Removing var openshift_logging_es5_techpreview and multi-version structures in logging roles

playbooks/openshift-logging/private/config.yml

@@ -17,33 +17,29 @@
   hosts: all
   gather_facts: false
   tasks:
-  - when:
-    - openshift_logging_es5_techpreview | default(false) | bool
-    - openshift_deployment_type in ['origin']
-    block:
-    - name: Checking vm max_map_count value
-      command:
-        cat /proc/sys/vm/max_map_count
-      register: _vm_max_map_count
+  - name: Checking vm max_map_count value
+    command:
+      cat /proc/sys/vm/max_map_count
+    register: _vm_max_map_count
 
-    - stat:
-        path: /etc/sysctl.d/99-elasticsearch.conf
-      register: _99_es_conf
+  - stat:
+      path: /etc/sysctl.d/99-elasticsearch.conf
+    register: _99_es_conf
 
-    - name: Check for current value of vm.max_map_count in 99-elasticsearch.conf
-      command: >
-        sed /etc/sysctl.d/99-elasticsearch.conf -e 's/vm.max_map_count=\(.*\)/\1/'
-      register: _curr_vm_max_map_count
-      when: _99_es_conf.stat.exists
+  - name: Check for current value of vm.max_map_count in 99-elasticsearch.conf
+    command: >
+      sed /etc/sysctl.d/99-elasticsearch.conf -e 's/vm.max_map_count=\(.*\)/\1/'
+    register: _curr_vm_max_map_count
+    when: _99_es_conf.stat.exists
 
-    - name: Updating vm.max_map_count value
-      sysctl:
-        name: vm.max_map_count
-        value: 262144
-        sysctl_file: "/etc/sysctl.d/99-elasticsearch.conf"
-        reload: yes
-      when:
-      - _vm_max_map_count.stdout | default(0) | int < 262144 | int or _curr_vm_max_map_count.stdout | default(0) | int < 262144
+  - name: Updating vm.max_map_count value
+    sysctl:
+      name: vm.max_map_count
+      value: 262144
+      sysctl_file: "/etc/sysctl.d/99-elasticsearch.conf"
+      reload: yes
+    when:
+    - _vm_max_map_count.stdout | default(0) | int < 262144 | int or _curr_vm_max_map_count.stdout | default(0) | int < 262144
 
 - name: OpenShift Aggregated Logging
   hosts: oo_first_master

roles/openshift_logging/defaults/main.yml

@@ -13,8 +13,6 @@ openshift_logging_image_pull_secret: ""
 
 openshift_logging_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'logging-deployer') }}"
 
-openshift_logging_es5_techpreview: False
-
 openshift_logging_curator_default_days: 30
 openshift_logging_curator_run_hour: 3
 openshift_logging_curator_run_minute: 30

roles/openshift_logging/tasks/install_logging.yaml

@@ -59,10 +59,6 @@
   vars:
     generated_certs_dir: "{{openshift.common.config_base}}/logging"
 
-- set_fact:
-    __base_file_dir: "{{ '5.x' if openshift_logging_es5_techpreview | bool else '2.x' }}"
-    __es_version: "{{ '5.x' if openshift_logging_es5_techpreview | bool else '2.x' }}"
-
 ## Elasticsearch
 
 - set_fact: es_indices={{ es_indices | default([]) + [item | int - 1] }}

roles/openshift_logging_curator/defaults/main.yml

@@ -3,11 +3,7 @@
 openshift_logging_curator_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
 openshift_logging_curator_master_url: "https://kubernetes.default.svc.cluster.local"
 
-openshift_logging_es5_techpreview: False
-l_openshift_curator_image_replace: "{{ (openshift_logging_es5_techpreview | bool) | ternary('logging-curator5', 'logging-curator') }}"
-openshift_logging_curator_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, l_openshift_curator_image_replace) }}"
-
-openshift_logging_curator_namespace: logging
+openshift_logging_curator_namespace: openshift-logging
 
 ### Common settings
 openshift_logging_curator_nodeselector: ""

roles/openshift_logging_curator/files/2.x/curator.yml

@@ -1,18 +0,0 @@
-# Logging example curator config file
-
-# uncomment and use this to override the defaults from env vars
-#.defaults:
-#  delete:
-#    days: 30
-#  runhour: 0
-#  runminute: 0
-
-# to keep ops logs for a different duration:
-#.operations:
-#  delete:
-#    weeks: 8
-
-# example for a normal project
-#myapp:
-#  delete:
-#    weeks: 1

roles/openshift_logging_curator/tasks/main.yaml

@@ -65,135 +65,79 @@
   set_fact:
     is_upgrade: "{{ openshift_logging_facts['curator' ~ ( (openshift_logging_curator_ops_deployment | default(false) | bool) | ternary('_ops', '') )]['deploymentconfigs'][curator_name] is defined }}"
 
-# Deployment Config - v2.x
-- when: not openshift_logging_es5_techpreview
-  block:
-    - name: Generate Curator deploymentconfig
-      template:
-        src: "{{ __base_file_dir }}/curator.j2"
-        dest: "{{ tempdir }}/templates/curator-dc.yaml"
-      vars:
-        component: "{{ curator_component }}"
-        logging_component: curator
-        deploy_name: "{{ curator_name }}"
-        es_host: "{{ openshift_logging_curator_es_host }}"
-        es_port: "{{ openshift_logging_curator_es_port }}"
-        curator_cpu_limit: "{{ openshift_logging_curator_cpu_limit }}"
-        curator_cpu_request: "{{ openshift_logging_curator_cpu_request | min_cpu(openshift_logging_curator_cpu_limit | default(none)) }}"
-        curator_memory_limit: "{{ openshift_logging_curator_memory_limit }}"
-        curator_replicas: "{{ openshift_logging_curator_replicas | default (1) }}"
-        curator_node_selector: "{{openshift_logging_curator_nodeselector | default({})}}"
-      check_mode: no
-      changed_when: no
-
-    - copy:
-        src: "{{ __base_file_dir }}/curator.yml"
-        dest: "{{ tempdir }}/curator.yml"
-      changed_when: no
-
-    - import_role:
-        name: openshift_logging
-        tasks_from: patch_configmap_files.yaml
-      vars:
-        configmap_name: "logging-curator"
-        configmap_namespace: "{{ openshift_logging_namespace }}"
-        configmap_file_names:
-          - current_file: "config.yaml"
-            new_file: "{{ tempdir }}/curator.yml"
-
-    - name: Set Curator configmap
-      oc_configmap:
-        state: present
-        name: "logging-curator"
-        namespace: "{{ openshift_logging_namespace }}"
-        from_file:
-          config.yaml: "{{ tempdir }}/curator.yml"
-
-    - name: Set Curator DC
-      oc_obj:
-        state: present
-        name: "{{ curator_name }}"
-        namespace: "{{ openshift_logging_namespace }}"
-        kind: dc
-        files:
-          - "{{ tempdir }}/templates/curator-dc.yaml"
-        delete_after: true
-
 # Cron Job - v5.x
-- when: openshift_logging_es5_techpreview | bool
-  block:
-    # Keep the old DC around
-    - name: Scale the old DC to 0
-      oc_scale:
-        name: "{{ curator_name }}"
-        namespace: "{{ openshift_logging_namespace }}"
-        kind: dc
-        replicas: 0
-      when: is_upgrade | bool
-
-    - name: Generate Curator cronjob
-      template:
-        src: "{{ __base_file_dir }}/curator-cj.j2"
-        dest: "{{ tempdir }}/templates/curator-cj.yaml"
-      vars:
-        component: "{{ curator_component }}"
-        logging_component: curator
-        deploy_name: "{{ curator_name }}"
-        es_host: "{{ openshift_logging_curator_es_host }}"
-        es_port: "{{ openshift_logging_curator_es_port }}"
-        curator_cpu_limit: "{{ openshift_logging_curator_cpu_limit }}"
-        curator_cpu_request: "{{ openshift_logging_curator_cpu_request | min_cpu(openshift_logging_curator_cpu_limit | default(none)) }}"
-        curator_memory_limit: "{{ openshift_logging_curator_memory_limit }}"
-        curator_node_selector: "{{openshift_logging_curator_nodeselector | default({})}}"
-        cron_job_schedule: "{{ openshift_logging_curator_run_minute | default(0) }} {{ openshift_logging_curator_run_hour | default(0) }} * * *"
-      check_mode: no
-      changed_when: no
-
-    # Copy config files
-    - copy:
-        src: "{{ __base_file_dir }}/{{ item }}"
-        dest: "{{ tempdir }}/{{ item }}"
-      with_items:
-        - "actions.yaml"
-        - "config.yaml"
-        - "curator.yml"
-
-    # Patch existing configuration, if present
-    - import_role:
-        name: openshift_logging
-        tasks_from: patch_configmap_files.yaml
-      vars:
-        configmap_name: "logging-curator"
-        configmap_namespace: "{{ openshift_logging_namespace }}"
-        configmap_file_names:
-          - current_file: "actions.yaml"
-            new_file: "{{ tempdir }}/actions.yaml"
-          - current_file: "curator5.yaml"
-            new_file: "{{ tempdir }}/config.yaml"
-          - current_file: "config.yaml"
-            new_file: "{{ tempdir }}/curator.yml"
-
-    # Create cronjob
-    - name: Set Curator Cronjob
-      oc_obj:
-        state: present
-        name: "{{ curator_name }}"
-        namespace: "{{ openshift_logging_namespace }}"
-        kind: cronjob
-        files:
-          - "{{ tempdir }}/templates/curator-cj.yaml"
-        delete_after: true
-
-    # Create config map
-    - name: Set Curator configmap
-      oc_configmap:
-        state: present
-        name: "logging-curator"
-        namespace: "{{ openshift_logging_namespace }}"
-        from_file:
-          actions.yaml: "{{ tempdir }}/actions.yaml"
-          curator5.yaml: "{{ tempdir }}/config.yaml"
-          config.yaml: "{{ tempdir }}/curator.yml"
+# Keep the old DC around
+- name: Scale the old DC to 0
+  oc_scale:
+    name: "{{ curator_name }}"
+    namespace: "{{ openshift_logging_namespace }}"
+    kind: dc
+    replicas: 0
+  when: is_upgrade | bool
+
+- name: Generate Curator cronjob
+  template:
+    src: "curator-cj.j2"
+    dest: "{{ tempdir }}/templates/curator-cj.yaml"
+  vars:
+    component: "{{ curator_component }}"
+    logging_component: curator
+    deploy_name: "{{ curator_name }}"
+    es_host: "{{ openshift_logging_curator_es_host }}"
+    es_port: "{{ openshift_logging_curator_es_port }}"
+    curator_cpu_limit: "{{ openshift_logging_curator_cpu_limit }}"
+    curator_cpu_request: "{{ openshift_logging_curator_cpu_request | min_cpu(openshift_logging_curator_cpu_limit | default(none)) }}"
+    curator_memory_limit: "{{ openshift_logging_curator_memory_limit }}"
+    curator_node_selector: "{{openshift_logging_curator_nodeselector | default({})}}"
+    cron_job_schedule: "{{ openshift_logging_curator_run_minute | default(0) }} {{ openshift_logging_curator_run_hour | default(0) }} * * *"
+  check_mode: no
+  changed_when: no
+
+# Copy config files
+- copy:
+    src: "{{ item }}"
+    dest: "{{ tempdir }}/{{ item }}"
+  with_items:
+    - "actions.yaml"
+    - "config.yaml"
+    - "curator.yml"
+
+# Patch existing configuration, if present
+- import_role:
+    name: openshift_logging
+    tasks_from: patch_configmap_files.yaml
+  vars:
+    configmap_name: "logging-curator"
+    configmap_namespace: "{{ openshift_logging_namespace }}"
+    configmap_file_names:
+      - current_file: "actions.yaml"
+        new_file: "{{ tempdir }}/actions.yaml"
+      - current_file: "curator5.yaml"
+        new_file: "{{ tempdir }}/config.yaml"
+      - current_file: "config.yaml"
+        new_file: "{{ tempdir }}/curator.yml"
+
+# Create cronjob
+- name: Set Curator Cronjob
+  oc_obj:
+    state: present
+    name: "{{ curator_name }}"
+    namespace: "{{ openshift_logging_namespace }}"
+    kind: cronjob
+    files:
+      - "{{ tempdir }}/templates/curator-cj.yaml"
+    delete_after: true
+
+# Create config map
+- name: Set Curator configmap
+  oc_configmap:
+    state: present
+    name: "logging-curator"
+    namespace: "{{ openshift_logging_namespace }}"
+    from_file:
+      actions.yaml: "{{ tempdir }}/actions.yaml"
+      curator5.yaml: "{{ tempdir }}/config.yaml"
+      config.yaml: "{{ tempdir }}/curator.yml"
 
