdout | default (0)}}" - curator_node_selector: "{{openshift_logging_curator_ops_nodeselector | default({}) }}" - when: openshift_logging_use_ops | bool - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml deleted file mode 100644 index 28fad420b..000000000 --- a/roles/openshift_logging/tasks/install_elasticsearch.yaml +++ /dev/null @@ -1,146 +0,0 @@ ---- -- name: Getting current ES deployment size - set_fact: openshift_logging_current_es_size={{ openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | length }} - -- set_fact: openshift_logging_es_pvc_prefix="logging-es" - when: "not openshift_logging_es_pvc_prefix or openshift_logging_es_pvc_prefix == ''" - -- set_fact: es_pvc_pool={{[]}} - -- set_fact: openshift_logging_es_pvc_prefix="{{ openshift_logging_es_pvc_prefix | default('logging-es') }}" - -- name: Generate PersistentVolumeClaims - include: "{{ role_path}}/tasks/generate_pvcs.yaml" - vars: - es_pv_selector: "{{openshift_logging_es_pv_selector}}" - es_pvc_dynamic: "{{openshift_logging_es_pvc_dynamic | bool}}" - es_pvc_names: "{{openshift_logging_facts.elasticsearch.pvcs.keys()}}" - es_pvc_prefix: "{{openshift_logging_es_pvc_prefix}}" - es_pvc_size: "{{openshift_logging_es_pvc_size}}" - es_dc_names: "{{openshift_logging_facts.elasticsearch.deploymentconfigs.keys()}}" - es_cluster_size: "{{openshift_logging_es_cluster_size}}" - es_access_modes: "{{ openshift_logging_storage_access_modes }}" - -# we should initialize the es_dc_pool with the current keys -- name: Init pool of DeploymentConfig names for Elasticsearch - set_fact: es_dc_pool={{ es_dc_pool | default([]) + [deploy_name] }} - with_items: "{{ openshift_logging_facts.elasticsearch.deploymentconfigs.keys() }}" - loop_control: - loop_var: deploy_name - -# This should be used to generate new DC names if necessary -- name: Create new DeploymentConfig names for Elasticsearch - set_fact: es_dc_pool={{es_dc_pool|default([]) + [deploy_name]}} - vars: - component: es - es_cluster_name: "{{component}}" - deploy_name_prefix: "logging-{{component}}" - deploy_name: "{{deploy_name_prefix}}-{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(8)}}" - with_sequence: count={{ openshift_logging_es_cluster_size | int - openshift_logging_current_es_size | int }} - check_mode: no - -- name: Generate Elasticsearch DeploymentConfig - template: src=es.j2 dest={{mktemp.stdout}}/templates/logging-{{deploy_name}}-dc.yaml - vars: - component: es - logging_component: elasticsearch - deploy_name_prefix: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}" - es_cluster_name: "{{component}}" - es_cpu_limit: "{{openshift_logging_es_cpu_limit }}" - es_memory_limit: "{{openshift_logging_es_memory_limit}}" - pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}" - deploy_name: "{{item.1}}" - es_node_selector: "{{openshift_logging_es_nodeselector | default({}) }}" - es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim)}}" - es_number_of_shards: "{{ openshift_logging_es_number_of_shards }}" - es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas }}" - with_indexed_items: - - "{{ es_dc_pool }}" - check_mode: no - changed_when: no - -# --------- Tasks for Operation clusters --------- - -- name: Getting current ES deployment size - set_fact: openshift_logging_current_es_ops_size={{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | length }} - -- set_fact: openshift_logging_es_ops_pvc_prefix="{{ openshift_logging_es_ops_pvc_prefix | default('logging-es-ops') }}" - -- name: Validate Elasticsearch cluster size for Ops - fail: msg="The openshift_logging_es_ops_cluster_size may not be scaled down more than 1 less (or 0) the number of Elasticsearch nodes already deployed" - vars: - es_dcs: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs}}" - cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" - when: - - openshift_logging_use_ops | bool - - "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}" - check_mode: no - -- set_fact: openshift_logging_es_ops_pvc_prefix="logging-es-ops" - when: "not openshift_logging_es_ops_pvc_prefix or openshift_logging_es_ops_pvc_prefix == ''" - -- set_fact: es_pvc_pool={{[]}} - -- name: Generate PersistentVolumeClaims for Ops - include: "{{ role_path}}/tasks/generate_pvcs.yaml" - vars: - es_pvc_names: "{{openshift_logging_facts.elasticsearch_ops.pvcs.keys()}}" - es_dc_names: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys()}}" - es_pvc_size: "{{openshift_logging_es_ops_pvc_size}}" - es_pvc_prefix: "{{openshift_logging_es_ops_pvc_prefix}}" - es_cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" - es_pvc_dynamic: "{{openshift_logging_es_ops_pvc_dynamic | bool}}" - es_pv_selector: "{{openshift_logging_es_ops_pv_selector}}" - es_access_modes: "{{ openshift_logging_storage_access_modes }}" - when: - - openshift_logging_use_ops | bool - check_mode: no - -- name: Init pool of DeploymentConfig names for Elasticsearch Ops - set_fact: es_ops_dc_pool={{ es_ops_dc_pool | default([]) + [deploy_name] }} - with_items: "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() }}" - loop_control: - loop_var: deploy_name - when: - - openshift_logging_use_ops | bool - -- name: Create new DeploymentConfig names for Elasticsearch Ops - set_fact: es_ops_dc_pool={{es_ops_dc_pool | default([]) + [deploy_name]}} - vars: - component: es-ops - es_cluster_name: "{{component}}" - deploy_name_prefix: "logging-{{component}}" - deploy_name: "{{deploy_name_prefix}}-{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(8)}}" - cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" - with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_current_es_ops_size | int }} - when: - - openshift_logging_use_ops | bool - check_mode: no - -- name: Generate Elasticsearch DeploymentConfig for Ops - template: src=es.j2 dest={{mktemp.stdout}}/templates/logging-{{deploy_name}}-dc.yaml - vars: - component: es-ops - logging_component: elasticsearch - deploy_name_prefix: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}" - pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}" - deploy_name: "{{item.1}}" - es_cluster_name: "{{component}}" - es_cpu_limit: "{{openshift_logging_es_ops_cpu_limit }}" - es_memory_limit: "{{openshift_logging_es_ops_memory_limit}}" - es_node_quorum: "{{es_ops_node_quorum}}" - es_recover_after_nodes: "{{es_ops_recover_after_nodes}}" - es_recover_expected_nodes: "{{es_ops_recover_expected_nodes}}" - openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}" - es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) }}" - es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim,root='elasticsearch_ops')}}" - es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards }}" - es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas }}" - with_indexed_items: - - "{{ es_ops_dc_pool | default([]) }}" - when: - - openshift_logging_use_ops | bool - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/install_fluentd.yaml b/roles/openshift_logging/tasks/install_fluentd.yaml deleted file mode 100644 index 35273829c..000000000 --- a/roles/openshift_logging/tasks/install_fluentd.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- set_fact: fluentd_ops_host={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }} - check_mode: no - -- set_fact: fluentd_ops_port={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }} - check_mode: no - -- name: Generating Fluentd daemonset - template: src=fluentd.j2 dest={{mktemp.stdout}}/templates/logging-fluentd.yaml - vars: - daemonset_name: logging-fluentd - daemonset_component: fluentd - daemonset_container_name: fluentd-elasticsearch - daemonset_serviceAccount: aggregated-logging-fluentd - ops_host: "{{ fluentd_ops_host }}" - ops_port: "{{ fluentd_ops_port }}" - fluentd_nodeselector_key: "{{openshift_logging_fluentd_nodeselector.keys()[0]}}" - fluentd_nodeselector_value: "{{openshift_logging_fluentd_nodeselector.values()[0]}}" - check_mode: no - changed_when: no - -- name: "Check fluentd privileged permissions" - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - get scc/privileged -o jsonpath='{.users}' - register: fluentd_privileged - check_mode: no - changed_when: no - -- name: "Set privileged permissions for fluentd" - command: > - {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy - add-scc-to-user privileged system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd - register: fluentd_output - failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" - check_mode: no - when: fluentd_privileged.