From 60ad4626f03cbfb119290a4bfaf9ecba53dc762b Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Tue, 2 May 2017 11:21:56 -0500
Subject: Pulling in changes from master
---
.../tasks/main.yaml | 87 +++++++++++++++++-----
.../templates/elasticsearch.yml.j2 | 4 +-
.../templates/es.j2 | 16 +++-
.../templates/rolebinding.j2 | 14 ++++
4 files changed, 97 insertions(+), 24 deletions(-)
create mode 100644 roles/openshift_logging_elasticsearch/templates/rolebinding.j2
(limited to 'roles/openshift_logging_elasticsearch')
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml
index 0d4c7a013..620c82fd0 100644
--- a/roles/openshift_logging_elasticsearch/tasks/main.yaml
+++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml
@@ -11,7 +11,9 @@
msg: Invalid deployment type, one of ['data-master', 'data-client', 'master', 'client'] allowed
when: not openshift_logging_elasticsearch_deployment_type in __allowed_es_types
-- set_fact: elasticsearch_name="{{ 'logging-elasticsearch' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}"
+- set_fact:
+ elasticsearch_name: "{{ 'logging-elasticsearch' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}"
+ es_component: "{{ 'es' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}"
- include: determine_version.yaml
@@ -39,7 +41,7 @@
oc_serviceaccount:
state: present
name: "aggregated-logging-elasticsearch"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
image_pull_secrets: "{{ openshift_logging_image_pull_secret }}"
when: openshift_logging_image_pull_secret != ''
@@ -47,7 +49,7 @@
oc_serviceaccount:
state: present
name: "aggregated-logging-elasticsearch"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
when:
- openshift_logging_image_pull_secret == ''
@@ -61,7 +63,7 @@
state: present
name: "rolebinding-reader"
kind: clusterrole
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
files:
- "{{ tempdir }}/rolebinding-reader.yml"
delete_after: true
@@ -70,10 +72,34 @@
- name: Set rolebinding-reader permissions for ES
oc_adm_policy_user:
state: present
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
resource_kind: cluster-role
resource_name: rolebinding-reader
- user: "system:serviceaccount:{{ openshift_logging_namespace }}:aggregated-logging-elasticsearch"
+ user: "system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch"
+
+# View role and binding
+- name: Generate logging-elasticsearch-view-role
+ template:
+ src: rolebinding.j2
+ dest: "{{mktemp.stdout}}/logging-elasticsearch-view-role.yaml"
+ vars:
+ obj_name: logging-elasticsearch-view-role
+ roleRef:
+ name: view
+ subjects:
+ - kind: ServiceAccount
+ name: aggregated-logging-elasticsearch
+ changed_when: no
+
+- name: Set logging-elasticsearch-view-role role
+ oc_obj:
+ state: present
+ name: "logging-elasticsearch-view-role"
+ kind: rolebinding
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ files:
+ - "{{ tempdir }}/logging-elasticsearch-view-role.yaml"
+ delete_after: true
# configmap
- template:
@@ -87,7 +113,6 @@
dest: "{{ tempdir }}/elasticsearch.yml"
vars:
allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}"
- deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}"
when: es_config_contents is undefined
changed_when: no
@@ -106,8 +131,8 @@
- name: Set ES configmap
oc_configmap:
state: present
- name: "{{ elasticsearch_name }}-{{ openshift_logging_elasticsearch_deployment_type }}"
- namespace: "{{ openshift_logging_namespace }}"
+ name: "{{ elasticsearch_name }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
from_file:
elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
logging.yml: "{{ tempdir }}/elasticsearch-logging.yml"
@@ -119,7 +144,7 @@
oc_secret:
state: present
name: "logging-elasticsearch"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
files:
- name: key
path: "{{ generated_certs_dir }}/logging-es.jks"
@@ -138,6 +163,34 @@
- name: admin.jks
path: "{{ generated_certs_dir }}/system.admin.jks"
+# services
+- name: Set logging-{{ es_component }}-cluster service
+ oc_service:
+ state: present
+ name: "logging-{{ es_component }}-cluster"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ selector:
+ component: "{{ es_component }}"
+ provider: openshift
+# labels:
+# - logging-infra: 'support'
+ ports:
+ - port: 9300
+
+- name: Set logging-{{ es_component }} service
+ oc_service:
+ state: present
+ name: "logging-{{ es_component }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+ selector:
+ component: "{{ es_component }}"
+ provider: openshift
