From 7fa2d035c9f2051e5e07134522871ea23f85e52c Mon Sep 17 00:00:00 2001 From: John Kwiatkoski Date: Tue, 22 Mar 2016 14:48:31 -0400 Subject: revised and restructured logging role --- roles/openshift_efk/README.md | 9 -- roles/openshift_efk/files/logging-deployer-sa.yaml | 6 - roles/openshift_efk/tasks/main.yaml | 179 --------------------- roles/openshift_hosted_logging/README.md | 10 ++ .../files/logging-deployer-sa.yaml | 6 + .../files/openshift_hosted_logging_efk.yaml | 4 + .../tasks/cleanup_logging.yaml | 76 +++++++++ .../tasks/deploy_logging.yaml | 107 ++++++++++++ roles/openshift_hosted_logging/tasks/main.yaml | 8 + roles/openshift_hosted_logging/vars/main.yaml | 5 + 10 files changed, 216 insertions(+), 194 deletions(-) delete mode 100644 roles/openshift_efk/README.md delete mode 100644 roles/openshift_efk/files/logging-deployer-sa.yaml delete mode 100644 roles/openshift_efk/tasks/main.yaml create mode 100644 roles/openshift_hosted_logging/README.md create mode 100644 roles/openshift_hosted_logging/files/logging-deployer-sa.yaml create mode 100644 roles/openshift_hosted_logging/files/openshift_hosted_logging_efk.yaml create mode 100644 roles/openshift_hosted_logging/tasks/cleanup_logging.yaml create mode 100644 roles/openshift_hosted_logging/tasks/deploy_logging.yaml create mode 100644 roles/openshift_hosted_logging/tasks/main.yaml create mode 100644 roles/openshift_hosted_logging/vars/main.yaml (limited to 'roles') diff --git a/roles/openshift_efk/README.md b/roles/openshift_efk/README.md deleted file mode 100644 index d948dad5d..000000000 --- a/roles/openshift_efk/README.md +++ /dev/null @@ -1,9 +0,0 @@ -###Required vars: - -- kibana_hostname: kibana.example.com -- es_cluster_size: 1 -- master_url: https://localhost:8443 - -###Optional vars: -- logging_secret_vars: (defaults to nothing=/dev/null) kibana.crt=/etc/origin/master/ca.crt kibana.key=/etc/origin/master/ca.key ca.crt=/etc/origin/master/ca.crt ca.key=/etc/origin/master/ca.key -- fluentd_replicas: (defaults to 1) 3 diff --git a/roles/openshift_efk/files/logging-deployer-sa.yaml b/roles/openshift_efk/files/logging-deployer-sa.yaml deleted file mode 100644 index 334c9402b..000000000 --- a/roles/openshift_efk/files/logging-deployer-sa.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: logging-deployer -secrets: -- name: logging-deployer diff --git a/roles/openshift_efk/tasks/main.yaml b/roles/openshift_efk/tasks/main.yaml deleted file mode 100644 index aff3d09fb..000000000 --- a/roles/openshift_efk/tasks/main.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- - - - fail: msg="This role requires the following vars to be defined: master_url, kibana_hostname, es_cluster_size" - when: "kibana_hostname is not defined or - es_cluster_size is not defined or - master_url is not defined" - - - name: "Checking for logging project" - command: oc get project logging - register: logging_project - failed_when: "'FAILED' in logging_project.stderr" - tags: - - cleanup - - - name: "Create logging project" - command: oadm new-project logging - when: logging_project.rc != 0 - tags: - - build - - name: "Changing projects" - command: oc project logging - tags: - - cleanup - - - name: "Cleanup any previous logging infrastructure" - command: oc delete all --selector logging-infra={{ item }} - with_items: - - kibana - - fluentd - - elasticsearch - ignore_errors: yes - tags: - - cleanup - - - name: "Cleanup existing support infrastructure" - command: oc delete all,sa,oauthclient --selector logging-infra=support - ignore_errors: yes - tags: - - cleanup - - - name: "Cleanup existing secrets" - command: oc delete secret logging-fluentd logging-elasticsearch logging-es-proxy logging-kibana logging-kibana-proxy logging-kibana-ops-proxy - ignore_errors: yes - register: clean_result - failed_when: clean_result.rc == 1 and 'not found' not in clean_result.stderr - tags: - - cleanup - - - name: "Cleanup existing logging deployers" - command: oc delete pods --all - tags: - - cleanup - - - name: "Creating logging deployer secret" - command: oc secrets new logging-deployer {{ logging_secret_vars | default('nothing=/dev/null') }} - register: secret_output - failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" - tags: - - build - - - name: "Copy serviceAccount file" - copy: dest=/tmp/logging-deployer-sa.yaml - src={{role_path}}/files/logging-deployer-sa.yaml - force=yes - tags: - - build - - - name: "Create logging-deployer service account" - shell: oc create -f /tmp/logging-deployer-sa.yaml - register: deployer_output - failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr" - tags: - - build - - - name: "Set permissions for logging-deployer service account" - command: oc policy add-role-to-user edit system:serviceaccount:logging:logging-deployer - register: permiss_output - failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" - tags: - - build - - - name: "Set permissions for fluentd" - command: oadm policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd - register: fluentd_output - failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" - tags: - - build - - - name: "Set additional permissions for fluentd" - command: oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd - register: fluentd2_output - failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" - tags: - - build - - - name: "Make sure to remove stale deployer template" - command: oc delete template logging-deployer-template -n openshift - register: delete_ouput - failed_when: delete_ouput.rc == 1 and 'exists' not in delete_ouput.stderr - tags: - - build - - - name: "Create deployer template" - command: oc create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift - register: template_output - failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" - tags: - - build - - - name: "Clear out any previous pods" - command: oc delete pods --all - tags: - - build - - - name: "Process the deployer template with an registry other than registry.access.redhat.com" - shell: oc process logging-deployer-template -n openshift -v KIBANA_HOSTNAME={{ kibana_hostname | quote }},ES_CLUSTER_SIZE={{ es_cluster_size | quote }},PUBLIC_MASTER_URL={{ master_url | quote }},IMAGE_PREFIX={{ target_registry | quote }}/ | oc create -f - - when: target_registry is defined - tags: - - build - - - name: "Process the default deployer template" - shell: oc process logging-deployer-template -n openshift -v KIBANA_HOSTNAME={{ kibana_hostname | quote }},ES_CLUSTER_SIZE={{ es_cluster_size | quote }},PUBLIC_MASTER_URL={{ master_url | quote }} | oc create -f - - when: target_registry is not defined - tags: - - build - - - name: "Wait for image pull and deployer pod" - action: shell oc get pods | grep logging-deployer.*Completed - register: result - until: result.rc == 0 - retries: 15 - delay: 10 - tags: - - build - - - name: "Process support template" - shell: oc process logging-support-template | oc create -f - - tags: - - build - - - name: "Set insecured registry" - command: oc annotate is --all openshift.io/image.insecureRepository=true --overwrite - when: "target_registry is defined and insecure_registry == 'true'" - tags: - - build - - - name: "Scale fluentd deployment config" - command: oc scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }} - tags: - - build - - - name: "Wait for imagestreams to become available" - action: shell oc get is | grep logging-fluentd - register: result - until: result.rc == 0 - failed_when: result.rc == 1 and 'not found' not in result.stderr - retries: 15 - delay: 5 - tags: - - build - - - name: "Wait for replication controllers to become available" - action: shell oc get rc | grep logging-fluentd-1 - register: result - until: result.rc == 0 - failed_when: result.rc == 1 and 'not found' not in result.stderr - retries: 15 - delay: 5 - tags: - - build - - - name: "Scale fluentd replication controller" - command: oc scale rc/logging-fluentd-1 --replicas={{ fluentd_replicas | default('1') }} - tags: - - build - - - debug: msg="Logging components deployed. Note persistant volume for elasticsearch must be setup manually" - tags: - - build diff --git a/roles/openshift_hosted_logging/README.md b/roles/openshift_hosted_logging/README.md new file mode 100644 index 000000000..b3f363571 --- /dev/null +++ b/roles/openshift_hosted_logging/README.md @@ -0,0 +1,10 @@ +###Required vars: + +- openshift_hosted_logging_hostname: kibana.example.com +- openshift_hosted_logging_elasticsearch_cluster_size: 1 +- openshift_hosted_logging_master_public_url: https://localhost:8443 + +###Optional vars: +- openshift_hosted_logging_secret_vars: (defaults to nothing=/dev/null) kibana.crt=/etc/origin/master/ca.crt kibana.key=/etc/origin/master/ca.key ca.crt=/etc/origin/master/ca.crt ca.key=/etc/origin/master/ca.key +- openshift_hosted_logging_fluentd_replicas: (defaults to 1) 3 +- openshift_hosted_logging_cleanup: (defaults to no) Set this to 'yes' in order to cleanup logging components instead of deploying. diff --git a/roles/openshift_hosted_logging/files/logging-deployer-sa.yaml b/roles/openshift_hosted_logging/files/logging-deployer-sa.yaml new file mode 100644 index 000000000..334c9402b --- /dev/null +++ b/roles/openshift_hosted_logging/files/logging-deployer-sa.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: logging-deployer +secrets: +- name: logging-deployer diff --git a/roles/openshift_hosted_logging/files/openshift_hosted_logging_efk.yaml b/roles/openshift_hosted_logging/files/openshift_hosted_logging_efk.yaml new file mode 100644 index 000000000..f55db11ac --- /dev/null +++ b/roles/openshift_hosted_logging/files/openshift_hosted_logging_efk.yaml @@ -0,0 +1,4 @@ +- hosts: my_master_host + roles: + - role: openshift_hosted_logging + openshift_hosted_logging_cleanup: no diff --git a/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml b/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml new file mode 100644 index 000000000..23a514ffd --- /dev/null +++ b/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml @@ -0,0 +1,76 @@ +--- + + - name: "Checking for logging project" + command: oc get project logging + register: logging_project + failed_when: "'FAILED' in logging_project.stderr" + tags: + - cleanup + + - name: "Changing projects" + command: oc project logging + tags: + - cleanup + - build + + - name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + + - name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + + - name: "Changing projects" + command: oc project logging + tags: + - cleanup + - build + + + - name: "Cleanup any previous logging infrastructure" + command: oc delete --ignore-not-found all --selector logging-infra={{ item }} + with_items: + - kibana + - fluentd + - elasticsearch + ignore_errors: yes + tags: + - cleanup + + + - name: "Cleanup existing support infrastructure" + command: oc delete --ignore-not-found all,sa,oauthclient --selector logging-infra=support + ignore_errors: yes + tags: + - cleanup + + - name: "Cleanup existing secrets" + command: oc delete secret logging-fluentd logging-elasticsearch logging-es-proxy logging-kibana logging-kibana-proxy logging-kibana-ops-proxy + ignore_errors: yes + register: clean_result + failed_when: clean_result.rc == 1 and 'not found' not in clean_result.stderr + tags: + - cleanup + + - name: "Cleanup existing logging deployers" + command: oc delete pods --all + tags: + - cleanup + + - name: "Make sure to remove deployer template" + command: oc delete template logging-deployer-template -n openshift + register: delete_ouput + failed_when: delete_ouput.rc == 1 and 'exists' not in delete_ouput.stderr + tags: + - cleanup + + - name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False + + - debug: msg="Success!" diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml new file mode 100644 index 000000000..5d69175ae --- /dev/null +++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml @@ -0,0 +1,107 @@ +--- + + - fail: msg="This role requires the following vars to be defined: openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, penshift_hosted_logging_elasticsearchs_cluster_size" + when: "openshift_hosted_logging_hostname is not defined or + penshift_hosted_logging_elasticsearchs_cluster_size is not defined or + openshift_hosted_logging_master_public_url is not defined" + + - name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + + - name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + + + - name: "Create logging project" + command: oadm new-project logging + when: logging_project.rc != 0 + + + - name: "Changing projects" + command: oc project