 - name: Delete temp directory
   file:

roles/openshift_logging_curator/templates/2.x/curator.j2

@@ -1,113 +0,0 @@
-apiVersion: "v1"
-kind: "DeploymentConfig"
-metadata:
-  name: "{{deploy_name}}"
-  labels:
-    provider: openshift
-    component: "{{component}}"
-    logging-infra: "{{logging_component}}"
-spec:
-  replicas: {{curator_replicas|default(1)}}
-  selector:
-    provider: openshift
-    component: "{{component}}"
-    logging-infra: "{{logging_component}}"
-  strategy:
-    rollingParams:
-      intervalSeconds: 1
-      timeoutSeconds: 600
-      updatePeriodSeconds: 1
-    type: Recreate
-  template:
-    metadata:
-      name: "{{deploy_name}}"
-      labels:
-        logging-infra: "{{logging_component}}"
-        provider: openshift
-        component: "{{component}}"
-    spec:
-      terminationGracePeriod: 600
-      serviceAccountName: aggregated-logging-curator
-{% if curator_node_selector is iterable and curator_node_selector | length > 0 %}
-      nodeSelector:
-{% for key, value in curator_node_selector.items() %}
-        {{key}}: "{{value}}"
-{% endfor %}
-{% endif %}
-      containers:
-        -
-          name: "curator"
-          image: "{{ openshift_logging_curator_image }}"
-          imagePullPolicy: IfNotPresent
-{% if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "") or (curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "") %}
-          resources:
-{%   if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "") %}
-            limits:
-{%     if curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "" %}
-              cpu: "{{curator_cpu_limit}}"
-{%     endif %}
-{%     if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %}
-              memory: "{{curator_memory_limit}}"
-{%     endif %}
-{%   endif %}
-{%   if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "") %}
-            requests:
-{%     if curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "" %}
-              cpu: "{{curator_cpu_request}}"
-{%     endif %}
-{%     if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %}
-              memory: "{{curator_memory_limit}}"
-{%     endif %}
-{%   endif %}
-{% endif %}
-          env:
-            -
-              name: "K8S_HOST_URL"
-              value: "{{openshift_logging_curator_master_url}}"
-            -
-              name: "ES_HOST"
-              value: "{{es_host}}"
-            -
-              name: "ES_PORT"
-              value: "{{es_port}}"
-            -
-              name: "ES_CLIENT_CERT"
-              value: "/etc/curator/keys/cert"
-            -
-              name: "ES_CLIENT_KEY"
-              value: "/etc/curator/keys/key"
-            -
-              name: "ES_CA"
-              value: "/etc/curator/keys/ca"
-            -
-              name: "CURATOR_DEFAULT_DAYS"
-              value: "{{openshift_logging_curator_default_days}}"
-            -
-              name: "CURATOR_RUN_HOUR"
-              value: "{{openshift_logging_curator_run_hour}}"
-            -
-              name: "CURATOR_RUN_MINUTE"
-              value: "{{openshift_logging_curator_run_minute}}"
-            -
-              name: "CURATOR_RUN_TIMEZONE"
-              value: "{{openshift_logging_curator_run_timezone}}"
-            -
-              name: "CURATOR_SCRIPT_LOG_LEVEL"
-              value: "{{openshift_logging_curator_script_log_level}}"
-            -
-              name: "CURATOR_LOG_LEVEL"
-              value: "{{openshift_logging_curator_log_level}}"
-          volumeMounts:
-            - name: certs
-              mountPath: /etc/curator/keys
-              readOnly: true
-            - name: config
-              mountPath: /etc/curator/settings
-              readOnly: true
-      volumes:
-        - name: certs
-          secret:
-            secretName: logging-curator
-        - name: config
-          configMap:
-            name: logging-curator

roles/openshift_logging_defaults/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-openshift_logging_es5_techpreview: False
 l_openshift_logging_search_dict:
   origin: "${component}"
   openshift-enterprise: "ose-${component}"
@@ -23,4 +22,10 @@ l_os_logging_proxy_image: "{{ l_os_logging_non_standard_reg_url | regex_replace(
 # We need to regex_replace the origin-${component} with 'oauth-proxy'
 l2_os_logging_proxy_image: "{{ l_os_logging_proxy_image | regex_replace(l_os_logging_non_standard_reg_search | regex_escape, 'oauth-proxy') }}"
 
+openshift_logging_curator_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'logging-curator5') }}"
+openshift_logging_elasticsearch_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'logging-elasticsearch5') }}"
+openshift_logging_elasticsearch_proxy_image: "{{ l2_os_logging_proxy_image }}"
 openshift_logging_fluentd_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'logging-fluentd') }}"
+openshift_logging_kibana_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'logging-kibana5') }}"
+openshift_logging_kibana_proxy_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'logging-auth-proxy') }}"
+openshift_logging_mux_image: "{{ openshift_logging_fluentd_image }}"

roles/openshift_logging_elasticsearch/defaults/main.yml

@@ -1,14 +1,7 @@
 ---
 ### Common settings
 openshift_logging_elasticsearch_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
-openshift_logging_elasticsearch_namespace: logging
-
-
-l_openshift_elasticsearch_image_replace: "{{ (openshift_logging_es5_techpreview | bool) | ternary('logging-elasticsearch5', 'logging-elasticsearch') }}"
-openshift_logging_elasticsearch_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, l_openshift_elasticsearch_image_replace) }}"
-
-
-openshift_logging_elasticsearch_proxy_image: "{{ l2_os_logging_proxy_image }}"
+openshift_logging_elasticsearch_namespace: openshift-logging
 
 openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector | default('') }}"
 openshift_logging_elasticsearch_cpu_limit: null

roles/openshift_logging_elasticsearch/tasks/main.yaml

@@ -24,18 +24,21 @@
     es_component: "{{ 'es' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}"
 
 - include_tasks: get_es_version.yml
+  run_once: true
 
 - set_fact:
     full_restart_cluster: True
   when:
   - _es_installed_version is defined
   - _es_installed_version.split('.')[0] | int < __es_version.split('.')[0] | int
+  - not openshift_logging_elasticsearch_ops_deployment | default(false) | bool
 
 - set_fact:
     full_restart_cluster: True
   when:
   - _es_ops_installed_version is defined
   - _es_ops_installed_version.split('.')[0] | int < __es_version.split('.')[0] | int
+  - openshift_logging_elasticsearch_ops_deployment | default(false) | bool
 
 # allow passing in a tempdir
 - name: Create temp directory for doing work in
@@ -101,13 +104,13 @@
 
 # logging-metrics-reader role
 - template:
-    src: "{{ __base_file_dir }}/logging-metrics-role.j2"
+    src: "logging-metrics-role.j2"
     dest: "{{mktemp.stdout}}/templates/logging-metrics-role.yml"
   vars:
     namespace: "{{ openshift_logging_elasticsearch_namespace }}"
 
 - template:
-    src: "{{ __base_file_dir }}/logging-metrics-rolebinding.j2"
+    src: "logging-metrics-rolebinding.j2"
     dest: "{{mktemp.stdout}}/templates/logging-metrics-rolebinding.yml"
   vars:
     namespace: "{{ openshift_logging_elasticsearch_namespace }}"
@@ -159,7 +162,7 @@
 # View role and binding
 - name: Generate logging-elasticsearch-view-role
   template:
-    src: "{{ __base_file_dir }}/rolebinding.j2"
+    src: "rolebinding.j2"
     dest: "{{mktemp.stdout}}/logging-elasticsearch-view-role.yaml"
   vars:
     obj_name: logging-elasticsearch-view-role
@@ -192,102 +195,54 @@
     msg: "The openshift_logging_es_log_appenders '{{ openshift_logging_es_log_appenders }}' has an unrecognized option and only supports the following as a list: {{ __es_log_appenders | join(', ') }}"
 
 - template:
-    src: "{{ __base_file_dir }}/elasticsearch.yml.j2"
+    src: "elasticsearch.yml.j2"
     dest: "{{ tempdir }}/elasticsearch.yml"
   vars:
     allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}"
-    es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}"
-    es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas| default(0) }}"
     es_kibana_index_mode: "{{ openshift_logging_elasticsearch_kibana_index_mode | default('unique') }}"
   changed_when: no
 
