Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 717c36fde2
Branches Tags
okd
/
roles
/
openshift_logging
/
tasks
/
install_fluentd.yaml

install_fluentd.yaml 2.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 
  1. ---
    2. 

  2. - set_fact: fluentd_ops_host={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }}
    3. 

  3.   check_mode: no
    4. 

  4. 

  5. - set_fact: fluentd_ops_port={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }}
    6. 

  6.   check_mode: no
    7. 

  7. 

  8. - name: Generating Fluentd daemonset
    9. 

  9.   template: src=fluentd.j2 dest={{mktemp.stdout}}/templates/logging-fluentd.yaml
    10. 

  10.   vars:
    11. 

  11.     daemonset_name: logging-fluentd
    12. 

  12.     daemonset_component: fluentd
    13. 

  13.     daemonset_container_name: fluentd-elasticsearch
    14. 

  14.     daemonset_serviceAccount: aggregated-logging-fluentd
    15. 

  15.     ops_host: "{{ fluentd_ops_host }}"
    16. 

  16.     ops_port: "{{ fluentd_ops_port }}"
    17. 

  17.     fluentd_nodeselector_key: "{{openshift_logging_fluentd_nodeselector.keys()[0]}}"
    18. 

  18.     fluentd_nodeselector_value: "{{openshift_logging_fluentd_nodeselector.values()[0]}}"
    19. 

  19.   check_mode: no
    20. 

  20.   changed_when: no
    21. 

  21. 

  22. - name: "Check fluentd privileged permissions"
    23. 

  23.   command: >
    24. 

  24.     {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
    25. 

  25.     get scc/privileged -o jsonpath='{.users}'
    26. 

  26.   register: fluentd_privileged
    27. 

  27.   check_mode: no
    28. 

  28.   changed_when: no
    29. 

  29. 

  30. - name: "Set privileged permissions for fluentd"
    31. 

  31.   command: >
    32. 

  32.     {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
    33. 

  33.     add-scc-to-user privileged system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd
    34. 

  34.   register: fluentd_output
    35. 

  35.   failed_when: fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr
    36. 

  36.   check_mode: no
    37. 

  37.   when: fluentd_privileged.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1
    38. 

  38. 

  39. - name: "Check fluentd cluster-reader permissions"
    40. 

  40.   command: >
    41. 

  41.     {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
    42. 

  42.     get clusterrolebinding/cluster-readers -o jsonpath='{.userNames}'
    43. 

  43.   register: fluentd_cluster_reader
    44. 

  44.   check_mode: no
    45. 

  45.   changed_when: no
    46. 

  46. 

  47. - name: "Set cluster-reader permissions for fluentd"
    48. 

  48.   command: >
    49. 

  49.     {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
    50. 

  50.     add-cluster-role-to-user cluster-reader system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd
    51. 

  51.   register: fluentd2_output
    52. 

  52.   failed_when: fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr
    53. 

  53.   check_mode: no
    54. 

  54.   when: fluentd_cluster_reader.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1
    55.