Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
shixiong
/
okd
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 205d03455c
Ramos Etiquetas
okd
/
roles
/
openshift_logging_kibana
/
tasks
/
main.yaml

main.yaml 8.6 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257 
  1. ---
    2. 

  2. # fail is we don't have an endpoint for ES to connect to?
    3. 

  3. 

  4. - include: determine_version.yaml
    5. 

  5. 

  6. # allow passing in a tempdir
    7. 

  7. - name: Create temp directory for doing work in
    8. 

  8.   command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
    9. 

  9.   register: mktemp
    10. 

  10.   changed_when: False
    11. 

  11. 

  12. - set_fact:
    13. 

  13.     tempdir: "{{ mktemp.stdout }}"
    14. 

  14. 

  15. # This may not be necessary in this role
    16. 

  16. - name: Create templates subdirectory
    17. 

  17.   file:
    18. 

  18.     state: directory
    19. 

  19.     path: "{{ tempdir }}/templates"
    20. 

  20.     mode: 0755
    21. 

  21.   changed_when: False
    22. 

  22. 

  23. # we want to make sure we have all the necessary components here
    24. 

  24. 

  25. # create service account
    26. 

  26. - name: Create Kibana service account
    27. 

  27.   oc_serviceaccount:
    28. 

  28.     state: present
    29. 

  29.     name: "aggregated-logging-kibana"
    30. 

  30.     namespace: "{{ openshift_logging_namespace }}"
    31. 

  31.     image_pull_secrets: "{{ openshift_logging_image_pull_secret }}"
    32. 

  32.   when: openshift_logging_image_pull_secret != ''
    33. 

  33. 

  34. - name: Create Kibana service account
    35. 

  35.   oc_serviceaccount:
    36. 

  36.     state: present
    37. 

  37.     name: "aggregated-logging-kibana"
    38. 

  38.     namespace: "{{ openshift_logging_namespace }}"
    39. 

  39.   when:
    40. 

  40.   - openshift_logging_image_pull_secret == ''
    41. 

  41. 

  42. - set_fact:
    43. 

  43.     kibana_name: "{{ 'logging-kibana' ~ ( (openshift_logging_kibana_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}"
    44. 

  44.     kibana_component: "{{ 'kibana' ~ ( (openshift_logging_kibana_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}"
    45. 

  45. 

  46. # Check {{ generated_certs_dir }} for session_secret and oauth_secret
    47. 

  47. - name: Checking for session_secret
    48. 

  48.   stat: path="{{generated_certs_dir}}/session_secret"
    49. 

  49.   register: session_secret_file
    50. 

  50. 

  51. - name: Checking for oauth_secret
    52. 

  52.   stat: path="{{generated_certs_dir}}/oauth_secret"
    53. 

  53.   register: oauth_secret_file
    54. 

  54. 

  55. # gen session_secret if necessary
    56. 

  56. - name: Generate session secret
    57. 

  57.   copy:
    58. 

  58.     content: "{{ 200 | oo_random_word }}"
    59. 

  59.     dest: "{{ generated_certs_dir }}/session_secret"
    60. 

  60.   when:
    61. 

  61.   - not session_secret_file.stat.exists
    62. 

  62. 

  63. # gen oauth_secret if necessary
    64. 

  64. - name: Generate oauth secret
    65. 

  65.   copy:
    66. 

  66.     content: "{{ 64 | oo_random_word }}"
    67. 

  67.     dest: "{{ generated_certs_dir }}/oauth_secret"
    68. 

  68.   when:
    69. 

  69.   - not oauth_secret_file.stat.exists
    70. 

  70. 

  71. - name: Retrieving the cert to use when generating secrets for the logging components
    72. 

  72.   slurp:
    73. 

  73.     src: "{{ generated_certs_dir }}/{{ item.file }}"
    74. 

  74.   register: key_pairs
    75. 

  75.   with_items:
    76. 

  76.   - { name: "ca_file", file: "ca.crt" }
    77. 

  77.   - { name: "kibana_internal_key", file: "kibana-internal.key"}
    78. 

  78.   - { name: "kibana_internal_cert", file: "kibana-internal.crt"}
    79. 

  79.   - { name: "server_tls", file: "server-tls.json"}
    80. 

  80.   - { name: "session_secret", file: "session_secret" }
    81. 

  81.   - { name: "oauth_secret", file: "oauth_secret" }
    82. 

  82. 

  83. # services
    84. 

  84. - name: Set {{ kibana_name }} service
    85. 

  85.   oc_service:
    86. 

  86.     state: present
    87. 

  87.     name: "{{ kibana_name }}"
    88. 

  88.     namespace: "{{ openshift_logging_kibana_namespace }}"
    89. 

  89.     selector:
    90. 

  90.       component: "{{ kibana_component }}"
    91. 

  91.       provider: openshift
    92. 

  92.     labels:
    93. 

  93.       logging-infra: 'support'
    94. 

  94.     ports:
    95. 