 # create diff between current configmap files and our current files
-- when: not openshift_logging_es5_techpreview
-  block:
-  - template:
-      src: "{{ __base_file_dir }}/elasticsearch-logging.yml.j2"
-      dest: "{{ tempdir }}/elasticsearch-logging.yml"
-    vars:
-      root_logger: "{{openshift_logging_es_log_appenders | join(', ')}}"
-    changed_when: no
-
-  - include_role:
-      name: openshift_logging
-      tasks_from: patch_configmap_files.yaml
-    vars:
-      configmap_name: "{{ elasticsearch_name }}"
-      configmap_namespace: "{{ openshift_logging_namespace }}"
-      configmap_file_names:
-      - current_file: "elasticsearch.yml"
-        new_file: "{{ tempdir }}/elasticsearch.yml"
-        protected_lines: ["number_of_shards", "number_of_replicas"]
-      - current_file: "logging.yml"
-        new_file: "{{ tempdir }}/elasticsearch-logging.yml"
-
-  - slurp:
-      src: "{{ tempdir }}/elasticsearch.yml"
-    register: _patched_elasticsearch_config
-
-  - copy:
-      content: "{{ config_source | combine(override_config, recursive=True) | to_nice_yaml(indent=2) }}"
-      dest: "{{ tempdir }}/elasticsearch.yml"
-    vars:
-      config_source: "{{ _patched_elasticsearch_config['content'] | b64decode | from_yaml }}"
-      override_config: "{{ openshift_logging_es_config | default({}) | from_yaml }}"
+- template:
+    src: "log4j2.properties.j2"
+    dest: "{{ tempdir }}/log4j2.properties"
+  vars:
+    root_logger: "{{ openshift_logging_es_log_appenders | list }}"
+  changed_when: no
 
-  - name: Set ES configmap
-    oc_configmap:
-      state: present
-      name: "{{ elasticsearch_name }}"
-      namespace: "{{ openshift_logging_elasticsearch_namespace }}"
-      from_file:
-        elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
-        logging.yml: "{{ tempdir }}/elasticsearch-logging.yml"
-    register: es_config_creation
-    notify: "restart elasticsearch"
+- include_role:
+    name: openshift_logging
+    tasks_from: patch_configmap_files.yaml
+  vars:
+    configmap_name: "{{ elasticsearch_name }}"
+    configmap_namespace: "{{ openshift_logging_namespace }}"
+    configmap_file_names:
+    - current_file: "elasticsearch.yml"
+      new_file: "{{ tempdir }}/elasticsearch.yml"
+    - current_file: "log4j2.properties"
+      new_file: "{{ tempdir }}/log4j2.properties"
 
-- when: openshift_logging_es5_techpreview | bool
-  block:
-  - template:
-      src: "{{ __base_file_dir }}/log4j2.properties.j2"
-      dest: "{{ tempdir }}/log4j2.properties"
-    vars:
-      root_logger: "{{ openshift_logging_es_log_appenders | list }}"
-    changed_when: no
+- slurp:
+    src: "{{ tempdir }}/elasticsearch.yml"
+  register: _patched_elasticsearch_config
 
-  - include_role:
-      name: openshift_logging
-      tasks_from: patch_configmap_files.yaml
-    vars:
-      configmap_name: "{{ elasticsearch_name }}"
-      configmap_namespace: "{{ openshift_logging_namespace }}"
-      configmap_file_names:
-      - current_file: "elasticsearch.yml"
-        new_file: "{{ tempdir }}/elasticsearch.yml"
-      - current_file: "log4j2.properties"
-        new_file: "{{ tempdir }}/log4j2.properties"
-
-  - slurp:
-      src: "{{ tempdir }}/elasticsearch.yml"
-    register: _patched_elasticsearch_config
-
-  - copy:
-      content: "{{ config_source | combine(override_config, recursive=True) | to_nice_yaml(indent=2) }}"
-      dest: "{{ tempdir }}/elasticsearch.yml"
-    vars:
-      config_source: "{{ _patched_elasticsearch_config['content'] | b64decode | from_yaml }}"
-      override_config: "{{ openshift_logging_es_config | default({}) | from_yaml }}"
+- copy:
+    content: "{{ config_source | combine(override_config, recursive=True) | to_nice_yaml(indent=2) }}"
+    dest: "{{ tempdir }}/elasticsearch.yml"
+  vars:
+    config_source: "{{ _patched_elasticsearch_config['content'] | b64decode | from_yaml }}"
+    override_config: "{{ openshift_logging_es_config | default({}) | from_yaml }}"
 
-  - name: Set ES configmap
-    oc_configmap:
-      state: present
-      name: "{{ elasticsearch_name }}"
-      namespace: "{{ openshift_logging_elasticsearch_namespace }}"
-      from_file:
-        elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
-        log4j2.properties: "{{ tempdir }}/log4j2.properties"
-    register: es_config_creation
-    notify: "restart elasticsearch"
+- name: Set ES configmap
+  oc_configmap:
+    state: present
+    name: "{{ elasticsearch_name }}"
+    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
+    from_file:
+      elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
+      log4j2.properties: "{{ tempdir }}/log4j2.properties"
+  register: es_config_creation
+  notify: "restart elasticsearch"
 
 - when: es_config_creation.changed | bool
   block:
@@ -402,7 +357,7 @@
   # storageclasses with the storageClassName set to "" in pvc.j2
   - name: Creating ES storage template - static
     template:
-      src: "{{ __base_file_dir }}/pvc.j2"
+      src: "pvc.j2"
       dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
     vars:
       obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
@@ -416,7 +371,7 @@
   # Storageclasses are used by default if configured
   - name: Creating ES storage template - dynamic
     template:
-      src: "{{ __base_file_dir }}/pvc.j2"
+      src: "pvc.j2"
       dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
     vars:
       obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
@@ -447,7 +402,7 @@
 # DC
 - name: Set ES dc templates
   template:
-    src: "{{ __base_file_dir }}/es.j2"
+    src: "es.j2"
     dest: "{{ tempdir }}/templates/logging-es-dc.yml"
   vars:
     es_cluster_name: "{{ es_component }}"
@@ -523,7 +478,7 @@
 
 - name: Generating Elasticsearch {{ es_component }} route template
   template:
-    src: "{{ __base_file_dir }}/route_reencrypt.j2"
+    src: "route_reencrypt.j2"
     dest: "{{mktemp.stdout}}/templates/logging-{{ es_component }}-route.yaml"
   vars:
     obj_name: "logging-{{ es_component }}"

roles/openshift_logging_elasticsearch/templates/2.x/elasticsearch-logging.yml.j2

@@ -1,105 +0,0 @@
-# you can override this using by setting a system property, for example -Des.logger.level=DEBUG
-es.logger.level: INFO
-rootLogger: ${es.logger.level}, {{root_logger}}
-logger:
-  # log action execution errors for easier debugging
-  action: WARN
-
-  #
-  # deprecation logging, turn to DEBUG to see them
-  deprecation: WARN, deprecation_log_file
-
-  # reduce the logging for aws, too much is logged under the default INFO
-  com.amazonaws: WARN
-
-  io.fabric8.elasticsearch: ${PLUGIN_LOGLEVEL}
-  io.fabric8.kubernetes: ${PLUGIN_LOGLEVEL}
-
-  # aws will try to do some sketchy JMX stuff, but its not needed.
-  com.amazonaws.jmx.SdkMBeanRegistrySupport: ERROR
-  com.amazonaws.metrics.AwsSdkMetrics: ERROR
-
-  org.apache.http: INFO
-
-  # gateway
-  #gateway: DEBUG
-  #index.gateway: DEBUG
-
-  # peer shard recovery
-  #indices.recovery: DEBUG
-
-  # discovery
-  #discovery: TRACE
-
-  index.search.slowlog: TRACE, index_search_slow_log_file
-  index.indexing.slowlog: TRACE, index_indexing_slow_log_file
-
-  # search-guard
-  com.floragunn.searchguard: WARN
-
-additivity:
-  index.search.slowlog: false
-  index.indexing.slowlog: false
-  deprecation: false
-
-appender:
-  console:
-    type: console
-    layout:
-      type: consolePattern
-      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %.1000m%n"
-    # need this filter until https://github.com/openshift/origin/issues/14515 is fixed
-    filter:
-      1:
-        type: org.apache.log4j.varia.StringMatchFilter
-        StringToMatch: "SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1"
-        AcceptOnMatch: false
-
-  file:
-    type: dailyRollingFile
-    file: ${path.logs}/${cluster.name}.log
-    datePattern: "'.'yyyy-MM-dd"
-    layout:
-      type: pattern
-      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
-    # need this filter until https://github.com/openshift/origin/issues/14515 is fixed
-    filter:
-      1:
-        type: org.apache.log4j.varia.StringMatchFilter
-        StringToMatch: "SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1"
-        AcceptOnMatch: false
-
-  # Use the following log4j-extras RollingFileAppender to enable gzip compression of log files.
-  # For more information see https://logging.apache.org/log4j/extras/apidocs/org/apache/log4j/rolling/RollingFileAppender.html
-  #file:
-    #type: extrasRollingFile
-    #file: ${path.logs}/${cluster.name}.log
-    #rollingPolicy: timeBased
-    #rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz
-    #layout:
-      #type: pattern
-      #conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
-
-  deprecation_log_file:
-    type: dailyRollingFile
-    file: ${path.logs}/${cluster.name}_deprecation.log
-    datePattern: "'.'yyyy-MM-dd"
-    layout:
-      type: pattern
-      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
-
-  index_search_slow_log_file:
-    type: dailyRollingFile
-    file: ${path.logs}/${cluster.name}_index_search_slowlog.log
-    datePattern: "'.'yyyy-MM-dd"
-    layout:
-      type: pattern
-      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
-
-  index_indexing_slow_log_file:
-    type: dailyRollingFile
-    file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log
-    datePattern: "'.'yyyy-MM-dd"
-    layout:
-      type: pattern
-      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

roles/openshift_logging_elasticsearch/templates/2.x/elasticsearch.yml.j2

@@ -1,87 +0,0 @@
-cluster:
-  name: ${CLUSTER_NAME}
-
-script:
-  inline: on
-  indexed: on
-
-index:
-  number_of_shards: {{ es_number_of_shards | default ('1') }}
-  number_of_replicas: {{ es_number_of_replicas | default ('0') }}
-  unassigned.node_left.delayed_timeout: 2m
-  translog:
-    flush_threshold_size: 256mb
-    flush_threshold_period: 5m
-
-node:
-  name: ${DC_NAME}
-  master: ${IS_MASTER}
-  data: ${HAS_DATA}
-  max_local_storage_nodes: 1
-
-network:
-  host: 0.0.0.0
-
-cloud:
-  kubernetes:
-    pod_label: ${POD_LABEL}
-    pod_port: 9300
-    namespace: ${NAMESPACE}
-
-discovery:
-  type: kubernetes
-  zen.ping.multicast.enabled: false
-  zen.minimum_master_nodes: ${NODE_QUORUM}
-
-gateway:
-  recover_after_nodes: ${NODE_QUORUM}
-  expected_nodes: ${RECOVER_EXPECTED_NODES}
-  recover_after_time: ${RECOVER_AFTER_TIME}
-
-io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
-io.fabric8.elasticsearch.kibana.mapping.app: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
-io.fabric8.elasticsearch.kibana.mapping.ops: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
-io.fabric8.elasticsearch.kibana.mapping.empty: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
-
-openshift.config:
-  use_common_data_model: true
-  project_index_prefix: "project"
-  time_field_name: "@timestamp"
-
-openshift.searchguard:
-  keystore.path: /etc/elasticsearch/secret/admin.jks
-  truststore.path: /etc/elasticsearch/secret/searchguard.truststore
-
-openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default (false)}}
-
-openshift.kibana.index.mode: {{es_kibana_index_mode | default('unique')}}
-
-path:
-  data: /elasticsearch/persistent/${CLUSTER_NAME}/data
-  logs: /elasticsearch/persistent/${CLUSTER_NAME}/logs
-  work: /elasticsearch/${CLUSTER_NAME}/work
-  scripts: /elasticsearch/${CLUSTER_NAME}/scripts
-
-searchguard:
-  authcz.admin_dn:
-  - CN=system.admin,OU=OpenShift,O=Logging
-  config_index_name: ".searchguard.${DC_NAME}"
-  ssl:
-    transport:
-      enabled: true
-      enforce_hostname_verification: false
-      keystore_type: JKS
-      keystore_filepath: /etc/elasticsearch/secret/searchguard.key
-      keystore_password: kspass
-      truststore_type: JKS
-      truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore
-      truststore_password: tspass
-    http:
-      enabled: true
-      keystore_type: JKS
-      keystore_filepath: /etc/elasticsearch/secret/key
-      keystore_password: kspass
-      clientauth_mode: OPTIONAL
-      truststore_type: JKS
-      truststore_filepath: /etc/elasticsearch/secret/truststore
-      truststore_password: tspass

