summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted_logging/tasks/deploy_logging.yaml
blob: 5d69175ae6df18d5a304ab15239723e1b60033ab (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

---

  - fail: msg="This role requires the following vars to be defined: openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, penshift_hosted_logging_elasticsearchs_cluster_size"
    when: "openshift_hosted_logging_hostname is not defined or
          penshift_hosted_logging_elasticsearchs_cluster_size is not defined or
          openshift_hosted_logging_master_public_url is not defined"

  - name: Create temp directory for kubeconfig
    command: mktemp -d /tmp/openshift-ansible-XXXXXX
    register: mktemp
    changed_when: False

  - name: Copy the admin client config(s)
    command: >
      cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
    changed_when: False


  - name: "Create logging project"
    command: oadm new-project logging
    when: logging_project.rc != 0


  - name: "Changing projects"
    command: oc project logging

  - name: "Creating logging deployer secret"
    command: oc secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }}
    register: secret_output
    failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr"

  - name: "Copy serviceAccount file"
    copy: dest=/tmp/logging-deployer-sa.yaml
          src={{role_path}}/files/logging-deployer-sa.yaml
          force=yes

  - name: "Create logging-deployer service account"
    shell: oc create -f  /tmp/logging-deployer-sa.yaml
    register: deployer_output
    failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr"

  - name: "Set permissions for logging-deployer service account"
    command: oc policy add-role-to-user edit system:serviceaccount:logging:logging-deployer
    register: permiss_output
    failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr"

  - name: "Set permissions for fluentd"
    command: oadm policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd
    register: fluentd_output
    failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr"

  - name: "Set additional permissions for fluentd"
    command: oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd
    register: fluentd2_output
    failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr"

  - name: "Create deployer template"
    command: oc create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift
    register: template_output
    failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr"

  - name: "Process the deployer template with an registry other than registry.access.redhat.com"
    shell: oc process logging-deployer-template -n openshift -v {{ oc_process_values}} | oc create -f -

  - name: "Wait for image pull and deployer pod"
     shell: oc get pods | grep logging-deployer.*Completed
     register: result
     until: result.rc == 0
     retries: 15
     delay: 10

  - name: "Process support template"
    shell: oc process logging-support-template | oc create -f -

  - name: "Set insecured registry"
    command: oc annotate is --all  openshift.io/image.insecureRepository=true --overwrite
    when: "target_registry is defined and insecure_registry == 'true'"

  - name: "Scale fluentd deployment config"
    command: oc scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }}

  - name: "Wait for imagestreams to become available"
    shell: oc get is | grep logging-fluentd
    register: result
    until: result.rc == 0
    failed_when: result.rc == 1 and 'not found' not in result.stderr
    retries: 15
    delay: 5

  - name: "Wait for replication controllers to become available"
    shell: oc get rc | grep logging-fluentd-1
    register: result
    until: result.rc == 0
    failed_when: result.rc == 1 and 'not found' not in result.stderr
    retries: 15
    delay: 5

  - name: "Scale fluentd replication controller"
    command: oc scale rc/logging-fluentd-1 --replicas={{ fluentd_replicas | default('1') }}

  - debug: msg="Logging components deployed. Note persistant volume for elasticsearch must be setup manually"

  - name: Delete temp directory
  file:
    name: "{{ mktemp.stdout }}"
    state: absent
  changed_when: False
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-21 19:30:42 +0000