diff options
18 files changed, 96 insertions, 36 deletions
diff --git a/callback_plugins/aa_version_requirement.py b/callback_plugins/aa_version_requirement.py index 40affb18b..f31445381 100644 --- a/callback_plugins/aa_version_requirement.py +++ b/callback_plugins/aa_version_requirement.py @@ -7,6 +7,7 @@ The plugin is named with leading `aa_` to ensure this plugin is loaded first (alphanumerically) by Ansible. """ import sys +from subprocess import check_output from ansible import __version__ if __version__ < '2.0': @@ -65,7 +66,11 @@ class CallbackModule(CallbackBase): sys.exit(1) if __version__ == '2.2.1.0': - display( - 'FATAL: Current Ansible version (%s) is not supported. %s' - % (__version__, FAIL_ON_2_2_1_0), color='red') - sys.exit(1) + rpm_ver = str(check_output(["rpm", "-qa", "ansible"])) + patched_ansible = '2.2.1.0-2' + + if patched_ansible not in rpm_ver: + display( + 'FATAL: Current Ansible version (%s) is not supported. %s' + % (__version__, FAIL_ON_2_2_1_0), color='red') + sys.exit(1) diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 0a1b8c5c4..e47ad99a1 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -79,7 +79,7 @@ openshift_release=v1.4 # Disable pushing to dockerhub #openshift_docker_disable_push_dockerhub=True # Items added, as is, to end of /etc/sysconfig/docker OPTIONS -# Default value: "--log-driver=json-file --log-opt max-size=50m" +# Default value: "--log-driver=journald" #openshift_docker_options="-l warn --ipv6=false" # Specify exact version of Docker to configure or upgrade to. diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 89b9d7e48..8d327e82a 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -79,7 +79,7 @@ openshift_release=v3.4 # Disable pushing to dockerhub #openshift_docker_disable_push_dockerhub=True # Items added, as is, to end of /etc/sysconfig/docker OPTIONS -# Default value: "--log-driver=json-file --log-opt max-size=50m" +# Default value: "--log-driver=journald" #openshift_docker_options="-l warn --ipv6=false" # Specify exact version of Docker to configure or upgrade to. diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index 143bc37a2..3c4a99887 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -54,6 +54,7 @@ - set_fact: logging_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" tasks: + - block: - include_role: name: openshift_hosted_logging diff --git a/playbooks/common/openshift-cluster/openshift_logging.yml b/playbooks/common/openshift-cluster/openshift_logging.yml index 82f18f5e1..d96a78c4c 100644 --- a/playbooks/common/openshift-cluster/openshift_logging.yml +++ b/playbooks/common/openshift-cluster/openshift_logging.yml @@ -7,7 +7,8 @@ - name: Update Master configs hosts: masters:!oo_first_master tasks: - - include_role: - name: openshift_logging - tasks_from: update_master_config + - block: + - include_role: + name: openshift_logging + tasks_from: update_master_config when: openshift_logging_install_logging | default(false) | bool diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 7c61da950..e72ab26fc 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -2027,7 +2027,7 @@ class OpenShiftFacts(object): if 'docker' in roles: docker = dict(disable_push_dockerhub=False, - options='--log-driver=json-file --log-opt max-size=50m') + options='--log-driver=journald') # NOTE: This is a workaround for a dnf output racecondition that can occur in # some situations. See https://bugzilla.redhat.com/show_bug.cgi?id=918184 if self.system_facts['ansible_pkg_mgr'] == 'dnf': diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 856cfa2b9..8651e06e7 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -36,6 +36,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_curator_cpu_limit`: The amount of CPU to allocate to Curator. Default is '100m'. - `openshift_logging_curator_memory_limit`: The amount of memory to allocate to Curator. Unset if not specified. - `openshift_logging_curator_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the curator pod will land. +- `openshift_logging_image_pull_secret`: The name of an existing pull secret to link to the logging service accounts - `openshift_logging_kibana_hostname`: The Kibana hostname. Defaults to 'kibana.example.com'. - `openshift_logging_kibana_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified. diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml index 25877ebff..60694f67e 100644 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ b/roles/openshift_logging/tasks/generate_routes.yaml @@ -17,5 +17,5 @@ - {name: logging-kibana-ops, host: "{{openshift_logging_kibana_ops_hostname}}"} loop_control: loop_var: route_info - when: (route_info.name == 'logging-kibana-ops' and openshift_logging_use_ops) or route_info.name == 'logging-kibana' + when: (route_info.name == 'logging-kibana-ops' and openshift_logging_use_ops | bool) or route_info.name == 'logging-kibana' changed_when: