summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_logging/tasks/generate_certs.yaml46
-rw-r--r--roles/openshift_logging/tasks/install_curator.yaml4
-rw-r--r--roles/openshift_logging/tasks/install_logging.yaml19
-rw-r--r--roles/openshift_logging/tasks/oc_apply.yaml29
4 files changed, 87 insertions, 11 deletions
diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml
index 5e6498ad7..e16071e46 100644
--- a/roles/openshift_logging/tasks/generate_certs.yaml
+++ b/roles/openshift_logging/tasks/generate_certs.yaml
@@ -162,10 +162,56 @@
changed_when: no
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
+# check for secret/logging-kibana-proxy
+- command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get secret/logging-kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.data.oauth-secret}'
+ register: kibana_secret_oauth_check
+ ignore_errors: yes
+ changed_when: no
+ check_mode: no
+
+- command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get secret/logging-kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.data.session-secret}'
+ register: kibana_secret_session_check
+ ignore_errors: yes
+ changed_when: no
+ check_mode: no
+
+# check for oauthclient secret
+- command: >
+ {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get oauthclient/kibana-proxy -n {{openshift_logging_namespace}} -o jsonpath='{.secret}'
+ register: oauth_secret_check
+ ignore_errors: yes
+ changed_when: no
+ check_mode: no
+
+# set or generate as needed
- name: Generate proxy session
set_fact: session_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(200)}}
check_mode: no
+ when:
+ - kibana_secret_session_check.stdout is not defined or kibana_secret_session_check.stdout == ''
+
+- name: Generate proxy session
+ set_fact: session_secret={{kibana_secret_session_check.stdout | b64decode }}
+ check_mode: no
+ when:
+ - kibana_secret_session_check.stdout is defined
+ - kibana_secret_session_check.stdout != ''
- name: Generate oauth client secret
set_fact: oauth_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}}
check_mode: no
+ when: kibana_secret_oauth_check.stdout is not defined or kibana_secret_oauth_check.stdout == ''
+ or oauth_secret_check.stdout is not defined or oauth_secret_check.stdout == ''
+ or kibana_secret_oauth_check.stdout | b64decode != oauth_secret_check.stdout
+
+- name: Generate oauth client secret
+ set_fact: oauth_secret={{kibana_secret_oauth_check.stdout | b64decode}}
+ check_mode: no
+ when:
+ - kibana_secret_oauth_check is defined
+ - kibana_secret_oauth_check.stdout != ''
+ - oauth_secret_check.stdout is defined
+ - oauth_secret_check.stdout != ''
+ - kibana_secret_oauth_check.stdout | b64decode == oauth_secret_check.stdout
diff --git a/roles/openshift_logging/tasks/install_curator.yaml b/roles/openshift_logging/tasks/install_curator.yaml
index 5f3063380..35116ae2b 100644
--- a/roles/openshift_logging/tasks/install_curator.yaml
+++ b/roles/openshift_logging/tasks/install_curator.yaml
@@ -11,7 +11,9 @@
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-curator-ops
-o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}}
register: curator_ops_replica_count
- when: not ansible_check_mode
+ when:
+ - not ansible_check_mode
+ - openshift_logging_use_ops
ignore_errors: yes
changed_when: no
diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml
index 6a11baeb9..af03e9371 100644
--- a/roles/openshift_logging/tasks/install_logging.yaml
+++ b/roles/openshift_logging/tasks/install_logging.yaml
@@ -23,16 +23,15 @@
loop_control:
loop_var: install_component
-- name: Register API objects from generated templates
- command: ls -1 {{mktemp.stdout}}/templates/
- register: logging_objects
- check_mode: no
- changed_when: no
-
-- name: Creating API objects from generated templates
- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig apply -f {{mktemp.stdout}}/templates/{{file}} -n {{openshift_logging_namespace}}
- with_items: "{{logging_objects.stdout_lines | sort}}"
+- name: Create objects
+ include: oc_apply.yaml
+ vars:
+ - kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ - namespace: "{{ openshift_logging_namespace }}"
+ - file_name: "{{ file }}"
+ - file_content: "{{ lookup('file', file) | from_yaml }}"
+ with_fileglob:
+ - "{{ mktemp.stdout }}/templates/*.yaml"
loop_control:
loop_var: file
when: not ansible_check_mode
diff --git a/roles/openshift_logging/tasks/oc_apply.yaml b/roles/openshift_logging/tasks/oc_apply.yaml
new file mode 100644
index 000000000..c362b7fca
--- /dev/null
+++ b/roles/openshift_logging/tasks/oc_apply.yaml
@@ -0,0 +1,29 @@
+---
+- name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}}
+ shell: >
+ {{ openshift.common.client_binary }}
+ --config={{ kubeconfig }}
+ get {{file_content.kind}} {{file_content.metadata.name}}
+ -o jsonpath='{.metadata.resourceVersion}'
+ -n {{namespace}} || echo 0
+ register: generation_init
+ changed_when: no
+
+- name: Applying {{file_name}}
+ command: >
+ {{ openshift.common.client_binary }} --config={{ kubeconfig }}
+ apply -f {{ file_name }}
+ -n {{ namespace }}
+ register: generation_apply
+ failed_when: "'error' in generation_apply.stderr"
+ changed_when: no
+
+- name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}}
+ shell: >
+ {{ openshift.common.client_binary }} --config={{ kubeconfig }}
+ get {{file_content.kind}} {{file_content.metadata.name}}
+ -o jsonpath='{.metadata.resourceVersion}'
+ -n {{namespace}} || echo 0
+ register: generation_changed
+ failed_when: "'error' in generation_changed.stderr"
+ changed_when: generation_changed.stdout | int > generation_init.stdout | int