diff options
Diffstat (limited to 'roles/openshift_hosted_logging/tasks/deploy_logging.yaml')
-rw-r--r-- | roles/openshift_hosted_logging/tasks/deploy_logging.yaml | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml new file mode 100644 index 000000000..5d69175ae --- /dev/null +++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml @@ -0,0 +1,107 @@ +--- + + - fail: msg="This role requires the following vars to be defined: openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, penshift_hosted_logging_elasticsearchs_cluster_size" + when: "openshift_hosted_logging_hostname is not defined or + penshift_hosted_logging_elasticsearchs_cluster_size is not defined or + openshift_hosted_logging_master_public_url is not defined" + + - name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + + - name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + + + - name: "Create logging project" + command: oadm new-project logging + when: logging_project.rc != 0 + + + - name: "Changing projects" + command: oc project logging + + - name: "Creating logging deployer secret" + command: oc secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }} + register: secret_output + failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" + + - name: "Copy serviceAccount file" + copy: dest=/tmp/logging-deployer-sa.yaml + src={{role_path}}/files/logging-deployer-sa.yaml + force=yes + + - name: "Create logging-deployer service account" + shell: oc create -f /tmp/logging-deployer-sa.yaml + register: deployer_output + failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr" + + - name: "Set permissions for logging-deployer service account" + command: oc policy add-role-to-user edit system:serviceaccount:logging:logging-deployer + register: permiss_output + failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" + + - name: "Set permissions for fluentd" + command: oadm policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd + register: fluentd_output + failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" + + - name: "Set additional permissions for fluentd" + command: oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd + register: fluentd2_output + failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" + + - name: "Create deployer template" + command: oc create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift + register: template_output + failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" + + - name: "Process the deployer template with an registry other than registry.access.redhat.com" + shell: oc process logging-deployer-template -n openshift -v {{ oc_process_values}} | oc create -f - + + - name: "Wait for image pull and deployer pod" + shell: oc get pods | grep logging-deployer.*Completed + register: result + until: result.rc == 0 + retries: 15 + delay: 10 + + - name: "Process support template" + shell: oc process logging-support-template | oc create -f - + + - name: "Set insecured registry" + command: oc annotate is --all openshift.io/image.insecureRepository=true --overwrite + when: "target_registry is defined and insecure_registry == 'true'" + + - name: "Scale fluentd deployment config" + command: oc scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }} + + - name: "Wait for imagestreams to become available" + shell: oc get is | grep logging-fluentd + register: result + until: result.rc == 0 + failed_when: result.rc == 1 and 'not found' not in result.stderr + retries: 15 + delay: 5 + + - name: "Wait for replication controllers to become available" + shell: oc get rc | grep logging-fluentd-1 + register: result + until: result.rc == 0 + failed_when: result.rc == 1 and 'not found' not in result.stderr + retries: 15 + delay: 5 + + - name: "Scale fluentd replication controller" + command: oc scale rc/logging-fluentd-1 --replicas={{ fluentd_replicas | default('1') }} + + - debug: msg="Logging components deployed. Note persistant volume for elasticsearch must be setup manually" + + - name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False |