Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Bug 1496271 - Perserve SCC for ES local persistent storage

ES can be modified to use node local persistent storage. This requires
changing SCC and is described in docs:

https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html

During an upgrade, SCC defined by the user is ignored. This fix fetches
SCC user defined as a fact and adds it to the ES DC which is later used.
Jeff Cantrill 7 years ago
parent
ec7d1b04ef
commit
f4c7d5e064
5 changed files with 10 additions and 6 deletions
Split View Show Diff Stats
  1. 2 2
      roles/openshift_logging/defaults/main.yml
  2. 2 4
      roles/openshift_logging/library/openshift_logging_facts.py
  3. 2 0
      roles/openshift_logging/tasks/install_logging.yaml
  4. 1 0
      roles/openshift_logging_elasticsearch/tasks/main.yaml
  5. 3 0
      roles/openshift_logging_elasticsearch/templates/es.j2

+ 2 - 2
roles/openshift_logging/defaults/main.yml
View File 

@@ -95,7 +95,7 @@ openshift_logging_es_pvc_dynamic: "{{ openshift_logging_elasticsearch_pvc_dynami
 
 openshift_logging_es_pvc_size: "{{ openshift_logging_elasticsearch_pvc_size | default('') }}"
 
 openshift_logging_es_pvc_prefix: "{{ openshift_logging_elasticsearch_pvc_prefix | default('logging-es') }}"
 
 openshift_logging_es_recover_after_time: 5m
 
-openshift_logging_es_storage_group: "{{ openshift_logging_elasticsearch_storage_group | default('65534') }}"
 
+openshift_logging_es_storage_group: "65534"
 
 openshift_logging_es_nodeselector: {}
 
 # openshift_logging_es_config is a hash to be merged into the defaults for the elasticsearch.yaml
 
 openshift_logging_es_config: {}
 
@@ -134,7 +134,7 @@ openshift_logging_es_ops_pvc_dynamic: "{{ openshift_logging_elasticsearch_ops_pv
 
 openshift_logging_es_ops_pvc_size: "{{ openshift_logging_elasticsearch_ops_pvc_size | default('') }}"
 
 openshift_logging_es_ops_pvc_prefix: "{{ openshift_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}"
 
 openshift_logging_es_ops_recover_after_time: 5m
 
-openshift_logging_es_ops_storage_group: "{{ openshift_logging_elasticsearch_storage_group | default('65534') }}"
 
+openshift_logging_es_ops_storage_group: "65534"
 
 openshift_logging_es_ops_nodeselector: {}
 
 
 # for exposing es-ops to external (outside of the cluster) clients

+ 2 - 4
roles/openshift_logging/library/openshift_logging_facts.py
View File 

@@ -182,16 +182,14 @@ class OpenshiftLoggingFacts(OCBaseCommand):
 
                     facts["nodeSelector"] = spec["nodeSelector"]
 
                 if "supplementalGroups" in spec["securityContext"]:
 
                     facts["storageGroups"] = spec["securityContext"]["supplementalGroups"]
 
+                facts["spec"] = spec
 
                 if "volumes" in spec:
 
                     for vol in spec["volumes"]:
 
                         clone = copy.deepcopy(vol)
 
                         clone.pop("name", None)
 
                         facts["volumes"][vol["name"]] = clone
 
                 for container in spec["containers"]:
 
-                    facts["containers"][container["name"]] = dict(
 
-                        image=container["image"],
 
-                        resources=container["resources"],
 
-                    )
 
+                    facts["containers"][container["name"]] = container
 
                 self.add_facts_for(comp, "deploymentconfigs", name, facts)
 
 
     def facts_for_services(self, namespace):

+ 2 - 0
roles/openshift_logging/tasks/install_logging.yaml
View File 

@@ -79,6 +79,7 @@
 
     openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}"
 
     openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector if item.0.nodeSelector | default(None) is none else item.0.nodeSelector }}"
 
     openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_storage_group] if item.0.storageGroups | default([]) | length == 0 else item.0.storageGroups }}"
 
+    _es_containers: "{{item.0.containers}}"
 
 
   with_together:
 
   - "{{ openshift_logging_facts.elasticsearch.deploymentconfigs.values() }}"
 
@@ -144,6 +145,7 @@
 
     openshift_logging_es_hostname: "{{ openshift_logging_es_ops_hostname }}"
 
     openshift_logging_es_edge_term_policy: "{{ openshift_logging_es_ops_edge_term_policy | default('') }}"
 
     openshift_logging_es_allow_external: "{{ openshift_logging_es_ops_allow_external }}"
 
+    _es_containers: "{{item.0.containers}}"
 
 
   with_together:
 
   - "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.values() }}"

+ 1 - 0
roles/openshift_logging_elasticsearch/tasks/main.yaml
View File 

@@ -282,6 +282,7 @@
 
     es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}"
 
     es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}"
 
     es_storage_groups: "{{ openshift_logging_elasticsearch_storage_group | default([]) }}"
 
+    es_container_security_context: "{{ _es_containers.elasticsearch.securityContext if _es_containers is defined and 'elasticsearch' in _es_containers and 'securityContext' in _es_containers.elasticsearch else None }}"
 
     deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}"
 
     es_replicas: 1

+ 3 - 0
roles/openshift_logging_elasticsearch/templates/es.j2
View File 

@@ -51,6 +51,9 @@ spec:
 
 {% endif %}
 
             requests:
 
               memory: "{{es_memory_limit}}"
 
+{% if es_container_security_context %}
 
+          securityContext: {{ es_container_security_context | to_yaml }} 
+{% endif %}
 
           ports:
 
             -
 
               containerPort: 9200