diff options
author | Rich Megginson <rmeggins@redhat.com> | 2017-05-02 08:51:51 -0600 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2017-05-18 21:18:05 -0600 |
commit | a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b (patch) | |
tree | 89550cab3eb2898df87db86c53005ab01431ccb2 /roles/openshift_logging/tasks/generate_routes.yaml | |
parent | be064f7be58d905874e8ebc34c8f270841b49887 (diff) | |
download | openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.gz openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.bz2 openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.tar.xz openshift-a4c6ae5af5237bc4c09476be1c12e61b9d41fb9b.zip |
add ability to expose Elasticsearch as an external route
This adds the ability to expose Elastisearch as a route outside of the
cluster.
- `openshift_logging_es_allow_external`: True (default is False) - if this is
True, Elasticsearch will be exposed as a Route
- `openshift_logging_es_ops_hostname`: The external facing hostname to use for
the route and the TLS server certificate (default is "es." +
`openshift_master_default_subdomain`)
There are other similar parameters for the TLS server cert, key, and CA cert.
There are other similar parameters for when the OPS cluster is deployed e.g.
`openshift_logging_es_ops_allow_external`, etc.
Diffstat (limited to 'roles/openshift_logging/tasks/generate_routes.yaml')
-rw-r--r-- | roles/openshift_logging/tasks/generate_routes.yaml | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml index f76bb3a0a..c45b3d804 100644 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ b/roles/openshift_logging/tasks/generate_routes.yaml @@ -75,3 +75,95 @@ provider: openshift when: openshift_logging_use_ops | bool changed_when: no + +- set_fact: es_key={{ lookup('file', openshift_logging_es_key) | b64encode }} + when: + - openshift_logging_es_key | trim | length > 0 + - openshift_logging_es_allow_external | bool + changed_when: false + +- set_fact: es_cert={{ lookup('file', openshift_logging_es_cert)| b64encode }} + when: + - openshift_logging_es_cert | trim | length > 0 + - openshift_logging_es_allow_external | bool + changed_when: false + +- set_fact: es_ca={{ lookup('file', openshift_logging_es_ca_ext)| b64encode }} + when: + - openshift_logging_es_ca_ext | trim | length > 0 + - openshift_logging_es_allow_external | bool + changed_when: false + +- set_fact: es_ca={{key_pairs | entry_from_named_pair('ca_file') }} + when: + - es_ca is not defined + - openshift_logging_es_allow_external | bool + changed_when: false + +- name: Generating Elasticsearch logging routes + template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-es-route.yaml + tags: routes + vars: + obj_name: "logging-es" + route_host: "{{openshift_logging_es_hostname}}" + service_name: "logging-es" + tls_key: "{{es_key | default('') | b64decode}}" + tls_cert: "{{es_cert | default('') | b64decode}}" + tls_ca_cert: "{{es_ca | b64decode}}" + tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" + edge_term_policy: "{{openshift_logging_es_edge_term_policy | default('') }}" + labels: + component: support + logging-infra: support + provider: openshift + changed_when: no + when: openshift_logging_es_allow_external | bool + +- set_fact: es_ops_key={{ lookup('file', openshift_logging_es_ops_key) | b64encode }} + when: + - openshift_logging_es_ops_allow_external | bool + - openshift_logging_use_ops | bool + - "{{ openshift_logging_es_ops_key | trim | length > 0 }}" + changed_when: false + +- set_fact: es_ops_cert={{ lookup('file', openshift_logging_es_ops_cert)| b64encode }} + when: + - openshift_logging_es_ops_allow_external | bool + - openshift_logging_use_ops | bool + - "{{openshift_logging_es_ops_cert | trim | length > 0}}" + changed_when: false + +- set_fact: es_ops_ca={{ lookup('file', openshift_logging_es_ops_ca_ext)| b64encode }} + when: + - openshift_logging_es_ops_allow_external | bool + - openshift_logging_use_ops | bool + - "{{openshift_logging_es_ops_ca_ext | trim | length > 0}}" + changed_when: false + +- set_fact: es_ops_ca={{key_pairs | entry_from_named_pair('ca_file') }} + when: + - openshift_logging_es_ops_allow_external | bool + - openshift_logging_use_ops | bool + - es_ops_ca is not defined + changed_when: false + +- name: Generating Elasticsearch logging ops routes + template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-es-ops-route.yaml + tags: routes + vars: + obj_name: "logging-es-ops" + route_host: "{{openshift_logging_es_ops_hostname}}" + service_name: "logging-es-ops" + tls_key: "{{es_ops_key | default('') | b64decode}}" + tls_cert: "{{es_ops_cert | default('') | b64decode}}" + tls_ca_cert: "{{es_ops_ca | b64decode}}" + tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" + edge_term_policy: "{{openshift_logging_es_ops_edge_term_policy | default('') }}" + labels: + component: support + logging-infra: support + provider: openshift + when: + - openshift_logging_es_ops_allow_external | bool + - openshift_logging_use_ops | bool + changed_when: no |