diff options
Diffstat (limited to 'roles/openshift_logging')
| -rw-r--r-- | roles/openshift_logging/README.md | 8 | ||||
| -rw-r--r-- | roles/openshift_logging/defaults/main.yml | 44 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/generate_pvcs.yaml | 4 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/generate_routes.yaml | 20 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/install_elasticsearch.yaml | 8 | ||||
| -rw-r--r-- | roles/openshift_logging/tasks/install_logging.yaml | 4 | ||||
| -rw-r--r-- | roles/openshift_logging/templates/curator.j2 | 2 | ||||
| -rw-r--r-- | roles/openshift_logging/templates/fluentd.j2 | 2 | ||||
| -rw-r--r-- | roles/openshift_logging/templates/kibana.j2 | 2 | ||||
| -rw-r--r-- | roles/openshift_logging/templates/route_reencrypt.j2 | 8 | ||||
| -rw-r--r-- | roles/openshift_logging/vars/main.yaml | 12 |
11 files changed, 76 insertions, 38 deletions
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 9394977c0..f7b2f7743 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -24,8 +24,8 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_image_prefix`: The prefix for the logging images to use. Defaults to 'docker.io/openshift/origin-'. - `openshift_logging_image_version`: The image version for the logging images to use. Defaults to 'latest'. - `openshift_logging_use_ops`: If 'True', set up a second ES and Kibana cluster for infrastructure logs. Defaults to 'False'. -- `master_url`: The URL for the Kubernetes master, this does not need to be public facing but should be accessible from within the cluster. Defaults to 'https://kubernetes.default.svc.cluster.local'. -- `openshift_logging_master_public_url`: The public facing URL for the Kubernetes master, this is used for Authentication redirection. Defaults to 'https://localhost:8443'. +- `openshift_logging_master_url`: The URL for the Kubernetes master, this does not need to be public facing but should be accessible from within the cluster. Defaults to 'https://kubernetes.default.svc.{{openshift.common.dns_domain}}'. +- `openshift_logging_master_public_url`: The public facing URL for the Kubernetes master, this is used for Authentication redirection. Defaults to 'https://{{openshift.common.public_hostname}}:8443'. - `openshift_logging_namespace`: The namespace that Aggregated Logging will be installed in. Defaults to 'logging'. - `openshift_logging_curator_default_days`: The default minimum age (in days) Curator uses for deleting log records. Defaults to '30'. - `openshift_logging_curator_run_hour`: The hour of the day that Curator will run at. Defaults to '0'. @@ -51,8 +51,8 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'. - `openshift_logging_fluentd_memory_limit`: The memory limit for Fluentd pods. Defaults to '512Mi'. - `openshift_logging_fluentd_es_copy`: Whether or not to use the ES_COPY feature for Fluentd (DEPRECATED). Defaults to 'False'. -- `openshift_logging_fluentd_use_journal`: Whether or not Fluentd should read log entries from Journal. Defaults to 'False'. NOTE: Fluentd will attempt to detect whether or not Docker is using the journald log driver and may overwrite this value. -- `openshift_logging_fluentd_journal_read_from_head`: Whether or not Fluentd will try to read from the head of Journal when first starting up, using this may cause a delay in ES receiving current log records. Defaults to 'False'. +- `openshift_logging_fluentd_use_journal`: NOTE: Fluentd will attempt to detect whether or not Docker is using the journald log driver when using the default of empty. +- `openshift_logging_fluentd_journal_read_from_head`: If empty, Fluentd will use its internal default, which is false. - `openshift_logging_fluentd_hosts`: List of nodes that should be labeled for Fluentd to be deployed to. Defaults to ['--all']. - `openshift_logging_es_host`: The name of the ES service Fluentd should send logs to. Defaults to 'logging-es'. diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index ead59c029..dc1e66d55 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -1,9 +1,9 @@ --- -openshift_logging_image_prefix: docker.io/openshift/origin- -openshift_logging_image_version: latest +openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default(docker.io/openshift/origin-) }}" +openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default(latest) }}" openshift_logging_use_ops: False -master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" -openshift_logging_master_public_url: "https://{{openshift.common.public_hostname}}:8443" +openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" +openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default(https://{{openshift.common.public_hostname}}:8443) }}" openshift_logging_namespace: logging openshift_logging_install_logging: True @@ -19,7 +19,7 @@ openshift_logging_curator_memory_limit: null openshift_logging_curator_ops_cpu_limit: 100m openshift_logging_curator_ops_memory_limit: null -openshift_logging_kibana_hostname: "kibana.{{openshift.common.dns_domain}}" +openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default(kibana.{{openshift.common.dns_domain}}) }}" openshift_logging_kibana_cpu_limit: null openshift_logging_kibana_memory_limit: null openshift_logging_kibana_proxy_debug: false @@ -27,7 +27,19 @@ openshift_logging_kibana_proxy_cpu_limit: null openshift_logging_kibana_proxy_memory_limit: null openshift_logging_kibana_replica_count: 1 -openshift_logging_kibana_ops_hostname: "kibana-ops.{{openshift.common.dns_domain}}" +#The absolute path on the control node to the cert file to use +#for the public facing kibana certs +openshift_logging_kibana_cert: "" + +#The absolute path on the control node to the key file to use +#for the public facing kibana certs +openshift_logging_kibana_key: "" + +#The absolute path on the control node to the CA file to use +#for the public facing kibana certs +openshift_logging_kibana_ca: "" + +openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default(kibana-ops.{{openshift.common.dns_domain}}) }}" openshift_logging_kibana_ops_cpu_limit: null openshift_logging_kibana_ops_memory_limit: null openshift_logging_kibana_ops_proxy_debug: false @@ -39,8 +51,8 @@ openshift_logging_fluentd_nodeselector: {'logging-infra-fluentd': 'true'} openshift_logging_fluentd_cpu_limit: 100m openshift_logging_fluentd_memory_limit: 512Mi openshift_logging_fluentd_es_copy: false -openshift_logging_fluentd_use_journal: false -openshift_logging_fluentd_journal_read_from_head: false +openshift_logging_fluentd_use_journal: '' +openshift_logging_fluentd_journal_read_from_head: '' openshift_logging_fluentd_hosts: ['--all'] openshift_logging_es_host: logging-es @@ -48,13 +60,13 @@ openshift_logging_es_port: 9200 openshift_logging_es_ca: /etc/fluent/keys/ca openshift_logging_es_client_cert: /etc/fluent/keys/cert openshift_logging_es_client_key: /etc/fluent/keys/key -openshift_logging_es_cluster_size: 1 +openshift_logging_es_cluster_size: "{{ openshift_hosted_logging_elasticsearch_cluster_size | default(1) }}" openshift_logging_es_cpu_limit: null openshift_logging_es_memory_limit: 1024Mi openshift_logging_es_pv_selector: null -openshift_logging_es_pvc_dynamic: False -openshift_logging_es_pvc_size: "" -openshift_logging_es_pvc_prefix: logging-es +openshift_logging_es_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_pvc_dynamic | default(False) }}" +openshift_logging_es_pvc_size: "{{ openshift_hosted_logging_elasticsearch_pvc_size | default('') }}" +openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default(logging-es) }}" openshift_logging_es_recover_after_time: 5m openshift_logging_es_storage_group: 65534 @@ -66,13 +78,13 @@ openshift_logging_es_ops_port: 9200 openshift_logging_es_ops_ca: /etc/fluent/keys/ca openshift_logging_es_ops_client_cert: /etc/fluent/keys/cert openshift_logging_es_ops_client_key: /etc/fluent/keys/key -openshift_logging_es_ops_cluster_size: 1 +openshift_logging_es_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}" openshift_logging_es_ops_cpu_limit: null openshift_logging_es_ops_memory_limit: 1024Mi openshift_logging_es_ops_pv_selector: None -openshift_logging_es_ops_pvc_dynamic: False -openshift_logging_es_ops_pvc_size: "" -openshift_logging_es_ops_pvc_prefix: logging-es-ops +openshift_logging_es_ops_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" +openshift_logging_es_ops_pvc_size: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_size | default('') }}" +openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | default(logging-es-ops) }}" openshift_logging_es_ops_recover_after_time: 5m openshift_logging_es_ops_storage_group: 65534 diff --git a/roles/openshift_logging/tasks/generate_pvcs.yaml b/roles/openshift_logging/tasks/generate_pvcs.yaml index 601ec9e83..d782d621e 100644 --- a/roles/openshift_logging/tasks/generate_pvcs.yaml +++ b/roles/openshift_logging/tasks/generate_pvcs.yaml @@ -4,10 +4,10 @@ vars: pvc_name: "{{openshift_logging_es_pvc_prefix}}-{{item| int}}" start: "{{es_pvc_names | map('regex_search',openshift_logging_es_pvc_prefix+'.