From 60ad4626f03cbfb119290a4bfaf9ecba53dc762b Mon Sep 17 00:00:00 2001 From: ewolinetz Date: Tue, 2 May 2017 11:21:56 -0500 Subject: Pulling in changes from master --- roles/openshift_logging_mux/defaults/main.yml | 43 +++++ roles/openshift_logging_mux/files/fluent.conf | 35 ++++ .../files/secure-forward.conf | 24 +++ roles/openshift_logging_mux/meta/main.yaml | 15 ++ .../tasks/determine_version.yaml | 17 ++ roles/openshift_logging_mux/tasks/main.yaml | 202 +++++++++++++++++++++ roles/openshift_logging_mux/templates/mux.j2 | 121 ++++++++++++ roles/openshift_logging_mux/vars/main.yml | 3 + 8 files changed, 460 insertions(+) create mode 100644 roles/openshift_logging_mux/defaults/main.yml create mode 100644 roles/openshift_logging_mux/files/fluent.conf create mode 100644 roles/openshift_logging_mux/files/secure-forward.conf create mode 100644 roles/openshift_logging_mux/meta/main.yaml create mode 100644 roles/openshift_logging_mux/tasks/determine_version.yaml create mode 100644 roles/openshift_logging_mux/tasks/main.yaml create mode 100644 roles/openshift_logging_mux/templates/mux.j2 create mode 100644 roles/openshift_logging_mux/vars/main.yml (limited to 'roles/openshift_logging_mux') diff --git a/roles/openshift_logging_mux/defaults/main.yml b/roles/openshift_logging_mux/defaults/main.yml new file mode 100644 index 000000000..8aaa28706 --- /dev/null +++ b/roles/openshift_logging_mux/defaults/main.yml @@ -0,0 +1,43 @@ +--- +### General logging settings +openshift_logging_mux_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" +openshift_logging_mux_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" +openshift_logging_mux_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" +openshift_logging_mux_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" +openshift_logging_mux_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}" +openshift_logging_mux_namespace: logging + +### Common settings +openshift_logging_mux_nodeselector: "{{ openshift_hosted_logging_mux_nodeselector_label | default('') | map_from_pairs }}" +openshift_logging_mux_cpu_limit: 100m +openshift_logging_mux_memory_limit: 512Mi + +openshift_logging_mux_replicas: 1 + +# Destination for the application based logs +openshift_logging_mux_app_host: "logging-es" +openshift_logging_mux_app_port: 9200 +# Destination for the operations based logs +openshift_logging_mux_ops_host: "{{ openshift_logging_mux_app_host }}" +openshift_logging_mux_ops_port: "{{ openshift_logging_mux_app_port }}" + +### Used by "hosted" and "secure-aggregator" deployments +openshift_logging_mux_use_journal: "{{ openshift_hosted_logging_use_journal | default('') }}" +openshift_logging_mux_journal_source: "{{ openshift_hosted_logging_journal_source | default('') }}" +openshift_logging_mux_journal_read_from_head: "{{ openshift_hosted_logging_journal_read_from_head | default('') }}" + +openshift_logging_mux_allow_external: false +openshift_logging_mux_hostname: "{{ 'mux.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" +openshift_logging_mux_port: 24284 + +openshift_logging_mux_app_client_cert: /etc/fluent/keys/cert +openshift_logging_mux_app_client_key: /etc/fluent/keys/key +openshift_logging_mux_app_ca: /etc/fluent/keys/ca +openshift_logging_mux_ops_client_cert: /etc/fluent/keys/cert +openshift_logging_mux_ops_client_key: /etc/fluent/keys/key +openshift_logging_mux_ops_ca: /etc/fluent/keys/ca + +# following can be uncommented to provide values for configmaps -- take care when providing file contents as it may cause your cluster to not operate correctly +#mux_config_contents: +#mux_throttle_contents: +#mux_secureforward_contents: diff --git a/roles/openshift_logging_mux/files/fluent.conf b/roles/openshift_logging_mux/files/fluent.conf new file mode 100644 index 000000000..aeaa705ee --- /dev/null +++ b/roles/openshift_logging_mux/files/fluent.conf @@ -0,0 +1,35 @@ +# This file is the fluentd configuration entrypoint. Edit