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1 - -- name: "Check fluentd cluster-reader permissions" - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - get clusterrolebinding/cluster-readers -o jsonpath='{.userNames}' - register: fluentd_cluster_reader - check_mode: no - changed_when: no - -- name: "Set cluster-reader permissions for fluentd" - command: > - {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy - add-cluster-role-to-user cluster-reader system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd - register: fluentd2_output - failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" - check_mode: no - when: fluentd_cluster_reader.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1 diff --git a/roles/openshift_logging/tasks/install_kibana.yaml b/roles/openshift_logging/tasks/install_kibana.yaml deleted file mode 100644 index 52bdeb50d..000000000 --- a/roles/openshift_logging/tasks/install_kibana.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: Check Kibana current replica count - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-kibana - -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}} - register: kibana_replica_count - when: not ansible_check_mode - ignore_errors: yes - changed_when: no - -- name: Check Kibana ops current replica count - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-kibana-ops - -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}} - register: kibana_ops_replica_count - when: - - not ansible_check_mode - - openshift_logging_use_ops | bool - ignore_errors: yes - changed_when: no - - -- name: Generate kibana deploymentconfig - template: src=kibana.j2 dest={{mktemp.stdout}}/templates/logging-kibana-dc.yaml - vars: - component: kibana - logging_component: kibana - deploy_name: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-kibana:{{openshift_logging_image_version}}" - proxy_image: "{{openshift_logging_image_prefix}}logging-auth-proxy:{{openshift_logging_image_version}}" - es_host: logging-es - es_port: "{{openshift_logging_es_port}}" - kibana_cpu_limit: "{{openshift_logging_kibana_cpu_limit }}" - kibana_memory_limit: "{{openshift_logging_kibana_memory_limit }}" - kibana_proxy_cpu_limit: "{{openshift_logging_kibana_proxy_cpu_limit }}" - kibana_proxy_memory_limit: "{{openshift_logging_kibana_proxy_memory_limit }}" - replicas: "{{kibana_replica_count.stdout | default (0)}}" - kibana_node_selector: "{{openshift_logging_kibana_nodeselector | default({})}}" - check_mode: no - changed_when: no - -- name: Generate OPS kibana deploymentconfig - template: src=kibana.j2 dest={{mktemp.stdout}}/templates/logging-kibana-ops-dc.yaml - vars: - component: kibana-ops - logging_component: kibana - deploy_name: "logging-{{component}}" - image: "{{openshift_logging_image_prefix}}logging-kibana:{{openshift_logging_image_version}}" - proxy_image: "{{openshift_logging_image_prefix}}logging-auth-proxy:{{openshift_logging_image_version}}" - es_host: logging-es-ops - es_port: "{{openshift_logging_es_ops_port}}" - kibana_cpu_limit: "{{openshift_logging_kibana_ops_cpu_limit }}" - kibana_memory_limit: "{{openshift_logging_kibana_ops_memory_limit }}" - kibana_proxy_cpu_limit: "{{openshift_logging_kibana_ops_proxy_cpu_limit }}" - kibana_proxy_memory_limit: "{{openshift_logging_kibana_ops_proxy_memory_limit }}" - replicas: "{{kibana_ops_replica_count.stdout | default (0)}}" - kibana_node_selector: "{{openshift_logging_kibana_ops_nodeselector | default({})}}" - when: openshift_logging_use_ops | bool - check_mode: no - changed_when: no diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 83b68fa77..221a81340 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -2,85 +2,266 @@ - name: Gather OpenShift Logging Facts openshift_logging_facts: oc_bin: "{{openshift.common.client_binary}}" - admin_kubeconfig: "{{mktemp.stdout}}/admin.kubeconfig" openshift_logging_namespace: "{{openshift_logging_namespace}}" - tags: logging_facts + +- name: Set logging project + oc_project: + state: present + name: "{{ openshift_logging_namespace }}" + node_selector: "{{ openshift_logging_nodeselector | default(null) }}" + +- name: Labeling logging project + oc_label: + state: present + kind: namespace + name: "{{ openshift_logging_namespace }}" + labels: + - key: "{{ item.key }}" + value: "{{ item.value }}" + with_dict: "{{ openshift_logging_labels | default({}) }}" + when: + - openshift_logging_labels is defined + - openshift_logging_labels is dict + +- name: Labeling logging project + oc_label: + state: present + kind: namespace + name: "{{ openshift_logging_namespace }}" + labels: + - key: "{{ openshift_logging_label_key }}" + value: "{{ openshift_logging_label_value }}" + when: + - openshift_logging_label_key is defined + - openshift_logging_label_key != "" + - openshift_logging_label_value is defined + +- name: Create logging cert directory + file: + path: "{{ openshift.common.config_base }}/logging" + state: directory + mode: 0755 + changed_when: False check_mode: no -- name: Validate Elasticsearch cluster size - fail: msg="The openshift_logging_es_cluster_size may only be scaled down manually. Please see official documentation on how to do this." - when: openshift_logging_facts.elasticsearch.deploymentconfigs | length > openshift_logging_es_cluster_size|int - -- name: Validate Elasticsearch Ops cluster size - fail: msg="The openshift_logging_es_ops_cluster_size may only be scaled down manually. Please see official documentation on how to do this." - when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs | length > openshift_logging_es_ops_cluster_size|int - -- name: Install logging - include: "{{ role_path }}/tasks/install_{{ install_component }}.yaml" - when: openshift_hosted_logging_install | default(true) | bool - with_items: - - support - - elasticsearch - - kibana - - curator - - fluentd - loop_control: - loop_var: install_component - -- find: paths={{ mktemp.stdout }}/templates patterns=*.yaml - register: object_def_files - changed_when: no - -- slurp: src={{item}} - register: object_defs - with_items: "{{object_def_files.files | map(attribute='path') | list | sort}}" - changed_when: no - -- name: Create objects - include: oc_apply.yaml +- include: generate_certs.yaml vars: - - kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" - - namespace: "{{ openshift_logging_namespace }}" - - file_name: "{{ file.source }}" - - file_content: "{{ file.content | b64decode | from_yaml }}" - with_items: "{{ object_defs.results }}" - loop_control: - loop_var: file - when: not ansible_check_mode + generated_certs_dir: "{{openshift.common.config_base}}/logging" -- include: update_master_config.yaml +## Elasticsearch + +- set_fact: es_indices={{ es_indices | default([]) + [item | int - 1] }} + with_sequence: count={{ openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count }} + when: openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count > 0 + +- set_fact: es_indices=[] + when: openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count == 0 + +- set_fact: openshift_logging_es_pvc_prefix="logging-es" + when: openshift_logging_es_pvc_prefix == "" + +# We don't allow scaling down of ES nodes currently +- include_role: + name: openshift_logging_elasticsearch + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_elasticsearch_deployment_name: "{{ item.0 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" + openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}" + + openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" + openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic }}" + openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + + with_together: + - "{{ openshift_logging_facts.elasticsearch.deploymentconfigs }}" + - "{{ openshift_logging_facts.elasticsearch.pvcs }}" + - "{{ es_indices }}" + when: + - openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count > 0 + +# Create any new DC that may be required +- include_role: + name: openshift_logging_elasticsearch + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}" + + openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" + openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic }}" + openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + + with_sequence: count={{ openshift_logging_es_cluster_size | int - openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count }} + +- set_fact: es_ops_indices={{ es_ops_indices | default([]) + [item | int - 1] }} + with_sequence: count={{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count }} + when: + - openshift_logging_use_ops | bool + - openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count > 0 + +- set_fact: es_ops_indices=[] + when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count == 0 + +- set_fact: openshift_logging_es_ops_pvc_prefix="logging-es-ops" + when: openshift_logging_es_ops_pvc_prefix == "" + +- include_role: + name: openshift_logging_elasticsearch + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_elasticsearch_deployment_name: "{{ item.0 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" + openshift_logging_elasticsearch_ops_deployment: true + openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" -- name: Printing out objects to create - debug: msg={{file.content | b64decode }} - with_items: "{{ object_defs.results }}" - loop_control: - loop_var: file - when: ansible_check_mode - - # TODO replace task with oc_secret module that supports - # linking when available -- name: Link Pull Secrets With Service Accounts - include: oc_secret.yaml + openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_ops_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" + openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" + openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" + openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" + openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" + openshift_logging_es_ca_ext: "{{ openshift_logging_es_ops_ca_ext }}" + openshift_logging_es_hostname: "{{ openshift_logging_es_ops_hostname }}" + openshift_logging_es_edge_term_policy: "{{ openshift_logging_es_ops_edge_term_policy | default('') }}" + openshift_logging_es_allow_external: "{{ openshift_logging_es_ops_allow_external }}" + + with_together: + - "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs }}" + - "{{ openshift_logging_facts.elasticsearch_ops.pvcs }}" + - "{{ es_ops_indices }}" + when: + - openshift_logging_use_ops | bool + - openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count > 0 + +# Create any new DC that may be required +- include_role: + name: openshift_logging_elasticsearch vars: - kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" - subcommand: link - service_account: "{{sa_account}}" - secret_name: "{{openshift_logging_image_pull_secret}}" - add_args: "--for=pull" - with_items: - - default - - aggregated-logging-elasticsearch - - aggregated-logging-kibana - - aggregated-logging-fluentd - - aggregated-logging-curator - register: link_pull_secret - loop_control: - loop_var: sa_account + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_ops_deployment: true + openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" + + openshift_logging_elasticsearch_storage_type: "{{ 'pvc' if ( openshift_logging_es_ops_pvc_dynamic | bool or openshift_hosted_logging_storage_kind | default('') == 'nfs') else 'emptydir' }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" + openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" + openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" + openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" + openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" + openshift_logging_es_ca_ext: "{{ openshift_logging_es_ops_ca_ext }}" + openshift_logging_es_hostname: "{{ openshift_logging_es_ops_hostname }}" + openshift_logging_es_edge_term_policy: "{{ openshift_logging_es_ops_edge_term_policy | default('') }}" + openshift_logging_es_allow_external: "{{ openshift_logging_es_ops_allow_external }}" + + with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count }} when: - - openshift_logging_image_pull_secret is defined - - openshift_logging_image_pull_secret != '' - failed_when: link_pull_secret.rc != 0 + - openshift_logging_use_ops | bool + + +## Kibana +- include_role: + name: openshift_logging_kibana + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_kibana_namespace: "{{ openshift_logging_namespace }}" + openshift_logging_kibana_master_url: "{{ openshift_logging_master_url }}" + openshift_logging_kibana_master_public_url: "{{ openshift_logging_master_public_url }}" + openshift_logging_kibana_image_prefix: "{{ openshift_logging_image_prefix }}" + openshift_logging_kibana_image_version: "{{ openshift_logging_image_version }}" + openshift_logging_kibana_replicas: "{{ openshift_logging_kibana_replica_count }}" + openshift_logging_kibana_es_host: "{{ openshift_logging_es_host }}" + openshift_logging_kibana_es_port: "{{ openshift_logging_es_port }}" + openshift_logging_kibana_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" + + +- include_role: + name: openshift_logging_kibana + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_kibana_ops_deployment: true + openshift_logging_kibana_namespace: "{{ openshift_logging_namespace }}" + openshift_logging_kibana_master_url: "{{ openshift_logging_master_url }}" + openshift_logging_kibana_master_public_url: "{{ openshift_logging_master_public_url }}" + openshift_logging_kibana_image_prefix: "{{ openshift_logging_image_prefix }}" + openshift_logging_kibana_image_version: "{{ openshift_logging_image_version }}" + openshift_logging_kibana_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" + openshift_logging_kibana_es_host: "{{ openshift_logging_es_ops_host }}" + openshift_logging_kibana_es_port: "{{ openshift_logging_es_ops_port }}" + openshift_logging_kibana_nodeselector: "{{ openshift_logging_kibana_ops_nodeselector }}" + openshift_logging_kibana_cpu_limit: "{{ openshift_logging_kibana_ops_cpu_limit }}" + openshift_logging_kibana_memory_limit: "{{ openshift_logging_kibana_ops_memory_limit }}" + openshift_logging_kibana_hostname: "{{ openshift_logging_kibana_ops_hostname }}" + openshift_logging_kibana_replicas: "{{ openshift_logging_kibana_ops_replica_count }}" + openshift_logging_kibana_proxy_debug: "{{ openshift_logging_kibana_ops_proxy_debug }}" + openshift_logging_kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_ops_proxy_cpu_limit }}" + openshift_logging_kibana_proxy_memory_limit: "{{ openshift_logging_kibana_ops_proxy_memory_limit }}" + openshift_logging_kibana_cert: "{{ openshift_logging_kibana_ops_cert }}" + openshift_logging_kibana_key: "{{ openshift_logging_kibana_ops_key }}" + openshift_logging_kibana_ca: "{{ openshift_logging_kibana_ops_ca}}" + when: + - openshift_logging_use_ops | bool + -- name: Scaling up cluster - include: start_cluster.yaml - when: start_cluster | default(true) | bool +## Curator +- include_role: + name: openshift_logging_curator + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_curator_namespace: "{{ openshift_logging_namespace }}" + openshift_logging_curator_es_host: "{{ openshift_logging_es_host }}" + openshift_logging_curator_es_port: "{{ openshift_logging_es_port }}" + openshift_logging_curator_master_url: "{{ openshift_logging_master_url }}" + openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix }}" + openshift_logging_curator_image_version: "{{ openshift_logging_image_version }}" + openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" + +- include_role: + name: openshift_logging_curator + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_curator_ops_deployment: true + openshift_logging_curator_es_host: "{{ openshift_logging_es_ops_host }}" + openshift_logging_curator_es_port: "{{ openshift_logging_es_ops_port }}" + openshift_logging_curator_namespace: "{{ openshift_logging_namespace }}" + openshift_logging_curator_master_url: "{{ openshift_logging_master_url }}" + openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix }}" + openshift_logging_curator_image_version: "{{ openshift_logging_image_version }}" + openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" + openshift_logging_curator_cpu_limit: "{{ openshift_logging_curator_ops_cpu_limit }}" + openshift_logging_curator_memory_limit: "{{ openshift_logging_curator_ops_memory_limit }}" + openshift_logging_curator_nodeselector: "{{ openshift_logging_curator_ops_nodeselector }}" + when: + - openshift_logging_use_ops | bool + +## Mux +- include_role: + name: openshift_logging_mux + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_mux_ops_host: "{{ ( openshift_logging_use_ops | bool ) | ternary('logging-es-ops', 'logging-es') }}" + openshift_logging_mux_namespace: "{{ openshift_logging_namespace }}" + openshift_logging_mux_master_url: "{{ openshift_logging_master_url }}" + openshift_logging_mux_image_prefix: "{{ openshift_logging_image_prefix }}" + openshift_logging_mux_image_version: "{{ openshift_logging_image_version }}" + openshift_logging_mux_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" + when: + - openshift_logging_use_mux | bool + + +## Fluentd +- include_role: + name: openshift_logging_fluentd + vars: + generated_certs_dir: "{{openshift.common.config_base}}/logging" + openshift_logging_fluentd_ops_host: "{{ ( openshift_logging_use_ops | bool ) | ternary('logging-es-ops', 'logging-es') }}" + openshift_logging_fluentd_use_journal: "{{ openshift.docker.options | search('journald') }}" + openshift_logging_fluentd_image_prefix: "{{ openshift_logging_image_prefix }}" + openshift_logging_fluentd_image_version: "{{ openshift_logging_image_version }}" + openshift_logging_fluentd_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" + openshift_logging_fluentd_master_url: "{{ openshift_logging_master_url }}" + openshift_logging_fluentd_namespace: "{{ openshift_logging_namespace }}" + +- include: update_master_config.yaml diff --git a/roles/openshift_logging/tasks/install_support.yaml b/roles/openshift_logging/tasks/install_support.yaml deleted file mode 100644 index da0bbb627..000000000 --- a/roles/openshift_logging/tasks/install_support.