roles/openshift_logging_elasticsearch/templates/2.x/es.j2

@@ -1,199 +0,0 @@
-apiVersion: "v1"
-kind: "DeploymentConfig"
-metadata:
-  name: "{{deploy_name}}"
-  labels:
-    provider: openshift
-    component: "{{component}}"
-    deployment: "{{deploy_name}}"
-    logging-infra: "{{logging_component}}"
-spec:
-  replicas: {{es_replicas|default(1)}}
-  revisionHistoryLimit: 0
-  selector:
-    provider: openshift
-    component: "{{component}}"
-    deployment: "{{deploy_name}}"
-    logging-infra: "{{logging_component}}"
-  strategy:
-    type: Recreate
-  triggers: []
-  template:
-    metadata:
-      name: "{{deploy_name}}"
-      labels:
-        logging-infra: "{{logging_component}}"
-        provider: openshift
-        component: "{{component}}"
-        deployment: "{{deploy_name}}"
-    spec:
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 100
-            podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: logging-infra
-                  operator: In
-                  values:
-                  - elasticsearch
-              topologyKey: kubernetes.io/hostname
-      terminationGracePeriod: 600
-      serviceAccountName: aggregated-logging-elasticsearch
-      securityContext:
-        supplementalGroups:
-{% for group in es_storage_groups %}
-        - {{group}}
-{% endfor %}
-{% if es_node_selector is iterable and es_node_selector | length > 0 %}
-      nodeSelector:
-{% for key, value in es_node_selector.items() %}
-        {{key}}: "{{value}}"
-{% endfor %}
-{% endif %}
-      containers:
-        - name: "elasticsearch"
-          image: "{{ openshift_logging_elasticsearch_image }}"
-          imagePullPolicy: IfNotPresent
-          resources:
-            limits:
-{% if es_cpu_limit is defined and es_cpu_limit is not none and es_cpu_limit != '' %}
-              cpu: "{{es_cpu_limit}}"
-{% endif %}
-              memory: "{{es_memory_limit}}"
-            requests:
-              cpu: "{{es_cpu_request}}"
-              memory: "{{es_memory_limit}}"
-{% if es_container_security_context %}
-          securityContext: {{ es_container_security_context | to_yaml }}
-{% endif %}
-          ports:
-            -
-              containerPort: 9200
-              name: "restapi"
-            -
-              containerPort: 9300
-              name: "cluster"
-          env:
-            -
-              name: "DC_NAME"
-              value: "{{deploy_name}}"
-            -
-              name: "NAMESPACE"
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            -
-              name: "KUBERNETES_TRUST_CERT"
-              value: "true"
-            -
-              name: "SERVICE_DNS"
-              value: "logging-{{es_cluster_name}}-cluster"
-            -
-              name: "CLUSTER_NAME"
-              value: "logging-{{es_cluster_name}}"
-            -
-              name: "INSTANCE_RAM"
-              value: "{{openshift_logging_elasticsearch_memory_limit}}"
-            -
-              name: "HEAP_DUMP_LOCATION"
-              value: "/elasticsearch/persistent/heapdump.hprof"
-            -
-              name: "NODE_QUORUM"
-              value: "{{es_node_quorum | int}}"
-            -
-              name: "RECOVER_EXPECTED_NODES"
-              value: "{{es_recover_expected_nodes}}"
-            -
-              name: "RECOVER_AFTER_TIME"
-              value: "{{openshift_logging_elasticsearch_recover_after_time}}"
-            -
-              name: "READINESS_PROBE_TIMEOUT"
-              value: "30"
-            -
-              name: "POD_LABEL"
-              value: "component={{component}}"
-            -
-              name: "IS_MASTER"
-              value: "{% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}"
-
-            -
-              name: "HAS_DATA"
-              value: "{% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}"
-            -
-              name: "PROMETHEUS_USER"
-              value: "{{openshift_logging_elasticsearch_prometheus_sa}}"
-
-          volumeMounts:
-            - name: elasticsearch
-              mountPath: /etc/elasticsearch/secret
-              readOnly: true
-            - name: elasticsearch-config
-              mountPath: /usr/share/java/elasticsearch/config
-              readOnly: true
-            - name: elasticsearch-storage
-              mountPath: /elasticsearch/persistent
-          readinessProbe:
-            exec:
-              command:
-              - "/usr/share/java/elasticsearch/probe/readiness.sh"
-            initialDelaySeconds: 10
-            timeoutSeconds: 30
-            periodSeconds: 5
-        -
-          name: proxy
-          image: "{{ openshift_logging_elasticsearch_proxy_image }}"
-          imagePullPolicy: IfNotPresent
-          args:
-           - --upstream-ca=/etc/elasticsearch/secret/admin-ca
-           - --https-address=:4443
-           - -provider=openshift
-           - -client-id=system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch
-           - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
-           - -cookie-secret={{ 16 | lib_utils_oo_random_word | b64encode }}
-           - -basic-auth-password={{ basic_auth_passwd }}
-           - -upstream=https://localhost:9200
-           - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}'
-           - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}'
-           - --tls-cert=/etc/tls/private/tls.crt
-           - --tls-key=/etc/tls/private/tls.key
-           - -pass-access-token
-           - -pass-user-headers
-          ports:
-          - containerPort: 4443
-            name: proxy
-            protocol: TCP
-          volumeMounts:
-          - mountPath: /etc/tls/private
-            name: proxy-tls
-            readOnly: true
-          - mountPath: /etc/elasticsearch/secret
-            name: elasticsearch
-            readOnly: true
-          resources:
-            limits:
-              memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
-            requests:
-              cpu: "{{openshift_logging_elasticsearch_proxy_cpu_request }}"
-              memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}"
-      volumes:
-        - name: proxy-tls
-          secret:
-            secretName: prometheus-tls
-        - name: elasticsearch
-          secret:
-            secretName: logging-elasticsearch
-        - name: elasticsearch-config
-          configMap:
-            name: logging-elasticsearch
-        - name: elasticsearch-storage
-{% if openshift_logging_elasticsearch_storage_type == 'pvc' %}
-          persistentVolumeClaim:
-            claimName: {{ openshift_logging_elasticsearch_pvc_name }}
-{% elif openshift_logging_elasticsearch_storage_type == 'hostmount' %}
-          hostPath:
-            path: {{ openshift_logging_elasticsearch_hostmount_path }}
-{% else %}
-          emptydir: {}
-{% endif %}

roles/openshift_logging_elasticsearch/templates/2.x/logging-metrics-role.j2

@@ -1,15 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
-  annotations:
-    rbac.authorization.kubernetes.io/autoupdate: "true"
-  name: prometheus-metrics-viewer
-  namespace: {{ namespace }}
-rules:
-- apiGroups:
-  - metrics.openshift.io
-  resources:
-  - prometheus
-  verbs:
-  - view

roles/openshift_logging_elasticsearch/templates/2.x/logging-metrics-rolebinding.j2

@@ -1,14 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: prometheus-metrics-viewer
-  namespace: {{ namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: prometheus-metrics-viewer
-subjects:
-- kind: ServiceAccount
-  namespace: {{ role_namespace }}
-  name: {{ role_user }}

roles/openshift_logging_elasticsearch/templates/2.x/pvc.j2

@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{obj_name}}
-  labels:
-    logging-infra: support
-{% if annotations is defined %}
-  annotations:
-{% for key,value in annotations.items() %}
-    {{key}}: {{value}}
-{% endfor %}
-{% endif %}
-spec:
-{% if pv_selector is defined and pv_selector is mapping %}
-  selector:
-    matchLabels:
-{% for key,value in pv_selector.items() %}
-      {{key}}: {{value}}
-{% endfor %}
-{% endif %}
-  accessModes:
-{% for mode in access_modes %}
-    - {{ mode }}
-{% endfor %}
-  resources:
-    requests:
-      storage: {{size}}
-{% if storage_class_name is defined %}
-  storageClassName: {{ storage_class_name }}
-{% endif %}

roles/openshift_logging_elasticsearch/templates/2.x/rolebinding.j2

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: RoleBinding
-metadata:
-  name: {{obj_name}}
-roleRef:
-{% if roleRef.kind is defined %}
-  kind: {{ roleRef.kind }}
-{% endif %}
-  name: {{ roleRef.name }}
-subjects:
-{% for sub in subjects %}
-  - kind: {{ sub.kind }}
-    name: {{ sub.name }}
-{% endfor %}

roles/openshift_logging_elasticsearch/templates/2.x/route_reencrypt.j2

@@ -1,36 +0,0 @@
-apiVersion: "v1"
-kind: "Route"
-metadata:
-  name: "{{obj_name}}"
-{% if labels is defined%}
-  labels:
-{% for key, value in labels.items() %}
-    {{key}}: {{value}}
-{% endfor %}
-{% endif %}
-spec:
-  host: {{ route_host }}
-  tls:
-{% if tls_key is defined and tls_key | length > 0 %}
-    key: |
-{{ tls_key|indent(6, true) }}
-{% if tls_cert is defined and tls_cert | length > 0 %}
-    certificate: |
-{{ tls_cert|indent(6, true) }}
-{% endif %}
-{% endif %}
-    caCertificate: |
-{% for line in tls_ca_cert.split('\n') %}
-      {{ line }}
-{% endfor %}
-    destinationCACertificate: |
-{% for line in tls_dest_ca_cert.split('\n') %}
-      {{ line }}
-{% endfor %}
-    termination: reencrypt
-{% if edge_term_policy is defined and edge_term_policy | length > 0 %}
-    insecureEdgeTerminationPolicy: {{ edge_term_policy }}
-{% endif %}
-  to:
-    kind: Service
-    name: {{ service_name }}

