summaryrefslogtreecommitdiffstats
path: root/roles/openshift_logging
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_logging')
-rw-r--r--roles/openshift_logging/README.md4
-rw-r--r--roles/openshift_logging/defaults/main.yml18
-rw-r--r--roles/openshift_logging/tasks/generate_configmaps.yaml11
-rw-r--r--roles/openshift_logging/tasks/generate_jks.yaml10
-rw-r--r--roles/openshift_logging/tasks/generate_routes.yaml57
-rw-r--r--roles/openshift_logging/tasks/install_elasticsearch.yaml4
-rw-r--r--roles/openshift_logging/tasks/main.yaml13
-rw-r--r--roles/openshift_logging/templates/elasticsearch.yml.j210
-rw-r--r--roles/openshift_logging/vars/main.yaml2
9 files changed, 104 insertions, 25 deletions
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md
index 14b80304d..570c41ecc 100644
--- a/roles/openshift_logging/README.md
+++ b/roles/openshift_logging/README.md
@@ -72,6 +72,8 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log
- `openshift_logging_es_recover_after_time`: The amount of time ES will wait before it tries to recover. Defaults to '5m'.
- `openshift_logging_es_storage_group`: The storage group used for ES. Defaults to '65534'.
- `openshift_logging_es_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land.
+- `openshift_logging_es_number_of_shards`: The number of primary shards for every new index created in ES. Defaults to '1'.
+- `openshift_logging_es_number_of_replicas`: The number of replica shards per primary shard for every new index. Defaults to '0'.
When `openshift_logging_use_ops` is `True`, there are some additional vars. These work the
same as above for their non-ops counterparts, but apply to the OPS cluster instance:
@@ -88,6 +90,8 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta
- `openshift_logging_es_ops_pvc_prefix`: logging-es-ops
- `openshift_logging_es_ops_recover_after_time`: 5m
- `openshift_logging_es_ops_storage_group`: 65534
+- `openshift_logging_es_ops_number_of_shards`: The number of primary shards for every new index created in ES. Defaults to '1'.
+- `openshift_logging_es_ops_number_of_replicas`: The number of replica shards per primary shard for every new index. Defaults to '0'.
- `openshift_logging_kibana_ops_hostname`: The Operations Kibana hostname. Defaults to 'kibana-ops.example.com'.
- `openshift_logging_kibana_ops_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified.
- `openshift_logging_kibana_ops_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified.
diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml
index 04fd42cbf..1ea0fbe12 100644
--- a/roles/openshift_logging/defaults/main.yml
+++ b/roles/openshift_logging/defaults/main.yml
@@ -54,6 +54,18 @@ openshift_logging_kibana_ops_proxy_cpu_limit: null
openshift_logging_kibana_ops_proxy_memory_limit: null
openshift_logging_kibana_ops_replica_count: 1
+#The absolute path on the control node to the cert file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_cert: ""
+
+#The absolute path on the control node to the key file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_key: ""
+
+#The absolute path on the control node to the CA file to use
+#for the public facing ops kibana certs
+openshift_logging_kibana_ops_ca: ""
+
openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}"
openshift_logging_fluentd_cpu_limit: 100m
openshift_logging_fluentd_memory_limit: 512Mi
@@ -78,6 +90,10 @@ openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_
openshift_logging_es_recover_after_time: 5m
openshift_logging_es_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}"
openshift_logging_es_nodeselector: "{{ openshift_hosted_logging_elasticsearch_nodeselector | default('') | map_from_pairs }}"
+# openshift_logging_es_config is a hash to be merged into the defaults for the elasticsearch.yaml
+openshift_logging_es_config: {}
+openshift_logging_es_number_of_shards: 1
+openshift_logging_es_number_of_replicas: 0
# allow cluster-admin or cluster-reader to view operations index
openshift_logging_es_ops_allow_cluster_reader: False
@@ -97,6 +113,8 @@ openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_
openshift_logging_es_ops_recover_after_time: 5m
openshift_logging_es_ops_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}"
openshift_logging_es_ops_nodeselector: "{{ openshift_hosted_logging_elasticsearch_ops_nodeselector | default('') | map_from_pairs }}"
+openshift_logging_es_ops_number_of_shards: 1
