Pulling changes from master branch

roles/openshift_logging_elasticsearch/tasks/main.yaml

@@ -113,6 +113,8 @@
     dest: "{{ tempdir }}/elasticsearch.yml"
   vars:
     allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}"
+    es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}"
+    es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas | default(0) }}"
   when: es_config_contents is undefined
   changed_when: no
 

roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2

@@ -6,8 +6,8 @@ script:
   indexed: on
 
 index:
-  number_of_shards: 1
-  number_of_replicas: 0
+  number_of_shards: {{ es_number_of_shards | default ('1') }}
+  number_of_replicas: {{ es_number_of_replicas | default ('0') }}
   unassigned.node_left.delayed_timeout: 2m
   translog:
     flush_threshold_size: 256mb
@@ -28,11 +28,10 @@ cloud:
 discovery:
   type: kubernetes
   zen.ping.multicast.enabled: false
-  zen.minimum_master_nodes: {{es_min_masters}}
+  zen.minimum_master_nodes: ${NODE_QUORUM}
 
 gateway:
-  expected_master_nodes: ${NODE_QUORUM}
-  recover_after_nodes: ${RECOVER_AFTER_NODES}
+  recover_after_nodes: ${NODE_QUORUM}
   expected_nodes: ${RECOVER_EXPECTED_NODES}
   recover_after_time: ${RECOVER_AFTER_TIME}
 
@@ -49,7 +48,7 @@ openshift.searchguard:
   keystore.path: /etc/elasticsearch/secret/admin.jks
   truststore.path: /etc/elasticsearch/secret/searchguard.truststore
 
-openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default ('false')}}
+openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default (false)}}
 
 path:
   data: /elasticsearch/persistent/${CLUSTER_NAME}/data

roles/openshift_logging_elasticsearch/templates/es.j2

@@ -78,9 +78,6 @@ spec:
               name: "NODE_QUORUM"
               value: "{{es_node_quorum | int}}"
             -
-              name: "RECOVER_AFTER_NODES"
-              value: "{{es_recover_after_nodes}}"
-            -
               name: "RECOVER_EXPECTED_NODES"
               value: "{{es_recover_expected_nodes}}"
             -
@@ -103,6 +100,13 @@ spec:
               readOnly: true
             - name: elasticsearch-storage
               mountPath: /elasticsearch/persistent
+          readinessProbe:
+            exec:
+              command:
+              - "/usr/share/elasticsearch/probe/readiness.sh"
+            initialDelaySeconds: 5
+            timeoutSeconds: 4
+            periodSeconds: 5
       volumes:
         - name: elasticsearch
           secret:

roles/openshift_logging_fluentd/defaults/main.yml

@@ -28,7 +28,7 @@ openshift_logging_fluentd_ops_host: "{{ openshift_logging_fluentd_app_host }}"
 openshift_logging_fluentd_ops_port: "{{ openshift_logging_fluentd_app_port }}"
 
 ### Used by "hosted" and "secure-aggregator" deployments
-openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal | default('') }}"
+#openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal }}"
 openshift_logging_fluentd_journal_source: "{{ openshift_hosted_logging_journal_source | default('') }}"
 openshift_logging_fluentd_journal_read_from_head: "{{ openshift_hosted_logging_journal_read_from_head | default('') }}"
 

roles/openshift_logging_fluentd/tasks/main.yaml

@@ -17,6 +17,18 @@
 
 - include: determine_version.yaml
 
+- set_fact:
+    openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal }}"
+  when:
+  - openshift_hosted_logging_use_journal is defined
+  - openshift_logging_fluentd_use_journal is not defined
+
+- set_fact:
+    openshift_logging_fluentd_use_journal: "{{ __fluentd_use_journal }}"
+  when:
+  - openshift_hosted_logging_use_journal is not defined
+  - openshift_logging_fluentd_use_journal is not defined
+
 # allow passing in a tempdir
 - name: Create temp directory for doing work in
   command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX

roles/openshift_logging_fluentd/templates/fluentd.j2

@@ -59,6 +59,9 @@ spec:
         - name: dockercfg
           mountPath: /etc/sysconfig/docker
           readOnly: true
+        - name: dockerdaemoncfg
+          mountPath: /etc/docker
+          readOnly: true
         env:
         - name: "K8S_HOST_URL"
           value: "{{ openshift_logging_fluentd_master_url }}"
@@ -115,3 +118,6 @@ spec:
       - name: dockercfg
         hostPath:
           path: /etc/sysconfig/docker
+      - name: dockerdaemoncfg
+        hostPath:
+          path: /etc/docker

roles/openshift_logging_fluentd/vars/main.yml

@@ -2,3 +2,4 @@
 __latest_fluentd_version: "3_5"
 __allowed_fluentd_versions: ["3_5", "3_6"]
 __allowed_fluentd_types: ["hosted", "secure-aggregator", "secure-host"]
+__fluentd_use_journal: "{{ (docker_log_driver == 'journald') | ternary(True, False) if docker_log_driver is defined else (openshift.docker.log_driver == 'journald') | ternary(True, False) if openshift.docker.log_driver is defined else openshift.docker.options | search('--log-driver=journald') if openshift.docker.options is defined else default(omit) }}"

roles/openshift_logging_kibana/defaults/main.yml

@@ -9,7 +9,7 @@ openshift_logging_kibana_namespace: logging
 
 openshift_logging_kibana_nodeselector: ""
 openshift_logging_kibana_cpu_limit: null
-openshift_logging_kibana_memory_limit: null
+openshift_logging_kibana_memory_limit: 736Mi
 
 openshift_logging_kibana_hostname: "kibana.router.default.svc.cluster.local"
 
@@ -26,7 +26,7 @@ openshift_logging_kibana_ops_deployment: false
 # Proxy settings
 openshift_logging_kibana_proxy_debug: false
 openshift_logging_kibana_proxy_cpu_limit: null
-openshift_logging_kibana_proxy_memory_limit: null
+openshift_logging_kibana_proxy_memory_limit: 96Mi
 
 #The absolute path on the control node to the cert file to use
 #for the public facing kibana certs

roles/openshift_logging_kibana/templates/kibana.j2

@@ -53,6 +53,12 @@ spec:
               value: "{{ es_host }}"
             - name: "ES_PORT"
               value: "{{ es_port }}"
+            -
+              name: "KIBANA_MEMORY_LIMIT"
+              valueFrom:
+                resourceFieldRef:
+                  containerName: kibana
+                  resource: limits.memory
           volumeMounts:
             - name: kibana
               mountPath: /etc/kibana/keys
@@ -103,6 +109,27 @@ spec:
             -
              name: "OAP_DEBUG"
              value: "{{ openshift_logging_kibana_proxy_debug }}"
+            -
+             name: "OAP_OAUTH_SECRET_FILE"
+             value: "/secret/oauth-secret"
+            -
+             name: "OAP_SERVER_CERT_FILE"
+             value: "/secret/server-cert"
+            -
+             name: "OAP_SERVER_KEY_FILE"
+             value: "/secret/server-key"
+            -
+             name: "OAP_SERVER_TLS_FILE"
+             value: "/secret/server-tls.json"
+            -
+             name: "OAP_SESSION_SECRET_FILE"
+             value: "/secret/session-secret"
+            -
+             name: "OCP_AUTH_PROXY_MEMORY_LIMIT"
+             valueFrom:
+               resourceFieldRef:
+                 containerName: kibana-proxy
+                 resource: limits.memory
           volumeMounts:
             - name: kibana-proxy
               mountPath: /secret