roles/openshift_logging_elasticsearch/templates/5.x/route_reencrypt.j2

@@ -1,36 +0,0 @@
-apiVersion: "v1"
-kind: "Route"
-metadata:
-  name: "{{obj_name}}"
-{% if labels is defined%}
-  labels:
-{% for key, value in labels.items() %}
-    {{key}}: {{value}}
-{% endfor %}
-{% endif %}
-spec:
-  host: {{ route_host }}
-  tls:
-{% if tls_key is defined and tls_key | length > 0 %}
-    key: |
-{{ tls_key|indent(6, true) }}
-{% if tls_cert is defined and tls_cert | length > 0 %}
-    certificate: |
-{{ tls_cert|indent(6, true) }}
-{% endif %}
-{% endif %}
-    caCertificate: |
-{% for line in tls_ca_cert.split('\n') %}
-      {{ line }}
-{% endfor %}
-    destinationCACertificate: |
-{% for line in tls_dest_ca_cert.split('\n') %}
-      {{ line }}
-{% endfor %}
-    termination: reencrypt
-{% if edge_term_policy is defined and edge_term_policy | length > 0 %}
-    insecureEdgeTerminationPolicy: {{ edge_term_policy }}
-{% endif %}
-  to:
-    kind: Service
-    name: {{ service_name }}

roles/openshift_logging_eventrouter/files/2.x/eventrouter-template.yaml

@@ -1,103 +0,0 @@
-# this openshift template should match (except nodeSelector) jinja2 template in
-# ../templates/eventrouter-template.j2
-kind: Template
-apiVersion: v1
-metadata:
-  name: eventrouter-template
-  annotations:
-    description: "A pod forwarding kubernetes events to EFK aggregated logging stack."
-    tags: "events,EFK,logging"
-objects:
-  - kind: ServiceAccount
-    apiVersion: v1
-    metadata:
-      name: aggregated-logging-eventrouter
-  - kind: ClusterRole
-    apiVersion: v1
-    metadata:
-      name: event-reader
-    rules:
-    - apiGroups: [""]
-      resources: ["events"]
-      verbs: ["get", "watch", "list"]
-  - kind: ConfigMap
-    apiVersion: v1
-    metadata:
-      name: logging-eventrouter
-    data:
-      config.json: |- 
-        {
-          "sink": "${SINK}"
-        }
-  - kind: DeploymentConfig
-    apiVersion: v1
-    metadata:
-      name: logging-eventrouter
-      labels:
-        component: eventrouter
-        logging-infra: eventrouter
-        provider: openshift
-    spec:
-      selector:
-        component: eventrouter
-        logging-infra: eventrouter
-        provider: openshift
-      replicas: ${REPLICAS}
-      template:
-        metadata:
-          labels:
-            component: eventrouter
-            logging-infra: eventrouter
-            provider: openshift
-          name: logging-eventrouter
-        spec:
-          serviceAccount: aggregated-logging-eventrouter
-          serviceAccountName: aggregated-logging-eventrouter
-          containers:
-            - name: kube-eventrouter
-              image: ${IMAGE}
-              imagePullPolicy: IfNotPresent
-              resources:
-                limits:
-                  memory: ${MEMORY} 
-                  cpu: ${CPU}
-                requires:
-                  memory: ${MEMORY}
-              volumeMounts:
-              - name: config-volume
-                mountPath: /etc/eventrouter
-          volumes:
-            - name: config-volume
-              configMap:
-                name: logging-eventrouter
-  - kind: ClusterRoleBinding
-    apiVersion: v1
-    metadata:
-      name: event-reader-binding
-    subjects:
-    - kind: ServiceAccount
-      name: aggregated-logging-eventrouter
-      namespace: ${NAMESPACE}
-    roleRef:
-      kind: ClusterRole
-      name: event-reader
-
-parameters:
-  - name: SINK
-    displayName: Sink
-    value: stdout
-  - name: REPLICAS
-    displayName: Replicas
-    value: "1"
-  - name: IMAGE
-    displayName: Image
-    value: "docker.io/openshift/origin-logging-eventrouter:latest"
-  - name: MEMORY
-    displayName: Memory
-    value: "128Mi"
-  - name: CPU
-    displayName: CPU
-    value: "100m"
-  - name: NAMESPACE
-    displayName: Namespace
-    value: default

roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml

@@ -31,7 +31,7 @@
 # create EventRouter deployment config
 - name: Generate EventRouter template
   template:
-    src: "{{ __base_file_dir }}/eventrouter-template.j2"
+    src: "eventrouter-template.j2"
     dest: "{{ tempdir }}/templates/eventrouter-template.yaml"
   vars:
     node_selector: "{{ openshift_logging_eventrouter_nodeselector | default({}) }}"

roles/openshift_logging_eventrouter/templates/2.x/eventrouter-template.j2

@@ -1,117 +0,0 @@
-# this jinja2 template should always match (except nodeSelector) openshift template in
-# ../files/eventrouter-template.yaml
-kind: Template
-apiVersion: v1
-metadata:
-  name: eventrouter-template
-  annotations:
-    description: "A pod forwarding kubernetes events to EFK aggregated logging stack."
-    tags: "events,EFK,logging"
-objects:
-  - kind: ServiceAccount
-    apiVersion: v1
-    metadata:
-      name: aggregated-logging-eventrouter
-  - kind: ClusterRole
-    apiVersion: v1
-    metadata:
-      name: event-reader
-    rules:
-    - apiGroups: [""]
-      resources: ["events"]
-      verbs: ["get", "watch", "list"]
-  - kind: ConfigMap
-    apiVersion: v1
-    metadata:
-      name: logging-eventrouter
-    data:
-      config.json: |-
-        {
-          "sink": "${SINK}"
-        }
-  - kind: DeploymentConfig
-    apiVersion: v1
-    metadata:
-      name: logging-eventrouter
-      labels:
-        component: eventrouter
-        logging-infra: eventrouter
-        provider: openshift
-    spec:
-      selector:
-        component: eventrouter
-        logging-infra: eventrouter
-        provider: openshift
-      replicas: "${{ '{{' }}REPLICAS{{ '}}' }}"
-      template:
-        metadata:
-          labels:
-            component: eventrouter
-            logging-infra: eventrouter
-            provider: openshift
-          name: logging-eventrouter
-        spec:
-          serviceAccount: aggregated-logging-eventrouter
-          serviceAccountName: aggregated-logging-eventrouter
-{% if node_selector is iterable and node_selector | length > 0 %}
-          nodeSelector:
-{% for key, value in node_selector.items() %}
-            {{ key }}: "{{ value }}"
-{% endfor %}
-{% endif %}
-          containers:
-            - name: kube-eventrouter
-              image: ${IMAGE}
-              imagePullPolicy: IfNotPresent
-              resources:
-                limits:
-{% if cpu_limit is defined %}
-                  cpu: ${CPU_LIMIT}
-{% endif %}
-                  memory: ${MEMORY}
-                requests:
-                  cpu: ${CPU}
-                  memory: ${MEMORY}
-              volumeMounts:
-              - name: config-volume
-                mountPath: /etc/eventrouter
-          volumes:
-            - name: config-volume
-              configMap:
-                name: logging-eventrouter
-  - kind: ClusterRoleBinding
-    apiVersion: v1
-    metadata:
-      name: event-reader-binding
-    subjects:
-    - kind: ServiceAccount
-      name: aggregated-logging-eventrouter
-      namespace: ${NAMESPACE}
-    roleRef:
-      kind: ClusterRole
-      name: event-reader
-
-parameters:
-  - name: SINK
-    displayName: Sink
-    value: stdout
-  - name: REPLICAS
-    displayName: Replicas
-    value: "1"
-  - name: IMAGE
-    displayName: Image
-    value: "docker.io/openshift/origin-logging-eventrouter:latest"
-  - name: MEMORY
-    displayName: Memory
-    value: "128Mi"
-  - name: CPU
-    displayName: CPU
-    value: "100m"
-{% if cpu_limit is defined %}
-  - name: CPU_LIMIT
-    displayName: CPU_LIMIT
-    value: "100m"
-{% endif %}
-  - name: NAMESPACE
-    displayName: Namespace
-    value: default

roles/openshift_logging_fluentd/defaults/main.yml

@@ -2,7 +2,7 @@
 ### General logging settings
 openshift_logging_fluentd_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
 openshift_logging_fluentd_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
-openshift_logging_fluentd_namespace: logging
+openshift_logging_fluentd_namespace: openshift-logging
 
 ### Common settings
 # map_from_pairs is a custom filter plugin in role lib_utils

roles/openshift_logging_fluentd/files/2.x/fluentd-throttle-config.yaml

@@ -1,7 +0,0 @@
-# Logging example fluentd throttling config file
-
-#example-project:
-#  read_lines_limit: 10
-#
-#.operations:
-#  read_lines_limit: 100

roles/openshift_logging_fluentd/files/2.x/secure-forward.conf

@@ -1,26 +0,0 @@
-# <store>
-# @type secure_forward
-
-# self_hostname ${hostname}
-# shared_key <SECRET_STRING>
-
-# secure yes
-# enable_strict_verification yes
-
-# ca_cert_path /etc/fluent/keys/your_ca_cert
-# ca_private_key_path /etc/fluent/keys/your_private_key
-  # for private CA secret key
-# ca_private_key_passphrase passphrase
-
-# <server>
-  # or IP
-#   host server.fqdn.example.com
-#   port 24284
-# </server>
-# <server>
-  # ip address to connect
-#   host 203.0.113.8
-  # specify hostlabel for FQDN verification if ipaddress is used for host
-#   hostlabel server.fqdn.example.com
-# </server>
-# </store>

roles/openshift_logging_fluentd/files/5.x/secure-forward.conf

@@ -1,26 +0,0 @@
-# <store>
-# @type secure_forward
-
-# self_hostname ${hostname}
-# shared_key <SECRET_STRING>
-
-# secure yes
-# enable_strict_verification yes
-
-# ca_cert_path /etc/fluent/keys/your_ca_cert
-# ca_private_key_path /etc/fluent/keys/your_private_key
-  # for private CA secret key
-# ca_private_key_passphrase passphrase
-
-# <server>
-  # or IP
-#   host server.fqdn.example.com
-#   port 24284
-# </server>
-# <server>
-  # ip address to connect
-#   host 203.0.113.8
-  # specify hostlabel for FQDN verification if ipaddress is used for host
-#   hostlabel server.fqdn.example.com
-# </server>
-# </store>

roles/openshift_logging_fluentd/tasks/main.yaml

@@ -89,17 +89,17 @@
 
 # create Fluentd configmap
 - template:
-    src: "{{ __base_file_dir }}/fluent.conf.j2"
+    src: "fluent.conf.j2"
     dest: "{{ tempdir }}/fluent.conf"
   vars:
     deploy_type: "{{ openshift_logging_fluentd_deployment_type }}"
 
