summaryrefslogtreecommitdiffstats
path: root/roles/openshift_logging_fluentd
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_logging_fluentd')
-rw-r--r--roles/openshift_logging_fluentd/defaults/main.yml28
-rw-r--r--roles/openshift_logging_fluentd/tasks/main.yaml20
-rw-r--r--roles/openshift_logging_fluentd/templates/fluentd.j214
3 files changed, 39 insertions, 23 deletions
diff --git a/roles/openshift_logging_fluentd/defaults/main.yml b/roles/openshift_logging_fluentd/defaults/main.yml
index 713962c2e..ad92f499d 100644
--- a/roles/openshift_logging_fluentd/defaults/main.yml
+++ b/roles/openshift_logging_fluentd/defaults/main.yml
@@ -1,11 +1,10 @@
---
### General logging settings
-openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}"
-openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}"
-openshift_logging_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
-openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
-openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}"
-openshift_logging_namespace: logging
+openshift_logging_fluentd_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}"
+openshift_logging_fluentd_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}"
+openshift_logging_fluentd_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
+openshift_logging_fluentd_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
+openshift_logging_fluentd_namespace: logging
### Common settings
openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}"
@@ -33,6 +32,23 @@ openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal
openshift_logging_fluentd_journal_source: "{{ openshift_hosted_logging_journal_source | default('') }}"
openshift_logging_fluentd_journal_read_from_head: "{{ openshift_hosted_logging_journal_read_from_head | default('') }}"
+openshift_logging_fluentd_app_client_cert: /etc/fluent/keys/cert
+openshift_logging_fluentd_app_client_key: /etc/fluent/keys/key
+openshift_logging_fluentd_app_ca: /etc/fluent/keys/ca
+openshift_logging_fluentd_ops_client_cert: /etc/fluent/keys/cert
+openshift_logging_fluentd_ops_client_key: /etc/fluent/keys/key
+openshift_logging_fluentd_ops_ca: /etc/fluent/keys/ca
+
+
+# used by "secure-host" and "secure-aggregator" deployments
+openshift_logging_fluentd_shared_key: "{{ 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' | random_word(128) }}"
+openshift_logging_fluentd_aggregating_port: 24284
+openshift_logging_fluentd_aggregating_host: "${HOSTNAME}"
+openshift_logging_fluentd_aggregating_secure: "no"
+openshift_logging_fluentd_aggregating_strict: "no"
+openshift_logging_fluentd_aggregating_cert_path: none
+openshift_logging_fluentd_aggregating_key_path: none
+openshift_logging_fluentd_aggregating_passphrase: none
### Deprecating in 3.6
openshift_logging_fluentd_es_copy: false
diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml
index 0e14328c0..d350eb41e 100644
--- a/roles/openshift_logging_fluentd/tasks/main.yaml
+++ b/roles/openshift_logging_fluentd/tasks/main.yaml
@@ -40,7 +40,7 @@
oc_serviceaccount:
state: present
name: "aggregated-logging-fluentd"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_fluentd_namespace }}"
image_pull_secrets: "{{ openshift_logging_image_pull_secret }}"
when: openshift_logging_image_pull_secret != ''
@@ -48,27 +48,27 @@
oc_serviceaccount:
state: present
name: "aggregated-logging-fluentd"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_fluentd_namespace }}"
when:
- openshift_logging_image_pull_secret == ''
# set service account scc
- name: Set privileged permissions for Fluentd
oc_adm_policy_user:
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_fluentd_namespace }}"
resource_kind: scc
resource_name: privileged
state: present
- user: "system:serviceaccount:{{ openshift_logging_namespace }}:aggregated-logging-fluentd"
+ user: "system:serviceaccount:{{ openshift_logging_fluentd_namespace }}:aggregated-logging-fluentd"
# set service account permissions
- name: Set cluster-reader permissions for Fluentd
oc_adm_policy_user:
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_fluentd_namespace }}"
resource_kind: cluster-role
resource_name: cluster-reader
state: present
- user: "system:serviceaccount:{{ openshift_logging_namespace }}:aggregated-logging-fluentd"
+ user: "system:serviceaccount:{{ openshift_logging_fluentd_namespace }}:aggregated-logging-fluentd"
# create Fluentd configmap
- template:
@@ -114,9 +114,9 @@
oc_configmap:
state: present
name: "logging-fluentd"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_fluentd_namespace }}"
from_file:
- fluentd.conf: "{{ tempdir }}/fluent.conf"
+ fluent.conf: "{{ tempdir }}/fluent.conf"
throttle-config.yaml: "{{ tempdir }}/fluentd-throttle-config.yaml"
secure-forward.conf: "{{ tempdir }}/secure-forward.conf"
@@ -126,7 +126,7 @@
oc_secret:
state: present
name: logging-fluentd
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_fluentd_namespace }}"
files:
- name: ca
path: "{{ generated_certs_dir }}/ca.crt"
@@ -161,7 +161,7 @@
oc_obj:
state: present
name: logging-fluentd
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_fluentd_namespace }}"
kind: daemonset
files:
- "{{ tempdir }}/templates/logging-fluentd.yaml"
diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2
index 336d657d5..8e079120d 100644
--- a/roles/openshift_logging_fluentd/templates/fluentd.j2
+++ b/roles/openshift_logging_fluentd/templates/fluentd.j2
@@ -61,27 +61,27 @@ spec:
readOnly: true
env:
- name: "K8S_HOST_URL"
- value: "{{ openshift_logging_master_url }}"
+ value: "{{ openshift_logging_fluentd_master_url }}"
- name: "ES_HOST"
value: "{{ app_host }}"
- name: "ES_PORT"
value: "{{ app_port }}"
- name: "ES_CLIENT_CERT"
- value: "{{ openshift_logging_es_client_cert }}"
+ value: "{{ openshift_logging_fluentd_app_client_cert }}"
- name: "ES_CLIENT_KEY"
- value: "{{ openshift_logging_es_client_key }}"
+ value: "{{ openshift_logging_fluentd_app_client_key }}"
- name: "ES_CA"
- value: "{{ openshift_logging_es_ca }}"
+ value: "{{ openshift_logging_fluentd_app_ca }}"
- name: "OPS_HOST"
value: "{{ ops_host }}"
- name: "OPS_PORT"
value: "{{ ops_port }}"
- name: "OPS_CLIENT_CERT"
- value: "{{ openshift_logging_es_ops_client_cert }}"
+ value: "{{ openshift_logging_fluentd_ops_client_cert }}"
- name: "OPS_CLIENT_KEY"
- value: "{{ openshift_logging_es_ops_client_key }}"
+ value: "{{ openshift_logging_fluentd_ops_client_key }}"
- name: "OPS_CA"
- value: "{{ openshift_logging_es_ops_ca }}"
+ value: "{{ openshift_logging_fluentd_ops_ca }}"
- name: "ES_COPY"
value: "false"
- name: "USE_JOURNAL"