shixiong
/
okd


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
							---
- set_fact: mux_ops_host={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }}
  check_mode: no

- set_fact: mux_ops_port={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }}
  check_mode: no

- name: Check mux current replica count
  command: >
    {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-mux
    -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}}
  register: mux_replica_count
  when: not ansible_check_mode
  ignore_errors: yes
  changed_when: no

- name: Generating mux deploymentconfig
  template: src=mux.j2 dest={{mktemp.stdout}}/templates/logging-mux-dc.yaml
  vars:
    component: mux
    logging_component: mux
    deploy_name: "logging-{{component}}"
    image: "{{openshift_logging_image_prefix}}logging-fluentd:{{openshift_logging_image_version}}"
    es_host: logging-es
    es_port: "{{openshift_logging_es_port}}"
    ops_host: "{{ mux_ops_host }}"
    ops_port: "{{ mux_ops_port }}"
    mux_cpu_limit: "{{openshift_logging_mux_cpu_limit}}"
    mux_memory_limit: "{{openshift_logging_mux_memory_limit}}"
    replicas: "{{mux_replica_count.stdout | default (0)}}"
    mux_node_selector: "{{openshift_logging_mux_nodeselector | default({})}}"
  check_mode: no
  changed_when: no

- name: "Check mux hostmount-anyuid permissions"
  command: >
    {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
    get scc/hostmount-anyuid -o jsonpath='{.users}'
  register: mux_hostmount_anyuid
  check_mode: no
  changed_when: no

- name: "Set hostmount-anyuid permissions for mux"
  command: >
    {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
    add-scc-to-user hostmount-anyuid system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd
  register: mux_output
  failed_when: mux_output.rc == 1 and 'exists' not in mux_output.stderr
  check_mode: no
  when: mux_hostmount_anyuid.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1

- name: "Check mux cluster-reader permissions"
  command: >
    {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
    get clusterrolebinding/cluster-readers -o jsonpath='{.userNames}'
  register: mux_cluster_reader
  check_mode: no
  changed_when: no

- name: "Set cluster-reader permissions for mux"
  command: >
    {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
    add-cluster-role-to-user cluster-reader system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd
  register: mux2_output
  failed_when: mux2_output.rc == 1 and 'exists' not in mux2_output.stderr
  check_mode: no
  when: mux_cluster_reader.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1