From ec7d1b04ef91a3d10675efe1c53a88ef100437b8 Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Thu, 17 Aug 2017 16:21:58 -0400 Subject: bug 1482661. Preserve ES dc nodeSelector and supplementalGroups (cherry picked from commit 601e35cbf4410972c7fa0a1d3d5c6327b82353ac) --- roles/openshift_logging_elasticsearch/defaults/main.yml | 2 +- roles/openshift_logging_elasticsearch/tasks/main.yaml | 1 + roles/openshift_logging_elasticsearch/templates/es.j2 | 4 +++- 3 files changed, 5 insertions(+), 2 deletions(-) (limited to 'roles/openshift_logging_elasticsearch') diff --git a/roles/openshift_logging_elasticsearch/defaults/main.yml b/roles/openshift_logging_elasticsearch/defaults/main.yml index 75bd479be..4bca32e70 100644 --- a/roles/openshift_logging_elasticsearch/defaults/main.yml +++ b/roles/openshift_logging_elasticsearch/defaults/main.yml @@ -33,7 +33,7 @@ openshift_logging_elasticsearch_pvc_size: "" openshift_logging_elasticsearch_pvc_dynamic: false openshift_logging_elasticsearch_pvc_pv_selector: {} openshift_logging_elasticsearch_pvc_access_modes: ['ReadWriteOnce'] -openshift_logging_elasticsearch_storage_group: '65534' +openshift_logging_elasticsearch_storage_group: ['65534'] openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default('logging-es') }}" diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 1e800b1d6..8d5927df6 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -281,6 +281,7 @@ es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit }}" es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}" es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}" + es_storage_groups: "{{ openshift_logging_elasticsearch_storage_group | default([]) }}" deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" es_replicas: 1 diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 3c8f390c4..d1edb2d76 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -29,7 +29,9 @@ spec: serviceAccountName: aggregated-logging-elasticsearch securityContext: supplementalGroups: - - {{openshift_logging_elasticsearch_storage_group}} +{% for group in es_storage_groups %} + - {{group}} +{% endfor %} {% if es_node_selector is iterable and es_node_selector | length > 0 %} nodeSelector: {% for key, value in es_node_selector.iteritems() %} -- cgit v1.2.1 From f4c7d5e064fad263f618fb633d5c0d37c0a2a553 Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Sun, 1 Oct 2017 14:54:22 -0400 Subject: Bug 1496271 - Perserve SCC for ES local persistent storage ES can be modified to use node local persistent storage. This requires changing SCC and is described in docs: https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html During an upgrade, SCC defined by the user is ignored. This fix fetches SCC user defined as a fact and adds it to the ES DC which is later used. --- roles/openshift_logging_elasticsearch/tasks/main.yaml | 1 + roles/openshift_logging_elasticsearch/templates/es.j2 | 3 +++ 2 files changed, 4 insertions(+) (limited to 'roles/openshift_logging_elasticsearch') diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 8d5927df6..244290953 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -282,6 +282,7 @@ es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}" es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}" es_storage_groups: "{{ openshift_logging_elasticsearch_storage_group | default([]) }}" + es_container_security_context: "{{ _es_containers.elasticsearch.securityContext if _es_containers is defined and 'elasticsearch' in _es_containers and 'securityContext' in _es_containers.elasticsearch else None }}" deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" es_replicas: 1 diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index d1edb2d76..20152e576 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -51,6 +51,9 @@ spec: {% endif %} requests: memory: "{{es_memory_limit}}" +{% if es_container_security_context %} + securityContext: {{ es_container_security_context | to_yaml }} +{% endif %} ports: - containerPort: 9200 -- cgit v1.2.1