diff options
Diffstat (limited to 'roles/openshift_logging/tasks')
-rw-r--r-- | roles/openshift_logging/tasks/generate_configmaps.yaml | 11 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/generate_jks.yaml | 10 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/generate_pvcs.yaml | 6 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/generate_routes.yaml | 57 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/generate_secrets.yaml | 6 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/install_elasticsearch.yaml | 26 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/main.yaml | 24 |
7 files changed, 104 insertions, 36 deletions
diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml index 8fcf517ad..c1721895c 100644 --- a/roles/openshift_logging/tasks/generate_configmaps.yaml +++ b/roles/openshift_logging/tasks/generate_configmaps.yaml @@ -6,8 +6,17 @@ when: es_logging_contents is undefined changed_when: no + - local_action: > + copy content="{{ config_source | combine(override_config,recursive=True) | to_nice_yaml }}" + dest="{{local_tmp.stdout}}/elasticsearch-gen-template.yml" + vars: + config_source: "{{lookup('file','templates/elasticsearch.yml.j2') | from_yaml }}" + override_config: "{{openshift_logging_es_config | from_yaml}}" + when: es_logging_contents is undefined + changed_when: no + - template: - src: elasticsearch.yml.j2 + src: "{{local_tmp.stdout}}/elasticsearch-gen-template.yml" dest: "{{mktemp.stdout}}/elasticsearch.yml" vars: - allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}" diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml index c6e2ccbc0..6e3204589 100644 --- a/roles/openshift_logging/tasks/generate_jks.yaml +++ b/roles/openshift_logging/tasks/generate_jks.yaml @@ -20,12 +20,6 @@ register: truststore_jks check_mode: no -- name: Create temp directory for doing work in - local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX - register: local_tmp - changed_when: False - check_mode: no - - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r" when: elasticsearch_jks.stat.exists @@ -92,7 +86,3 @@ src: "{{local_tmp.stdout}}/truststore.jks" dest: "{{generated_certs_dir}}/truststore.jks" when: not truststore_jks.stat.exists - -- name: Cleaning up temp dir - local_action: file path="{{local_tmp.stdout}}" state=absent - changed_when: False diff --git a/roles/openshift_logging/tasks/generate_pvcs.yaml b/roles/openshift_logging/tasks/generate_pvcs.yaml index e1629908f..fa7a86c27 100644 --- a/roles/openshift_logging/tasks/generate_pvcs.yaml +++ b/roles/openshift_logging/tasks/generate_pvcs.yaml @@ -15,8 +15,7 @@ vars: obj_name: "{{claim_name}}" size: "{{es_pvc_size}}" - access_modes: - - "{{ es_access_modes }}" + access_modes: "{{ es_access_modes | list }}" pv_selector: "{{es_pv_selector}}" with_items: - "{{es_pvc_pool | default([])}}" @@ -35,8 +34,7 @@ annotations: volume.alpha.kubernetes.io/storage-class: "dynamic" size: "{{es_pvc_size}}" - access_modes: - - "{{ es_access_modes }}" + access_modes: "{{ es_access_modes | list }}" pv_selector: "{{es_pv_selector}}" with_items: - "{{es_pvc_pool|default([])}}" diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml index 7af17a708..e77da7a24 100644 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ b/roles/openshift_logging/tasks/generate_routes.yaml @@ -16,12 +16,12 @@ changed_when: false - name: Generating logging routes - template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml + template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-route.yaml tags: routes vars: - obj_name: "{{route_info.name}}" - route_host: "{{route_info.host}}" - service_name: "{{route_info.name}}" + obj_name: "logging-kibana" + route_host: "{{openshift_logging_kibana_hostname}}" + service_name: "logging-kibana" tls_key: "{{kibana_key | default('') | b64decode}}" tls_cert: "{{kibana_cert | default('') | b64decode}}" tls_ca_cert: "{{kibana_ca | b64decode}}" @@ -31,10 +31,47 @@ component: support logging-infra: support provider: openshift - with_items: - - {name: logging-kibana, host: "{{openshift_logging_kibana_hostname}}"} - - {name: logging-kibana-ops, host: "{{openshift_logging_kibana_ops_hostname}}"} - loop_control: - loop_var: route_info - when: (route_info.name == 'logging-kibana-ops' and openshift_logging_use_ops | bool) or route_info.name == 'logging-kibana' + changed_when: no + +- set_fact: kibana_ops_key={{ lookup('file', openshift_logging_kibana_ops_key) | b64encode }} + when: + - openshift_logging_use_ops | bool + - "{{ openshift_logging_kibana_ops_key | trim | length > 0 }}" + changed_when: false + +- set_fact: kibana_ops_cert={{ lookup('file', openshift_logging_kibana_ops_cert)| b64encode }} + when: + - openshift_logging_use_ops | bool + - "{{openshift_logging_kibana_ops_cert | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ops_ca={{ lookup('file', openshift_logging_kibana_ops_ca)| b64encode }} + when: + - openshift_logging_use_ops | bool + - "{{openshift_logging_kibana_ops_ca | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ops_ca={{key_pairs | entry_from_named_pair('ca_file') }} + when: + - openshift_logging_use_ops | bool + - kibana_ops_ca is not defined + changed_when: false + +- name: Generating logging ops routes + template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-ops-route.yaml + tags: routes + vars: + obj_name: "logging-kibana-ops" + route_host: "{{openshift_logging_kibana_ops_hostname}}" + service_name: "logging-kibana-ops" + tls_key: "{{kibana_ops_key | default('') | b64decode}}" + tls_cert: "{{kibana_ops_cert | default('') | b64decode}}" + tls_ca_cert: "{{kibana_ops_ca | b64decode}}" + tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" + edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}" + labels: + component: support + logging-infra: support + provider: openshift + when: openshift_logging_use_ops | bool changed_when: no diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml index 0f8e7ae58..f396bcc6d 100644 --- a/roles/openshift_logging/tasks/generate_secrets.yaml +++ b/roles/openshift_logging/tasks/generate_secrets.yaml @@ -31,8 +31,6 @@ - fluentd loop_control: loop_var: component - when: secret_name not in openshift_logging_facts.{{component}}.secrets or - secret_keys | difference(openshift_logging_facts.{{component}}.secrets["{{secret_name}}"]["keys"]) | length != 0 check_mode: no changed_when: no @@ -50,8 +48,6 @@ kibana_key_file: "{{key_pairs | entry_from_named_pair('kibana_internal_key')| b64decode }}" kibana_cert_file: "{{key_pairs | entry_from_named_pair('kibana_internal_cert')| b64decode }}" server_tls_file: "{{key_pairs | entry_from_named_pair('server_tls')| b64decode }}" - when: secret_name not in openshift_logging_facts.kibana.secrets or - secret_keys | difference(openshift_logging_facts.kibana.secrets["{{secret_name}}"]["keys"]) | length != 0 check_mode: no changed_when: no @@ -66,8 +62,6 @@ secret_name: logging-elasticsearch secret_keys: ["admin-cert", "searchguard.key", "admin-ca", "key", "truststore", "admin-key", "searchguard.truststore"] register: logging_es_secret - when: secret_name not in openshift_logging_facts.elasticsearch.secrets or - secret_keys | difference(openshift_logging_facts.elasticsearch.secrets["{{secret_name}}"]["keys"]) | length != 0 check_mode: no changed_when: no diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml index a0ad12d94..28fad420b 100644 --- a/roles/openshift_logging/tasks/install_elasticsearch.yaml +++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml @@ -2,6 +2,13 @@ - name: Getting current ES deployment size set_fact: openshift_logging_current_es_size={{ openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | length }} +- set_fact: openshift_logging_es_pvc_prefix="logging-es" + when: "not openshift_logging_es_pvc_prefix or openshift_logging_es_pvc_prefix == ''" + +- set_fact: es_pvc_pool={{[]}} + +- set_fact: openshift_logging_es_pvc_prefix="{{ openshift_logging_es_pvc_prefix | default('logging-es') }}" + - name: Generate PersistentVolumeClaims include: "{{ role_path}}/tasks/generate_pvcs.yaml" vars: @@ -42,10 +49,12 @@ es_cluster_name: "{{component}}" es_cpu_limit: "{{openshift_logging_es_cpu_limit }}" es_memory_limit: "{{openshift_logging_es_memory_limit}}" - volume_names: "{{es_pvc_pool | default([])}}" - pvc_claim: "{{(volume_names | length > item.0) | ternary(volume_names[item.0], None)}}" + pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}" deploy_name: "{{item.1}}" es_node_selector: "{{openshift_logging_es_nodeselector | default({}) }}" + es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim)}}" + es_number_of_shards: "{{ openshift_logging_es_number_of_shards }}" + es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas }}" with_indexed_items: - "{{ es_dc_pool }}" check_mode: no @@ -56,6 +65,8 @@ - name: Getting current ES deployment size set_fact: openshift_logging_current_es_ops_size={{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | length }} +- set_fact: openshift_logging_es_ops_pvc_prefix="{{ openshift_logging_es_ops_pvc_prefix | default('logging-es-ops') }}" + - name: Validate Elasticsearch cluster size for Ops fail: msg="The openshift_logging_es_ops_cluster_size may not be scaled down more than 1 less (or 0) the number of Elasticsearch nodes already deployed" vars: @@ -66,6 +77,9 @@ - "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}" check_mode: no +- set_fact: openshift_logging_es_ops_pvc_prefix="logging-es-ops" + when: "not openshift_logging_es_ops_pvc_prefix or openshift_logging_es_ops_pvc_prefix == ''" + - set_fact: es_pvc_pool={{[]}} - name: Generate PersistentVolumeClaims for Ops @@ -111,8 +125,7 @@ logging_component: elasticsearch deploy_name_prefix: "logging-{{component}}" image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}" - volume_names: "{{es_pvc_pool | default([])}}" - pvc_claim: "{{(volume_names | length > item.0) | ternary(volume_names[item.0], None)}}" + pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}" deploy_name: "{{item.1}}" es_cluster_name: "{{component}}" es_cpu_limit: "{{openshift_logging_es_ops_cpu_limit }}" @@ -121,7 +134,10 @@ es_recover_after_nodes: "{{es_ops_recover_after_nodes}}" es_recover_expected_nodes: "{{es_ops_recover_expected_nodes}}" openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}" - es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) | map_from_pairs }}" + es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) }}" + es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim,root='elasticsearch_ops')}}" + es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards }}" + es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas }}" with_indexed_items: - "{{ es_ops_dc_pool | default([]) }}" when: diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index 4c718805e..c7f4a2f93 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -3,6 +3,17 @@ msg: Only one Fluentd nodeselector key pair should be provided when: "{{ openshift_logging_fluentd_nodeselector.keys() | count }} > 1" +- name: Set default image variables based on deployment_type + include_vars: "{{ item }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + +- name: Set logging image facts + set_fact: + openshift_logging_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" + openshift_logging_image_version: "{{ openshift_logging_image_version | default(__openshift_logging_image_version) }}" + - name: Create temp directory for doing work in command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX register: mktemp @@ -12,6 +23,14 @@ - debug: msg="Created temp dir {{mktemp.stdout}}" +- name: Create local temp directory for doing work in + local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX + register: local_tmp + changed_when: False + check_mode: no + +- debug: msg="Created local temp dir {{local_tmp.stdout}}" + - name: Copy the admin client config(s) command: > cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig @@ -37,3 +56,8 @@ tags: logging_cleanup changed_when: False check_mode: no + +- name: Cleaning up local temp dir + local_action: file path="{{local_tmp.stdout}}" state=absent + tags: logging_cleanup + changed_when: False |