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# This is the base configuration for installing the other components -- name: Check for logging project already exists - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project {{openshift_logging_namespace}} --no-headers - register: logging_project_result - ignore_errors: yes - when: not ansible_check_mode - changed_when: no - -- name: "Create logging project" - command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_logging_namespace}} - when: not ansible_check_mode and "not found" in logging_project_result.stderr - -- name: Create logging cert directory - file: path={{openshift.common.config_base}}/logging state=directory mode=0755 - changed_when: False - check_mode: no - -- include: generate_certs.yaml - vars: - generated_certs_dir: "{{openshift.common.config_base}}/logging" - -- name: Create temp directory for all our templates - file: path={{mktemp.stdout}}/templates state=directory mode=0755 - changed_when: False - check_mode: no - -- include: generate_secrets.yaml - vars: - generated_certs_dir: "{{openshift.common.config_base}}/logging" - -- include: generate_configmaps.yaml - -- include: generate_services.yaml - -- name: Generate kibana-proxy oauth client - template: src=oauth-client.j2 dest={{mktemp.stdout}}/templates/oauth-client.yaml - vars: - secret: "{{oauth_secret}}" - when: oauth_secret is defined - check_mode: no - changed_when: no - -- include: generate_clusterroles.yaml - -- include: generate_rolebindings.yaml - -- include: generate_clusterrolebindings.yaml - -- include: generate_serviceaccounts.yaml - -- include: generate_routes.yaml diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index c7f4a2f93..f475024dd 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -1,7 +1,7 @@ --- - fail: msg: Only one Fluentd nodeselector key pair should be provided - when: "{{ openshift_logging_fluentd_nodeselector.keys() | count }} > 1" + when: openshift_logging_fluentd_nodeselector.keys() | count > 1 - name: Set default image variables based on deployment_type include_vars: "{{ item }}" @@ -28,34 +28,14 @@ register: local_tmp changed_when: False check_mode: no - -- debug: msg="Created local temp dir {{local_tmp.stdout}}" - -- name: Copy the admin client config(s) - command: > - cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig - changed_when: False - check_mode: no - tags: logging_init + become: no - include: "{{ role_path }}/tasks/install_logging.yaml" when: openshift_logging_install_logging | default(false) | bool -- include: "{{ role_path }}/tasks/upgrade_logging.yaml" - when: openshift_logging_upgrade_logging | default(false) | bool - - include: "{{ role_path }}/tasks/delete_logging.yaml" when: - not openshift_logging_install_logging | default(false) | bool - - not openshift_logging_upgrade_logging | default(false) | bool - -- name: Delete temp directory - file: - name: "{{ mktemp.stdout }}" - state: absent - tags: logging_cleanup - changed_when: False - check_mode: no - name: Cleaning up local temp dir local_action: file path="{{local_tmp.stdout}}" state=absent diff --git a/roles/openshift_logging/tasks/oc_apply.yaml b/roles/openshift_logging/tasks/oc_apply.yaml deleted file mode 100644 index cb9509de1..000000000 --- a/roles/openshift_logging/tasks/oc_apply.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}} - command: > - {{ openshift.common.client_binary }} - --config={{ kubeconfig }} - get {{file_content.kind}} {{file_content.metadata.name}} - -o jsonpath='{.metadata.resourceVersion}' - -n {{namespace}} - register: generation_init - failed_when: "'not found' not in generation_init.stderr and generation_init.stdout == ''" - changed_when: no - -- name: Applying {{file_name}} - command: > - {{ openshift.common.client_binary }} --config={{ kubeconfig }} - apply -f {{ file_name }} - -n {{ namespace }} - register: generation_apply - failed_when: "'error' in generation_apply.stderr" - changed_when: no - -- name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}} - command: > - {{ openshift.common.client_binary }} --config={{ kubeconfig }} - get {{file_content.kind}} {{file_content.metadata.name}} - -o jsonpath='{.metadata.resourceVersion}' - -n {{namespace}} - register: generation_changed - failed_when: "'not found' not in generation_changed.stderr and generation_changed.stdout == ''" - changed_when: generation_changed.stdout | default (0) | int > generation_init.stdout | default(0) | int - when: - - "'field is immutable' not in generation_apply.stderr" - -- name: Removing previous {{file_name}} - command: > - {{ openshift.common.client_binary }} --config={{ kubeconfig }} - delete -f {{ file_name }} - -n {{ namespace }} - register: generation_delete - failed_when: "'error' in generation_delete.stderr" - changed_when: generation_delete.rc == 0 - when: "'field is immutable' in generation_apply.stderr" - -- name: Recreating {{file_name}} - command: > - {{ openshift.common.client_binary }} --config={{ kubeconfig }} - apply -f {{ file_name }} - -n {{ namespace }} - register: generation_apply - failed_when: "'error' in generation_apply.stderr" - changed_when: generation_apply.rc == 0 - when: "'field is immutable' in generation_apply.stderr" diff --git a/roles/openshift_logging/tasks/oc_secret.yaml b/roles/openshift_logging/tasks/oc_secret.yaml deleted file mode 100644 index de37e4f6d..000000000 --- a/roles/openshift_logging/tasks/oc_secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- command: > - {{ openshift.common.client_binary }} - --config={{ kubeconfig }} - secret {{subcommand}} {{service_account}} {{secret_name}} - {{add_args}} - -n {{openshift_logging_namespace}} diff --git a/roles/openshift_logging/tasks/procure_server_certs.yaml b/roles/openshift_logging/tasks/procure_server_certs.yaml index 44dd5e894..00de0ca06 100644 --- a/roles/openshift_logging/tasks/procure_server_certs.yaml +++ b/roles/openshift_logging/tasks/procure_server_certs.yaml @@ -11,42 +11,48 @@ - name: Trying to discover server cert variable name for {{ cert_info.procure_component }} set_fact: procure_component_crt={{ lookup('env', '{{cert_info.procure_component}}' + '_crt') }} - when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined + when: + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined check_mode: no - name: Trying to discover the server key variable name for {{ cert_info.procure_component }} set_fact: procure_component_key={{ lookup('env', '{{cert_info.procure_component}}' + '_key') }} - when: cert_info.hostnames is undefined and {{ cert_info.procure_component }}_crt is defined and {{ cert_info.procure_component }}_key is defined + when: + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined check_mode: no - name: Creating signed server cert and key for {{ cert_info.procure_component }} command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig ca create-server-cert + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig ca create-server-cert --key={{generated_certs_dir}}/{{cert_info.procure_component}}.key --cert={{generated_certs_dir}}/{{cert_info.procure_component}}.crt --hostnames={{cert_info.hostnames|quote}} --signer-cert={{generated_certs_dir}}/ca.crt --signer-key={{generated_certs_dir}}/ca.key --signer-serial={{generated_certs_dir}}/ca.serial.txt check_mode: no when: - - cert_info.hostnames is defined - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists - name: Copying server key for {{ cert_info.procure_component }} to generated certs directory copy: content="{{procure_component_key}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.key check_mode: no when: - - cert_info.hostnames is undefined - - "{{ cert_info.procure_component }}_crt is defined" - - "{{ cert_info.procure_component }}_key is defined" - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists - name: Copying Server cert for {{ cert_info.procure_component }} to generated certs directory copy: content="{{procure_component_crt}}" dest={{generated_certs_dir}}/{{cert_info.procure_component}}.crt check_mode: no when: - - cert_info.hostnames is undefined - - "{{ cert_info.procure_component }}_crt is defined" - - "{{ cert_info.procure_component }}_key is defined" - - not component_key_file.stat.exists - - not component_cert_file.stat.exists + - cert_info.hostnames is undefined + - cert_info[ cert_info.procure_component + '_crt' ] is defined + - cert_info[ cert_info.procure_component + '_key' ] is defined + - not component_key_file.stat.exists + - not component_cert_file.stat.exists diff --git a/roles/openshift_logging/tasks/procure_shared_key.yaml b/roles/openshift_logging/tasks/procure_shared_key.yaml new file mode 100644 index 000000000..056ff6b98 --- /dev/null +++ b/roles/openshift_logging/tasks/procure_shared_key.yaml @@ -0,0 +1,25 @@ +--- +- name: Checking for {{ shared_key_info.procure_component }}_shared_key + stat: path="{{generated_certs_dir}}/{{ shared_key_info.procure_component }}_shared_key" + register: component_shared_key_file + check_mode: no + +- name: Trying to discover shared key variable name for {{ shared_key_info.procure_component }} + set_fact: procure_component_shared_key={{ lookup('env', '{{shared_key_info.procure_component}}' + '_shared_key') }} + when: + - shared_key_info[ shared_key_info.procure_component + '_shared_key' ] is defined + check_mode: no + +- name: Creating shared_key for {{ shared_key_info.procure_component }} + copy: content="{{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}}" + dest="{{generated_certs_dir}}/{{shared_key_info.procure_component}}_shared_key" + check_mode: no + when: + - not component_shared_key_file.stat.exists + +- name: Copying shared key for {{ shared_key_info.procure_component }} to generated certs directory + copy: content="{{procure_component_shared_key}}" dest="{{generated_certs_dir}}/{{shared_key_info.procure_component}}_shared_key" + check_mode: no + when: + - shared_key_info[ shared_key_info.procure_component + '_shared_key' ] is defined + - not component_shared_key_file.stat.exists diff --git a/roles/openshift_logging/tasks/start_cluster.yaml b/roles/openshift_logging/tasks/start_cluster.yaml deleted file mode 100644 index edbb62c3e..000000000 --- a/roles/openshift_logging/tasks/start_cluster.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- -- name: Retrieve list of fluentd hosts - oc_obj: - state: list - kind: node - when: "'--all' in openshift_logging_fluentd_hosts" - register: fluentd_hosts - -- name: Set fact openshift_logging_fluentd_hosts - set_fact: - openshift_logging_fluentd_hosts: "{{ fluentd_hosts.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - when: "'--all' in openshift_logging_fluentd_hosts" - -- name: start fluentd - oc_label: - name: "{{ fluentd_host }}" - kind: node - state: add - labels: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}" - with_items: "{{ openshift_logging_fluentd_hosts }}" - loop_control: - loop_var: fluentd_host - -- name: Retrieve elasticsearch - oc_obj: - state: list - kind: dc - selector: "component=es" - namespace: "{{openshift_logging_namespace}}" - register: es_dc - -- name: start elasticsearch - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 1 - with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - -- name: Retrieve kibana - oc_obj: - state: list - kind: dc - selector: "component=kibana" - namespace: "{{openshift_logging_namespace}}" - register: kibana_dc - -- name: start kibana - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: "{{ openshift_logging_kibana_replica_count | default (1) }}" - with_items: "{{ kibana_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - -- name: Retrieve curator - oc_obj: - state: list - kind: dc - selector: "component=curator" - namespace: "{{openshift_logging_namespace}}" - register: curator_dc - -- name: start curator - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 1 - with_items: "{{ curator_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - -- name: Retrieve elasticsearch-ops - oc_obj: - state: list - kind: dc - selector: "component=es-ops" - namespace: "{{openshift_logging_namespace}}" - register: es_dc - -- name: start elasticsearch-ops - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 1 - with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - when: openshift_logging_use_ops | bool - -- name: Retrieve kibana-ops - oc_obj: - state: list - kind: dc - selector: "component=kibana-ops" - namespace: "{{openshift_logging_namespace}}" - register: kibana_dc - -- name: start kibana-ops - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: "{{ openshift_logging_kibana_ops_replica_count | default (1) }}" - with_items: "{{ kibana_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - when: openshift_logging_use_ops | bool - -- name: Retrieve curator - oc_obj: - state: list - kind: dc - selector: "component=curator-ops" - namespace: "{{openshift_logging_namespace}}" - register: curator_dc - -- name: start curator-ops - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 1 - with_items: "{{ curator_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - when: openshift_logging_use_ops | bool diff --git a/roles/openshift_logging/tasks/stop_cluster.yaml b/roles/openshift_logging/tasks/stop_cluster.yaml deleted file mode 100644 index 4b3722e29..000000000 --- a/roles/openshift_logging/tasks/stop_cluster.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- -- name: Retrieve list of fluentd hosts - oc_obj: - state: list - kind: node - when: "'--all' in openshift_logging_fluentd_hosts" - register: fluentd_hosts - -- name: Set fact openshift_logging_fluentd_hosts - set_fact: - openshift_logging_fluentd_hosts: "{{ fluentd_hosts.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - when: "'--all' in openshift_logging_fluentd_hosts" - -- name: stop fluentd - oc_label: - name: "{{ fluentd_host }}" - kind: node - state: absent - labels: "{{ openshift_logging_fluentd_nodeselector | oo_dict_to_list_of_dict }}" - with_items: "{{ openshift_logging_fluentd_hosts }}" - loop_control: - loop_var: fluentd_host - -- name: Retrieve elasticsearch - oc_obj: - state: list - kind: dc - selector: "component=es" - namespace: "{{openshift_logging_namespace}}" - register: es_dc - -- name: stop elasticsearch - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 0 - with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - -- name: Retrieve kibana - oc_obj: - state: list - kind: dc - selector: "component=kibana" - namespace: "{{openshift_logging_namespace}}" - register: kibana_dc - -- name: stop kibana - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 0 - with_items: "{{ kibana_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - -- name: Retrieve curator - oc_obj: - state: list - kind: dc - selector: "component=curator" - namespace: "{{openshift_logging_namespace}}" - register: curator_dc - -- name: stop curator - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 0 - with_items: "{{ curator_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - -- name: Retrieve elasticsearch-ops - oc_obj: - state: list - kind: dc - selector: "component=es-ops" - namespace: "{{openshift_logging_namespace}}" - register: es_dc - -- name: stop elasticsearch-ops - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 0 - with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - when: openshift_logging_use_ops | bool - -- name: Retrieve kibana-ops - oc_obj: - state: list - kind: dc - selector: "component=kibana-ops" - namespace: "{{openshift_logging_namespace}}" - register: kibana_dc - -- name: stop kibana-ops - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 0 - with_items: "{{ kibana_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - when: openshift_logging_use_ops | bool - -- name: Retrieve curator - oc_obj: - state: list - kind: dc - selector: "component=curator-ops" - namespace: "{{openshift_logging_namespace}}" - register: curator_dc - -- name: stop curator-ops - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 0 - with_items: "{{ curator_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - when: openshift_logging_use_ops | bool diff --git a/roles/openshift_logging/tasks/update_master_config.yaml b/roles/openshift_logging/tasks/update_master_config.yaml index cef835668..10f522b61 100644 --- a/roles/openshift_logging/tasks/update_master_config.yaml +++ b/roles/openshift_logging/tasks/update_master_config.yaml @@ -4,6 +4,9 @@ dest: "{{ openshift.common.config_base }}/master/master-config.yaml" yaml_key: assetConfig.loggingPublicURL yaml_value: "https://{{ openshift_logging_kibana_hostname }}" - notify: restart master + notify: + - restart master + - restart master api + - restart master controllers tags: - - update_master_config + - update_master_config diff --git a/roles/openshift_logging/tasks/upgrade_logging.yaml b/roles/openshift_logging/tasks/upgrade_logging.yaml deleted file mode 100644 index 30fdbd2af..000000000 --- a/roles/openshift_logging/tasks/upgrade_logging.