 - copy:
-    src: "{{ __base_file_dir }}/fluentd-throttle-config.yaml"
+    src: "fluentd-throttle-config.yaml"
     dest: "{{ tempdir }}/fluentd-throttle-config.yaml"
 
 - copy:
-    src: "{{ __base_file_dir }}/secure-forward.conf"
+    src: "secure-forward.conf"
     dest: "{{ tempdir }}/secure-forward.conf"
 
 - import_role:
@@ -154,7 +154,7 @@
 # TODO: pass in aggregation configurations
 - name: Generate logging-fluentd daemonset definition
   template:
-    src: "{{ __base_file_dir }}/fluentd.j2"
+    src: "fluentd.j2"
     dest: "{{ tempdir }}/templates/logging-fluentd.yaml"
   vars:
     daemonset_name: logging-fluentd

roles/openshift_logging_fluentd/templates/2.x/fluent.conf.j2

@@ -1,80 +0,0 @@
-# This file is the fluentd configuration entrypoint. Edit with care.
-
-@include configs.d/openshift/system.conf
-
-# In each section below, pre- and post- includes don't include anything initially;
-# they exist to enable future additions to openshift conf as needed.
-
-## sources
-{% if deploy_type in ['hosted', 'secure-aggregator'] %}
-## ordered so that syslog always runs last...
-@include configs.d/openshift/input-pre-*.conf
-@include configs.d/dynamic/input-docker-*.conf
-@include configs.d/dynamic/input-syslog-*.conf
-@include configs.d/openshift/input-post-*.conf
-##
-{% else %}
-<source>
-  @type secure_forward
-  @label @INGRESS
-
-  self_hostname ${hostname}
-  bind 0.0.0.0
-  port {{openshift_logging_fluentd_aggregating_port}}
-
-  shared_key {{openshift_logging_fluentd_shared_key}}
-
-  secure {{openshift_logging_fluentd_aggregating_secure}}
-  enable_strict_verification {{openshift_logging_fluentd_aggregating_strict}}
-  ca_cert_path        {{openshift_logging_fluentd_aggregating_cert_path}}
-  ca_private_key_path {{openshift_logging_fluentd_aggregating_key_path}}
-  ca_private_key_passphrase {{openshift_logging_fluentd_aggregating_passphrase}}
-
-  <client>
-    host {{openshift_logging_fluentd_aggregating_host}}
-  </client>
-</source>
-{% endif %}
-
-<label @INGRESS>
-{% if deploy_type in ['hosted', 'secure-host'] %}
-## filters
-  @include configs.d/openshift/filter-pre-*.conf
-  @include configs.d/openshift/filter-retag-journal.conf
-  @include configs.d/openshift/filter-k8s-meta.conf
-  @include configs.d/openshift/filter-kibana-transform.conf
-  @include configs.d/openshift/filter-k8s-flatten-hash.conf
-  @include configs.d/openshift/filter-k8s-record-transform.conf
-  @include configs.d/openshift/filter-syslog-record-transform.conf
-  @include configs.d/openshift/filter-viaq-data-model.conf
-  @include configs.d/openshift/filter-post-*.conf
-##
-</label>
-
-<label @OUTPUT>
-## matches
-  @include configs.d/openshift/output-pre-*.conf
-  @include configs.d/openshift/output-operations.conf
-  @include configs.d/openshift/output-applications.conf
-  # no post - applications.conf matches everything left
-##
-{% else %}
-  <match **>
-    @type secure_forward
-
-    self_hostname ${hostname}
-    shared_key {{openshift_logging_fluentd_shared_key}}
-
-    secure {{openshift_logging_fluentd_aggregating_secure}}
-    enable_strict_verification {{openshift_logging_fluentd_aggregating_strict}}
-    ca_cert_path        {{openshift_logging_fluentd_aggregating_cert_path}}
-    ca_private_key_path {{openshift_logging_fluentd_aggregating_key_path}}
-    ca_private_key_passphrase {{openshift_logging_fluentd_aggregating_passphrase}}
-
-    <server>
-      host {{openshift_logging_fluentd_aggregating_host}}
-      port {{openshift_logging_fluentd_aggregating_port}}
-    </server>
-  </match>
-{% endif %}
-</label>

roles/openshift_logging_fluentd/templates/2.x/fluentd.j2

@@ -1,261 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: "DaemonSet"
-metadata:
-  name: "{{ daemonset_name }}"
-  labels:
-    provider: openshift
-    component: "{{ daemonset_component }}"
-    logging-infra: "{{ daemonset_component }}"
-  annotations:
-    prometheus.io/scrape: "true"
-    prometheus.io/port: "24231"
-    prometheus.io/scheme: "http"
-spec:
-  selector:
-    matchLabels:
-      provider: openshift
-      component: "{{ daemonset_component }}"
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      minReadySeconds: 600
-  template:
-    metadata:
-      name: "{{ daemonset_container_name }}"
-      labels:
-        logging-infra: "{{ daemonset_component }}"
-        provider: openshift
-        component: "{{ daemonset_component }}"
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
-    spec:
-      serviceAccountName: "{{ daemonset_serviceAccount }}"
-      nodeSelector:
-        {{ fluentd_nodeselector_key }}: "{{ fluentd_nodeselector_value }}"
-      containers:
-      - name: "{{ daemonset_container_name }}"
-        image: "{{ openshift_logging_fluentd_image }}"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-{% if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_limit is defined and fluentd_cpu_limit is not none) or (fluentd_cpu_request is defined and fluentd_cpu_request is not none) %}
-        resources:
-{%   if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_limit is defined and fluentd_cpu_limit is not none) %}
-          limits:
-{%     if fluentd_cpu_limit is not none %}
-            cpu: "{{fluentd_cpu_limit}}"
-{%     endif %}
-{%     if fluentd_memory_limit is not none %}
-            memory: "{{fluentd_memory_limit}}"
-{%     endif %}
-{%   endif %}
-{%   if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_request is defined and fluentd_cpu_request is not none) %}
-          requests:
-{%     if fluentd_cpu_request is not none %}
-            cpu: "{{fluentd_cpu_request}}"
-{%     endif %}
-{%     if fluentd_memory_limit is not none %}
-            memory: "{{fluentd_memory_limit}}"
-{%     endif %}
-{%   endif %}
-{% endif %}
-        volumeMounts:
-        - name: runlogjournal
-          mountPath: /run/log/journal
-        - name: varlog
-          mountPath: /var/log
-        - name: varlibdockercontainers
-          mountPath: /var/lib/docker
-          readOnly: true
-        - name: config
-          mountPath: /etc/fluent/configs.d/user
-          readOnly: true
-        - name: certs
-          mountPath: /etc/fluent/keys
-          readOnly: true
-        - name: dockerhostname
-          mountPath: /etc/docker-hostname
-          readOnly: true
-        - name: localtime
-          mountPath: /etc/localtime
-          readOnly: true
-        - name: dockercfg
-          mountPath: /etc/sysconfig/docker
-          readOnly: true
-        - name: dockerdaemoncfg
-          mountPath: /etc/docker
-          readOnly: true
-        - name: originnodecfg
-          mountPath: /etc/origin/node
-          readOnly: true
-        - name: filebufferstorage
-          mountPath: /var/lib/fluentd
-{% if openshift_logging_mux_client_mode is defined and
-     ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or
-      (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %}
-        - name: muxcerts
-          mountPath: /etc/fluent/muxkeys
-          readOnly: true
-{% endif %}
-        env:
-        - name: "K8S_HOST_URL"
-          value: "{{ openshift_logging_fluentd_master_url }}"
-        - name: "ES_HOST"
-          value: "{{ app_host }}"
-        - name: "ES_PORT"
-          value: "{{ app_port }}"
-        - name: "ES_CLIENT_CERT"
-          value: "{{ openshift_logging_fluentd_app_client_cert }}"
-        - name: "ES_CLIENT_KEY"
-          value: "{{ openshift_logging_fluentd_app_client_key }}"
-        - name: "ES_CA"
-          value: "{{ openshift_logging_fluentd_app_ca }}"
-        - name: "OPS_HOST"
-          value: "{{ ops_host }}"
-        - name: "OPS_PORT"
-          value: "{{ ops_port }}"
-        - name: "OPS_CLIENT_CERT"
-          value: "{{ openshift_logging_fluentd_ops_client_cert }}"
-        - name: "OPS_CLIENT_KEY"
-          value: "{{ openshift_logging_fluentd_ops_client_key }}"
-        - name: "OPS_CA"
-          value: "{{ openshift_logging_fluentd_ops_ca }}"
-        - name: "JOURNAL_SOURCE"
-          value: "{{ openshift_logging_fluentd_journal_source | default('') }}"
-        - name: "JOURNAL_READ_FROM_HEAD"
-          value: "{{ openshift_logging_fluentd_journal_read_from_head | lower }}"
-        - name: "BUFFER_QUEUE_LIMIT"
-          value: "{{ openshift_logging_fluentd_buffer_queue_limit }}"
-        - name: "BUFFER_SIZE_LIMIT"
-          value: "{{ openshift_logging_fluentd_buffer_size_limit }}"
-        - name: "FLUENTD_CPU_LIMIT"
-          valueFrom:
-            resourceFieldRef:
-              containerName: "{{ daemonset_container_name }}"
-              resource: limits.cpu
-        - name: "FLUENTD_MEMORY_LIMIT"
-          valueFrom:
-            resourceFieldRef:
-              containerName: "{{ daemonset_container_name }}"
-              resource: limits.memory
-        - name: "FILE_BUFFER_LIMIT"
-          value: "{{ openshift_logging_fluentd_file_buffer_limit | default('256Mi') }}"
-{% if openshift_logging_mux_client_mode is defined and
-     ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or
-      (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %}
-        - name: "MUX_CLIENT_MODE"
-          value: "{{ openshift_logging_mux_client_mode }}"
-{% endif %}
-{% if openshift_logging_install_eventrouter is defined and openshift_logging_install_eventrouter %}
-        - name: "TRANSFORM_EVENTS"
-          value: "true"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog is defined and openshift_logging_fluentd_remote_syslog %}
-        - name: USE_REMOTE_SYSLOG
-          value: "true"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog_host is defined %}
-        - name: REMOTE_SYSLOG_HOST
-          value: "{{ openshift_logging_fluentd_remote_syslog_host }}"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog_port is defined %}
-        - name: REMOTE_SYSLOG_PORT
-          value: "{{ openshift_logging_fluentd_remote_syslog_port }}"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog_severity is defined %}
-        - name: REMOTE_SYSLOG_SEVERITY
-          value: "{{ openshift_logging_fluentd_remote_syslog_severity }}"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog_facility is defined %}
-        - name: REMOTE_SYSLOG_FACILITY
-          value: "{{ openshift_logging_fluentd_remote_syslog_facility }}"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog_remove_tag_prefix is defined %}
-        - name: REMOTE_SYSLOG_REMOVE_TAG_PREFIX
-          value: "{{ openshift_logging_fluentd_remote_syslog_remove_tag_prefix }}"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog_tag_key is defined %}
-        - name: REMOTE_SYSLOG_TAG_KEY
-          value: "{{ openshift_logging_fluentd_remote_syslog_tag_key }}"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog_use_record is defined %}
-        - name: REMOTE_SYSLOG_USE_RECORD
-          value: "{{ openshift_logging_fluentd_remote_syslog_use_record }}"
-{% endif %}
-
-{% if openshift_logging_fluentd_remote_syslog_payload_key is defined %}
-        - name: REMOTE_SYSLOG_PAYLOAD_KEY
-          value: "{{ openshift_logging_fluentd_remote_syslog_payload_key }}"
-{% endif %}
-
-{% if audit_container_engine %}
-        - name: "AUDIT_CONTAINER_ENGINE"
-          value: "{{ audit_container_engine | lower }}"
-{% endif %}
-
-{% if audit_container_engine %}
-        - name: "NODE_NAME"
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-{% endif %}
-
-{% if audit_log_file != '' %}
-        - name: AUDIT_FILE
-          value: "{{ audit_log_file }}"
-{% endif %}
-
-{% if audit_pos_log_file != '' %}
-        - name: AUDIT_POS_FILE
-          value: "{{ audit_pos_log_file }}"
-{% endif %}
-
-      volumes:
-      - name: runlogjournal
-        hostPath:
-          path: /run/log/journal
-      - name: varlog
-        hostPath:
-          path: /var/log
-      - name: varlibdockercontainers
-        hostPath:
-          path: /var/lib/docker
-      - name: config
-        configMap:
-          name: logging-fluentd
-      - name: certs
-        secret:
-          secretName: logging-fluentd
-      - name: dockerhostname
-        hostPath:
-          path: /etc/hostname
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
-      - name: dockercfg
-        hostPath:
-          path: /etc/sysconfig/docker
-      - name: originnodecfg
-        hostPath:
-          path: /etc/origin/node
-      - name: dockerdaemoncfg
-        hostPath:
-          path: /etc/docker
-{% if openshift_logging_mux_client_mode is defined and
-     ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or
-      (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %}
-      - name: muxcerts
-        secret:
-          secretName: logging-mux
-{% endif %}
-      - name: filebufferstorage
-        hostPath:
-          path: "/var/lib/fluentd"