no diff --git a/roles/openshift_logging/tasks/generate_services.yaml b/roles/openshift_logging/tasks/generate_services.yaml index 8eaac76c4..5091c1209 100644 --- a/roles/openshift_logging/tasks/generate_services.yaml +++ b/roles/openshift_logging/tasks/generate_services.yaml @@ -52,7 +52,7 @@ selector: provider: openshift component: es-ops - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool check_mode: no changed_when: no @@ -67,7 +67,7 @@ selector: provider: openshift component: es-ops - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool check_mode: no changed_when: no @@ -82,6 +82,6 @@ selector: provider: openshift component: kibana-ops - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool check_mode: no changed_when: no diff --git a/roles/openshift_logging/tasks/install_curator.yaml b/roles/openshift_logging/tasks/install_curator.yaml index fcfce4e1e..5b474ff39 100644 --- a/roles/openshift_logging/tasks/install_curator.yaml +++ b/roles/openshift_logging/tasks/install_curator.yaml @@ -15,7 +15,7 @@ register: curator_ops_replica_count when: - not ansible_check_mode - - openshift_logging_use_ops + - openshift_logging_use_ops | bool ignore_errors: yes changed_when: no @@ -48,6 +48,6 @@ curator_memory_limit: "{{openshift_logging_curator_ops_memory_limit }}" replicas: "{{curator_ops_replica_count.stdout | default (0)}}" curator_node_selector: "{{openshift_logging_curator_ops_nodeselector | default({}) }}" - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool check_mode: no changed_when: no diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml index 64e983557..1d6e55e44 100644 --- a/roles/openshift_logging/tasks/install_elasticsearch.yaml +++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml @@ -56,7 +56,7 @@ es_dcs: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs}}" cluster_size: "{{openshift_logging_es_ops_cluster_size}}" when: - - openshift_logging_use_ops + - openshift_logging_use_ops | bool - "{{es_dcs | length - openshift_logging_es_ops_cluster_size | abs > 1}}" check_mode: no @@ -71,7 +71,7 @@ openshift_logging_es_pvc_dynamic: "{{openshift_logging_es_ops_pvc_dynamic}}" openshift_logging_es_pv_selector: "{{openshift_logging_es_ops_pv_selector}}" when: - - openshift_logging_use_ops + - openshift_logging_use_ops | bool check_mode: no - name: Init pool of DeploymentConfig names for Elasticsearch Ops @@ -80,7 +80,7 @@ loop_control: loop_var: deploy_name when: - - openshift_logging_use_ops + - openshift_logging_use_ops | bool - name: Create new DeploymentConfig names for Elasticsearch Ops set_fact: es_ops_dc_pool={{es_ops_dc_pool | default([]) + [deploy_name]}} @@ -92,7 +92,7 @@ cluster_size: "{{openshift_logging_es_ops_cluster_size}}" with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_current_es_ops_size | int }} when: - - openshift_logging_use_ops + - openshift_logging_use_ops | bool check_mode: no - name: Generate Elasticsearch DeploymentConfig for Ops @@ -116,6 +116,6 @@ with_indexed_items: - "{{ es_ops_dc_pool | default([]) }}" when: - - openshift_logging_use_ops + - openshift_logging_use_ops | bool check_mode: no changed_when: no diff --git a/roles/openshift_logging/tasks/install_kibana.yaml b/roles/openshift_logging/tasks/install_kibana.yaml index f4df7de0c..3aeff2cac 100644 --- a/roles/openshift_logging/tasks/install_kibana.yaml +++ b/roles/openshift_logging/tasks/install_kibana.yaml @@ -15,7 +15,7 @@ register: kibana_ops_replica_count when: - not ansible_check_mode - - openshift_logging_use_ops + - openshift_logging_use_ops | bool ignore_errors: yes changed_when: no @@ -55,6 +55,6 @@ kibana_proxy_memory_limit: "{{openshift_logging_kibana_ops_proxy_memory_limit }}" replicas: "{{kibana_ops_replica_count.stdout | default (0)}}" kibana_node_selector: "{{openshift_logging_kibana_ops_nodeselector | default({}) }}" - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool check_mode: no changed_when: no diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 00c79ee5e..d52429f03 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -57,6 +57,28 @@ loop_var: file when: ansible_check_mode + # TODO replace task with oc_secret module that supports + # linking when available +- name: Link Pull Secrets With Service Accounts + include: oc_secret.yaml + vars: + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + subcommand: link + service_account: "{{sa_account}}" + secret_name: "{{openshift_logging_image_pull_secret}}" + add_args: "--for=pull" + with_items: + - default + - aggregated-logging-elasticsearch + - aggregated-logging-kibana + - aggregated-logging-fluentd + - aggregated-logging-curator + register: link_pull_secret + loop_control: + loop_var: sa_account + when: openshift_logging_image_pull_secret is defined + failed_when: link_pull_secret.rc != 0 + - name: Scaling up cluster include: start_cluster.yaml when: start_cluster | default(true) | bool