blob: f19ce3e2bd714b3afe4bf019c61b2f9c751e4b30 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
---
- fail: msg="This role requires the following vars to be defined. openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, openshift_hosted_logging_elasticsearch_cluster_size"
when: "openshift_hosted_logging_hostname is not defined or
openshift_hosted_logging_elasticsearch_cluster_size is not defined or
openshift_hosted_logging_master_public_url is not defined"
- name: Create temp directory for kubeconfig
command: mktemp -d /tmp/openshift-ansible-XXXXXX
register: mktemp
changed_when: False
- name: Copy the admin client config(s)
command: >
cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
changed_when: False
- name: Check for logging project already exists
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging -o jsonpath='{.metadata.name}'
register: logging_project_result
ignore_errors: True
- name: "Create logging project"
command: >
{{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging
when: logging_project_result.stdout == ""
- name: "Changing projects"
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging
- name: "Creating logging deployer secret"
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }}
register: secret_output
failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr"
- name: "Copy serviceAccount file"
copy:
dest: /tmp/logging-deployer-sa.yaml
src: "{{role_path}}/files/logging-deployer-sa.yaml"
force: yes
- name: "Create logging-deployer service account"
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /tmp/logging-deployer-sa.yaml
register: deployer_output
failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr"
- name: "Set permissions for logging-deployer service account"
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer
register: permiss_output
failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr"
- name: "Set permissions for fluentd"
command: >
{{ openshift.common.admin_binary}} policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd
register: fluentd_output
failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr"
- name: "Set additional permissions for fluentd"
command: >
{{ openshift.common.admin_binary}} policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd
register: fluentd2_output
failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr"
- name: "Create deployer template"
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml
register: template_output
failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr"
- name: "Process the deployer template"
shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-template -v {{ oc_process_values }} | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -"
register: process_deployer
failed_when: process_deployer.rc == 1 and 'already exists' not in process_deployer.stderr
- name: "Wait for image pull and deployer pod"
shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods | grep logging-deployer.*Completed"
register: result
until: result.rc == 0
retries: 15
delay: 10
- name: "Process support template"
shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-support-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -"
register: process_support
failed_when: process_support.rc == 1 and 'already exists' not in process_support.stderr
- name: "Set insecured registry"
command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig annotate is --all openshift.io/image.insecureRepository=true --overwrite"
when: "target_registry is defined and insecure_registry == 'true'"
- name: "Wait for imagestreams to become available"
shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get is | grep logging-fluentd"
register: result
until: result.rc == 0
failed_when: result.rc == 1 and 'not found' not in result.stderr
retries: 20
delay: 10
- name: "Wait for replication controllers to become available"
shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get rc | grep logging-fluentd-1"
register: result
until: result.rc == 0
failed_when: result.rc == 1 and 'not found' not in result.stderr
retries: 20
delay: 10
- name: "Scale fluentd deployment config"
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }}
- debug:
msg: "Logging components deployed. Note persistant volume for elasticsearch must be setup manually"
- name: Delete temp directory
file:
name: "{{ mktemp.stdout }}"
state: absent
changed_when: False
|