*')|select('string')|list|length}}" - with_sequence: start={{start}} end={{ (start|int > openshift_logging_es_cluster_size - 1) | ternary(start, openshift_logging_es_cluster_size - 1)}} + with_sequence: start={{start}} end={{ (start|int > openshift_logging_es_cluster_size|int - 1) | ternary(start, openshift_logging_es_cluster_size|int - 1)}} when: - openshift_logging_es_pvc_size | search('^\d.*') - - "{{ es_dc_names|default([]) | length < openshift_logging_es_cluster_size }}" + - "{{ es_dc_names|default([]) | length < openshift_logging_es_cluster_size|int }}" check_mode: no - name: Generating PersistentVolumeClaims diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml index 60694f67e..3c462378b 100644 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ b/roles/openshift_logging/tasks/generate_routes.yaml @@ -1,4 +1,20 @@ --- +- set_fact: kibana_key={{ lookup('file', openshift_logging_kibana_key) | b64encode }} + when: "{{ openshift_logging_kibana_key | trim | length > 0 }}" + changed_when: false + +- set_fact: kibana_cert={{ lookup('file', openshift_logging_kibana_cert)| b64encode }} + when: "{{openshift_logging_kibana_cert | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ca={{ lookup('file', openshift_logging_kibana_ca)| b64encode }} + when: "{{openshift_logging_kibana_ca | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ca={{key_pairs | entry_from_named_pair('ca_file') }} + when: kibana_ca is not defined + changed_when: false + - name: Generating logging routes template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml tags: routes @@ -6,7 +22,9 @@ obj_name: "{{route_info.name}}" route_host: "{{route_info.host}}" service_name: "{{route_info.name}}" - tls_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" + tls_key: "{{kibana_key | default('') | b64decode}}" + tls_cert: "{{kibana_cert | default('') | b64decode}}" + tls_ca_cert: "{{kibana_ca | b64decode}}" tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" labels: component: support diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml index 1d6e55e44..f9c2c81fb 100644 --- a/roles/openshift_logging/tasks/install_elasticsearch.yaml +++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml @@ -54,10 +54,10 @@ fail: msg="The openshift_logging_es_ops_cluster_size may not be scaled down more than 1 less (or 0) the number of Elasticsearch nodes already deployed" vars: es_dcs: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs}}" - cluster_size: "{{openshift_logging_es_ops_cluster_size}}" + cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" when: - openshift_logging_use_ops | bool - - "{{es_dcs | length - openshift_logging_es_ops_cluster_size | abs > 1}}" + - "{{es_dcs | length - openshift_logging_es_ops_cluster_size|int | abs > 1}}" check_mode: no - name: Generate PersistentVolumeClaims for Ops @@ -66,7 +66,7 @@ es_pvc_names: "{{openshift_logging_facts.elasticsearch_ops.pvcs.keys()}}" es_dc_names: "{{openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys()}}" openshift_logging_es_pvc_prefix: "{{openshift_logging_es_ops_pvc_prefix}}" - openshift_logging_es_cluster_size: "{{openshift_logging_es_ops_cluster_size}}" + openshift_logging_es_cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" openshift_logging_es_pvc_size: "{{openshift_logging_es_ops_pvc_size}}" openshift_logging_es_pvc_dynamic: "{{openshift_logging_es_ops_pvc_dynamic}}" openshift_logging_es_pv_selector: "{{openshift_logging_es_ops_pv_selector}}" @@ -89,7 +89,7 @@ es_cluster_name: "{{component}}" deploy_name_prefix: "logging-{{component}}" deploy_name: "{{deploy_name_prefix}}-{{'abcdefghijklmnopqrstuvwxyz0123456789'|random_word(8)}}" - cluster_size: "{{openshift_logging_es_ops_cluster_size}}" + cluster_size: "{{openshift_logging_es_ops_cluster_size|int}}" with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_current_es_ops_size | int }} when: - openshift_logging_use_ops | bool diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index d52429f03..e23c3f9f1 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -9,11 +9,11 @@ - name: Validate Elasticsearch cluster size fail: msg="The openshift_logging_es_cluster_size may only be scaled down manually. Please see official documentation on how to do this." - when: openshift_logging_facts.elasticsearch.deploymentconfigs | length > openshift_logging_es_cluster_size + when: openshift_logging_facts.elasticsearch.deploymentconfigs | length > openshift_logging_es_cluster_size|int - name: Validate Elasticsearch Ops cluster size fail: msg="The openshift_logging_es_ops_cluster_size may only be scaled down manually. Please see official documentation on how to do this." - when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs | length > openshift_logging_es_ops_cluster_size + when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs | length > openshift_logging_es_ops_cluster_size|int - name: Install logging include: "{{ role_path }}/tasks/install_{{ install_component }}.yaml" diff --git a/roles/openshift_logging/templates/curator.j2 b/roles/openshift_logging/templates/curator.j2 index de6258eaa..b7bc15b62 100644 --- a/roles/openshift_logging/templates/curator.j2 +++ b/roles/openshift_logging/templates/curator.j2 @@ -48,7 +48,7 @@ spec: env: - name: "K8S_HOST_URL" - value: "{{master_url}}" + value: "{{openshift_logging_master_url}}" - name: "ES_HOST" value: "{{es_host}}" diff --git a/roles/openshift_logging/templates/fluentd.j2 b/roles/openshift_logging/templates/fluentd.j2 index b6c91f8ed..223d342b9 100644 --- a/roles/openshift_logging/templates/fluentd.j2 +++ b/roles/openshift_logging/templates/fluentd.j2 @@ -61,7 +61,7 @@ spec: readOnly: true env: - name: "K8S_HOST_URL" - value: "{{master_url}}" + value: "{{openshift_logging_master_url}}" - name: "ES_HOST" value: "{{openshift_logging_es_host}}" - name: "ES_PORT" diff --git a/roles/openshift_logging/templates/kibana.j2 b/roles/openshift_logging/templates/kibana.j2 index 3a9e03768..be9b45ab4 100644 --- a/roles/openshift_logging/templates/kibana.j2 +++ b/roles/openshift_logging/templates/kibana.j2 @@ -90,7 +90,7 @@ spec: value: kibana-proxy - name: "OAP_MASTER_URL" - value: {{master_url}} + value: {{openshift_logging_master_url}} - name: "OAP_PUBLIC_MASTER_URL" value: {{openshift_logging_master_public_url}} diff --git a/roles/openshift_logging/templates/route_reencrypt.j2 b/roles/openshift_logging/templates/route_reencrypt.j2 index 8be30a2c4..341ffdd84 100644 --- a/roles/openshift_logging/templates/route_reencrypt.j2 +++ b/roles/openshift_logging/templates/route_reencrypt.j2 @@ -11,6 +11,14 @@ metadata: spec: host: {{ route_host }} tls: +{% if tls_key is defined and tls_key | length > 0 %} + key: | +{{ tls_key|indent(6, true) }} +{% if tls_cert is defined and tls_cert | length > 0 %} + certificate: | +{{ tls_cert|indent(6, true) }} +{% endif %} +{% endif %} caCertificate: | {% for line in tls_ca_cert.split('\n') %} {{ line }} diff --git a/roles/openshift_logging/vars/main.yaml b/roles/openshift_logging/vars/main.yaml index 11662c446..07cc05683 100644 --- a/roles/openshift_logging/vars/main.yaml +++ b/roles/openshift_logging/vars/main.yaml @@ -1,8 +1,8 @@ --- openshift_master_config_dir: "{{ openshift.common.config_base }}/master" -es_node_quorum: "{{openshift_logging_es_cluster_size/2 + 1}}" -es_recover_after_nodes: "{{openshift_logging_es_cluster_size - 1}}" -es_recover_expected_nodes: "{{openshift_logging_es_cluster_size}}" -es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size/2 + 1}}" -es_ops_recover_after_nodes: "{{openshift_logging_es_ops_cluster_size - 1}}" -es_ops_recover_expected_nodes: "{{openshift_logging_es_ops_cluster_size}}" +es_node_quorum: "{{openshift_logging_es_cluster_size|int/2 + 1}}" +es_recover_after_nodes: "{{openshift_logging_es_cluster_size|int - 1}}" +es_recover_expected_nodes: "{{openshift_logging_es_cluster_size|int}}" +es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size|int/2 + 1}}" +es_ops_recover_after_nodes: "{{openshift_logging_es_ops_cluster_size|int - 1}}" +es_ops_recover_expected_nodes: "{{openshift_logging_es_ops_cluster_size|int}}" |