with care. + +@include configs.d/openshift/system.conf + +# In each section below, pre- and post- includes don't include anything initially; +# they exist to enable future additions to openshift conf as needed. + +## sources +## ordered so that syslog always runs last... +@include configs.d/openshift/input-pre-*.conf +@include configs.d/dynamic/input-docker-*.conf +@include configs.d/dynamic/input-syslog-*.conf +@include configs.d/openshift/input-post-*.conf +## + + diff --git a/roles/openshift_logging_mux/files/secure-forward.conf b/roles/openshift_logging_mux/files/secure-forward.conf new file mode 100644 index 000000000..f4483df79 --- /dev/null +++ b/roles/openshift_logging_mux/files/secure-forward.conf @@ -0,0 +1,24 @@ +# @type secure_forward + +# self_hostname ${HOSTNAME} +# shared_key + +# secure yes +# enable_strict_verification yes + +# ca_cert_path /etc/fluent/keys/your_ca_cert +# ca_private_key_path /etc/fluent/keys/your_private_key + # for private CA secret key +# ca_private_key_passphrase passphrase + +# + # or IP +# host server.fqdn.example.com +# port 24284 +# +# + # ip address to connect +# host 203.0.113.8 + # specify hostlabel for FQDN verification if ipaddress is used for host +# hostlabel server.fqdn.example.com +# diff --git a/roles/openshift_logging_mux/meta/main.yaml b/roles/openshift_logging_mux/meta/main.yaml new file mode 100644 index 000000000..f40beb79d --- /dev/null +++ b/roles/openshift_logging_mux/meta/main.yaml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: OpenShift Red Hat + description: OpenShift Aggregated Logging Mux Component + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: lib_openshift diff --git a/roles/openshift_logging_mux/tasks/determine_version.yaml b/roles/openshift_logging_mux/tasks/determine_version.yaml new file mode 100644 index 000000000..229bcf3d5 --- /dev/null +++ b/roles/openshift_logging_mux/tasks/determine_version.yaml @@ -0,0 +1,17 @@ +--- +# debating making this a module instead? +- fail: + msg: Missing version to install provided by 'openshift_logging_image_version' + when: not openshift_logging_image_version or openshift_logging_image_version == '' + +- set_fact: + mux_version: "{{ __latest_mux_version }}" + when: openshift_logging_image_version == 'latest' + +# should we just assume that we will have the correct major version? +- set_fact: mux_version="{{ openshift_logging_image_version | regex_replace('^v?(?P\d)\.(?P\d).*$', '3_\\g') }}" + when: openshift_logging_image_version != 'latest' + +- fail: + msg: Invalid version specified for mux + when: mux_version not in __allowed_mux_versions diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml new file mode 100644 index 000000000..907bb0098 --- /dev/null +++ b/roles/openshift_logging_mux/tasks/main.yaml @@ -0,0 +1,202 @@ +--- +- fail: + msg: Application logs destination is required + when: not openshift_logging_mux_app_host or openshift_logging_mux_app_host == '' + +- fail: + msg: Operations logs destination is required + when: not openshift_logging_mux_ops_host or openshift_logging_mux_ops_host == '' + +- include: determine_version.yaml + +# allow passing in a tempdir +- name: Create temp directory for doing work in + command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX + register: mktemp + changed_when: False + +- set_fact: + tempdir: "{{ mktemp.stdout }}" + +- name: Create templates subdirectory + file: + state: directory + path: "{{ tempdir }}/templates" + mode: 0755 + changed_when: False + +# we want to make sure we have all the necessary components here + +# create service account +- name: Create Mux service account + oc_serviceaccount: + state: present + name: "aggregated-logging-mux" + namespace: "{{ openshift_logging_mux_namespace }}" + image_pull_secrets: "{{ openshift_logging_image_pull_secret }}" + when: openshift_logging_image_pull_secret != '' + +- name: Create Mux service account + oc_serviceaccount: + state: