Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
shixiong
/
okd
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Tree: 9293059f5d
Branches Tags
okd
/
roles
/
openshift_hosted_logging
/
tasks
/
deploy_logging.yaml

deploy_logging.yaml 7.9 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 
  1. ---
    2. 

  2.   - debug: msg="WARNING target_registry is deprecated, use openshift_hosted_logging_image_prefix instead"
    3. 

  3.     when: target_registry is defined and target_registry
    4. 

  4. 

  5.   - fail: msg="This role requires the following vars to be defined. openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, openshift_hosted_logging_elasticsearch_cluster_size"
    6. 

  6.     when: "openshift_hosted_logging_hostname is not defined or
    7. 

  7.           openshift_hosted_logging_elasticsearch_cluster_size is not defined or
    8. 

  8.           openshift_hosted_logging_master_public_url is not defined"
    9. 

  9. 

  10.   - name: Create temp directory for kubeconfig
    11. 

  11.     command: mktemp -d /tmp/openshift-ansible-XXXXXX
    12. 

  12.     register: mktemp
    13. 

  13.     changed_when: False
    14. 

  14. 

  15.   - name: Copy the admin client config(s)
    16. 

  16.     command: >
    17. 

  17.       cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
    18. 

  18.     changed_when: False
    19. 

  19. 

  20.   - name: "Check for logging project already exists"
    21. 

  21.     command: >
    22. 

  22.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging -o jsonpath='{.metadata.name}'
    23. 

  23.     register: logging_project_result
    24. 

  24.     ignore_errors: True
    25. 

  25. 

  26.   - name: "Create logging project"
    27. 

  27.     command: >
    28. 

  28.       {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging
    29. 

  29.     when: logging_project_result.stdout == ""
    30. 

  30. 

  31.   - name: "Changing projects"
    32. 

  32.     command: >
    33. 

  33.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging
    34. 

  34. 

  35.   - name: "Creating logging deployer secret"
    36. 

  36.     command: >
    37. 

  37.       {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }}
    38. 

  38.     register: secret_output
    39. 

  39.     failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr"
    40. 

  40. 

  41.   - name: "Create templates for logging accounts and the deployer"
    42. 

  42.     command: >
    43. 

  43.       {{ openshift.common.client_binary }} create
    44. 

  44.       -f {{ hosted_base }}/logging-deployer.yaml
    45. 

  45.       --config={{ mktemp.stdout }}/admin.kubeconfig
    46. 

  46.       -n logging
    47. 

  47.     register: logging_import_template
    48. 

  48.     failed_when: "'already exists' not in logging_import_template.stderr and logging_import_template.rc != 0"
    49. 

  49.     changed_when: "'created' in logging_import_template.stdout"
    50. 

  50. 

  51.   - name: "Process the logging accounts template"
    52. 

  52.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-account-template |  {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -"
    53. 

  53.     register: process_deployer_accounts
    54. 

  54.     failed_when: process_deployer_accounts.rc == 1 and 'already exists' not in process_deployer_accounts.stderr
    55. 

  55. 

  56.   - name: "Set permissions for logging-deployer service account"
    57. 

  57.     command: >
    58. 

  58.       {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig policy add-cluster-role-to-user oauth-editor system:serviceaccount:logging:logging-deployer
    59. 

  59.     register: permiss_output
    60. 

  60.     failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr"
    61. 

  61. 

  62.   - name: "Set permissions for fluentd"
    63. 

  63.     command: >
    64. 

  64.       {{ openshift.common.client_binary }} adm policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd
    65. 

  65.     register: fluentd_output
    66. 

  66.     failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr"
    67. 

  67. 

  68.   - name: "Set additional permissions for fluentd"
    69. 

  69.     command: >
    70. 

  70.       {{ openshift.common.client_binary }} adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd
    71. 

  71.     register: fluentd2_output
    72. 

  72.     failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr"
    73. 

  73. 

  74.   - name: "Create ConfigMap for deployer parameters"
    75. 

  75.     command: >
    76. 

  76.       {{ openshift.common.client_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-deployer {{ deployer_cmap_params }}
    77. 

  77.     register: deployer_configmap_output
    78. 

  78.     failed_when: "deployer_configmap_output.rc == 1 and 'exists' not in deployer_configmap_output.stderr"
    79. 

  79. 