+openshift_logging_es_ops_number_of_replicas: 0
# storage related defaults
openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_access_modes | default(['ReadWriteOnce']) }}"
diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml
index 8fcf517ad..c1721895c 100644
--- a/roles/openshift_logging/tasks/generate_configmaps.yaml
+++ b/roles/openshift_logging/tasks/generate_configmaps.yaml
@@ -6,8 +6,17 @@
when: es_logging_contents is undefined
changed_when: no
+ - local_action: >
+ copy content="{{ config_source | combine(override_config,recursive=True) | to_nice_yaml }}"
+ dest="{{local_tmp.stdout}}/elasticsearch-gen-template.yml"
+ vars:
+ config_source: "{{lookup('file','templates/elasticsearch.yml.j2') | from_yaml }}"
+ override_config: "{{openshift_logging_es_config | from_yaml}}"
+ when: es_logging_contents is undefined
+ changed_when: no
+
- template:
- src: elasticsearch.yml.j2
+ src: "{{local_tmp.stdout}}/elasticsearch-gen-template.yml"
dest: "{{mktemp.stdout}}/elasticsearch.yml"
vars:
- allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}"
diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml
index c6e2ccbc0..6e3204589 100644
--- a/roles/openshift_logging/tasks/generate_jks.yaml
+++ b/roles/openshift_logging/tasks/generate_jks.yaml
@@ -20,12 +20,6 @@
register: truststore_jks
check_mode: no
-- name: Create temp directory for doing work in
- local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
- register: local_tmp
- changed_when: False
- check_mode: no
-
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
when: elasticsearch_jks.stat.exists
@@ -92,7 +86,3 @@
src: "{{local_tmp.stdout}}/truststore.jks"
dest: "{{generated_certs_dir}}/truststore.jks"
when: not truststore_jks.stat.exists
-
-- name: Cleaning up temp dir
- local_action: file path="{{local_tmp.stdout}}" state=absent
- changed_when: False
diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml
index 7af17a708..e77da7a24 100644
--- a/roles/openshift_logging/tasks/generate_routes.yaml
+++ b/roles/openshift_logging/tasks/generate_routes.yaml
@@ -16,12 +16,12 @@
changed_when: false
- name: Generating logging routes
- template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml
+ template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-route.yaml
tags: routes
vars:
- obj_name: "{{route_info.name}}"
- route_host: "{{route_info.host}}"
- service_name: "{{route_info.name}}"
+ obj_name: "logging-kibana"
+ route_host: "{{openshift_logging_kibana_hostname}}"
+ service_name: "logging-kibana"
tls_key: "{{kibana_key | default('') | b64decode}}"
tls_cert: "{{kibana_cert | default('') | b64decode}}"
tls_ca_cert: "{{kibana_ca | b64decode}}"
@@ -31,10 +31,47 @@
component: support
logging-infra: support
provider: openshift
- with_items:
- - {name: logging-kibana, host: "{{openshift_logging_kibana_hostname}}"}
- - {name: logging-kibana-ops, host: "{{openshift_logging_kibana_ops_hostname}}"}
- loop_control:
- loop_var: route_info
- when: (route_info.name == 'logging-kibana-ops' and openshift_logging_use_ops | bool) or route_info.name == 'logging-kibana'
+ changed_when: no
+
+- set_fact: kibana_ops_key={{ lookup('file', openshift_logging_kibana_ops_key) | b64encode }}
+ when:
+ - openshift_logging_use_ops | bool
+ - "{{ openshift_logging_kibana_ops_key | trim | length > 0 }}"
+ changed_when: false
+
+- set_fact: kibana_ops_cert={{ lookup('file', openshift_logging_kibana_ops_cert)| b64encode }}
+ when:
+ - openshift_logging_use_ops | bool
+ - "{{openshift_logging_kibana_ops_cert | trim | length > 0}}"
+ changed_when: false
+
+- set_fact: kibana_ops_ca={{ lookup('file', openshift_logging_kibana_ops_ca)| b64encode }}
+ when:
+ - openshift_logging_use_ops | bool
+ - "{{openshift_logging_kibana_ops_ca | trim | length > 0}}"
+ changed_when: false
+
+- set_fact: kibana_ops_ca={{key_pairs | entry_from_named_pair('ca_file') }}
+ when:
+ - openshift_logging_use_ops | bool
+ - kibana_ops_ca is not defined
+ changed_when: false
+
+- name: Generating logging ops routes
+ template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-ops-route.yaml
+ tags: routes
+ vars:
+ obj_name: "logging-kibana-ops"
+ route_host: "{{openshift_logging_kibana_ops_hostname}}"
+ service_name: "logging-kibana-ops"
+ tls_key: "{{kibana_ops_key | default('') | b64decode}}"
+ tls_cert: "{{kibana_ops_cert | default('') | b64decode}}"
+ tls_ca_cert: "{{kibana_ops_ca | b64decode}}"
+ tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
+ edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}"
+ labels:
+ component: support
+ logging-infra: support
+ provider: openshift
+ when: openshift_logging_use_ops | bool
changed_when: no
diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml
index 1b750bcbe..28fad420b 100644
--- a/roles/openshift_logging/tasks/install_elasticsearch.yaml
+++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml
@@ -53,6 +53,8 @@
deploy_name: "{{item.1}}"
es_node_selector: "{{openshift_logging_es_nodeselector | default({}) }}"
es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim)}}"
+ es_number_of_shards: "{{ openshift_logging_es_number_of_shards }}"
+ es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas }}"
with_indexed_items:
- "{{ es_dc_pool }}"
check_mode: no
@@ -134,6 +136,8 @@
openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}"
es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) }}"
es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim,root='elasticsearch_ops')}}"
+ es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards }}"
+ es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas }}"
with_indexed_items:
- "{{ es_ops_dc_pool | default([]) }}"
when:
diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml
index 4c718805e..eb60175c7 100644
--- a/roles/openshift_logging/tasks/main.yaml
+++ b/roles/openshift_logging/tasks/main.yaml
@@ -12,6 +12,14 @@
- debug: msg="Created temp dir {{mktemp.stdout}}"
+- name: Create local temp directory for doing work in
+ local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX
+ register: local_tmp
+ changed_when: False
+ check_mode: no
+
+- debug: msg="Created local temp dir {{local_tmp.stdout}}"
+
- name: Copy the admin client config(s)
command: >
cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
@@ -37,3 +45,8 @@
tags: logging_cleanup
changed_when: False
check_mode: no
+
+- name: Cleaning up local temp dir
+ local_action: file path="{{local_tmp.stdout}}" state=absent
+ tags: logging_cleanup
+ changed_when: False
diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2
index f2d098f10..07e8c0c98 100644
--- a/roles/openshift_logging/templates/elasticsearch.yml.j2
+++ b/roles/openshift_logging/templates/elasticsearch.yml.j2
@@ -6,9 +6,8 @@ script:
indexed: on
index:
- number_of_shards: 1
- number_of_replicas: 0
- auto_expand_replicas: 0-2
+ number_of_shards: {{ es_number_of_shards | default ('1') }}
+ number_of_replicas: {{ es_number_of_replicas | default ('0') }}
unassigned.node_left.delayed_timeout: 2m
translog:
flush_threshold_size: 256mb
@@ -29,6 +28,7 @@ cloud:
discovery:
type: kubernetes
zen.ping.multicast.enabled: false
+ zen.minimum_master_nodes: {{es_min_masters}}
gateway:
expected_master_nodes: ${NODE_QUORUM}
@@ -37,6 +37,8 @@ gateway:
recover_after_time: ${RECOVER_AFTER_TIME}
io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
+io.fabric8.elasticsearch.kibana.mapping.app: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
+io.fabric8.elasticsearch.kibana.mapping.ops: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
openshift.config:
use_common_data_model: true
@@ -47,7 +49,7 @@ openshift.searchguard:
keystore.path: /etc/elasticsearch/secret/admin.jks
truststore.path: /etc/elasticsearch/secret/searchguard.truststore
-openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default ('false')}}
+openshift.operations.allow_cluster_reader: "{{allow_cluster_reader | default (false)}}"
path:
data: /elasticsearch/persistent/${CLUSTER_NAME}/data
diff --git a/roles/openshift_logging/vars/main.yaml b/roles/openshift_logging/vars/main.yaml
index 07cc05683..c3064cee9 100644
--- a/roles/openshift_logging/vars/main.yaml
+++ b/roles/openshift_logging/vars/main.yaml
@@ -1,6 +1,8 @@
---
openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
es_node_quorum: "{{openshift_logging_es_cluster_size|int/2 + 1}}"
+es_min_masters_default: "{{ (openshift_logging_es_cluster_size | int / 2 | round(0,'floor') + 1) | int }}"
+es_min_masters: "{{ (openshift_logging_es_cluster_size == 1) | ternary(1, es_min_masters_default)}}"
es_recover_after_nodes: "{{openshift_logging_es_cluster_size|int - 1}}"
es_recover_expected_nodes: "{{openshift_logging_es_cluster_size|int}}"
es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size|int/2 + 1}}"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 08:59:20 +0000