diff options
| author | Jeff Cantrill <jcantril@redhat.com> | 2018-01-26 15:53:12 -0500 |
|---|---|---|
| committer | Jeff Cantrill <jcantril@redhat.com> | 2018-01-26 16:46:13 -0500 |
| commit | 93814bd617f633e613118b710b7fa33ff975c994 (patch) | |
| tree | fba4bd85ec46701d44435512aea2072ef0aac043 /roles | |
| parent | c73b77cb8489a0ac1f56457c19250ff217c6a47b (diff) | |
bug 1537857. Fix retrieving prometheus metrics
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/openshift_logging_elasticsearch/tasks/main.yaml | 13 | ||||
| -rw-r--r-- | roles/openshift_logging_elasticsearch/templates/es.j2 | 1 | ||||
| -rw-r--r-- | roles/openshift_logging_elasticsearch/templates/passwd.j2 | 2 |
3 files changed, 16 insertions, 0 deletions
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index ff5ad1045..b731d93a0 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -137,6 +137,16 @@ - "prometheus_out.stderr | length > 0" - "'already exists' not in prometheus_out.stderr" +- set_fact: + _logging_metrics_proxy_passwd: "{{ 16 | lib_utils_oo_random_word | b64encode }}" + +- template: + src: passwd.j2 + dest: "{{mktemp.stdout}}/passwd.yml" + vars: + logging_user_name: "{{ openshift_logging_elasticsearch_prometheus_sa }}" + logging_user_passwd: "{{ _logging_metrics_proxy_passwd }}" + # View role and binding - name: Generate logging-elasticsearch-view-role template: @@ -255,6 +265,8 @@ path: "{{ generated_certs_dir }}/ca.crt" - name: admin.jks path: "{{ generated_certs_dir }}/system.admin.jks" + - name: passwd.yml + path: "{{mktemp.stdout}}/passwd.yml" # services - name: Set logging-{{ es_component }}-cluster service @@ -391,6 +403,7 @@ es_container_security_context: "{{ _es_containers.elasticsearch.securityContext if _es_containers is defined and 'elasticsearch' in _es_containers and 'securityContext' in _es_containers.elasticsearch else None }}" deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" es_replicas: 1 + basic_auth_passwd: "{{ _logging_metrics_proxy_passwd | b64decode }}" - name: Set ES dc oc_obj: diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 4b189f255..b1d6a4489 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -51,6 +51,7 @@ spec: - -client-id={{openshift_logging_elasticsearch_prometheus_sa}} - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret={{ 16 | lib_utils_oo_random_word | b64encode }} + - -basic-auth-password={{ basic_auth_passwd }} - -upstream=https://localhost:9200 - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}' - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}' diff --git a/roles/openshift_logging_elasticsearch/templates/passwd.j2 b/roles/openshift_logging_elasticsearch/templates/passwd.j2 new file mode 100644 index 000000000..a22151eef --- /dev/null +++ b/roles/openshift_logging_elasticsearch/templates/passwd.j2 @@ -0,0 +1,2 @@ +"{{logging_user_name}}": + passwd: "{{logging_user_passwd}}" |