diff options
Diffstat (limited to 'roles/openshift_logging')
-rw-r--r-- | roles/openshift_logging/README.md | 4 | ||||
-rw-r--r-- | roles/openshift_logging/defaults/main.yml | 18 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/generate_configmaps.yaml | 11 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/generate_jks.yaml | 10 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/generate_routes.yaml | 57 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/install_elasticsearch.yaml | 4 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/main.yaml | 13 | ||||
-rw-r--r-- | roles/openshift_logging/templates/elasticsearch.yml.j2 | 10 | ||||
-rw-r--r-- | roles/openshift_logging/vars/main.yaml | 2 |
9 files changed, 104 insertions, 25 deletions
diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 14b80304d..570c41ecc 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -72,6 +72,8 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_es_recover_after_time`: The amount of time ES will wait before it tries to recover. Defaults to '5m'. - `openshift_logging_es_storage_group`: The storage group used for ES. Defaults to '65534'. - `openshift_logging_es_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land. +- `openshift_logging_es_number_of_shards`: The number of primary shards for every new index created in ES. Defaults to '1'. +- `openshift_logging_es_number_of_replicas`: The number of replica shards per primary shard for every new index. Defaults to '0'. When `openshift_logging_use_ops` is `True`, there are some additional vars. These work the same as above for their non-ops counterparts, but apply to the OPS cluster instance: @@ -88,6 +90,8 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta - `openshift_logging_es_ops_pvc_prefix`: logging-es-ops - `openshift_logging_es_ops_recover_after_time`: 5m - `openshift_logging_es_ops_storage_group`: 65534 +- `openshift_logging_es_ops_number_of_shards`: The number of primary shards for every new index created in ES. Defaults to '1'. +- `openshift_logging_es_ops_number_of_replicas`: The number of replica shards per primary shard for every new index. Defaults to '0'. - `openshift_logging_kibana_ops_hostname`: The Operations Kibana hostname. Defaults to 'kibana-ops.example.com'. - `openshift_logging_kibana_ops_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_ops_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified. diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 04fd42cbf..1ea0fbe12 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -54,6 +54,18 @@ openshift_logging_kibana_ops_proxy_cpu_limit: null openshift_logging_kibana_ops_proxy_memory_limit: null openshift_logging_kibana_ops_replica_count: 1 +#The absolute path on the control node to the cert file to use +#for the public facing ops kibana certs +openshift_logging_kibana_ops_cert: "" + +#The absolute path on the control node to the key file to use +#for the public facing ops kibana certs +openshift_logging_kibana_ops_key: "" + +#The absolute path on the control node to the CA file to use +#for the public facing ops kibana certs +openshift_logging_kibana_ops_ca: "" + openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}" openshift_logging_fluentd_cpu_limit: 100m openshift_logging_fluentd_memory_limit: 512Mi @@ -78,6 +90,10 @@ openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_ openshift_logging_es_recover_after_time: 5m openshift_logging_es_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}" openshift_logging_es_nodeselector: "{{ openshift_hosted_logging_elasticsearch_nodeselector | default('') | map_from_pairs }}" +# openshift_logging_es_config is a hash to be merged into the defaults for the elasticsearch.yaml +openshift_logging_es_config: {} +openshift_logging_es_number_of_shards: 1 +openshift_logging_es_number_of_replicas: 0 # allow cluster-admin or cluster-reader to view operations index openshift_logging_es_ops_allow_cluster_reader: False @@ -97,6 +113,8 @@ openshift_logging_es_ops_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_ openshift_logging_es_ops_recover_after_time: 5m openshift_logging_es_ops_storage_group: "{{ openshift_hosted_logging_elasticsearch_storage_group | default('65534') }}" openshift_logging_es_ops_nodeselector: "{{ openshift_hosted_logging_elasticsearch_ops_nodeselector | default('') | map_from_pairs }}" +openshift_logging_es_ops_number_of_shards: 1 +openshift_logging_es_ops_number_of_replicas: 0 # storage related defaults openshift_logging_storage_access_modes: "{{ openshift_hosted_logging_storage_access_modes | default(['ReadWriteOnce']) }}" diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml index 8fcf517ad..c1721895c 100644 --- a/roles/openshift_logging/tasks/generate_configmaps.yaml +++ b/roles/openshift_logging/tasks/generate_configmaps.yaml @@ -6,8 +6,17 @@ when: es_logging_contents is undefined changed_when: no + - local_action: > + copy content="{{ config_source | combine(override_config,recursive=True) | to_nice_yaml }}" + dest="{{local_tmp.stdout}}/elasticsearch-gen-template.yml" + vars: + config_source: "{{lookup('file','templates/elasticsearch.yml.j2') | from_yaml }}" + override_config: "{{openshift_logging_es_config | from_yaml}}" + when: es_logging_contents is undefined + changed_when: no + - template: - src: elasticsearch.yml.j2 + src: "{{local_tmp.stdout}}/elasticsearch-gen-template.yml" dest: "{{mktemp.stdout}}/elasticsearch.yml" vars: - allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}" diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml index c6e2ccbc0..6e3204589 100644 --- a/roles/openshift_logging/tasks/generate_jks.yaml +++ b/roles/openshift_logging/tasks/generate_jks.yaml @@ -20,12 +20,6 @@ register: truststore_jks check_mode: no -- name: Create temp directory for doing work in - local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX - register: local_tmp - changed_when: False - check_mode: no - - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r" when: elasticsearch_jks.stat.exists @@ -92,7 +86,3 @@ src: "{{local_tmp.stdout}}/truststore.jks" dest: "{{generated_certs_dir}}/truststore.jks" when: not truststore_jks.stat.exists - -- name: Cleaning up temp dir - local_action: file path="{{local_tmp.stdout}}" state=absent - changed_when: False diff --git a/roles/openshift_logging/tasks/generate_routes.yaml b/roles/openshift_logging/tasks/generate_routes.yaml index 7af17a708..e77da7a24 100644 --- a/roles/openshift_logging/tasks/generate_routes.yaml +++ b/roles/openshift_logging/tasks/generate_routes.yaml @@ -16,12 +16,12 @@ changed_when: false - name: Generating logging routes - template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml + template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-route.yaml tags: routes vars: - obj_name: "{{route_info.name}}" - route_host: "{{route_info.host}}" - service_name: "{{route_info.name}}" + obj_name: "logging-kibana" + route_host: "{{openshift_logging_kibana_hostname}}" + service_name: "logging-kibana" tls_key: "{{kibana_key | default('') | b64decode}}" tls_cert: "{{kibana_cert | default('') | b64decode}}" tls_ca_cert: "{{kibana_ca | b64decode}}" @@ -31,10 +31,47 @@ component: support logging-infra: support provider: openshift - with_items: - - {name: logging-kibana, host: "{{openshift_logging_kibana_hostname}}"} - - {name: logging-kibana-ops, host: "{{openshift_logging_kibana_ops_hostname}}"} - loop_control: - loop_var: route_info - when: (route_info.name == 'logging-kibana-ops' and openshift_logging_use_ops | bool) or route_info.name == 'logging-kibana' + changed_when: no + +- set_fact: kibana_ops_key={{ lookup('file', openshift_logging_kibana_ops_key) | b64encode }} + when: + - openshift_logging_use_ops | bool + - "{{ openshift_logging_kibana_ops_key | trim | length > 0 }}" + changed_when: false + +- set_fact: kibana_ops_cert={{ lookup('file', openshift_logging_kibana_ops_cert)| b64encode }} + when: + - openshift_logging_use_ops | bool + - "{{openshift_logging_kibana_ops_cert | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ops_ca={{ lookup('file', openshift_logging_kibana_ops_ca)| b64encode }} + when: + - openshift_logging_use_ops | bool + - "{{openshift_logging_kibana_ops_ca | trim | length > 0}}" + changed_when: false + +- set_fact: kibana_ops_ca={{key_pairs | entry_from_named_pair('ca_file') }} + when: + - openshift_logging_use_ops | bool + - kibana_ops_ca is not defined + changed_when: false + +- name: Generating logging ops routes + template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-logging-kibana-ops-route.yaml + tags: routes + vars: + obj_name: "logging-kibana-ops" + route_host: "{{openshift_logging_kibana_ops_hostname}}" + service_name: "logging-kibana-ops" + tls_key: "{{kibana_ops_key | default('') | b64decode}}" + tls_cert: "{{kibana_ops_cert | default('') | b64decode}}" + tls_ca_cert: "{{kibana_ops_ca | b64decode}}" + tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}" + edge_term_policy: "{{openshift_logging_kibana_edge_term_policy | default('') }}" + labels: + component: support + logging-infra: support + provider: openshift + when: openshift_logging_use_ops | bool changed_when: no diff --git a/roles/openshift_logging/tasks/install_elasticsearch.yaml b/roles/openshift_logging/tasks/install_elasticsearch.yaml index 1b750bcbe..28fad420b 100644 --- a/roles/openshift_logging/tasks/install_elasticsearch.yaml +++ b/roles/openshift_logging/tasks/install_elasticsearch.yaml @@ -53,6 +53,8 @@ deploy_name: "{{item.1}}" es_node_selector: "{{openshift_logging_es_nodeselector | default({}) }}" es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim)}}" + es_number_of_shards: "{{ openshift_logging_es_number_of_shards }}" + es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas }}" with_indexed_items: - "{{ es_dc_pool }}" check_mode: no @@ -134,6 +136,8 @@ openshift_logging_es_recover_after_time: "{{openshift_logging_es_ops_recover_after_time}}" es_node_selector: "{{openshift_logging_es_ops_nodeselector | default({}) }}" es_storage: "{{openshift_logging_facts|es_storage(deploy_name, pvc_claim,root='elasticsearch_ops')}}" + es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards }}" + es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas }}" with_indexed_items: - "{{ es_ops_dc_pool | default([]) }}" when: diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index 4c718805e..eb60175c7 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -12,6 +12,14 @@ - debug: msg="Created temp dir {{mktemp.stdout}}" +- name: Create local temp directory for doing work in + local_action: command mktemp -d /tmp/openshift-logging-ansible-XXXXXX + register: local_tmp + changed_when: False + check_mode: no + +- debug: msg="Created local temp dir {{local_tmp.stdout}}" + - name: Copy the admin client config(s) command: > cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig @@ -37,3 +45,8 @@ tags: logging_cleanup changed_when: False check_mode: no + +- name: Cleaning up local temp dir + local_action: file path="{{local_tmp.stdout}}" state=absent + tags: logging_cleanup + changed_when: False diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2 index f2d098f10..07e8c0c98 100644 --- a/roles/openshift_logging/templates/elasticsearch.yml.j2 +++ b/roles/openshift_logging/templates/elasticsearch.yml.j2 @@ -6,9 +6,8 @@ script: indexed: on index: - number_of_shards: 1 - number_of_replicas: 0 - auto_expand_replicas: 0-2 + number_of_shards: {{ es_number_of_shards | default ('1') }} + number_of_replicas: {{ es_number_of_replicas | default ('0') }} unassigned.node_left.delayed_timeout: 2m translog: flush_threshold_size: 256mb @@ -29,6 +28,7 @@ cloud: discovery: type: kubernetes zen.ping.multicast.enabled: false + zen.minimum_master_nodes: {{es_min_masters}} gateway: expected_master_nodes: ${NODE_QUORUM} @@ -37,6 +37,8 @@ gateway: recover_after_time: ${RECOVER_AFTER_TIME} io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"] +io.fabric8.elasticsearch.kibana.mapping.app: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json +io.fabric8.elasticsearch.kibana.mapping.ops: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json openshift.config: use_common_data_model: true @@ -47,7 +49,7 @@ openshift.searchguard: keystore.path: /etc/elasticsearch/secret/admin.jks truststore.path: /etc/elasticsearch/secret/searchguard.truststore -openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default ('false')}} +openshift.operations.allow_cluster_reader: "{{allow_cluster_reader | default (false)}}" path: data: /elasticsearch/persistent/${CLUSTER_NAME}/data diff --git a/roles/openshift_logging/vars/main.yaml b/roles/openshift_logging/vars/main.yaml index 07cc05683..c3064cee9 100644 --- a/roles/openshift_logging/vars/main.yaml +++ b/roles/openshift_logging/vars/main.yaml @@ -1,6 +1,8 @@ --- openshift_master_config_dir: "{{ openshift.common.config_base }}/master" es_node_quorum: "{{openshift_logging_es_cluster_size|int/2 + 1}}" +es_min_masters_default: "{{ (openshift_logging_es_cluster_size | int / 2 | round(0,'floor') + 1) | int }}" +es_min_masters: "{{ (openshift_logging_es_cluster_size == 1) | ternary(1, es_min_masters_default)}}" es_recover_after_nodes: "{{openshift_logging_es_cluster_size|int - 1}}" es_recover_expected_nodes: "{{openshift_logging_es_cluster_size|int}}" es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size|int/2 + 1}}" |