  95.     - port: 443
    96. 

  96.       targetPort: "oaproxy"
    97. 

  97. 

  98. # create routes
    99. 

  99. # TODO: set up these certs differently?
    100. 

  100. - set_fact:
    101. 

  101.     kibana_key: "{{ lookup('file', openshift_logging_kibana_key) | b64encode }}"
    102. 

  102.   when: openshift_logging_kibana_key | trim | length > 0
    103. 

  103.   changed_when: false
    104. 

  104. 

  105. - set_fact:
    106. 

  106.     kibana_cert: "{{ lookup('file', openshift_logging_kibana_cert) | b64encode }}"
    107. 

  107.   when: openshift_logging_kibana_cert | trim | length > 0
    108. 

  108.   changed_when: false
    109. 

  109. 

  110. - set_fact:
    111. 

  111.     kibana_ca: "{{ lookup('file', openshift_logging_kibana_ca) | b64encode }}"
    112. 

  112.   when: openshift_logging_kibana_ca | trim | length > 0
    113. 

  113.   changed_when: false
    114. 

  114. 

  115. - set_fact:
    116. 

  116.     kibana_ca: "{{ key_pairs | entry_from_named_pair('ca_file') }}"
    117. 

  117.   when: kibana_ca is not defined
    118. 

  118.   changed_when: false
    119. 

  119. 

  120. - name: Generating Kibana route template
    121. 

  121.   template:
    122. 

  122.     src: route_reencrypt.j2
    123. 

  123.     dest: "{{ tempdir }}/templates/kibana-route.yaml"
    124. 

  124.   vars:
    125. 

  125.     obj_name: "{{ kibana_name }}"
    126. 

  126.     route_host: "{{ openshift_logging_kibana_hostname }}"
    127. 

  127.     service_name: "{{ kibana_name }}"
    128. 

  128.     tls_key: "{{ kibana_key | default('') | b64decode }}"
    129. 

  129.     tls_cert: "{{ kibana_cert | default('') | b64decode }}"
    130. 

  130.     tls_ca_cert: "{{ kibana_ca | b64decode }}"
    131. 

  131.     tls_dest_ca_cert: "{{ key_pairs | entry_from_named_pair('ca_file') | b64decode }}"
    132. 

  132.     edge_term_policy: "{{ openshift_logging_kibana_edge_term_policy | default('') }}"
    133. 

  133.     labels:
    134. 

  134.       component: support
    135. 

  135.       logging-infra: support
    136. 

  136.       provider: openshift
    137. 

  137.   changed_when: no
    138. 

  138. 

  139. # This currently has an issue if the host name changes
    140. 

  140. - name: Setting Kibana route
    141. 

  141.   oc_obj:
    142. 

  142.     state: present
    143. 

  143.     name: "{{ kibana_name }}"
    144. 

  144.     namespace: "{{ openshift_logging_namespace }}"
    145. 

  145.     kind: route
    146. 

  146.     files:
    147. 

  147.     - "{{ tempdir }}/templates/kibana-route.yaml"
    148. 

  148. 

  149. # preserve list of current hostnames
    150. 

  150. - name: Get current oauthclient hostnames
    151. 

  151.   oc_obj:
    152. 

  152.     state: list
    153. 

  153.     name: kibana-proxy
    154. 

  154.     namespace: "{{ openshift_logging_namespace }}"
    155. 

  155.     kind: oauthclient
    156. 

  156.   register: oauth_client_list
    157. 

  157. 

  158. - set_fact: proxy_hostnames={{ oauth_client_list.results.results[0].redirectURIs | default ([]) + ['https://' ~ openshift_logging_kibana_hostname] }}
    159. 

  159. 

  160. # create oauth client
    161. 

  161. - name: Create oauth-client template
    162. 

  162.   template:
    163. 

  163.     src: oauth-client.j2
    164. 

  164.     dest: "{{ tempdir }}/templates/oauth-client.yml"
    165. 

  165.   vars:
    166. 

  166.     kibana_hostnames: "{{ proxy_hostnames | unique }}"
    167. 

  167.     secret: "{{ key_pairs | entry_from_named_pair('oauth_secret') | b64decode }}"
    168. 

  168. 

  169. - name: Set kibana-proxy oauth-client
    170. 

  170.   oc_obj:
    171. 

  171.     state: present
    172. 

  172.     name: "kibana-proxy"
    173. 

  173.     namespace: "{{ openshift_logging_namespace }}"
    174. 

  174.     kind: oauthclient
    175. 

  175.     files:
    176. 

  176.     - "{{ tempdir }}/templates/oauth-client.yml"
    177. 

  177.     delete_after: true
    178. 

  178. 

  179. # create Kibana secret
    180. 

  180. - name: Set Kibana secret
    181. 

  181.   oc_secret:
    182. 

  182.     state: present
    183. 

  183.     name: "logging-kibana"
    184. 

  184.     namespace: "{{ openshift_logging_namespace }}"
    185. 

