From f4c7d5e064fad263f618fb633d5c0d37c0a2a553 Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Sun, 1 Oct 2017 14:54:22 -0400 Subject: Bug 1496271 - Perserve SCC for ES local persistent storage ES can be modified to use node local persistent storage. This requires changing SCC and is described in docs: https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html During an upgrade, SCC defined by the user is ignored. This fix fetches SCC user defined as a fact and adds it to the ES DC which is later used. --- roles/openshift_logging/defaults/main.yml | 4 ++-- roles/openshift_logging/library/openshift_logging_facts.py | 6 ++---- roles/openshift_logging/tasks/install_logging.yaml | 2 ++ roles/openshift_logging_elasticsearch/tasks/main.yaml | 1 + roles/openshift_logging_elasticsearch/templates/es.j2 | 3 +++ 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 5574a1446..af8972e13 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -95,7 +95,7 @@ openshift_logging_es_pvc_dynamic: "{{ openshift_logging_elasticsearch_pvc_dynami openshift_logging_es_pvc_size: "{{ openshift_logging_elasticsearch_pvc_size | default('') }}" openshift_logging_es_pvc_prefix: "{{ openshift_logging_elasticsearch_pvc_prefix | default('logging-es') }}" openshift_logging_es_recover_after_time: 5m -openshift_logging_es_storage_group: "{{ openshift_logging_elasticsearch_storage_group | default('65534') }}" +openshift_logging_es_storage_group: "65534" openshift_logging_es_nodeselector: {} # openshift_logging_es_config is a hash to be merged into the defaults for the elasticsearch.yaml openshift_logging_es_config: {} @@ -134,7 +134,7 @@ openshift_logging_es_ops_pvc_dynamic: "{{ openshift_logging_elasticsearch_ops_pv openshift_logging_es_ops_pvc_size: "{{ openshift_logging_elasticsearch_ops_pvc_size | default('') }}" openshift_logging_es_ops_pvc_prefix: "{{ openshift_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}" openshift_logging_es_ops_recover_after_time: 5m -openshift_logging_es_ops_storage_group: "{{ openshift_logging_elasticsearch_storage_group | default('65534') }}" +openshift_logging_es_ops_storage_group: "65534" openshift_logging_es_ops_nodeselector: {} # for exposing es-ops to external (outside of the cluster) clients diff --git a/roles/openshift_logging/library/openshift_logging_facts.py b/roles/openshift_logging/library/openshift_logging_facts.py index 01c0408d8..f10df8da5 100644 --- a/roles/openshift_logging/library/openshift_logging_facts.py +++ b/roles/openshift_logging/library/openshift_logging_facts.py @@ -182,16 +182,14 @@ class OpenshiftLoggingFacts(OCBaseCommand): facts["nodeSelector"] = spec["nodeSelector"] if "supplementalGroups" in spec["securityContext"]: facts["storageGroups"] = spec["securityContext"]["supplementalGroups"] + facts["spec"] = spec if "volumes" in spec: for vol in spec["volumes"]: clone = copy.deepcopy(vol) clone.pop("name", None) facts["volumes"][vol["name"]] = clone for container in spec["containers"]: - facts["containers"][container["name"]] = dict( - image=container["image"], - resources=container["resources"], - ) + facts["containers"][container["name"]] = container self.add_facts_for(comp, "deploymentconfigs", name, facts) def facts_for_services(self, namespace): diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 73163272d..de1c5f13a 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -79,6 +79,7 @@ openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector if item.0.nodeSelector | default(None) is none else item.0.nodeSelector }}" openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_storage_group] if item.0.storageGroups | default([]) | length == 0 else item.0.storageGroups }}" + _es_containers: "{{item.0.containers}}" with_together: - "{{ openshift_logging_facts.elasticsearch.deploymentconfigs.values() }}" @@ -144,6 +145,7 @@ openshift_logging_es_hostname: "{{ openshift_logging_es_ops_hostname }}" openshift_logging_es_edge_term_policy: "{{ openshift_logging_es_ops_edge_term_policy | default('') }}" openshift_logging_es_allow_external: "{{ openshift_logging_es_ops_allow_external }}" + _es_containers: "{{item.0.containers}}" with_together: - "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.values() }}" diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 8d5927df6..244290953 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -282,6 +282,7 @@ es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}" es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}" es_storage_groups: "{{ openshift_logging_elasticsearch_storage_group | default([]) }}" + es_container_security_context: "{{ _es_containers.elasticsearch.securityContext if _es_containers is defined and 'elasticsearch' in _es_containers and 'securityContext' in _es_containers.elasticsearch else None }}" deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" es_replicas: 1 diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index d1edb2d76..20152e576 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -51,6 +51,9 @@ spec: {% endif %} requests: memory: "{{es_memory_limit}}" +{% if es_container_security_context %} + securityContext: {{ es_container_security_context | to_yaml }} +{% endif %} ports: - containerPort: 9200 -- cgit v1.2.3