diff options
Diffstat (limited to 'roles/openshift_logging/tasks/install_mux.yaml')
-rw-r--r-- | roles/openshift_logging/tasks/install_mux.yaml | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/roles/openshift_logging/tasks/install_mux.yaml b/roles/openshift_logging/tasks/install_mux.yaml new file mode 100644 index 000000000..296da626f --- /dev/null +++ b/roles/openshift_logging/tasks/install_mux.yaml @@ -0,0 +1,67 @@ +--- +- set_fact: mux_ops_host={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }} + check_mode: no + +- set_fact: mux_ops_port={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }} + check_mode: no + +- name: Check mux current replica count + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-mux + -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}} + register: mux_replica_count + when: not ansible_check_mode + ignore_errors: yes + changed_when: no + +- name: Generating mux deploymentconfig + template: src=mux.j2 dest={{mktemp.stdout}}/templates/logging-mux-dc.yaml + vars: + component: mux + logging_component: mux + deploy_name: "logging-{{component}}" + image: "{{openshift_logging_image_prefix}}logging-fluentd:{{openshift_logging_image_version}}" + es_host: logging-es + es_port: "{{openshift_logging_es_port}}" + ops_host: "{{ mux_ops_host }}" + ops_port: "{{ mux_ops_port }}" + mux_cpu_limit: "{{openshift_logging_mux_cpu_limit}}" + mux_memory_limit: "{{openshift_logging_mux_memory_limit}}" + replicas: "{{mux_replica_count.stdout | default (0)}}" + mux_node_selector: "{{openshift_logging_mux_nodeselector | default({})}}" + check_mode: no + changed_when: no + +- name: "Check mux hostmount-anyuid permissions" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig + get scc/hostmount-anyuid -o jsonpath='{.users}' + register: mux_hostmount_anyuid + check_mode: no + changed_when: no + +- name: "Set hostmount-anyuid permissions for mux" + command: > + {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy + add-scc-to-user hostmount-anyuid system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd + register: mux_output + failed_when: "mux_output.rc == 1 and 'exists' not in mux_output.stderr" + check_mode: no + when: mux_hostmount_anyuid.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1 + +- name: "Check mux cluster-reader permissions" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig + get clusterrolebinding/cluster-readers -o jsonpath='{.userNames}' + register: mux_cluster_reader + check_mode: no + changed_when: no + +- name: "Set cluster-reader permissions for mux" + command: > + {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy + add-cluster-role-to-user cluster-reader system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd + register: mux2_output + failed_when: "mux2_output.rc == 1 and 'exists' not in mux2_output.stderr" + check_mode: no + when: mux_cluster_reader.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1 |