  185.     files:
    186. 

  186.     - name: ca
    187. 

  187.       path: "{{ generated_certs_dir }}/ca.crt"
    188. 

  188.     - name: key
    189. 

  189.       path: "{{ generated_certs_dir }}/system.logging.kibana.key"
    190. 

  190.     - name: cert
    191. 

  191.       path: "{{ generated_certs_dir }}/system.logging.kibana.crt"
    192. 

  192. 

  193. # create Kibana-proxy secret
    194. 

  194. - name: Set Kibana Proxy secret
    195. 

  195.   oc_secret:
    196. 

  196.     state: present
    197. 

  197.     name: "logging-kibana-proxy"
    198. 

  198.     namespace: "{{ openshift_logging_namespace }}"
    199. 

  199.     # TODO: when possible to have both files and contents for oc_secret use this
    200. 

  200.     #files:
    201. 

  201.     #- name: server-key
    202. 

  202.     #  path: "{{ generated_certs_dir }}/kibana-internal.key"
    203. 

  203.     #- name: server-cert
    204. 

  204.     #  path: "{{ generated_certs_dir }}/kibana-internal.crt"
    205. 

  205.     #- name: server-tls.json
    206. 

  206.     #  path: "{{ generated_certs_dir }}/server-tls.json"
    207. 

  207.     contents:
    208. 

  208.     - path: oauth-secret
    209. 

  209.       data: "{{ key_pairs | entry_from_named_pair('oauth_secret') | b64decode }}"
    210. 

  210.     - path: session-secret
    211. 

  211.       data: "{{ key_pairs | entry_from_named_pair('session_secret') | b64decode }}"
    212. 

  212.     - path: server-key
    213. 

  213.       data: "{{ key_pairs | entry_from_named_pair('kibana_internal_key') | b64decode }}"
    214. 

  214.     - path: server-cert
    215. 

  215.       data: "{{ key_pairs | entry_from_named_pair('kibana_internal_cert') | b64decode }}"
    216. 

  216.     - path: server-tls.json
    217. 

  217.       data: "{{ key_pairs | entry_from_named_pair('server_tls') | b64decode }}"
    218. 

  218. 

  219. # create Kibana DC
    220. 

  220. - name: Generate Kibana DC template
    221. 

  221.   template:
    222. 

  222.     src: kibana.j2
    223. 

  223.     dest: "{{ tempdir }}/templates/kibana-dc.yaml"
    224. 

  224.   vars:
    225. 

  225.     component: "{{ kibana_component }}"
    226. 

  226.     logging_component: kibana
    227. 

  227.     deploy_name: "{{ kibana_name }}"
    228. 

  228.     image: "{{ openshift_logging_kibana_image_prefix }}logging-kibana:{{ openshift_logging_kibana_image_version }}"
    229. 

  229.     proxy_image: "{{ openshift_logging_kibana_proxy_image_prefix }}logging-auth-proxy:{{ openshift_logging_kibana_proxy_image_version }}"
    230. 

  230.     es_host: "{{ openshift_logging_kibana_es_host }}"
    231. 

  231.     es_port: "{{ openshift_logging_kibana_es_port }}"
    232. 

  232.     kibana_cpu_limit: "{{ openshift_logging_kibana_cpu_limit }}"
    233. 

  233.     kibana_cpu_request: "{{ openshift_logging_kibana_cpu_request | min_cpu(openshift_logging_kibana_cpu_limit | default(none)) }}"
    234. 

  234.     kibana_memory_limit: "{{ openshift_logging_kibana_memory_limit }}"
    235. 

  235.     kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_proxy_cpu_limit }}"
    236. 

  236.     kibana_proxy_cpu_request: "{{ openshift_logging_kibana_proxy_cpu_request | min_cpu(openshift_logging_kibana_proxy_cpu_limit | default(none)) }}"
    237. 

  237.     kibana_proxy_memory_limit: "{{ openshift_logging_kibana_proxy_memory_limit }}"
    238. 

  238.     kibana_replicas: "{{ openshift_logging_kibana_replicas | default (1) }}"
    239. 

  239.     kibana_node_selector: "{{ openshift_logging_kibana_nodeselector | default({}) }}"
    240. 

  240. 

  241. - name: Set Kibana DC
    242. 

  242.   oc_obj:
    243. 

  243.     state: present
    244. 

  244.     name: "{{ kibana_name }}"
    245. 

  245.     namespace: "{{ openshift_logging_namespace }}"
    246. 

  246.     kind: dc
    247. 

  247.     files:
    248. 

  248.     - "{{ tempdir }}/templates/kibana-dc.yaml"
    249. 

  249.     delete_after: true
    250. 

  250. 

  251. # update master configs?
    252. 

  252. 

  253. - name: Delete temp directory
    254. 

  254.   file:
    255. 

  255.     name: "{{ tempdir }}"
    256. 

  256.     state: absent
    257. 

  257.   changed_when: False
    258.