+# labels:
+# - logging-infra: 'support'
+ ports:
+ - port: 9200
+ targetPort: "restapi"
+
- name: Creating ES storage template
template:
src: pvc.j2
@@ -171,16 +224,13 @@
state: present
kind: pvc
name: "{{ openshift_logging_elasticsearch_pvc_name }}"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
files:
- "{{ tempdir }}/templates/logging-es-pvc.yml"
delete_after: true
when:
- openshift_logging_elasticsearch_storage_type == "pvc"
-- set_fact:
- es_component: "{{ 'es' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}"
-
- set_fact:
es_deploy_name: "logging-{{ es_component }}-{{ openshift_logging_elasticsearch_deployment_type }}-{{ 'abcdefghijklmnopqrstuvwxyz0123456789' | random_word(8) }}"
when: openshift_logging_elasticsearch_deployment_name == ""
@@ -195,20 +245,21 @@
src: es.j2
dest: "{{ tempdir }}/templates/logging-es-dc.yml"
vars:
- es_configmap: "{{ elasticsearch_name }}-{{ openshift_logging_elasticsearch_deployment_type }}"
es_cluster_name: "{{ es_component }}"
- logging_component: "{{ es_component }}"
+ component: "{{ es_component }}"
+ logging_component: elasticsearch
deploy_name: "{{ es_deploy_name }}"
image: "{{ openshift_logging_image_prefix }}logging-elasticsearch:{{ openshift_logging_image_version }}"
es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit }}"
es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}"
es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}"
+ deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}"
- name: Set ES dc
oc_obj:
state: present
name: "{{ es_deploy_name }}"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
kind: dc
files:
- "{{ tempdir }}/templates/logging-es-dc.yml"
@@ -219,7 +270,7 @@
oc_scale:
kind: dc
name: "{{ es_deploy_name }}"
- namespace: "{{ openshift_logging_namespace }}"
+ namespace: "{{ openshift_logging_elasticsearch_namespace }}"
replicas: 1
## Placeholder for migration when necessary ##
diff --git a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2
index cd4bde98b..340c6d7e6 100644
--- a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2
+++ b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2
@@ -15,8 +15,8 @@ index:
flush_threshold_period: 5m
node:
- master: {% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}
- data: {% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}
+ master: ${IS_MASTER}
+ data: ${HAS_DATA}
network:
host: 0.0.0.0
diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2
index 295e58981..36390a2c2 100644
--- a/roles/openshift_logging_elasticsearch/templates/es.j2
+++ b/roles/openshift_logging_elasticsearch/templates/es.j2
@@ -4,14 +4,14 @@ metadata:
name: "{{deploy_name}}"
labels:
provider: openshift
- component: elasticsearch
+ component: "{{component}}"
deployment: "{{deploy_name}}"
logging-infra: "{{logging_component}}"
spec:
replicas: {{replicas|default(0)}}
selector:
provider: openshift
- component: elasticsearch
+ component: "{{component}}"
deployment: "{{deploy_name}}"
logging-infra: "{{logging_component}}"
strategy:
@@ -22,7 +22,7 @@ spec:
labels:
logging-infra: "{{logging_component}}"
provider: openshift
- component: elasticsearch
+ component: "{{component}}"
deployment: "{{deploy_name}}"
spec:
terminationGracePeriod: 600
@@ -86,6 +86,14 @@ spec:
-
name: "RECOVER_AFTER_TIME"
value: "{{openshift_logging_elasticsearch_recover_after_time}}"
+ -
+ name: "IS_MASTER"
+ value: "{% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}"
+
+ -
+ name: "HAS_DATA"
+ value: "{% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}"
+
volumeMounts:
- name: elasticsearch
mountPath: /etc/elasticsearch/secret
@@ -101,7 +109,7 @@ spec:
secretName: logging-elasticsearch
- name: elasticsearch-config
configMap:
- name: {{ es_configmap }}
+ name: logging-elasticsearch
- name: elasticsearch-storage
{% if openshift_logging_elasticsearch_storage_type == 'pvc' %}
persistentVolumeClaim:
diff --git a/roles/openshift_logging_elasticsearch/templates/rolebinding.j2 b/roles/openshift_logging_elasticsearch/templates/rolebinding.j2
new file mode 100644
index 000000000..fcd4e87cc
--- /dev/null
+++ b/roles/openshift_logging_elasticsearch/templates/rolebinding.j2
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: RoleBinding
+metadata:
+ name: {{obj_name}}
+roleRef:
+{% if roleRef.kind is defined %}
+ kind: {{ roleRef.kind }}
+{% endif %}
+ name: {{ roleRef.name }}
+subjects:
+{% for sub in subjects %}
+ - kind: {{ sub.kind }}
+ name: {{ sub.name }}
+{% endfor %}
--
cgit v1.2.3