Accueil Explorer Aide
S'inscrire Connexion
shixiong
/
okd
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 3abb43fe1c
Branches Tags
okd
/
roles
/
openshift_hosted_logging
/
tasks
/
deploy_logging.yaml

deploy_logging.yaml 5.9 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. ---
    2. 

  2.   - fail: msg="This role requires the following vars to be defined. openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, openshift_hosted_logging_elasticsearch_cluster_size"
    3. 

  3.     when: "openshift_hosted_logging_hostname is not defined or
    4. 

  4.           openshift_hosted_logging_elasticsearch_cluster_size is not defined or
    5. 

  5.           openshift_hosted_logging_master_public_url is not defined"
    6. 

  6. 

  7.   - name: Create temp directory for kubeconfig
    8. 

  8.     command: mktemp -d /tmp/openshift-ansible-XXXXXX
    9. 

  9.     register: mktemp
    10. 

  10.     changed_when: False
    11. 

  11. 

  12.   - name: Copy the admin client config(s)
    13. 

  13.     command: >
    14. 

  14.       cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
    15. 

  15.     changed_when: False
    16. 

  16. 

  17.   - name: Check for logging project already exists
    18. 

  18.     command: >
    19. 

  19.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging -o jsonpath='{.metadata.name}'
    20. 

  20.     register: logging_project_result
    21. 

  21.     ignore_errors: True
    22. 

  22. 

  23.   - name: "Create logging project"
    24. 

  24.     command: >
    25. 

  25.       {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging
    26. 

  26.     when: logging_project_result.stdout == ""
    27. 

  27. 

  28.   - name: "Changing projects"
    29. 

  29.     command: >
    30. 

  30.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging
    31. 

  31. 

  32.   - name: "Creating logging deployer secret"
    33. 

  33.     command: >
    34. 

  34.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }}
    35. 

  35.     register: secret_output
    36. 

  36.     failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr"
    37. 

  37. 

  38.   - name: "Copy serviceAccount file"
    39. 

  39.     copy:
    40. 

  40.       dest: /tmp/logging-deployer-sa.yaml
    41. 

  41.       src: "{{role_path}}/files/logging-deployer-sa.yaml"
    42. 

  42.       force: yes
    43. 

  43. 

  44.   - name: "Create logging-deployer service account"
    45. 

  45.     command: >
    46. 

  46.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f  /tmp/logging-deployer-sa.yaml
    47. 

  47.     register: deployer_output
    48. 

  48.     failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr"
    49. 

  49. 

  50.   - name: "Set permissions for logging-deployer service account"
    51. 

  51.     command: >
    52. 

  52.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer
    53. 

  53.     register: permiss_output
    54. 

  54.     failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr"
    55. 

  55. 

  56.   - name: "Set permissions for fluentd"
    57. 

  57.     command: >
    58. 

  58.       {{ openshift.common.admin_binary}} policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd
    59. 

  59.     register: fluentd_output
    60. 

  60.     failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr"
    61. 

  61. 

  62.   - name: "Set additional permissions for fluentd"
    63. 

  63.     command: >
    64. 

  64.       {{ openshift.common.admin_binary}} policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd
    65. 

  65.     register: fluentd2_output
    66. 

  66.     failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr"
    67. 

  67. 

  68.   - name: "Create deployer template"
    69. 

  69.     command: >
    70. 

  70.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml
    71. 

  71.     register: template_output
    72. 

  72.     failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr"
    73. 

  73. 

  74.   - name: "Process the deployer template"
    75. 

  75.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-template -v {{ oc_process_values }} |  {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -"
    76. 

  76.     register: process_deployer
    77. 

  77.     failed_when: process_deployer.rc == 1 and 'already exists' not in process_deployer.stderr
    78. 

  78. 

  79.   - name: "Wait for image pull and deployer pod"
    80. 

  80.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods | grep logging-deployer.*Completed"
    81. 

  81.     register: result
    82. 

  82.     until: result.rc == 0
    83. 

  83.     retries: 15
    84. 

  84.     delay: 10
    85. 

  85. 

  86.   - name: "Process support template"
    87. 

  87.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-support-template |  {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -"
    88. 

  88.     register: process_support
    89. 

  89.     failed_when: process_support.rc == 1 and 'already exists' not in process_support.stderr
    90. 

  90. 

  91.   - name: "Set insecured registry"
    92. 

  92.     command:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig annotate is --all  openshift.io/image.insecureRepository=true --overwrite"
    93. 

  93.     when: "target_registry is defined and insecure_registry == 'true'"
    94. 

  94. 

  95.   - name: "Wait for imagestreams to become available"
    96. 

  96.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get is | grep logging-fluentd"
    97. 

  97.     register: result
    98. 

  98.     until: result.rc == 0
    99. 

  99.     failed_when: result.rc == 1 and 'not found' not in result.stderr
    100. 

  100.     retries: 20
    101. 

  101.     delay: 10
    102. 

  102. 

  103.   - name: "Wait for replication controllers to become available"
    104. 

  104.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get rc | grep logging-fluentd-1"
    105. 

  105.     register: result
    106. 

  106.     until: result.rc == 0
    107. 

  107.     failed_when: result.rc == 1 and 'not found' not in result.stderr
    108. 

  108.     retries: 20
    109. 

  109.     delay: 10
    110. 

  110. 

  111. 

  112.   - name: "Scale fluentd deployment config"
    113. 

  113.     command: >
    114. 

  114.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }}
    115. 

  115. 

  116. 

  117.   - debug:
    118. 

  118.       msg: "Logging components deployed. Note persistant volume for elasticsearch must be setup manually"
    119. 

  119. 

  120.   - name: Delete temp directory
    121. 

  121.     file:
    122. 

  122.       name: "{{ mktemp.stdout }}"
    123. 

  123.       state: absent
    124. 

  124.     changed_when: False
    125.