logging + + - name: "Creating logging deployer secret" + command: oc secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }} + register: secret_output + failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" + + - name: "Copy serviceAccount file" + copy: dest=/tmp/logging-deployer-sa.yaml + src={{role_path}}/files/logging-deployer-sa.yaml + force=yes + + - name: "Create logging-deployer service account" + shell: oc create -f /tmp/logging-deployer-sa.yaml + register: deployer_output + failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr" + + - name: "Set permissions for logging-deployer service account" + command: oc policy add-role-to-user edit system:serviceaccount:logging:logging-deployer + register: permiss_output + failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" + + - name: "Set permissions for fluentd" + command: oadm policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd + register: fluentd_output + failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" + + - name: "Set additional permissions for fluentd" + command: oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd + register: fluentd2_output + failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" + + - name: "Create deployer template" + command: oc create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift + register: template_output + failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" + + - name: "Process the deployer template with an registry other than registry.access.redhat.com" + shell: oc process logging-deployer-template -n openshift -v {{ oc_process_values}} | oc create -f - + + - name: "Wait for image pull and deployer pod" + shell: oc get pods | grep logging-deployer.*Completed + register: result + until: result.rc == 0 + retries: 15 + delay: 10 + + - name: "Process support template" + shell: oc process logging-support-template | oc create -f - + + - name: "Set insecured registry" + command: oc annotate is --all openshift.io/image.insecureRepository=true --overwrite + when: "target_registry is defined and insecure_registry == 'true'" + + - name: "Scale fluentd deployment config" + command: oc scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }} + + - name: "Wait for imagestreams to become available" + shell: oc get is | grep logging-fluentd + register: result + until: result.rc == 0 + failed_when: result.rc == 1 and 'not found' not in result.stderr + retries: 15 + delay: 5 + + - name: "Wait for replication controllers to become available" + shell: oc get rc | grep logging-fluentd-1 + register: result + until: result.rc == 0 + failed_when: result.rc == 1 and 'not found' not in result.stderr + retries: 15 + delay: 5 + + - name: "Scale fluentd replication controller" + command: oc scale rc/logging-fluentd-1 --replicas={{ fluentd_replicas | default('1') }} + + - debug: msg="Logging components deployed. Note persistant volume for elasticsearch must be setup manually" + + - name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_hosted_logging/tasks/main.yaml b/roles/openshift_hosted_logging/tasks/main.yaml new file mode 100644 index 000000000..aea53804a --- /dev/null +++ b/roles/openshift_hosted_logging/tasks/main.yaml @@ -0,0 +1,8 @@ +--- +- name: Cleanup logging deployment + include: {{ role_path }}/tasks/cleanup_logging.yaml + when: openshift_hosted_logging_cleanup | default(false) | bool + +- name: Deploy logging + include: {{ role_path }}/tasks/deploy_logging.yaml + when: not openshift_hosted_logging_cleanup | default(false) | bool diff --git a/roles/openshift_hosted_logging/vars/main.yaml b/roles/openshift_hosted_logging/vars/main.yaml new file mode 100644 index 000000000..7baef0311 --- /dev/null +++ b/roles/openshift_hosted_logging/vars/main.yaml @@ -0,0 +1,5 @@ +kh_kv: KIBANA_HOSTNAME={{ openshift_hosted_logging_hostname | quote }} +es_cs_kv: ES_CLUSTER_SIZE={{ openshift_hosted_logging_elasticsearch_cluster_size | quote }} +pmu_kv: PUBLIC_MASTER_URL={{ openshift_hosted_logging_master_public_url | quote }} +ip_kv: "{{ 'IMAGE_PREFIX=' ~ target_registry | quote if target_registry is defined else '' }}" +oc_process_values: "{{ kh_kv }} {{ es_cs_kv }} {{ pmu_kv }} {{ ip_kv }}" -- cgit v1.2.3