7 files changed, 104 insertions, 36 deletions

diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml
index 8fcf517ad..c1721895c 100644
--- a/roles/openshift_logging/tasks/generate_configmaps.yaml
+++ b/roles/openshift_logging/tasks/generate_configmaps.yaml
@@ -6,8 +6,17 @@
       when: es_logging_contents is undefined
       changed_when: no
 
+    - local_action: >
+        copy content="{{ config_source | combine(override_config,recursive=True) | to_nice_yaml }}"
+        dest="{{local_tmp.stdout}}/elasticsearch-gen-template.yml"
+      vars:
+        config_source: "{{lookup('file','templates/elasticsearch.yml.j2') | from_yaml }}"
+        override_config: "{{openshift_logging_es_config | from_yaml}}"
+      when: es_logging_contents is undefined
+      changed_when: no
+
     - template:
-        src: elasticsearch.yml.j2
+        src: "{{local_tmp.stdout}}/elasticsearch-gen-template.yml"
         dest: "{{mktemp.stdout}}/elasticsearch.yml"
       vars:
         - allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}"
diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml
index c6e2ccbc0..6e3204589 100644
--- a/roles/openshift_logging/tasks/generate_jks.yaml
+++ b/roles/openshift_logging/tasks/generate_jks.yaml
@@ -20,12 +20,6 @@
   register: truststore_jks
   check_mode: no
 
-- name: Create temp directory for doing work in
-  local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
-  register: local_tmp
-  changed_when: False
-  check_mode: no
-
 - name: Create placeholder for previously created JKS certs to prevent recreating...
   local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
   when: elasticsearch_jks.stat.exists
@@ -92,7 +86,3 @@
     src: "{{local_tmp.stdout}}/truststore.jks"
     dest: "{{generated_certs_dir}}/truststore.jks"
   when: not truststore_jks.stat.exists
-
-- name: Cleaning up temp dir
-  local_action: file path="{{local_tmp.stdout}}" state=absent
-  changed_when: False
diff --git a/roles/openshift_logging/tasks/generate_pvcs.yaml b/roles/openshift_logging/tasks/generate_pvcs.yaml
index e1629908f..fa7a86c27 100644
--- a/roles/openshift_logging/tasks/generate_pvcs.yaml
+++ b/roles/openshift_logging/tasks/generate_pvcs.yaml
@@ -15,8 +15,7 @@
   vars:
     obj_name: "{{claim_name}}"
     size: "{{es_pvc_size}}"
-    access_modes:
-      - "{{ es_access_modes }}"
+    access_modes: "{{ es_access_modes | list }}"
     pv_selector: "{{es_pv_selector}}"
   with_items:
     - "{{es_pvc_pool | default([])}}"
@@ -35,8 +34,7 @@
     annotations:
       volume.alpha.kubernetes.io/storage-class: "dynamic"
     size: "{{es_pvc_size}}"
-    access_modes:
-      - "{{ es_access_modes }}"
+    access_modes: "{{ es_access_modes | list }}"
     pv_selector: "{{es_pv_selector}}"
   with_items:
     - "{{es_pvc_pool|default([])}}"
diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml
index 7af17a708..e77da7a24 100644
--- a/roles/openshift_logging/tasks/generate_routes.yaml
+++ b/roles/openshift_logging/tasks/generate_routes.yaml
@@ -16,12 +16,12 @@
   changed_when: false
 