  80.   - name: "Process the deployer template"
    81. 

  81.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-deployer-template {{ oc_new_app_values }}"
    82. 

  82.     register: process_deployer
    83. 

  83.     failed_when: process_deployer.rc == 1 and 'already exists' not in process_deployer.stderr
    84. 

  84. 

  85.   - name: "Wait for image pull and deployer pod"
    86. 

  86.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods | grep logging-deployer.*Completed"
    87. 

  87.     register: result
    88. 

  88.     until: result.rc == 0
    89. 

  89.     retries: 20
    90. 

  90.     delay: 15
    91. 

  91. 

  92.   - name: "Process imagestream template"
    93. 

  93.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-imagestream-template {{ oc_new_app_values }}"
    94. 

  94.     when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry
    95. 

  95.     register: process_is
    96. 

  96.     failed_when: process_is.rc == 1 and 'already exists' not in process_is.stderr
    97. 

  97. 

  98.   - name: "Set insecured registry"
    99. 

  99.     command:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig annotate is --all  openshift.io/image.insecureRepository=true --overwrite"
    100. 

  100.     when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry
    101. 

  101. 

  102.   - name: "Wait for imagestreams to become available"
    103. 

  103.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get is | grep logging-fluentd"
    104. 

  104.     when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry
    105. 

  105.     register: result
    106. 

  106.     until: result.rc == 0
    107. 

  107.     failed_when: result.rc == 1 and 'not found' not in result.stderr
    108. 

  108.     retries: 20
    109. 

  109.     delay: 5
    110. 

  110. 

  111.   - name: "Wait for component pods to be running"
    112. 

  112.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running"
    113. 

  113.     with_items:
    114. 

  114.       - es
    115. 

  115.       - kibana
    116. 

  116.       - curator
    117. 

  117.     register: result
    118. 

  118.     until: result.rc == 0
    119. 

  119.     failed_when: result.rc == 1 or 'Error' in result.stderr
    120. 

  120.     retries: 20
    121. 

  121.     delay: 15
    122. 

  122. 

  123.   - name: "Wait for ops component pods to be running"
    124. 

  124.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running"
    125. 

  125.     with_items:
    126. 

  126.       - es-ops
    127. 

  127.       - kibana-ops
    128. 

  128.       - curator-ops
    129. 

  129.     when: openshift_hosted_logging_enable_ops_cluster is defined and openshift_hosted_logging_enable_ops_cluster
    130. 

  130.     register: result
    131. 

  131.     until: result.rc == 0
    132. 

  132.     failed_when: result.rc == 1 or 'Error' in result.stderr
    133. 

  133.     retries: 20
    134. 

  134.     delay: 15
    135. 

  135. 

  136.   - name: "Wait for fluentd DaemonSet to exist"
    137. 

  137.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get daemonset logging-fluentd"
    138. 

  138.     register: result
    139. 

  139.     until: result.rc == 0
    140. 

  140.     failed_when: result.rc == 1 or 'Error' in result.stderr
    141. 

  141.     retries: 20
    142. 

  142.     delay: 5
    143. 

  143. 

  144.   - name: "Deploy fluentd by labeling the node"
    145. 

  145.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node --overwrite=true {{ '-l' ~ openshift_hosted_logging_fluentd_nodeselector if openshift_hosted_logging_fluentd_nodeselector is defined else '--all' }} {{ openshift_hosted_logging_fluentd_nodeselector_label if openshift_hosted_logging_fluentd_nodeselector_label is defined else 'logging-infra-fluentd=true' }}"
    146. 

  146. 

  147.   - name: "Wait for fluentd to be running"
    148. 

  148.     shell:  "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component=fluentd | grep Running"
    149. 

  149.     register: result
    150. 

  150.     until: result.rc == 0
    151. 

  151.     failed_when: result.rc == 1 or 'Error' in result.stderr
    152. 

  152.     retries: 20
    153. 

  153.     delay: 15
    154. 

  154. 

  155.   - debug:
    156. 

  156.       msg: "Logging components deployed. Note persistent volume for elasticsearch must be setup manually"
    157. 

  157. 

  158.   - name: Delete temp directory
    159. 

  159.     file:
    160. 

  160.       name: "{{ mktemp.stdout }}"
    161. 

  161.       state: absent
    162. 

  162.     changed_when: False
    163.