roles/openshift_logging_kibana/defaults/main.yml

@@ -3,12 +3,7 @@
 openshift_logging_kibana_master_url: "https://kubernetes.default.svc.cluster.local"
 openshift_logging_kibana_master_public_url: "https://kubernetes.default.svc.cluster.local"
 openshift_logging_kibana_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
-openshift_logging_kibana_namespace: logging
-
-openshift_logging_es5_techpreview: False
-l_openshift_kibana_image_replace: "{{ (openshift_logging_es5_techpreview | bool) | ternary('logging-kibana5', 'logging-kibana') }}"
-openshift_logging_kibana_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, l_openshift_kibana_image_replace) }}"
-openshift_logging_kibana_proxy_image: "{{ l_os_registry_url | regex_replace(l_openshift_logging_search | regex_escape, 'logging-auth-proxy') }}"
+openshift_logging_kibana_namespace: openshift-logging
 
 openshift_logging_kibana_nodeselector: ""
 openshift_logging_kibana_cpu_limit: null

roles/openshift_logging_kibana/tasks/main.yaml

@@ -125,7 +125,7 @@
 
 - name: Generating Kibana route template
   template:
-    src: "{{ __base_file_dir }}/route_reencrypt.j2"
+    src: "route_reencrypt.j2"
     dest: "{{ tempdir }}/templates/kibana-route.yaml"
   vars:
     obj_name: "{{ kibana_name }}"
@@ -166,7 +166,7 @@
 # create oauth client
 - name: Create oauth-client template
   template:
-    src: "{{ __base_file_dir }}/oauth-client.j2"
+    src: "oauth-client.j2"
     dest: "{{ tempdir }}/templates/oauth-client.yml"
   vars:
     kibana_hostnames: "{{ proxy_hostnames | unique }}"
@@ -225,7 +225,7 @@
 # create Kibana DC
 - name: Generate Kibana DC template
   template:
-    src: "{{ __base_file_dir }}/kibana.j2"
+    src: "kibana.j2"
     dest: "{{ tempdir }}/templates/kibana-dc.yaml"
   vars:
     component: "{{ kibana_component }}"

roles/openshift_logging_kibana/templates/2.x/kibana.j2

@@ -1,188 +0,0 @@
-apiVersion: "v1"
-kind: "DeploymentConfig"
-metadata:
-  name: "{{ deploy_name }}"
-  labels:
-    provider: openshift
-    component: "{{ component }}"
-    logging-infra: "{{ logging_component }}"
-spec:
-  replicas: {{ kibana_replicas | default(1) }}
-  selector:
-    provider: openshift
-    component: "{{ component }}"
-    logging-infra: "{{ logging_component }}"
-  strategy:
-    rollingParams:
-      intervalSeconds: 1
-      timeoutSeconds: 600
-      updatePeriodSeconds: 1
-    type: Rolling
-  template:
-    metadata:
-      name: "{{ deploy_name }}"
-      labels:
-        logging-infra: "{{ logging_component }}"
-        provider: openshift
-        component: "{{ component }}"
-    spec:
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - weight: 100
-            podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: logging-infra
-                  operator: In
-                  values:
-                  - kibana
-              topologyKey: kubernetes.io/hostname
-      serviceAccountName: aggregated-logging-kibana
-{% if kibana_node_selector is iterable and kibana_node_selector | length > 0 %}
-      nodeSelector:
-{% for key, value in kibana_node_selector.items() %}
-        {{ key }}: "{{ value }}"
-{% endfor %}
-{% endif %}
-      containers:
-        -
-          name: "kibana"
-          image: "{{ openshift_logging_kibana_image }}"
-          imagePullPolicy: IfNotPresent
-{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %}
-          resources:
-{%   if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") %}
-            limits:
-{%     if kibana_cpu_limit is not none and kibana_cpu_limit != "" %}
-              cpu: "{{ kibana_cpu_limit }}"
-{%     endif %}
-{%     if kibana_memory_limit is not none and kibana_memory_limit != "" %}
-              memory: "{{ kibana_memory_limit }}"
-{%     endif %}
-{%   endif %}
-{%   if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %}
-            requests:
-{%     if kibana_cpu_request is not none and kibana_cpu_request != "" %}
-              cpu: "{{ kibana_cpu_request }}"
-{%     endif %}
-{%     if kibana_memory_limit is not none and kibana_memory_limit != "" %}
-              memory: "{{ kibana_memory_limit }}"
-{%     endif %}
-{%   endif %}
-{% endif %}
-          env:
-            - name: "ES_HOST"
-              value: "{{ es_host }}"
-            - name: "ES_PORT"
-              value: "{{ es_port }}"
-            -
-              name: "KIBANA_MEMORY_LIMIT"
-              valueFrom:
-                resourceFieldRef:
-                  containerName: kibana
-                  resource: limits.memory
-{% for key, value in kibana_env_vars.items() %}
-            - name: "{{ key }}"
-              value: "{{ value }}"
-{% endfor %}
-          volumeMounts:
-            - name: kibana
-              mountPath: /etc/kibana/keys
-              readOnly: true
-          readinessProbe:
-            exec:
-              command:
-              - "/usr/share/kibana/probe/readiness.sh"
-            initialDelaySeconds: 5
-            timeoutSeconds: 4
-            periodSeconds: 5
-        -
-          name: "kibana-proxy"
-          image: "{{ openshift_logging_kibana_proxy_image }}"
-          imagePullPolicy: IfNotPresent
-{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %}
-          resources:
-{%   if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %}
-            limits:
-{%     if kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "" %}
-              cpu: "{{ kibana_proxy_cpu_limit }}"
-{%     endif %}
-{%     if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %}
-              memory: "{{ kibana_proxy_memory_limit }}"
-{%     endif %}
-{%   endif %}
-{%   if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %}
-            requests:
-{%     if kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "" %}
-              cpu: "{{ kibana_proxy_cpu_request }}"
-{%     endif %}
-{%     if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %}
-              memory: "{{ kibana_proxy_memory_limit }}"
-{%     endif %}
-{%   endif %}
-{% endif %}
-          ports:
-            -
-              name: "oaproxy"
-              containerPort: 3000
-          env:
-            -
-             name: "OAP_BACKEND_URL"
-             value: "http://localhost:5601"
-            -
-             name: "OAP_AUTH_MODE"
-             value: "oauth2"
-            -
-             name: "OAP_TRANSFORM"
-             value: "user_header,token_header"
-            -
-             name: "OAP_OAUTH_ID"
-             value: kibana-proxy
-            -
-             name: "OAP_MASTER_URL"
-             value: {{ openshift_logging_kibana_master_url }}
-            -
-             name: "OAP_PUBLIC_MASTER_URL"
-             value: {{ openshift_logging_kibana_master_public_url }}
-            -
-             name: "OAP_LOGOUT_REDIRECT"
-             value: {{ openshift_logging_kibana_master_public_url }}/console/logout
-            -
-             name: "OAP_MASTER_CA_FILE"
-             value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-            -
-             name: "OAP_DEBUG"
-             value: "{{ openshift_logging_kibana_proxy_debug }}"
-            -
-             name: "OAP_OAUTH_SECRET_FILE"
-             value: "/secret/oauth-secret"
-            -
-             name: "OAP_SERVER_CERT_FILE"
-             value: "/secret/server-cert"
-            -
-             name: "OAP_SERVER_KEY_FILE"
-             value: "/secret/server-key"
-            -
-             name: "OAP_SERVER_TLS_FILE"
-             value: "/secret/server-tls.json"
-            -
-             name: "OAP_SESSION_SECRET_FILE"
-             value: "/secret/session-secret"
-            -
-             name: "OCP_AUTH_PROXY_MEMORY_LIMIT"
-             valueFrom:
-               resourceFieldRef:
-                 containerName: kibana-proxy
-                 resource: limits.memory
-          volumeMounts:
-            - name: kibana-proxy
-              mountPath: /secret
-              readOnly: true
-      volumes:
-        - name: kibana
-          secret:
-            secretName: logging-kibana
-        - name: kibana-proxy
-          secret:
-            secretName: logging-kibana-proxy

roles/openshift_logging_kibana/templates/2.x/oauth-client.j2

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: OAuthClient
-metadata:
-  name: kibana-proxy
-  labels:
-    logging-infra: support
-secret: {{ secret }}
-redirectURIs:
-{% for host in kibana_hostnames %}
-- {{ host }}
-{% endfor %}
-scopeRestrictions:
-- literals:
-  - user:info
-  - user:check-access
-  - user:list-projects

roles/openshift_logging_mux/defaults/main.yml

@@ -3,9 +3,7 @@
 openshift_logging_mux_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}"
 openshift_logging_mux_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
 openshift_logging_mux_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ openshift_master_api_port) }}"
-openshift_logging_mux_namespace: logging
-
-openshift_logging_mux_image: "{{ openshift_logging_fluentd_image }}"
+openshift_logging_mux_namespace: openshift-logging
 