present + name: "aggregated-logging-mux" + namespace: "{{ openshift_logging_mux_namespace }}" + when: + - openshift_logging_image_pull_secret == '' + +# set service account scc +- name: Set privileged permissions for Mux + oc_adm_policy_user: + namespace: "{{ openshift_logging_mux_namespace }}" + resource_kind: scc + resource_name: privileged + state: present + user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux" + +# set service account permissions +- name: Set cluster-reader permissions for Mux + oc_adm_policy_user: + namespace: "{{ openshift_logging_mux_namespace }}" + resource_kind: cluster-role + resource_name: cluster-reader + state: present + user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux" + +# set hostmount-anyuid permissions +- name: Set hostmount-anyuid permissions for Mux + oc_adm_policy_user: + namespace: "{{ openshift_logging_mux_namespace }}" + resource_kind: scc + resource_name: hostmount-anyuid + state: present + user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux" + +# create Mux configmap +- copy: + src: fluent.conf + dest: "{{mktemp.stdout}}/fluent-mux.conf" + when: fluentd_mux_config_contents is undefined + changed_when: no + +- copy: + src: secure-forward.conf + dest: "{{mktemp.stdout}}/secure-forward-mux.conf" + when: fluentd_mux_securefoward_contents is undefined + changed_when: no + +- copy: + content: "{{fluentd_mux_config_contents}}" + dest: "{{mktemp.stdout}}/fluent-mux.conf" + when: fluentd_mux_config_contents is defined + changed_when: no + +- copy: + content: "{{fluentd_mux_secureforward_contents}}" + dest: "{{mktemp.stdout}}/secure-forward-mux.conf" + when: fluentd_mux_secureforward_contents is defined + changed_when: no + +- name: Set Mux configmap + oc_configmap: + state: present + name: "logging-mux" + namespace: "{{ openshift_logging_mux_namespace }}" + from_file: + fluent.conf: "{{ tempdir }}/fluent-mux.conf" + secure-forward.conf: "{{ tempdir }}/secure-forward-mux.conf" + +# create Mux secret +- name: Set logging-mux secret + oc_secret: + state: present + name: logging-mux + namespace: "{{ openshift_logging_mux_namespace }}" + files: + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.mux.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.mux.crt" + - name: shared_key + path: "{{ generated_certs_dir }}/mux_shared_key" + +# services +- name: Set logging-mux service for external communication + oc_service: + state: present + name: "logging-mux" + namespace: "{{ openshift_logging_mux_namespace }}" + selector: + component: mux + provider: openshift +# labels: +# - logging-infra: 'support' + ports: + - name: mux-forward + port: "{{ openshift_logging_mux_port }}" + targetPort: "mux-forward" +# externalIPs: +# - "{{ ansible_eth0.ipv4.address }}" + when: openshift_logging_mux_allow_external | bool + +- name: Set logging-mux service for internal communication + oc_service: + state: present + name: "logging-mux" + namespace: "{{ openshift_logging_mux_namespace }}" + selector: + component: mux + provider: openshift +# labels: +# - logging-infra: 'support' + ports: + - name: mux-forward + port: "{{ openshift_logging_mux_port }}" + targetPort: "mux-forward" + when: not openshift_logging_mux_allow_external | bool + +# create Mux DC +- name: Generating mux deploymentconfig + template: + src: mux.j2 + dest: "{{mktemp.stdout}}/templates/logging-mux-dc.yaml" + vars: + component: mux + logging_component: mux + deploy_name: "logging-{{ component }}" + image: "{{ openshift_logging_image_prefix }}logging-fluentd:{{ openshift_logging_image_version }}" + es_host: "{{ openshift_logging_mux_app_host }}" + es_port: "{{ openshift_logging_mux_app_port }}" + ops_host: "{{ openshift_logging_mux_ops_host }}" + ops_port: "{{ openshift_logging_mux_ops_port }}" + mux_cpu_limit: "{{ openshift_logging_mux_cpu_limit }}" + mux_memory_limit: "{{ openshift_logging_mux_memory_limit }}" + replicas: "{{ openshift_logging_mux_replicas | default(0) }}" + mux_node_selector: "{{ openshift_logging_mux_nodeselector | default({}) }}" + check_mode: no + changed_when: no + +- name: Set logging-mux DC + oc_obj: + state: present + name: logging-mux + namespace: "{{ openshift_logging_mux_namespace }}" + kind: dc + files: + - "{{ tempdir }}/templates/logging-mux-dc.yaml" + delete_after: true + +# Scale up Mux +- name: Start Mux + oc_scale: + kind: dc + name: "logging-mux" + namespace: "{{ openshift_logging_mux_namespace }}" + replicas: "{{ openshift_logging_mux_replicas | default (1) }}" + +- name: Delete temp directory + file: + name: "{{ tempdir }}" + state: absent + changed_when: False diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 new file mode 100644 index 000000000..84b8ff53d --- /dev/null +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -0,0 +1,121 @@ +apiVersion: "v1" +kind: "DeploymentConfig" +metadata: + name: "{{deploy_name}}" + labels: + provider: openshift + component: "{{component}}" + logging-infra: "{{logging_component}}" +spec: + replicas: {{replicas|default(0)}} + selector: + provider: openshift + component: "{{component}}" + logging-infra: "{{logging_component}}" + strategy: + rollingParams: + intervalSeconds: 1 + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + name: "{{deploy_name}}" + labels: + logging-infra: "{{logging_component}}" + provider: openshift + component: "{{component}}" + spec: + serviceAccountName: aggregated-logging-mux +{% if mux_node_selector is iterable and mux_node_selector | length > 0 %} + nodeSelector: +{% for key, value in mux_node_selector.iteritems() %} + {{key}}: "{{value}}" +{% endfor %} +{% endif %} + containers: + - name: "mux" + image: {{image}} + imagePullPolicy: Always +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %} + resources: + limits: +{% if mux_cpu_limit is not none %} + cpu: "{{mux_cpu_limit}}" +{% endif %} +{% if mux_memory_limit is not none %} + memory: "{{mux_memory_limit}}" +{% endif %} +{% endif %} + ports: + - containerPort: "{{ openshift_logging_mux_port }}" + name: mux-forward + volumeMounts: + - name: config + mountPath: /etc/fluent/configs.d/user + readOnly: true + - name: certs + mountPath: /etc/fluent/keys + readOnly: true + - name: dockerhostname + mountPath: /etc/docker-hostname + readOnly: true + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: muxcerts + mountPath: /etc/fluent/muxkeys + readOnly: true + env: + - name: "K8S_HOST_URL" + value: "{{openshift_logging_mux_master_url}}" + - name: "ES_HOST" + value: "{{openshift_logging_mux_app_host}}" + - name: "ES_PORT" + value: "{{openshift_logging_mux_app_port}}" + - name: "ES_CLIENT_CERT" + value: "{{openshift_logging_mux_app_client_cert}}" + - name: "ES_CLIENT_KEY" + value: "{{openshift_logging_mux_app_client_key}}" + - name: "ES_CA" + value: "{{openshift_logging_mux_app_ca}}" + - name: "OPS_HOST" + value: "{{openshift_logging_mux_ops_host}}" + - name: "OPS_PORT" + value: "{{openshift_logging_mux_ops_port}}" + - name: "OPS_CLIENT_CERT" + value: "{{openshift_logging_mux_ops_client_cert}}" + - name: "OPS_CLIENT_KEY" + value: "{{openshift_logging_mux_ops_client_key}}" + - name: "OPS_CA" + value: "{{openshift_logging_mux_ops_ca}}" + - name: "USE_JOURNAL" + value: "false" + - name: "JOURNAL_SOURCE" + value: "{{openshift_logging_mux_journal_source | default('')}}" + - name: "JOURNAL_READ_FROM_HEAD" + value: "{{openshift_logging_mux_journal_read_from_head|lower}}" + - name: FORWARD_LISTEN_HOST + value: "{{ openshift_logging_mux_hostname }}" + - name: FORWARD_LISTEN_PORT + value: "{{ openshift_logging_mux_port }}" + - name: USE_MUX + value: "true" + - name: MUX_ALLOW_EXTERNAL + value: "{{ openshift_logging_mux_allow_external | default('false') }}" + volumes: + - name: config + configMap: + name: logging-mux + - name: certs + secret: + secretName: logging-mux + - name: dockerhostname + hostPath: + path: /etc/hostname + - name: localtime + hostPath: + path: /etc/localtime + - name: muxcerts + secret: + secretName: logging-mux diff --git a/roles/openshift_logging_mux/vars/main.yml b/roles/openshift_logging_mux/vars/main.yml new file mode 100644 index 000000000..4234b74e2 --- /dev/null +++ b/roles/openshift_logging_mux/vars/main.yml @@ -0,0 +1,3 @@ +--- +__latest_mux_version: "3_5" +__allowed_mux_versions: ["3_5", "3_6"] -- cgit v1.2.3 From 108a42cbbdbfc8094d1d8bf8d0d8826adfdf760d Mon Sep 17 00:00:00 2001 From: Steve Kuznetsov Date: Mon, 22 May 2017 09:42:19 -0700 Subject: Create logging deployments with non-zero replica counts When we currently create the set of logging `DeploymentConfig`s, we create them with zero desired replicas. This causes the deployment to immediately succeed as there is no work to be done. This inhibits our ability to use nice CLI UX features like `oc rollout status` to monitor the logging stack deployments. Instead, we should can create the configs with the correct number of replicas in the first place and stop using `oc scale` to bring them up after the fact. Signed-off-by: Steve Kuznetsov --- roles/openshift_logging_mux/tasks/main.yaml | 10 +--------- roles/openshift_logging_mux/templates/mux.j2 | 2 +- 2 files changed, 2 insertions(+), 10 deletions(-) (limited to 'roles/openshift_logging_mux') diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml index 907bb0098..e64a4d275 100644 --- a/roles/openshift_logging_mux/tasks/main.yaml +++ b/roles/openshift_logging_mux/tasks/main.yaml @@ -172,7 +172,7 @@ ops_port: "{{ openshift_logging_mux_ops_port }}" mux_cpu_limit: "{{ openshift_logging_mux_cpu_limit }}" mux_memory_limit: "{{ openshift_logging_mux_memory_limit }}" - replicas: "{{ openshift_logging_mux_replicas | default(0) }}" + replicas: "{{ openshift_logging_mux_replicas | default(1) }}" mux_node_selector: "{{ openshift_logging_mux_nodeselector | default({}) }}" check_mode: no changed_when: no @@ -187,14 +187,6 @@ - "{{ tempdir }}/templates/logging-mux-dc.yaml" delete_after: true -# Scale up Mux -- name: Start Mux - oc_scale: - kind: dc - name: "logging-mux" - namespace: "{{ openshift_logging_mux_namespace }}" - replicas: "{{ openshift_logging_mux_replicas | default (1) }}" - - name: Delete temp directory file: name: "{{ tempdir }}" diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 index 84b8ff53d..770a2bfbd 100644 --- a/roles/openshift_logging_mux/templates/mux.j2 +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -7,7 +7,7 @@ metadata: component: "{{component}}" logging-infra: "{{logging_component}}" spec: - replicas: {{replicas|default(0)}} + replicas: {{replicas|default(1)}} selector: provider: openshift component: "{{component}}" -- cgit v1.2.3 From 68f8a50abc0acd3005dbd98d0e7964bcf7900e26 Mon Sep 17 00:00:00 2001 From: ewolinetz Date: Tue, 23 May 2017 11:21:20 -0500 Subject: Fixing tux warnings and some final clean up --- roles/openshift_logging_mux/tasks/main.yaml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'roles/openshift_logging_mux') diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml index e64a4d275..432cab9e9 100644 --- a/roles/openshift_logging_mux/tasks/main.yaml +++ b/roles/openshift_logging_mux/tasks/main.yaml @@ -130,14 +130,16 @@ selector: component: mux provider: openshift -# labels: -# - logging-infra: 'support' + # pending #4091 + #labels: + #- logging-infra: 'support' ports: - name: mux-forward port: "{{ openshift_logging_mux_port }}" targetPort: "mux-forward" -# externalIPs: -# - "{{ ansible_eth0.ipv4.address }}" + # pending #4091 + # externalIPs: + # - "{{ ansible_eth0.ipv4.address }}" when: openshift_logging_mux_allow_external | bool - name: Set logging-mux service for internal communication @@ -148,8 +150,9 @@ selector: component: mux provider: openshift -# labels: -# - logging-infra: 'support' + # pending #4091 + #labels: + #- logging-infra: 'support' ports: - name: mux-forward port: "{{ openshift_logging_mux_port }}" -- cgit v1.2.3