shixiong
/
okd


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278
							---
- name: Validate Elasticsearch cluster size
  fail: msg="The openshift_logging_es_cluster_size may only be scaled down manually. Please see official documentation on how to do this."
  when: openshift_logging_facts.elasticsearch.deploymentconfigs | length > openshift_logging_es_cluster_size|int

- name: Validate Elasticsearch Ops cluster size
  fail: msg="The openshift_logging_es_ops_cluster_size may only be scaled down manually. Please see official documentation on how to do this."
  when: openshift_logging_facts.elasticsearch_ops.deploymentconfigs | length > openshift_logging_es_ops_cluster_size|int

- fail:
    msg: Invalid deployment type, one of ['data-master', 'data-client', 'master', 'client'] allowed
  when: not openshift_logging_elasticsearch_deployment_type in __allowed_es_types

- set_fact:
    elasticsearch_name: "{{ 'logging-elasticsearch' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}"
    es_component: "{{ 'es' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}"

- include: determine_version.yaml

# allow passing in a tempdir
- name: Create temp directory for doing work in
  command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
  register: mktemp
  changed_when: False

- set_fact:
    tempdir: "{{ mktemp.stdout }}"

# This may not be necessary in this role
- name: Create templates subdirectory
  file:
    state: directory
    path: "{{ tempdir }}/templates"
    mode: 0755
  changed_when: False

# we want to make sure we have all the necessary components here

# service account
- name: Create ES service account
  oc_serviceaccount:
    state: present
    name: "aggregated-logging-elasticsearch"
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    image_pull_secrets: "{{ openshift_logging_image_pull_secret }}"
  when: openshift_logging_image_pull_secret != ''

- name: Create ES service account
  oc_serviceaccount:
    state: present
    name: "aggregated-logging-elasticsearch"
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
  when:
  - openshift_logging_image_pull_secret == ''

# rolebinding reader
- copy:
    src: rolebinding-reader.yml
    dest: "{{ tempdir }}/rolebinding-reader.yml"

- name: Create rolebinding-reader role
  oc_obj:
    state: present
    name: "rolebinding-reader"
    kind: clusterrole
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    files:
    - "{{ tempdir }}/rolebinding-reader.yml"
    delete_after: true

# SA roles
- name: Set rolebinding-reader permissions for ES
  oc_adm_policy_user:
    state: present
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    resource_kind: cluster-role
    resource_name: rolebinding-reader
    user: "system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch"

# View role and binding
- name: Generate logging-elasticsearch-view-role
  template:
    src: rolebinding.j2
    dest: "{{mktemp.stdout}}/logging-elasticsearch-view-role.yaml"
  vars:
    obj_name: logging-elasticsearch-view-role
    roleRef:
      name: view
    subjects:
    - kind: ServiceAccount
      name: aggregated-logging-elasticsearch
  changed_when: no

- name: Set logging-elasticsearch-view-role role
  oc_obj:
    state: present
    name: "logging-elasticsearch-view-role"
    kind: rolebinding
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    files:
    - "{{ tempdir }}/logging-elasticsearch-view-role.yaml"
    delete_after: true

# configmap
- template:
    src: elasticsearch-logging.yml.j2
    dest: "{{ tempdir }}/elasticsearch-logging.yml"
  when: es_logging_contents is undefined
  changed_when: no

- template:
    src: elasticsearch.yml.j2
    dest: "{{ tempdir }}/elasticsearch.yml"
  vars:
    allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}"
    es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}"
    es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas | default(0) }}"
  when: es_config_contents is undefined
  changed_when: no

- copy:
    content: "{{ es_logging_contents }}"
    dest: "{{ tempdir }}/elasticsearch-logging.yml"
  when: es_logging_contents is defined
  changed_when: no

- copy:
    content: "{{ es_config_contents }}"
    dest: "{{ tempdir }}/elasticsearch.yml"
  when: es_config_contents is defined
  changed_when: no

- name: Set ES configmap
  oc_configmap:
    state: present
    name: "{{ elasticsearch_name }}"
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    from_file:
      elasticsearch.yml: "{{ tempdir }}/elasticsearch.yml"
      logging.yml: "{{ tempdir }}/elasticsearch-logging.yml"


