7 years ago · 5e4a8137e2
--- a/roles/openshift_logging_fluentd/defaults/main.yml
+++ b/roles/openshift_logging_fluentd/defaults/main.yml
@@ -34,9 +34,9 @@ openshift_logging_fluentd_journal_read_from_head: "{{ openshift_hosted_logging_j
 
				 openshift_logging_fluentd_app_client_cert: /etc/fluent/keys/cert
			
 
				 openshift_logging_fluentd_app_client_key: /etc/fluent/keys/key
			
 
				 openshift_logging_fluentd_app_ca: /etc/fluent/keys/ca
			
 
				-openshift_logging_fluentd_ops_client_cert: /etc/fluent/keys/cert
			
 
				-openshift_logging_fluentd_ops_client_key: /etc/fluent/keys/key
			
 
				-openshift_logging_fluentd_ops_ca: /etc/fluent/keys/ca
			
 
				+openshift_logging_fluentd_ops_client_cert: /etc/fluent/keys/ops-cert
			
 
				+openshift_logging_fluentd_ops_client_key: /etc/fluent/keys/ops-key
			
 
				+openshift_logging_fluentd_ops_ca: /etc/fluent/keys/ops-ca
			
 
				 
			
 
				 
			
 
				 # used by "secure-host" and "secure-aggregator" deployments
			
--- a/roles/openshift_logging_fluentd/tasks/main.yaml
+++ b/roles/openshift_logging_fluentd/tasks/main.yaml
@@ -140,6 +140,8 @@
 
				       secure-forward.conf: "{{ tempdir }}/secure-forward.conf"
			
 
				 
			
 
				 # create Fluentd secret
			
 
				+# if we don't provide a location for provided certs then we use from generated_certs_dir
			
 
				+# ops will use the same certs as non-ops by default
			
 
				 # TODO: add aggregation secrets if necessary
			
 
				 - name: Set logging-fluentd secret
			
 
				   oc_secret:
			
@@ -148,11 +150,17 @@
 
				     namespace: "{{ openshift_logging_fluentd_namespace }}"
			
 
				     files:
			
 
				       - name: ca
			
 
				-        path: "{{ generated_certs_dir }}/ca.crt"
			
 
				+        path: "{{ openshift_logging_fluentd_ca_path | default(generated_certs_dir ~ '/ca.crt') }}"
			
 
				       - name: key
			
 
				-        path: "{{ generated_certs_dir }}/system.logging.fluentd.key"
			
 
				+        path: "{{ openshift_logging_fluentd_key_path | default(generated_certs_dir ~ '/system.logging.fluentd.key') }}"
			
 
				       - name: cert
			
 
				-        path: "{{ generated_certs_dir }}/system.logging.fluentd.crt"
			
 
				+        path: "{{ openshift_logging_fluentd_cert_path | default(generated_certs_dir ~ '/system.logging.fluentd.crt') }}"
			
 
				+      - name: ops-ca
			
 
				+        path: "{{ openshift_logging_fluentd_ops_ca_path | default(generated_certs_dir ~ '/ca.crt') }}"
			
 
				+      - name: ops-key
			
 
				+        path: "{{ openshift_logging_fluentd_ops_key_path | default(generated_certs_dir ~ '/system.logging.fluentd.key') }}"
			
 
				+      - name: ops-cert
			
 
				+        path: "{{ openshift_logging_fluentd_ops_cert_path | default(generated_certs_dir ~ '/system.logging.fluentd.crt') }}"
			
 
				 
			
 
				 # create Fluentd daemonset
			
 
				 # this should change based on the type of fluentd deployment to be done...