 - name: Generating logging routes
-  template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml
+  template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-route.yaml
   tags: routes
   vars:
-    obj_name: "{{route_info.name}}"
-    route_host: "{{route_info.host}}"
-    service_name: "{{route_info.name}}"
+    obj_name: "logging-kibana"
+    route_host: "{{openshift_logging_kibana_hostname}}"
+    service_name: "logging-kibana"
     tls_key: "{{kibana_key | default('') | b64decode}}"
     tls_cert: "{{kibana_cert | default('') | b64decode}}"
     tls_ca_cert: "{{kibana_ca | b64decode}}"
@@ -31,10 +31,47 @@
       component: support
       logging-infra: support
       provider: openshift
-  with_items:
-    - {name: logging-kibana, host: "{{openshift_logging_kibana_hostname}}"}
-    - {name: logging-kibana-ops, host: "{{openshift_logging_kibana_ops_hostname}}"}
-  loop_control:
-    loop_var: route_info
-  when: (route_info.name == 'logging-kibana-ops' and openshift_logging_use_ops | bool) or route_info.name == 'logging-kibana'
+  changed_when: no
+
+- set_fact: kibana_ops_key={{ lookup('file', openshift_logging_kibana_ops_key) | b64encode }}
+  when:
+  - openshift_logging_use_ops | bool
+  - "{{ openshift_logging_kibana_ops_key | trim | length > 0 }}"
+  changed_when: false
+
+- set_fact: kibana_ops_cert={{ lookup('file', openshift_logging_kibana_ops_cert)| b64encode  }}
+  when:
+  - openshift_logging_use_ops | bool
+  - "{{openshift_logging_kibana_ops_cert | trim | length > 0}}"
+  changed_when: false
+
+- set_fact: kibana_ops_ca={{ lookup('file', openshift_logging_kibana_ops_ca)| b64encode  }}
+  when:
+  - openshift_logging_use_ops | bool
+  - "{{openshift_logging_kibana_ops_ca | trim | length > 0}}"
+  changed_when: false
+
+- set_fact: kibana_ops_ca={{key_pairs | entry_from_named_pair('ca_file') }}
+  when:
+  - openshift_logging_use_ops | bool
+  - kibana_ops_ca is not defined
+  changed_when: false
+
+- name: Generating logging ops routes
+  template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-ops-route.yaml
+  tags: routes
+  vars:
+    obj_name: "logging-kibana-ops"
+    route_host: "{{openshift_logging_kibana_ops_hostname}}"
+    service_name: "logging-kibana-ops"
+    tls_key: "{{kibana_ops_key | default('') | b64decode}}"
+    tls_cert: "{{kibana_ops_cert | default('') | b64decode}}"
+    tls_ca_cert: "{{kibana_ops_ca | b64decode}}"
+    tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
+    edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}"
+    labels:
+      component: support
+      logging-infra: support
+      provider: openshift
+  when: openshift_logging_use_ops | bool
   changed_when: no
diff --git a/roles/openshift_logging/tasks/generate_secrets.yaml b/roles/openshift_logging/tasks/generate_secrets.yaml
index 0f8e7ae58..f396bcc6d 100644
--- a/roles/openshift_logging/tasks/generate_secrets.yaml
+++ b/roles/openshift_logging/tasks/generate_secrets.yaml
@@ -31,8 +31,6 @@
     - fluentd
   loop_control:
     loop_var: component
-  when: secret_name not in openshift_logging_facts.{{component}}.secrets or
-        secret_keys | difference(openshift_logging_facts.{{component}}.secrets["{{secret_name}}"]["keys"]) | length != 0
   check_mode: no
   changed_when: no
 
@@ -50,8 +48,6 @@
     kibana_key_file: "{{key_pairs | entry_from_named_pair('kibana_internal_key')| b64decode }}"
     kibana_cert_file: "{{key_pairs | entry_from_named_pair('kibana_internal_cert')| b64decode }}"
     server_tls_file: "{{key_pairs | entry_from_named_pair('server_tls')| b64decode }}"
-  when: secret_name not in openshift_logging_facts.kibana.secrets or
-        secret_keys | difference(openshift_logging_facts.kibana.secrets["{{secret_name}}"]["keys"]) | length != 0
   check_mode: no
   changed_when: no
 
@@ -66,8 +62,6 @@
     secret_name: logging-elasticsearch
     secret_keys: ["admin-cert", "searchguard.key", "admin-ca", "key", "truststore", "admin-key", "searchguard.truststore"]
   register: logging_es_secret
-  when: secret_name not in openshift_logging_facts.elasticsearch.secrets or
-        secret_keys | difference(openshift_logging_facts.elasticsearch.secrets["{{secret_name}}"]["keys"]) | length != 0
   check_mode: no
   changed_when: no
 
diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml
index a0ad12d94..28fad420b 100644
--- a/roles/openshift_logging/tasks/install_elasticsearch.yaml
+++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml
@@ -2,6 +2,13 @@
 - name: Getting current ES deployment size
   set_fact: openshift_logging_current_es_size={{ openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | length }}
 