diff --git a/roles/openshift_logging/tasks/oc_apply.yaml b/roles/openshift_logging/tasks/oc_apply.yaml index c362b7fca..cb9509de1 100644 --- a/roles/openshift_logging/tasks/oc_apply.yaml +++ b/roles/openshift_logging/tasks/oc_apply.yaml @@ -1,12 +1,13 @@ --- - name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}} - shell: > + command: > {{ openshift.common.client_binary }} --config={{ kubeconfig }} get {{file_content.kind}} {{file_content.metadata.name}} -o jsonpath='{.metadata.resourceVersion}' - -n {{namespace}} || echo 0 + -n {{namespace}} register: generation_init + failed_when: "'not found' not in generation_init.stderr and generation_init.stdout == ''" changed_when: no - name: Applying {{file_name}} @@ -19,11 +20,33 @@ changed_when: no - name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}} - shell: > + command: > {{ openshift.common.client_binary }} --config={{ kubeconfig }} get {{file_content.kind}} {{file_content.metadata.name}} -o jsonpath='{.metadata.resourceVersion}' - -n {{namespace}} || echo 0 + -n {{namespace}} register: generation_changed - failed_when: "'error' in generation_changed.stderr" - changed_when: generation_changed.stdout | int > generation_init.stdout | int + failed_when: "'not found' not in generation_changed.stderr and generation_changed.stdout == ''" + changed_when: generation_changed.stdout | default (0) | int > generation_init.stdout | default(0) | int + when: + - "'field is immutable' not in generation_apply.stderr" + +- name: Removing previous {{file_name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + delete -f {{ file_name }} + -n {{ namespace }} + register: generation_delete + failed_when: "'error' in generation_delete.stderr" + changed_when: generation_delete.rc == 0 + when: "'field is immutable' in generation_apply.stderr" + +- name: Recreating {{file_name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + apply -f {{ file_name }} + -n {{ namespace }} + register: generation_apply + failed_when: "'error' in generation_apply.stderr" + changed_when: generation_apply.rc == 0 + when: "'field is immutable' in generation_apply.stderr" diff --git a/roles/openshift_logging/tasks/oc_secret.yaml b/roles/openshift_logging/tasks/oc_secret.yaml new file mode 100644 index 000000000..de37e4f6d --- /dev/null +++ b/roles/openshift_logging/tasks/oc_secret.yaml @@ -0,0 +1,7 @@ +--- +- command: > + {{ openshift.common.client_binary }} + --config={{ kubeconfig }} + secret {{subcommand}} {{service_account}} {{secret_name}} + {{add_args}} + -n {{openshift_logging_namespace}} diff --git a/roles/openshift_logging/tasks/start_cluster.yaml b/roles/openshift_logging/tasks/start_cluster.yaml index 07489ae79..69d2b2b6b 100644 --- a/roles/openshift_logging/tasks/start_cluster.yaml +++ b/roles/openshift_logging/tasks/start_cluster.yaml @@ -86,7 +86,7 @@ with_items: "{{es_dc.stdout_lines}}" loop_control: loop_var: object - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool - command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana-ops -o name -n {{openshift_logging_namespace}} @@ -104,7 +104,7 @@ with_items: "{{kibana_dc.stdout_lines}}" loop_control: loop_var: object - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool - command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator-ops -o name -n {{openshift_logging_namespace}} @@ -122,4 +122,4 @@ with_items: "{{curator_dc.stdout_lines}}" loop_control: loop_var: object - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool diff --git a/roles/openshift_logging/tasks/stop_cluster.yaml b/roles/openshift_logging/tasks/stop_cluster.yaml index 8e0df8344..7826efabe 100644 --- a/roles/openshift_logging/tasks/stop_cluster.yaml +++ b/roles/openshift_logging/tasks/stop_cluster.yaml @@ -81,7 +81,7 @@ with_items: "{{es_dc.stdout_lines}}" loop_control: loop_var: object - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool - command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana-ops -o name -n {{openshift_logging_namespace}} @@ -98,7 +98,7 @@ with_items: "{{kibana_dc.stdout_lines}}" loop_control: loop_var: object - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool - command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator-ops -o name -n {{openshift_logging_namespace}} @@ -115,4 +115,4 @@ with_items: "{{curator_dc.stdout_lines}}" loop_control: loop_var: object - when: openshift_logging_use_ops + when: openshift_logging_use_ops | bool diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml index cc5acc6e5..5cefb273d 100644 --- a/roles/openshift_metrics/tasks/install_support.yaml +++ b/roles/openshift_metrics/tasks/install_support.yaml @@ -9,7 +9,7 @@ when: htpasswd_check.rc == 1 - name: Check control node to see if keytool is installed - local_action: command which htpasswd + local_action: command which keytool register: keytool_check failed_when: no changed_when: no |