diff options
Diffstat (limited to 'roles/openshift_logging_elasticsearch')
4 files changed, 97 insertions, 24 deletions
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 0d4c7a013..620c82fd0 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -11,7 +11,9 @@ msg: Invalid deployment type, one of ['data-master', 'data-client', 'master', 'client'] allowed when: not openshift_logging_elasticsearch_deployment_type in __allowed_es_types -- set_fact: elasticsearch_name="{{ 'logging-elasticsearch' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}" +- set_fact: + elasticsearch_name: "{{ 'logging-elasticsearch' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}" + es_component: "{{ 'es' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}" - include: determine_version.yaml @@ -39,7 +41,7 @@ oc_serviceaccount: state: present name: "aggregated-logging-elasticsearch" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" image_pull_secrets: "{{ openshift_logging_image_pull_secret }}" when: openshift_logging_image_pull_secret != '' @@ -47,7 +49,7 @@ oc_serviceaccount: state: present name: "aggregated-logging-elasticsearch" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" when: - openshift_logging_image_pull_secret == '' @@ -61,7 +63,7 @@ state: present name: "rolebinding-reader" kind: clusterrole - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" files: - "{{ tempdir }}/rolebinding-reader.yml" delete_after: true @@ -70,10 +72,34 @@ - name: Set rolebinding-reader permissions for ES oc_adm_policy_user: state: present - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" resource_kind: cluster-role resource_name: rolebinding-reader - user: "system:serviceaccount:{{ openshift_logging_namespace }}:aggregated-logging-elasticsearch" + user: "system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch" + +# View role and binding +- name: Generate logging-elasticsearch-view-role + template: + src: rolebinding.j2 + dest: "{{mktemp.stdout}}/logging-elasticsearch-view-role.yaml" + vars: + obj_name: logging-elasticsearch-view-role + roleRef: + name: view + subjects: + - kind: ServiceAccount + name: aggregated-logging-elasticsearch + changed_when: no + +- name: Set logging-elasticsearch-view-role role + oc_obj: + state: present + name: "logging-elasticsearch-view-role" + kind: rolebinding + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + files: + - "{{ tempdir }}/logging-elasticsearch-view-role.yaml" + delete_after: true # configmap - template: @@ -87,7 +113,6 @@ dest: "{{ tempdir }}/elasticsearch.yml" vars: allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}" - deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" when: es_config_contents is undefined changed_when: no @@ -106,8 +131,8 @@ - name: Set ES configmap oc_configmap: state: present - name: "{{ elasticsearch_name }}-{{ openshift_logging_elasticsearch_deployment_type }}" - namespace: "{{ openshift_logging_namespace }}" + name: "{{ elasticsearch_name }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" from_file: elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml" logging.yml: "{{ tempdir }}/elasticsearch-logging.yml" @@ -119,7 +144,7 @@ oc_secret: state: present name: "logging-elasticsearch" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" files: - name: key path: "{{ generated_certs_dir }}/logging-es.jks" @@ -138,6 +163,34 @@ - name: admin.jks path: "{{ generated_certs_dir }}/system.admin.jks" +# services +- name: Set logging-{{ es_component }}-cluster service + oc_service: + state: present + name: "logging-{{ es_component }}-cluster" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + selector: + component: "{{ es_component }}" + provider: openshift +# labels: +# - logging-infra: 'support' + ports: + - port: 9300 + +- name: Set logging-{{ es_component }} service + oc_service: + state: present + name: "logging-{{ es_component }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + selector: + component: "{{ es_component }}" + provider: openshift +# labels: +# - logging-infra: 'support' + ports: + - port: 9200 + targetPort: "restapi" + - name: Creating ES storage template template: src: pvc.j2 @@ -171,7 +224,7 @@ state: present kind: pvc name: "{{ openshift_logging_elasticsearch_pvc_name }}" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" files: - "{{ tempdir }}/templates/logging-es-pvc.yml" delete_after: true @@ -179,9 +232,6 @@ - openshift_logging_elasticsearch_storage_type == "pvc" - set_fact: - es_component: "{{ 'es' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}" - -- set_fact: es_deploy_name: "logging-{{ es_component }}-{{ openshift_logging_elasticsearch_deployment_type }}-{{ 'abcdefghijklmnopqrstuvwxyz0123456789' | random_word(8) }}" when: openshift_logging_elasticsearch_deployment_name == "" @@ -195,20 +245,21 @@ src: es.j2 dest: "{{ tempdir }}/templates/logging-es-dc.yml" vars: - es_configmap: "{{ elasticsearch_name }}-{{ openshift_logging_elasticsearch_deployment_type }}" es_cluster_name: "{{ es_component }}" - logging_component: "{{ es_component }}" + component: "{{ es_component }}" + logging_component: elasticsearch deploy_name: "{{ es_deploy_name }}" image: "{{ openshift_logging_image_prefix }}logging-elasticsearch:{{ openshift_logging_image_version }}" es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit }}" es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}" es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}" + deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" - name: Set ES dc oc_obj: state: present name: "{{ es_deploy_name }}" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" kind: dc files: - "{{ tempdir }}/templates/logging-es-dc.yml" @@ -219,7 +270,7 @@ oc_scale: kind: dc name: "{{ es_deploy_name }}" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" replicas: 1 ## Placeholder for migration when necessary ## diff --git a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 index cd4bde98b..340c6d7e6 100644 --- a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 @@ -15,8 +15,8 @@ index: flush_threshold_period: 5m node: - master: {% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %} - data: {% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %} + master: ${IS_MASTER} + data: ${HAS_DATA} network: host: 0.0.0.0 diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 295e58981..36390a2c2 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -4,14 +4,14 @@ metadata: name: "{{deploy_name}}" labels: provider: openshift - component: elasticsearch + component: "{{component}}" deployment: "{{deploy_name}}" logging-infra: "{{logging_component}}" spec: replicas: {{replicas|default(0)}} selector: provider: openshift - component: elasticsearch + component: "{{component}}" deployment: "{{deploy_name}}" logging-infra: "{{logging_component}}" strategy: @@ -22,7 +22,7 @@ spec: labels: logging-infra: "{{logging_component}}" provider: openshift - component: elasticsearch + component: "{{component}}" deployment: "{{deploy_name}}" spec: terminationGracePeriod: 600 @@ -86,6 +86,14 @@ spec: - name: "RECOVER_AFTER_TIME" value: "{{openshift_logging_elasticsearch_recover_after_time}}" + - + name: "IS_MASTER" + value: "{% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}" + + - + name: "HAS_DATA" + value: "{% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}" + volumeMounts: - name: elasticsearch mountPath: /etc/elasticsearch/secret @@ -101,7 +109,7 @@ spec: secretName: logging-elasticsearch - name: elasticsearch-config configMap: - name: {{ es_configmap }} + name: logging-elasticsearch - name: elasticsearch-storage {% if openshift_logging_elasticsearch_storage_type == 'pvc' %} persistentVolumeClaim: diff --git a/roles/openshift_logging_elasticsearch/templates/rolebinding.j2 b/roles/openshift_logging_elasticsearch/templates/rolebinding.j2 new file mode 100644 index 000000000..fcd4e87cc --- /dev/null +++ b/roles/openshift_logging_elasticsearch/templates/rolebinding.j2 @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: RoleBinding +metadata: + name: {{obj_name}} +roleRef: +{% if roleRef.kind is defined %} + kind: {{ roleRef.kind }} +{% endif %} + name: {{ roleRef.name }} +subjects: +{% for sub in subjects %} + - kind: {{ sub.kind }} + name: {{ sub.name }} +{% endfor %} |