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: Stop the Cluster - include: stop_cluster.yaml - -- name: Upgrade logging - include: install_logging.yaml - vars: - start_cluster: False - -# start ES so that we can run migrate script -- name: Retrieve elasticsearch - oc_obj: - state: list - kind: dc - selector: "component=es" - namespace: "{{openshift_logging_namespace}}" - register: es_dc - -- name: start elasticsearch - oc_scale: - kind: dc - name: "{{ object }}" - namespace: "{{openshift_logging_namespace}}" - replicas: 1 - with_items: "{{ es_dc.results.results[0]['items'] | map(attribute='metadata.name') | list }}" - loop_control: - loop_var: object - -- name: Wait for pods to start - oc_obj: - state: list - kind: pods - selector: "component=es" - namespace: "{{openshift_logging_namespace}}" - register: running_pod - until: running_pod.results.results[0]['items'] | selectattr('status.phase', 'match', '^Running$') | map(attribute='metadata.name') | list | length != 0 - retries: 30 - delay: 10 - -- name: Run upgrade script - script: es_migration.sh {{openshift.common.config_base}}/logging/ca.crt {{openshift.common.config_base}}/logging/system.admin.key {{openshift.common.config_base}}/logging/system.admin.crt {{openshift_logging_es_host}} {{openshift_logging_es_port}} {{openshift_logging_namespace}} - register: script_output - changed_when: - - script_output.rc == 0 - - script_output.stdout.find("skipping update_for_uuid") == -1 or script_output.stdout.find("skipping update_for_common_data_model") == -1 - -- name: Start up rest of cluster - include: start_cluster.yaml diff --git a/roles/openshift_logging/templates/clusterrole.j2 b/roles/openshift_logging/templates/clusterrole.j2 deleted file mode 100644 index 0d28db48e..000000000 --- a/roles/openshift_logging/templates/clusterrole.j2 +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: ClusterRole -metadata: - name: {{obj_name}} -rules: -{% for rule in rules %} -- resources: -{% for kind in rule.resources %} - - {{ kind }} -{% endfor %} - apiGroups: -{% if rule.api_groups is defined %} -{% for group in rule.api_groups %} - - {{ group }} -{% endfor %} -{% endif %} - verbs: -{% for verb in rule.verbs %} - - {{ verb }} -{% endfor %} -{% endfor %} diff --git a/roles/openshift_logging/templates/clusterrolebinding.j2 b/roles/openshift_logging/templates/clusterrolebinding.j2 deleted file mode 100644 index 2d25ff1fb..000000000 --- a/roles/openshift_logging/templates/clusterrolebinding.j2 +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: ClusterRoleBinding -metadata: - name: {{obj_name}} -{% if crb_usernames is defined %} -userNames: -{% for name in crb_usernames %} - - {{ name }} -{% endfor %} -{% endif %} -{% if crb_groupnames is defined %} -groupNames: -{% for name in crb_groupnames %} - - {{ name }} -{% endfor %} -{% endif %} -subjects: -{% for sub in subjects %} - - kind: {{ sub.kind }} - name: {{ sub.name }} - namespace: {{sub.namespace}} -{% endfor %} -roleRef: - name: {{obj_name}} diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2 deleted file mode 100644 index a0fefd882..000000000 --- a/roles/openshift_logging/templates/curator.j2 +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: "v1" -kind: "DeploymentConfig" -metadata: - name: "{{deploy_name}}" - labels: - provider: openshift - component: "{{component}}" - logging-infra: "{{logging_component}}" -spec: - replicas: {{replicas|default(0)}} - selector: - provider: openshift - component: "{{component}}" - logging-infra: "{{logging_component}}" - strategy: - rollingParams: - intervalSeconds: 1 - timeoutSeconds: 600 - updatePeriodSeconds: 1 - type: Recreate - template: - metadata: - name: "{{deploy_name}}" - labels: - logging-infra: "{{logging_component}}" - provider: openshift - component: "{{component}}" - spec: - terminationGracePeriod: 600 - serviceAccountName: aggregated-logging-curator -{% if curator_node_selector is iterable and curator_node_selector | length > 0 %} - nodeSelector: -{% for key, value in curator_node_selector.iteritems() %} - {{key}}: "{{value}}" -{% endfor %} -{% endif %} - containers: - - - name: "curator" - image: {{image}} - imagePullPolicy: Always - resources: - limits: - cpu: "{{curator_cpu_limit}}" -{% if curator_memory_limit is defined and curator_memory_limit is not none %} - memory: "{{curator_memory_limit}}" -{% endif %} - env: - - - name: "K8S_HOST_URL" - value: "{{openshift_logging_master_url}}" - - - name: "ES_HOST" - value: "{{es_host}}" - - - name: "ES_PORT" - value: "{{es_port}}" - - - name: "ES_CLIENT_CERT" - value: "/etc/curator/keys/cert" - - - name: "ES_CLIENT_KEY" - value: "/etc/curator/keys/key" - - - name: "ES_CA" - value: "/etc/curator/keys/ca" - - - name: "CURATOR_DEFAULT_DAYS" - value: "{{openshift_logging_curator_default_days}}" - - - name: "CURATOR_RUN_HOUR" - value: "{{openshift_logging_curator_run_hour}}" - - - name: "CURATOR_RUN_MINUTE" - value: "{{openshift_logging_curator_run_minute}}" - - - name: "CURATOR_RUN_TIMEZONE" - value: "{{openshift_logging_curator_run_timezone}}" - - - name: "CURATOR_SCRIPT_LOG_LEVEL" - value: "{{openshift_logging_curator_script_log_level}}" - - - name: "CURATOR_LOG_LEVEL" - value: "{{openshift_logging_curator_log_level}}" - volumeMounts: - - name: certs - mountPath: /etc/curator/keys - readOnly: true - - name: config - mountPath: /etc/curator/settings - readOnly: true - - name: elasticsearch-storage - mountPath: /elasticsearch/persistent - readOnly: true - volumes: - - name: certs - secret: - secretName: logging-curator - - name: config - configMap: - name: logging-curator - - name: elasticsearch-storage - emptyDir: {} diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2 deleted file mode 100644 index 93c4d854c..000000000 --- a/roles/openshift_logging/templates/elasticsearch.yml.j2 +++ /dev/null @@ -1,82 +0,0 @@ -cluster: - name: ${CLUSTER_NAME} - -script: - inline: on - indexed: on - -index: - number_of_shards: {{ es_number_of_shards | default ('1') }} - number_of_replicas: {{ es_number_of_replicas | default ('0') }} - unassigned.node_left.delayed_timeout: 2m - translog: - flush_threshold_size: 256mb - flush_threshold_period: 5m - -node: - master: true - data: true - -network: - host: 0.0.0.0 - -cloud: - kubernetes: - service: ${SERVICE_DNS} - namespace: ${NAMESPACE} - -discovery: - type: kubernetes - zen.ping.multicast.enabled: false - zen.minimum_master_nodes: {{es_min_masters}} - -gateway: - expected_master_nodes: ${NODE_QUORUM} - recover_after_nodes: ${RECOVER_AFTER_NODES} - expected_nodes: ${RECOVER_EXPECTED_NODES} - recover_after_time: ${RECOVER_AFTER_TIME} - -io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"] -io.fabric8.elasticsearch.kibana.mapping.app: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json -io.fabric8.elasticsearch.kibana.mapping.ops: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json - -openshift.config: - use_common_data_model: true - project_index_prefix: "project" - time_field_name: "@timestamp" - -openshift.searchguard: - keystore.path: /etc/elasticsearch/secret/admin.jks - truststore.path: /etc/elasticsearch/secret/searchguard.truststore - -openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default (false)}} - -path: - data: /elasticsearch/persistent/${CLUSTER_NAME}/data - logs: /elasticsearch/${CLUSTER_NAME}/logs - work: /elasticsearch/${CLUSTER_NAME}/work - scripts: /elasticsearch/${CLUSTER_NAME}/scripts - -searchguard: - authcz.admin_dn: - - CN=system.admin,OU=OpenShift,O=Logging - config_index_name: ".searchguard.