diff options
Diffstat (limited to 'roles/openshift_logging_fluentd')
-rw-r--r-- | roles/openshift_logging_fluentd/defaults/main.yml | 28 | ||||
-rw-r--r-- | roles/openshift_logging_fluentd/tasks/main.yaml | 20 | ||||
-rw-r--r-- | roles/openshift_logging_fluentd/templates/fluentd.j2 | 14 |
3 files changed, 39 insertions, 23 deletions
diff --git a/roles/openshift_logging_fluentd/defaults/main.yml b/roles/openshift_logging_fluentd/defaults/main.yml index 713962c2e..ad92f499d 100644 --- a/roles/openshift_logging_fluentd/defaults/main.yml +++ b/roles/openshift_logging_fluentd/defaults/main.yml @@ -1,11 +1,10 @@ --- ### General logging settings -openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" -openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" -openshift_logging_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" -openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" -openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}" -openshift_logging_namespace: logging +openshift_logging_fluentd_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" +openshift_logging_fluentd_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" +openshift_logging_fluentd_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" +openshift_logging_fluentd_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" +openshift_logging_fluentd_namespace: logging ### Common settings openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}" @@ -33,6 +32,23 @@ openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal openshift_logging_fluentd_journal_source: "{{ openshift_hosted_logging_journal_source | default('') }}" openshift_logging_fluentd_journal_read_from_head: "{{ openshift_hosted_logging_journal_read_from_head | default('') }}" +openshift_logging_fluentd_app_client_cert: /etc/fluent/keys/cert +openshift_logging_fluentd_app_client_key: /etc/fluent/keys/key +openshift_logging_fluentd_app_ca: /etc/fluent/keys/ca +openshift_logging_fluentd_ops_client_cert: /etc/fluent/keys/cert +openshift_logging_fluentd_ops_client_key: /etc/fluent/keys/key +openshift_logging_fluentd_ops_ca: /etc/fluent/keys/ca + + +# used by "secure-host" and "secure-aggregator" deployments +openshift_logging_fluentd_shared_key: "{{ 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' | random_word(128) }}" +openshift_logging_fluentd_aggregating_port: 24284 +openshift_logging_fluentd_aggregating_host: "${HOSTNAME}" +openshift_logging_fluentd_aggregating_secure: "no" +openshift_logging_fluentd_aggregating_strict: "no" +openshift_logging_fluentd_aggregating_cert_path: none +openshift_logging_fluentd_aggregating_key_path: none +openshift_logging_fluentd_aggregating_passphrase: none ### Deprecating in 3.6 openshift_logging_fluentd_es_copy: false diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml index 0e14328c0..d350eb41e 100644 --- a/roles/openshift_logging_fluentd/tasks/main.yaml +++ b/roles/openshift_logging_fluentd/tasks/main.yaml @@ -40,7 +40,7 @@ oc_serviceaccount: state: present name: "aggregated-logging-fluentd" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_fluentd_namespace }}" image_pull_secrets: "{{ openshift_logging_image_pull_secret }}" when: openshift_logging_image_pull_secret != '' @@ -48,27 +48,27 @@ oc_serviceaccount: state: present name: "aggregated-logging-fluentd" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_fluentd_namespace }}" when: - openshift_logging_image_pull_secret == '' # set service account scc - name: Set privileged permissions for Fluentd oc_adm_policy_user: - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_fluentd_namespace }}" resource_kind: scc resource_name: privileged state: present - user: "system:serviceaccount:{{ openshift_logging_namespace }}:aggregated-logging-fluentd" + user: "system:serviceaccount:{{ openshift_logging_fluentd_namespace }}:aggregated-logging-fluentd" # set service account permissions - name: Set cluster-reader permissions for Fluentd oc_adm_policy_user: - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_fluentd_namespace }}" resource_kind: cluster-role resource_name: cluster-reader state: present - user: "system:serviceaccount:{{ openshift_logging_namespace }}:aggregated-logging-fluentd" + user: "system:serviceaccount:{{ openshift_logging_fluentd_namespace }}:aggregated-logging-fluentd" # create Fluentd configmap - template: @@ -114,9 +114,9 @@ oc_configmap: state: present name: "logging-fluentd" - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_fluentd_namespace }}" from_file: - fluentd.conf: "{{ tempdir }}/fluent.conf" + fluent.conf: "{{ tempdir }}/fluent.conf" throttle-config.yaml: "{{ tempdir }}/fluentd-throttle-config.yaml" secure-forward.conf: "{{ tempdir }}/secure-forward.conf" @@ -126,7 +126,7 @@ oc_secret: state: present name: logging-fluentd - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_fluentd_namespace }}" files: - name: ca path: "{{ generated_certs_dir }}/ca.crt" @@ -161,7 +161,7 @@ oc_obj: state: present name: logging-fluentd - namespace: "{{ openshift_logging_namespace }}" + namespace: "{{ openshift_logging_fluentd_namespace }}" kind: daemonset files: - "{{ tempdir }}/templates/logging-fluentd.yaml" diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2 index 336d657d5..8e079120d 100644 --- a/roles/openshift_logging_fluentd/templates/fluentd.j2 +++ b/roles/openshift_logging_fluentd/templates/fluentd.j2 @@ -61,27 +61,27 @@ spec: readOnly: true env: - name: "K8S_HOST_URL" - value: "{{ openshift_logging_master_url }}" + value: "{{ openshift_logging_fluentd_master_url }}" - name: "ES_HOST" value: "{{ app_host }}" - name: "ES_PORT" value: "{{ app_port }}" - name: "ES_CLIENT_CERT" - value: "{{ openshift_logging_es_client_cert }}" + value: "{{ openshift_logging_fluentd_app_client_cert }}" - name: "ES_CLIENT_KEY" - value: "{{ openshift_logging_es_client_key }}" + value: "{{ openshift_logging_fluentd_app_client_key }}" - name: "ES_CA" - value: "{{ openshift_logging_es_ca }}" + value: "{{ openshift_logging_fluentd_app_ca }}" - name: "OPS_HOST" value: "{{ ops_host }}" - name: "OPS_PORT" value: "{{ ops_port }}" - name: "OPS_CLIENT_CERT" - value: "{{ openshift_logging_es_ops_client_cert }}" + value: "{{ openshift_logging_fluentd_ops_client_cert }}" - name: "OPS_CLIENT_KEY" - value: "{{ openshift_logging_es_ops_client_key }}" + value: "{{ openshift_logging_fluentd_ops_client_key }}" - name: "OPS_CA" - value: "{{ openshift_logging_es_ops_ca }}" + value: "{{ openshift_logging_fluentd_ops_ca }}" - name: "ES_COPY" value: "false" - name: "USE_JOURNAL" |