# secret
- name: Set ES secret
  oc_secret:
    state: present
    name: "logging-elasticsearch"
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    files:
    - name: key
      path: "{{ generated_certs_dir }}/logging-es.jks"
    - name: truststore
      path: "{{ generated_certs_dir }}/truststore.jks"
    - name: searchguard.key
      path: "{{ generated_certs_dir }}/elasticsearch.jks"
    - name: searchguard.truststore
      path: "{{ generated_certs_dir }}/truststore.jks"
    - name: admin-key
      path: "{{ generated_certs_dir }}/system.admin.key"
    - name: admin-cert
      path: "{{ generated_certs_dir }}/system.admin.crt"
    - name: admin-ca
      path: "{{ generated_certs_dir }}/ca.crt"
    - name: admin.jks
      path: "{{ generated_certs_dir }}/system.admin.jks"

# services
- name: Set logging-{{ es_component }}-cluster service
  oc_service:
    state: present
    name: "logging-{{ es_component }}-cluster"
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    selector:
      component: "{{ es_component }}"
      provider: openshift
    # pending #4091
    #labels:
    #- logging-infra: 'support'
    ports:
    - port: 9300

- name: Set logging-{{ es_component }} service
  oc_service:
    state: present
    name: "logging-{{ es_component }}"
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    selector:
      component: "{{ es_component }}"
      provider: openshift
    # pending #4091
    #labels:
    #- logging-infra: 'support'
    ports:
    - port: 9200
      targetPort: "restapi"

- name: Creating ES storage template
  template:
    src: pvc.j2
    dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
  vars:
    obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
    size: "{{ openshift_logging_elasticsearch_pvc_size }}"
    access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}"
    pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}"
  when:
  - openshift_logging_elasticsearch_storage_type == "pvc"
  - not openshift_logging_elasticsearch_pvc_dynamic

- name: Creating ES storage template
  template:
    src: pvc.j2
    dest: "{{ tempdir }}/templates/logging-es-pvc.yml"
  vars:
    obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}"
    size: "{{ openshift_logging_elasticsearch_pvc_size }}"
    access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}"
    pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}"
    annotations:
      volume.beta.kubernetes.io/storage-class: "dynamic"
  when:
  - openshift_logging_elasticsearch_storage_type == "pvc"
  - openshift_logging_elasticsearch_pvc_dynamic

- name: Set ES storage
  oc_obj:
    state: present
    kind: pvc
    name: "{{ openshift_logging_elasticsearch_pvc_name }}"
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    files:
    - "{{ tempdir }}/templates/logging-es-pvc.yml"
    delete_after: true
  when:
  - openshift_logging_elasticsearch_storage_type == "pvc"

- set_fact:
    es_deploy_name: "logging-{{ es_component }}-{{ openshift_logging_elasticsearch_deployment_type }}-{{ 'abcdefghijklmnopqrstuvwxyz0123456789' | random_word(8) }}"
  when: openshift_logging_elasticsearch_deployment_name == ""

- set_fact:
    es_deploy_name: "{{ openshift_logging_elasticsearch_deployment_name }}"
  when: openshift_logging_elasticsearch_deployment_name != ""

# DC
- name: Set ES dc templates
  template:
    src: es.j2
    dest: "{{ tempdir }}/templates/logging-es-dc.yml"
  vars:
    es_cluster_name: "{{ es_component }}"
    component: "{{ es_component }}"
    logging_component: elasticsearch
    deploy_name: "{{ es_deploy_name }}"
    image: "{{ openshift_logging_image_prefix }}logging-elasticsearch:{{ openshift_logging_image_version }}"
    es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit }}"
    es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}"
    es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}"
    deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}"
    replicas: 1

- name: Set ES dc
  oc_obj:
    state: present
    name: "{{ es_deploy_name }}"
    namespace: "{{ openshift_logging_elasticsearch_namespace }}"
    kind: dc
    files:
    - "{{ tempdir }}/templates/logging-es-dc.yml"
    delete_after: true

## Placeholder for migration when necessary ##

- name: Delete temp directory
  file:
    name: "{{ tempdir }}"
    state: absent
  changed_when: False