 ### Common settings
 # map_from_pairs is a custom filter plugin in role lib_utils

roles/openshift_logging_mux/files/2.x/fluent.conf

@@ -1,37 +0,0 @@
-# This file is the fluentd configuration entrypoint. Edit with care.
-
-@include configs.d/openshift/system.conf
-
-# In each section below, pre- and post- includes don't include anything initially;
-# they exist to enable future additions to openshift conf as needed.
-
-## sources
-## ordered so that syslog always runs last...
-@include configs.d/openshift/input-pre-*.conf
-@include configs.d/dynamic/input-docker-*.conf
-@include configs.d/dynamic/input-syslog-*.conf
-@include configs.d/openshift/input-post-*.conf
-##
-
-<label @INGRESS>
-## filters
-  @include configs.d/openshift/filter-pre-*.conf
-  @include configs.d/openshift/filter-retag-journal.conf
-  @include configs.d/openshift/filter-k8s-meta.conf
-  @include configs.d/openshift/filter-kibana-transform.conf
-  @include configs.d/openshift/filter-k8s-flatten-hash.conf
-  @include configs.d/openshift/filter-k8s-record-transform.conf
-  @include configs.d/openshift/filter-syslog-record-transform.conf
-  @include configs.d/openshift/filter-viaq-data-model.conf
-  @include configs.d/openshift/filter-post-*.conf
-##
-</label>
-
-<label @OUTPUT>
-## matches
-  @include configs.d/openshift/output-pre-*.conf
-  @include configs.d/openshift/output-operations.conf
-  @include configs.d/openshift/output-applications.conf
-  # no post - applications.conf matches everything left
-##
-</label>

roles/openshift_logging_mux/tasks/main.yaml

@@ -83,12 +83,12 @@
 
 # create Mux configmap
 - copy:
-    src: "{{ __base_file_dir }}/fluent.conf"
+    src: "fluent.conf"
     dest: "{{mktemp.stdout}}/fluent-mux.conf"
   changed_when: no
 
 - copy:
-    src: "{{ __base_file_dir }}/secure-forward.conf"
+    src: "secure-forward.conf"
     dest: "{{mktemp.stdout}}/secure-forward-mux.conf"
   changed_when: no
 
@@ -167,7 +167,7 @@
 # create Mux DC
 - name: Generating mux deploymentconfig
   template:
-    src: "{{ __base_file_dir }}/mux.j2"
+    src: "mux.j2"
     dest: "{{mktemp.stdout}}/templates/logging-mux-dc.yaml"
   vars:
     component: mux

roles/openshift_logging_mux/templates/2.x/mux.j2

@@ -1,202 +0,0 @@
-apiVersion: "v1"
-kind: "DeploymentConfig"
-metadata:
-  name: "{{deploy_name}}"
-  labels:
-    provider: openshift
-    component: "{{component}}"
-    logging-infra: "{{logging_component}}"
-spec:
-  replicas: {{mux_replicas|default(1)}}
-  selector:
-    provider: openshift
-    component: "{{component}}"
-    logging-infra: "{{logging_component}}"
-  strategy:
-    rollingParams:
-      intervalSeconds: 1
-      timeoutSeconds: 600
-      updatePeriodSeconds: 1
-    type: Rolling
-  template:
-    metadata:
-      name: "{{deploy_name}}"
-      labels:
-        logging-infra: "{{logging_component}}"
-        provider: openshift
-        component: "{{component}}"
-    spec:
-      serviceAccountName: aggregated-logging-mux
-{% if mux_node_selector is iterable and mux_node_selector | length > 0 %}
-      nodeSelector:
-{% for key, value in mux_node_selector.items() %}
-        {{key}}: "{{value}}"
-{% endfor %}
-{% endif %}
-      containers:
-      - name: "mux"
-        image: {{image}}
-        imagePullPolicy: IfNotPresent
-{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) or (mux_cpu_request is defined and mux_cpu_request is not none) %}
-        resources:
-{%   if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %}
-          limits:
-{%     if mux_cpu_limit is not none %}
-            cpu: "{{mux_cpu_limit}}"
-{%     endif %}
-{%     if mux_memory_limit is not none %}
-            memory: "{{mux_memory_limit}}"
-{%     endif %}
-{%   endif %}
-{%   if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_request is defined and mux_cpu_request is not none) %}
-          requests:
-{%     if mux_cpu_request is not none %}
-            cpu: "{{mux_cpu_request}}"
-{%     endif %}
-{%     if mux_memory_limit is not none %}
-            memory: "{{mux_memory_limit}}"
-{%     endif %}
-{%   endif %}
-{% endif %}
-        ports:
-        - containerPort: {{ openshift_logging_mux_port }}
-          name: mux-forward
-        volumeMounts:
-        - name: config
-          mountPath: /etc/fluent/configs.d/user
-          readOnly: true
-        - name: certs
-          mountPath: /etc/fluent/keys
-          readOnly: true
-        - name: dockerhostname
-          mountPath: /etc/docker-hostname
-          readOnly: true
-        - name: localtime
-          mountPath: /etc/localtime
-          readOnly: true
-        - name: muxcerts
-          mountPath: /etc/fluent/muxkeys
-          readOnly: true
-        - name: filebufferstorage
-          mountPath: /var/lib/fluentd
-        env:
-        - name: "K8S_HOST_URL"
-          value: "{{openshift_logging_mux_master_url}}"
-        - name: "ES_HOST"
-          value: "{{openshift_logging_mux_app_host}}"
-        - name: "ES_PORT"
-          value: "{{openshift_logging_mux_app_port}}"
-        - name: "ES_CLIENT_CERT"
-          value: "{{openshift_logging_mux_app_client_cert}}"
-        - name: "ES_CLIENT_KEY"
-          value: "{{openshift_logging_mux_app_client_key}}"
-        - name: "ES_CA"
-          value: "{{openshift_logging_mux_app_ca}}"
-        - name: "OPS_HOST"
-          value: "{{openshift_logging_mux_ops_host}}"
-        - name: "OPS_PORT"
-          value: "{{openshift_logging_mux_ops_port}}"
-        - name: "OPS_CLIENT_CERT"
-          value: "{{openshift_logging_mux_ops_client_cert}}"
-        - name: "OPS_CLIENT_KEY"
-          value: "{{openshift_logging_mux_ops_client_key}}"
-        - name: "OPS_CA"
-          value: "{{openshift_logging_mux_ops_ca}}"
-        - name: "JOURNAL_SOURCE"
-          value: "{{openshift_logging_mux_journal_source | default('')}}"
-        - name: "JOURNAL_READ_FROM_HEAD"
-          value: "{{openshift_logging_mux_journal_read_from_head|lower}}"
-        - name: FORWARD_LISTEN_HOST
-          value: "{{ openshift_logging_mux_hostname }}"
-        - name: FORWARD_LISTEN_PORT
-          value: "{{ openshift_logging_mux_port }}"
-        - name: USE_MUX
-          value: "true"
-        - name: "BUFFER_QUEUE_LIMIT"
-          value: "{{ openshift_logging_mux_buffer_queue_limit }}"
-        - name: "BUFFER_SIZE_LIMIT"
-          value: "{{ openshift_logging_mux_buffer_size_limit }}"
-        - name: "MUX_CPU_LIMIT"
-          valueFrom:
-            resourceFieldRef:
-              containerName: "mux"
-              resource: limits.cpu
-        - name: "MUX_MEMORY_LIMIT"
-          valueFrom:
-            resourceFieldRef:
-              containerName: "mux"
-              resource: limits.memory
-        - name: "FILE_BUFFER_LIMIT"
-          value: "{{ openshift_logging_mux_file_buffer_limit | default('2Gi') }}"
-
-{% if openshift_logging_mux_remote_syslog is defined and openshift_logging_mux_remote_syslog %}
-        - name: USE_REMOTE_SYSLOG
-          value: "true"
-{% endif %}
-
-{% if openshift_logging_mux_remote_syslog_host is defined %}
-        - name: REMOTE_SYSLOG_HOST
-          value: "{{ openshift_logging_mux_remote_syslog_host }}"
-{% endif %}
-
-{% if openshift_logging_mux_remote_syslog_port is defined %}
-        - name: REMOTE_SYSLOG_PORT
-          value: "{{ openshift_logging_mux_remote_syslog_port }}"
-{% endif %}
-
-{% if openshift_logging_mux_remote_syslog_severity is defined %}
-        - name: REMOTE_SYSLOG_SEVERITY
-          value: "{{ openshift_logging_mux_remote_syslog_severity }}"
-{% endif %}
-
-{% if openshift_logging_mux_remote_syslog_facility is defined %}
-        - name: REMOTE_SYSLOG_FACILITY
-          value: "{{ openshift_logging_mux_remote_syslog_facility }}"
-{% endif %}
-
-{% if openshift_logging_mux_remote_syslog_remove_tag_prefix is defined %}
-        - name: REMOTE_SYSLOG_REMOVE_TAG_PREFIX
-          value: "{{ openshift_logging_mux_remote_syslog_remove_tag_prefix }}"
-{% endif %}
-
-{% if openshift_logging_mux_remote_syslog_tag_key is defined %}
-        - name: REMOTE_SYSLOG_TAG_KEY
-          value: "{{ openshift_logging_mux_remote_syslog_tag_key }}"
-{% endif %}
-
-{% if openshift_logging_mux_remote_syslog_use_record is defined %}
-        - name: REMOTE_SYSLOG_USE_RECORD
-          value: "{{ openshift_logging_mux_remote_syslog_use_record }}"
-{% endif %}
-
-{% if openshift_logging_mux_remote_syslog_payload_key is defined %}
-        - name: REMOTE_SYSLOG_PAYLOAD_KEY
-          value: "{{ openshift_logging_mux_remote_syslog_payload_key }}"
-{% endif %}
-
-      volumes:
-      - name: config
-        configMap:
-          name: logging-mux
-      - name: certs
-        secret:
-          secretName: logging-fluentd
-      - name: dockerhostname
-        hostPath:
-          path: /etc/hostname
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
-      - name: muxcerts
-        secret:
-          secretName: logging-mux
-      - name: filebufferstorage
-{% if openshift_logging_mux_file_buffer_storage_type == 'pvc' %}
-        persistentVolumeClaim:
-          claimName: {{ openshift_logging_mux_file_buffer_pvc_name }}
-{% elif openshift_logging_mux_file_buffer_storage_type == 'hostmount' %}
-        hostPath:
-          path: "/var/log/fluentd"
-{% else %}
-        emptydir: {}
-{% endif %}