+- set_fact: openshift_logging_es_pvc_prefix="logging-es"
+  when: "not openshift_logging_es_pvc_prefix or openshift_logging_es_pvc_prefix == ''"
+
+- set_fact: es_pvc_pool={{[]}}
+
+- set_fact: openshift_logging_es_pvc_prefix="{{ openshift_logging_es_pvc_prefix | default('logging-es') }}"
+
 - name: Generate PersistentVolumeClaims
   include: "{{ role_path}}/tasks/generate_pvcs.yaml"
   vars:
@@ -42,10 +49,12 @@
     es_cluster_name: "{{component}}"
     es_cpu_limit: "{{openshift_logging_es_cpu_limit }}"
     es_memory_limit: "{{openshift_logging_es_memory_limit}}"
-    volume_names: "{{es_pvc_pool | default([])}}"
-    pvc_claim: "{{(volume_names | length > item.0) | ternary(volume_names[item.0], None)}}"
+    pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}"
     deploy_name: "{{item.1}}"
     es_node_selector: "{{openshift_logging_es_nodeselector | default({}) }}"
+    es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim)}}"
+    es_number_of_shards: "{{ openshift_logging_es_number_of_shards }}"
+    es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas }}"
   with_indexed_items:
     - "{{ es_dc_pool }}"
   check_mode: no
@@ -56,6 +65,8 @@
 - name: Getting current ES deployment size
   set_fact: openshift_logging_current_es_ops_size={{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | length }}
 
+- set_fact: openshift_logging_es_ops_pvc_prefix="{{ openshift_logging_es_ops_pvc_prefix | default('logging-es-ops') }}"
+
 - name: Validate Elasticsearch cluster size for Ops
   fail: msg="The openshift_logging_es_ops_cluster_size may not be scaled down more than 1 less (or 0) the number of Elasticsearch nodes already deployed"
   vars:
@@ -66,6 +77,9 @@
     - "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}"
   check_mode: no
 
+- set_fact: openshift_logging_es_ops_pvc_prefix="logging-es-ops"
+  when: "not openshift_logging_es_ops_pvc_prefix or openshift_logging_es_ops_pvc_prefix == ''"
+
 - set_fact: es_pvc_pool={{[]}}
 
 - name: Generate PersistentVolumeClaims for Ops
@@ -111,8 +125,7 @@
     logging_component: elasticsearch
     deploy_name_prefix: "logging-{{component}}"
     image: "{{openshift_logging_image_prefix}}logging-elasticsearch:{{openshift_logging_image_version}}"
-    volume_names: "{{es_pvc_pool | default([])}}"
-    pvc_claim: "{{(volume_names | length > item.0) | ternary(volume_names[item.0], None)}}"
+    pvc_claim: "{{(es_pvc_pool | length > item.0) | ternary(es_pvc_pool[item.0], None)}}"
     deploy_name: "{{item.1}}"
     es_cluster_name: "{{component}}"
     es_cpu_limit: "{{openshift_logging_es_ops_cpu_limit }}"
@@ -121,7 +134,10 @@
     es_recover_after_nodes: "{{es_ops_recover_after_nodes}}"
     es_recover_expected_nodes: "{{es_ops_recover_expected_nodes}}"
     openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}"
-    es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) | map_from_pairs }}"
+    es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) }}"
+    es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim,root='elasticsearch_ops')}}"
+    es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards }}"
+    es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas }}"
   with_indexed_items:
     - "{{ es_ops_dc_pool | default([]) }}"
   when:
diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml
index 4c718805e..c7f4a2f93 100644
--- a/roles/openshift_logging/tasks/main.yaml
+++ b/roles/openshift_logging/tasks/main.yaml
@@ -3,6 +3,17 @@
     msg: Only one Fluentd nodeselector key pair should be provided
   when: "{{ openshift_logging_fluentd_nodeselector.keys() | count }} > 1"
 
+- name: Set default image variables based on deployment_type
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ openshift_deployment_type | default(deployment_type) }}.yml"
+    - "default_images.yml"
+
+- name: Set logging image facts
+  set_fact:
+    openshift_logging_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}"
+    openshift_logging_image_version: "{{ openshift_logging_image_version | default(__openshift_logging_image_version) }}"
+
 - name: Create temp directory for doing work in
   command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
   register: mktemp
@@ -12,6 +23,14 @@
 
 - debug: msg="Created temp dir {{mktemp.stdout}}"
 
+- name: Create local temp directory for doing work in
+  local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
+  register: local_tmp
+  changed_when: False
+  check_mode: no
+
+- debug: msg="Created local temp dir {{local_tmp.stdout}}"
+
 - name: Copy the admin client config(s)
   command: >
     cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
@@ -37,3 +56,8 @@
   tags: logging_cleanup
   changed_when: False
   check_mode: no
+
+- name: Cleaning up local temp dir
+  local_action: file path="{{local_tmp.stdout}}" state=absent
+  tags: logging_cleanup
+  changed_when: False