${HOSTNAME}" - ssl: - transport: - enabled: true - enforce_hostname_verification: false - keystore_type: JKS - keystore_filepath: /etc/elasticsearch/secret/searchguard.key - keystore_password: kspass - truststore_type: JKS - truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore - truststore_password: tspass - http: - enabled: true - keystore_type: JKS - keystore_filepath: /etc/elasticsearch/secret/key - keystore_password: kspass - clientauth_mode: OPTIONAL - truststore_type: JKS - truststore_filepath: /etc/elasticsearch/secret/truststore - truststore_password: tspass diff --git a/roles/openshift_logging/templates/es-storage-emptydir.partial b/roles/openshift_logging/templates/es-storage-emptydir.partial deleted file mode 100644 index ccd01a816..000000000 --- a/roles/openshift_logging/templates/es-storage-emptydir.partial +++ /dev/null @@ -1 +0,0 @@ - emptyDir: {} diff --git a/roles/openshift_logging/templates/es-storage-hostpath.partial b/roles/openshift_logging/templates/es-storage-hostpath.partial deleted file mode 100644 index 07ddad9ba..000000000 --- a/roles/openshift_logging/templates/es-storage-hostpath.partial +++ /dev/null @@ -1,2 +0,0 @@ - hostPath: - path: {{es_storage['path']}} diff --git a/roles/openshift_logging/templates/es-storage-pvc.partial b/roles/openshift_logging/templates/es-storage-pvc.partial deleted file mode 100644 index fcbff68de..000000000 --- a/roles/openshift_logging/templates/es-storage-pvc.partial +++ /dev/null @@ -1,2 +0,0 @@ - persistentVolumeClaim: - claimName: {{es_storage['pvc_claim']}} diff --git a/roles/openshift_logging/templates/es.j2 b/roles/openshift_logging/templates/es.j2 deleted file mode 100644 index 16185fc1d..000000000 --- a/roles/openshift_logging/templates/es.j2 +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: "v1" -kind: "DeploymentConfig" -metadata: - name: "{{deploy_name}}" - labels: - provider: openshift - component: "{{component}}" - deployment: "{{deploy_name}}" - logging-infra: "{{logging_component}}" -spec: - replicas: {{replicas|default(0)}} - selector: - provider: openshift - component: "{{component}}" - deployment: "{{deploy_name}}" - logging-infra: "{{logging_component}}" - strategy: - type: Recreate - template: - metadata: - name: "{{deploy_name}}" - labels: - logging-infra: "{{logging_component}}" - provider: openshift - component: "{{component}}" - deployment: "{{deploy_name}}" - spec: - terminationGracePeriod: 600 - serviceAccountName: aggregated-logging-elasticsearch - securityContext: - supplementalGroups: - - {{openshift_logging_es_storage_group}} -{% if es_node_selector is iterable and es_node_selector | length > 0 %} - nodeSelector: -{% for key, value in es_node_selector.iteritems() %} - {{key}}: "{{value}}" -{% endfor %} -{% endif %} - containers: - - - name: "elasticsearch" - image: {{image}} - imagePullPolicy: Always - resources: - limits: - memory: "{{es_memory_limit}}" -{% if es_cpu_limit is defined and es_cpu_limit is not none %} - cpu: "{{es_cpu_limit}}" -{% endif %} - requests: - memory: "512Mi" - ports: - - - containerPort: 9200 - name: "restapi" - - - containerPort: 9300 - name: "cluster" - env: - - - name: "NAMESPACE" - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - - name: "KUBERNETES_TRUST_CERT" - value: "true" - - - name: "SERVICE_DNS" - value: "logging-{{es_cluster_name}}-cluster" - - - name: "CLUSTER_NAME" - value: "logging-{{es_cluster_name}}" - - - name: "INSTANCE_RAM" - value: "{{openshift_logging_es_memory_limit}}" - - - name: "NODE_QUORUM" - value: "{{es_node_quorum | int}}" - - - name: "RECOVER_AFTER_NODES" - value: "{{es_recover_after_nodes}}" - - - name: "RECOVER_EXPECTED_NODES" - value: "{{es_recover_expected_nodes}}" - - - name: "RECOVER_AFTER_TIME" - value: "{{openshift_logging_es_recover_after_time}}" - volumeMounts: - - name: elasticsearch - mountPath: /etc/elasticsearch/secret - readOnly: true - - name: elasticsearch-config - mountPath: /usr/share/java/elasticsearch/config - readOnly: true - - name: elasticsearch-storage - mountPath: /elasticsearch/persistent - volumes: - - name: elasticsearch - secret: - secretName: logging-elasticsearch - - name: elasticsearch-config - configMap: - name: logging-elasticsearch - - name: elasticsearch-storage -{% include 'es-storage-'+ es_storage['kind'] + '.partial' %} diff --git a/roles/openshift_logging/templates/fluentd.j2 b/roles/openshift_logging/templates/fluentd.j2 deleted file mode 100644 index 0bf1686ad..000000000 --- a/roles/openshift_logging/templates/fluentd.j2 +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: "DaemonSet" -metadata: - name: "{{daemonset_name}}" - labels: - provider: openshift - component: "{{daemonset_component}}" - logging-infra: "{{daemonset_component}}" -spec: - selector: - matchLabels: - provider: openshift - component: "{{daemonset_component}}" - updateStrategy: - type: RollingUpdate - rollingUpdate: - minReadySeconds: 600 - template: - metadata: - name: "{{daemonset_container_name}}" - labels: - logging-infra: "{{daemonset_component}}" - provider: openshift - component: "{{daemonset_component}}" - spec: - serviceAccountName: "{{daemonset_serviceAccount}}" - nodeSelector: - {{fluentd_nodeselector_key}}: "{{fluentd_nodeselector_value}}" - containers: - - name: "{{daemonset_container_name}}" - image: "{{openshift_logging_image_prefix}}{{daemonset_name}}:{{openshift_logging_image_version}}" - imagePullPolicy: Always - securityContext: - privileged: true - resources: - limits: - cpu: {{openshift_logging_fluentd_cpu_limit}} - memory: {{openshift_logging_fluentd_memory_limit}} - volumeMounts: - - name: runlogjournal - mountPath: /run/log/journal - - name: varlog - mountPath: /var/log - - name: varlibdockercontainers - mountPath: /var/lib/docker/containers - readOnly: true - - name: config - mountPath: /etc/fluent/configs.d/user - readOnly: true - - name: certs - mountPath: /etc/fluent/keys - readOnly: true - - name: dockerhostname - mountPath: /etc/docker-hostname - readOnly: true - - name: localtime - mountPath: /etc/localtime - readOnly: true - - name: dockercfg - mountPath: /etc/sysconfig/docker - readOnly: true - env: - - name: "K8S_HOST_URL" - value: "{{openshift_logging_master_url}}" - - name: "ES_HOST" - value: "{{openshift_logging_es_host}}" - - name: "ES_PORT" - value: "{{openshift_logging_es_port}}" - - name: "ES_CLIENT_CERT" - value: "{{openshift_logging_es_client_cert}}" - - name: "ES_CLIENT_KEY" - value: "{{openshift_logging_es_client_key}}" - - name: "ES_CA" - value: "{{openshift_logging_es_ca}}" - - name: "OPS_HOST" - value: "{{ops_host}}" - - name: "OPS_PORT" - value: "{{ops_port}}" - - name: "OPS_CLIENT_CERT" - value: "{{openshift_logging_es_ops_client_cert}}" - - name: "OPS_CLIENT_KEY" - value: "{{openshift_logging_es_ops_client_key}}" - - name: "OPS_CA" - value: "{{openshift_logging_es_ops_ca}}" - - name: "ES_COPY" - value: "{{openshift_logging_fluentd_es_copy|lower}}" - - name: "ES_COPY_HOST" - value: "{{es_copy_host | default('')}}" - - name: "ES_COPY_PORT" - value: "{{es_copy_port | default('')}}" - - name: "ES_COPY_SCHEME" - value: "{{es_copy_scheme | default('https')}}" - - name: "ES_COPY_CLIENT_CERT" - value: "{{es_copy_client_cert | default('')}}" - - name: "ES_COPY_CLIENT_KEY" - value: "{{es_copy_client_key | default('')}}" - - name: "ES_COPY_CA" - value: "{{es_copy_ca | default('')}}" - - name: "ES_COPY_USERNAME" - value: "{{es_copy_username | default('')}}" - - name: "ES_COPY_PASSWORD" - value: "{{es_copy_password | default('')}}" - - name: "OPS_COPY_HOST" - value: "{{ops_copy_host | default('')}}" - - name: "OPS_COPY_PORT" - value: "{{ops_copy_port | default('')}}" - - name: "OPS_COPY_SCHEME" - value: "{{ops_copy_scheme | default('https')}}" - - name: "OPS_COPY_CLIENT_CERT" - value: "{{ops_copy_client_cert | default('')}}" - - name: "OPS_COPY_CLIENT_KEY" - value: "{{ops_copy_client_key | default('')}}" - - name: "OPS_COPY_CA" - value: "{{ops_copy_ca | default('')}}" - - name: "OPS_COPY_USERNAME" - value: "{{ops_copy_username | default('')}}" - - name: "OPS_COPY_PASSWORD" - value: "{{ops_copy_password | default('')}}" - - name: "USE_JOURNAL" - value: "{{openshift_logging_fluentd_use_journal|lower}}" - - name: "JOURNAL_SOURCE" - value: "{{openshift_logging_fluentd_journal_source | default('')}}" - - name: "JOURNAL_READ_FROM_HEAD" - value: "{{openshift_logging_fluentd_journal_read_from_head|lower}}" - volumes: - - name: runlogjournal - hostPath: - path: /run/log/journal - - name: varlog - hostPath: - path: /var/log - - name: varlibdockercontainers - hostPath: - path: /var/lib/docker/containers - - name: config - configMap: - name: logging-fluentd - - name: certs - secret: - secretName: logging-fluentd - - name: dockerhostname - hostPath: - path: /etc/hostname - - name: localtime - hostPath: - path: /etc/localtime - - name: dockercfg - hostPath: - path: /etc/sysconfig/docker diff --git a/roles/openshift_logging/templates/kibana.j2 b/roles/openshift_logging/templates/kibana.j2 deleted file mode 100644 index e6ecf82ff..000000000 --- a/roles/openshift_logging/templates/kibana.j2 +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: "v1" -kind: "DeploymentConfig" -metadata: - name: "{{deploy_name}}" - labels: - provider: openshift - component: "{{component}}" - logging-infra: "{{logging_component}}" -spec: - replicas: {{replicas|default(0)}} - selector: - provider: openshift - component: "{{component}}" - logging-infra: "{{logging_component}}" - strategy: - rollingParams: - intervalSeconds: 1 - timeoutSeconds: 600 - updatePeriodSeconds: 1 - type: Rolling - template: - metadata: - name: "{{deploy_name}}" - labels: - logging-infra: "{{logging_component}}" - provider: openshift - component: "{{component}}" - spec: - serviceAccountName: aggregated-logging-kibana -{% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %} - nodeSelector: -{% for key, value in kibana_node_selector.iteritems() %} - {{key}}: "{{value}}" -{% endfor %} -{% endif %} - containers: - - - name: "kibana" - image: {{image}} - imagePullPolicy: Always -{% if (kibana_memory_limit is defined and kibana_memory_limit is not none) or (kibana_cpu_limit is defined and kibana_cpu_limit is not none) %} - resources: - limits: -{% if kibana_cpu_limit is not none %} - cpu: "{{kibana_cpu_limit}}" -{% endif %} -{% if kibana_memory_limit is not none %} - memory: "{{kibana_memory_limit}}" -{% endif %} -{% endif %} - env: - - name: "ES_HOST" - value: "{{es_host}}" - - name: "ES_PORT" - value: "{{es_port}}" - volumeMounts: - - name: kibana - mountPath: /etc/kibana/keys - readOnly: true - - - name: "kibana-proxy" - image: {{proxy_image}} - imagePullPolicy: Always -{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none) or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none) %} - resources: - limits: -{% if kibana_proxy_cpu_limit is not none %} - cpu: "{{kibana_proxy_cpu_limit}}" -{% endif %} -{% if kibana_proxy_memory_limit is not none %} - memory: "{{kibana_proxy_memory_limit}}" -{% endif %} -{% endif %} - ports: - - - name: "oaproxy" - containerPort: 3000 - env: - - - name: "OAP_BACKEND_URL" - value: "http://localhost:5601" - - - name: "OAP_AUTH_MODE" - value: "oauth2" - - - name: "OAP_TRANSFORM" - value: "user_header,token_header" - - - name: "OAP_OAUTH_ID" - value: kibana-proxy - - - name: "OAP_MASTER_URL" - value: {{openshift_logging_master_url}} - - - name: "OAP_PUBLIC_MASTER_URL" - value: {{openshift_logging_master_public_url}} - - - name: "OAP_LOGOUT_REDIRECT" - value: {{openshift_logging_master_public_url}}/console/logout - - - name: "OAP_MASTER_CA_FILE" - value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - - - name: "OAP_DEBUG" - value: "{{openshift_logging_kibana_proxy_debug}}" - volumeMounts: - - name: kibana-proxy - mountPath: /secret - readOnly: true - volumes: - - name: kibana - secret: - secretName: logging-kibana - - name: kibana-proxy - secret: - secretName: logging-kibana-proxy diff --git a/roles/openshift_logging/templates/oauth-client.j2 b/roles/openshift_logging/templates/oauth-client.j2 deleted file mode 100644 index 41d3123cb..000000000 --- a/roles/openshift_logging/templates/oauth-client.j2 +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: OAuthClient -metadata: - name: kibana-proxy - labels: - logging-infra: support -secret: {{secret}} -redirectURIs: -- https://{{openshift_logging_kibana_hostname}} -- https://{{openshift_logging_kibana_ops_hostname}} -scopeRestrictions: -- literals: - - user:info - - user:check-access - - user:list-projects diff --git a/roles/openshift_logging/templates/pvc.j2 b/roles/openshift_logging/templates/pvc.j2 deleted file mode 100644 index 07d81afff..000000000 --- a/roles/openshift_logging/templates/pvc.j2 +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: "{{obj_name}}" - labels: - logging-infra: support -{% if annotations is defined %} - annotations: -{% for key,value in annotations.iteritems() %} - {{key}}: {{value}} -{% endfor %} -{% endif %} -spec: -{% if pv_selector is defined and pv_selector is mapping %} - selector: - matchLabels: -{% for key,value in pv_selector.iteritems() %} - {{key}}: {{value}} -{% endfor %} -{% endif %} - accessModes: -{% for mode in access_modes %} - - {{ mode }} -{% endfor %} - resources: - requests: - storage: {{size}} diff --git a/roles/openshift_logging/templates/rolebinding.j2 b/roles/openshift_logging/templates/rolebinding.j2 deleted file mode 100644 index fcd4e87cc..000000000 --- a/roles/openshift_logging/templates/rolebinding.j2 +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: RoleBinding -metadata: - name: {{obj_name}} -roleRef: -{% if roleRef.kind is defined %} - kind: {{ roleRef.kind }} -{% endif %} - name: {{ roleRef.name }} -subjects: -{% for sub in subjects %} - - kind: {{ sub.kind }} - name: {{ sub.name }} -{% endfor %} diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2 deleted file mode 100644 index cf8a9e65f..000000000 --- a/roles/openshift_logging/templates/route_reencrypt.j2 +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: "v1" -kind: "Route" -metadata: - name: "{{obj_name}}" -{% if labels is defined%} - labels: -{% for key, value in labels.iteritems() %} - {{key}}: {{value}} -{% endfor %} -{% endif %} -spec: - host: {{ route_host }} - tls: -{% if tls_key is defined and tls_key | length > 0 %} - key: | -{{ tls_key|indent(6, true) }} -{% if tls_cert is defined and tls_cert | length > 0 %} - certificate: | -{{ tls_cert|indent(6, true) }} -{% endif %} -{% endif %} - caCertificate: | -{% for line in tls_ca_cert.split('\n') %} - {{ line }} -{% endfor %} - destinationCACertificate: | -{% for line in tls_dest_ca_cert.split('\n') %} - {{ line }} -{% endfor %} - termination: reencrypt -{% if edge_term_policy is defined and edge_term_policy | length > 0 %} - insecureEdgeTerminationPolicy: {{ edge_term_policy }} -{% endif %} - to: - kind: Service - name: {{ service_name }} diff --git a/roles/openshift_logging/templates/secret.j2 b/roles/openshift_logging/templates/secret.j2 deleted file mode 100644 index eba4197da..000000000 --- a/roles/openshift_logging/templates/secret.j2 +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: "{{secret_name}}" -type: Opaque -data: -{% for s in secrets %} - "{{s.key}}" : "{{s.value | b64encode}}" -{% endfor %} diff --git a/roles/openshift_logging/templates/service.j2 b/roles/openshift_logging/templates/service.j2 deleted file mode 100644 index 6c4ec0c76..000000000 --- a/roles/openshift_logging/templates/service.j2 +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: "v1" -kind: "Service" -metadata: - name: "{{obj_name}}" -{% if labels is defined%} - labels: -{% for key, value in labels.iteritems() %} - {{key}}: {{value}} -{% endfor %} -{% endif %} -spec: - ports: -{% for port in ports %} - - -{% for key, value in port.iteritems() %} - {{key}}: {{value}} -{% endfor %} -{% if port.targetPort is undefined %} - clusterIP: "None" -{% endif %} -{% endfor %} -{% if service_targetPort is defined %} - targetPort: {{service_targetPort}} -{% endif %} - selector: - {% for key, value in selector.iteritems() %} - {{key}}: {{value}} - {% endfor %} diff --git a/roles/openshift_logging/templates/serviceaccount.j2 b/roles/openshift_logging/templates/serviceaccount.j2 deleted file mode 100644 index b22acc594..000000000 --- a/roles/openshift_logging/templates/serviceaccount.j2 +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{obj_name}} -{% if labels is defined%} - labels: -{% for key, value in labels.iteritems() %} - {{key}}: {{value}} -{% endfor %} -{% endif %} -{% if secrets is defined %} -secrets: -{% for name in secrets %} -- name: {{ name }} -{% endfor %} -{% endif %} diff --git a/roles/openshift_logging/vars/main.yaml b/roles/openshift_logging/vars/main.yaml index c3064cee9..e561b41e2 100644 --- a/roles/openshift_logging/vars/main.yaml +++ b/roles/openshift_logging/vars/main.yaml @@ -1,10 +1,8 @@ --- openshift_master_config_dir: "{{ openshift.common.config_base }}/master" -es_node_quorum: "{{openshift_logging_es_cluster_size|int/2 + 1}}" -es_min_masters_default: "{{ (openshift_logging_es_cluster_size | int / 2 | round(0,'floor') + 1) | int }}" -es_min_masters: "{{ (openshift_logging_es_cluster_size == 1) | ternary(1, es_min_masters_default)}}" -es_recover_after_nodes: "{{openshift_logging_es_cluster_size|int - 1}}" -es_recover_expected_nodes: "{{openshift_logging_es_cluster_size|int}}" -es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size|int/2 + 1}}" -es_ops_recover_after_nodes: "{{openshift_logging_es_ops_cluster_size|int - 1}}" -es_ops_recover_expected_nodes: "{{openshift_logging_es_ops_cluster_size|int}}" +es_node_quorum: "{{ (openshift_logging_es_cluster_size | int/2 | round(0,'floor') + 1) | int}}" +es_recover_expected_nodes: "{{openshift_logging_es_cluster_size | int}}" +es_ops_node_quorum: "{{ (openshift_logging_es_ops_cluster_size | int/2 | round(0,'floor') + 1) | int}}" +es_ops_recover_expected_nodes: "{{openshift_logging_es_ops_cluster_size | int}}" + +es_log_appenders: ['file', 'console'] diff --git a/roles/openshift_logging/vars/openshift-enterprise.yml b/roles/openshift_logging/vars/openshift-enterprise.yml index 9679d209a..92e68a0a3 100644 --- a/roles/openshift_logging/vars/openshift-enterprise.yml +++ b/roles/openshift_logging/vars/openshift-enterprise.yml @@ -1,3 +1,3 @@ --- __openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}" -__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default(openshift_release | default ('3.5.0') ) }}" +__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default ('3.6.0') }}" |