bug 1537857. Additional logging proxy metrics fixes

roles/openshift_logging_elasticsearch/defaults/main.yml

@@ -42,7 +42,7 @@ openshift_logging_elasticsearch_kibana_index_mode: 'unique'
 
 openshift_logging_elasticsearch_proxy_cpu_request: "100m"
 openshift_logging_elasticsearch_proxy_memory_limit: "64Mi"
-openshift_logging_elasticsearch_prometheus_sa: "system:serviceaccount:{{openshift_prometheus_namespace | default('prometheus')}}:prometheus"
+openshift_logging_elasticsearch_prometheus_sa: "system:serviceaccount:{{openshift_prometheus_namespace | default('openshift-metrics')}}:prometheus"
 
 # this is used to determine if this is an operations deployment or a non-ops deployment
 # simply used for naming purposes

roles/openshift_logging_elasticsearch/tasks/main.yaml

@@ -441,7 +441,7 @@
     es_container_security_context: "{{ _es_containers.elasticsearch.securityContext if _es_containers is defined and 'elasticsearch' in _es_containers and 'securityContext' in _es_containers.elasticsearch else None }}"
     deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}"
     es_replicas: 1
-    basic_auth_passwd: "{{ ( _logging_metrics_proxy_passwd['content'] | b64decode | from_yaml )[openshift_logging_elasticsearch_prometheus_sa]['passwd'] }}"
+    basic_auth_passwd: "{{ ( _logging_metrics_proxy_passwd['content'] | b64decode | from_yaml )[openshift_logging_elasticsearch_prometheus_sa]['passwd'] | b64decode }}"
     es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}"
     es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas| default(0) }}"
 

roles/openshift_logging_elasticsearch/templates/2.x/es.j2

@@ -137,7 +137,7 @@ spec:
            - --upstream-ca=/etc/elasticsearch/secret/admin-ca
            - --https-address=:4443
            - -provider=openshift
-           - -client-id={{openshift_logging_elasticsearch_prometheus_sa}}
+           - -client-id=system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch
            - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
            - -cookie-secret={{ 16 | lib_utils_oo_random_word | b64encode }}
            - -basic-auth-password={{ basic_auth_passwd }}

roles/openshift_logging_elasticsearch/templates/5.x/es.j2

@@ -145,7 +145,7 @@ spec:
            - --upstream-ca=/etc/elasticsearch/secret/admin-ca
            - --https-address=:4443
            - -provider=openshift
-           - -client-id={{openshift_logging_elasticsearch_prometheus_sa}}
+           - -client-id=system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch
            - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
            - -cookie-secret={{ 16 | lib_utils_oo_random_word | b64encode }}
            - -upstream=https://localhost:9200