From 9cf70bb6991df874350ea0f5c97da26bb6757edb Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Fri, 13 Jan 2017 16:37:27 -0600
Subject: additional comments addressed
---
roles/openshift_logging/files/elasticsearch.yml | 74 ---------------------
.../tasks/generate_configmaps.yaml | 13 ++--
.../templates/elasticsearch.yml.j2 | 75 ++++++++++++++++++++++
3 files changed, 79 insertions(+), 83 deletions(-)
delete mode 100644 roles/openshift_logging/files/elasticsearch.yml
create mode 100644 roles/openshift_logging/templates/elasticsearch.yml.j2
(limited to 'roles/openshift_logging')
diff --git a/roles/openshift_logging/files/elasticsearch.yml b/roles/openshift_logging/files/elasticsearch.yml
deleted file mode 100644
index 4eff30e61..000000000
--- a/roles/openshift_logging/files/elasticsearch.yml
+++ /dev/null
@@ -1,74 +0,0 @@
-cluster:
- name: ${CLUSTER_NAME}
-
-script:
- inline: on
- indexed: on
-
-index:
- number_of_shards: 1
- number_of_replicas: 0
- auto_expand_replicas: 0-3
- unassigned.node_left.delayed_timeout: 2m
- translog:
- flush_threshold_size: 256mb
- flush_threshold_period: 5m
-
-node:
- master: true
- data: true
-
-network:
- host: 0.0.0.0
-
-cloud:
- kubernetes:
- service: ${SERVICE_DNS}
- namespace: ${NAMESPACE}
-
-discovery:
- type: kubernetes
- zen.ping.multicast.enabled: false
-
-gateway:
- expected_master_nodes: ${NODE_QUORUM}
- recover_after_nodes: ${RECOVER_AFTER_NODES}
- expected_nodes: ${RECOVER_EXPECTED_NODES}
- recover_after_time: ${RECOVER_AFTER_TIME}
-
-io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
-
-openshift.searchguard:
- keystore.path: /etc/elasticsearch/secret/admin.jks
- truststore.path: /etc/elasticsearch/secret/searchguard.truststore
-
-
-path:
- data: /elasticsearch/persistent/${CLUSTER_NAME}/data
- logs: /elasticsearch/${CLUSTER_NAME}/logs
- work: /elasticsearch/${CLUSTER_NAME}/work
- scripts: /elasticsearch/${CLUSTER_NAME}/scripts
-
-searchguard:
- authcz.admin_dn:
- - CN=system.admin,OU=OpenShift,O=Logging
- config_index_name: ".searchguard.${HOSTNAME}"
- ssl:
- transport:
- enabled: true
- enforce_hostname_verification: false
- keystore_type: JKS
- keystore_filepath: /etc/elasticsearch/secret/searchguard.key
- keystore_password: kspass
- truststore_type: JKS
- truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore
- truststore_password: tspass
- http:
- enabled: true
- keystore_type: JKS
- keystore_filepath: /etc/elasticsearch/secret/key
- keystore_password: kspass
- clientauth_mode: OPTIONAL
- truststore_type: JKS
- truststore_filepath: /etc/elasticsearch/secret/truststore
- truststore_password: tspass
diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml
index f9f9ee79f..b24a7c342 100644
--- a/roles/openshift_logging/tasks/generate_configmaps.yaml
+++ b/roles/openshift_logging/tasks/generate_configmaps.yaml
@@ -6,16 +6,11 @@
when: es_logging_contents is undefined
changed_when: no
- - copy:
- src: elasticsearch.yml
- dest: "{{mktemp.stdout}}/elasticsearch.yml"
- when: es_config_contents is undefined
- changed_when: no
-
- - lineinfile:
+ - template:
+ src: elasticsearch.yml.j2
dest: "{{mktemp.stdout}}/elasticsearch.yml"
- regexp: '^openshift\.operations\.allow_cluster_reader(.)*$'
- line: "\nopenshift.operations.allow_cluster_reader: {{openshift_logging_es_ops_allow_cluster_reader | lower}}"
+ vars:
+ - allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}"
when: es_config_contents is undefined
changed_when: no
diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2
new file mode 100644
index 000000000..dad78b844
--- /dev/null
+++ b/roles/openshift_logging/templates/elasticsearch.yml.j2
@@ -0,0 +1,75 @@
+cluster:
+ name: ${CLUSTER_NAME}
+
+script:
+ inline: on
+ indexed: on
+
+index:
+ number_of_shards: 1
+ number_of_replicas: 0
+ auto_expand_replicas: 0-3
+ unassigned.node_left.delayed_timeout: 2m
+ translog:
+ flush_threshold_size: 256mb
+ flush_threshold_period: 5m
+
+node:
+ master: true
+ data: true
+
+network:
+ host: 0.0.0.0
+
+cloud:
+ kubernetes:
+ service: ${SERVICE_DNS}
+ namespace: ${NAMESPACE}
+
+discovery:
+ type: kubernetes
+ zen.ping.multicast.enabled: false
+
+gateway:
+ expected_master_nodes: ${NODE_QUORUM}
+ recover_after_nodes: ${RECOVER_AFTER_NODES}
+ expected_nodes: ${RECOVER_EXPECTED_NODES}
+ recover_after_time: ${RECOVER_AFTER_TIME}
+
+io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
+
+openshift.searchguard:
+ keystore.path: /etc/elasticsearch/secret/admin.jks
+ truststore.path: /etc/elasticsearch/secret/searchguard.truststore
+
+openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default ('false')}}
+
+path:
+ data: /elasticsearch/persistent/${CLUSTER_NAME}/data
+ logs: /elasticsearch/${CLUSTER_NAME}/logs
+ work: /elasticsearch/${CLUSTER_NAME}/work
+ scripts: /elasticsearch/${CLUSTER_NAME}/scripts
+
+searchguard:
+ authcz.admin_dn:
+ - CN=system.admin,OU=OpenShift,O=Logging
+ config_index_name: ".searchguard.${HOSTNAME}"
+ ssl:
+ transport:
+ enabled: true
+ enforce_hostname_verification: false
+ keystore_type: JKS
+ keystore_filepath: /etc/elasticsearch/secret/searchguard.key
+ keystore_password: kspass
+ truststore_type: JKS
+ truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore
+ truststore_password: tspass
+ http:
+ enabled: true
+ keystore_type: JKS
+ keystore_filepath: /etc/elasticsearch/secret/key
+ keystore_password: kspass
+ clientauth_mode: OPTIONAL
+ truststore_type: JKS
+ truststore_filepath: /etc/elasticsearch/secret/truststore
+ truststore_password: tspass
--
cgit v1.2.3