Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e3cf9edff6
Branches Tags
okd
/
roles
/
openshift_logging_fluentd
/
tasks
/
main.yaml

main.yaml 8.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230 
  1. ---
    2. 

  2. - fail:
    3. 

  3.     msg: The ES_COPY feature is no longer supported. Please remove the variable from your inventory
    4. 

  4.   when: openshift_logging_fluentd_es_copy is defined
    5. 

  5. - fail:
    6. 

  6.     msg: Only one Fluentd nodeselector key pair should be provided
    7. 

  7.   when: openshift_logging_fluentd_nodeselector.keys() | count > 1
    8. 

  8. 

  9. - fail:
    10. 

  10.     msg: Application logs destination is required
    11. 

  11.   when: not openshift_logging_fluentd_app_host or openshift_logging_fluentd_app_host == ''
    12. 

  12. 

  13. - fail:
    14. 

  14.     msg: Operations logs destination is required
    15. 

  15.   when: not openshift_logging_fluentd_ops_host or openshift_logging_fluentd_ops_host == ''
    16. 

  16. 

  17. - fail:
    18. 

  18.     msg: Invalid deployment type, one of ['hosted', 'secure-aggregator', 'secure-host'] allowed
    19. 

  19.   when: not openshift_logging_fluentd_deployment_type in __allowed_fluentd_types
    20. 

  20. 

  21. - debug:
    22. 

  22.     msg: openshift_logging_fluentd_use_journal is deprecated.  Fluentd will automatically detect which logging driver is being used.
    23. 

  23.   when: openshift_logging_fluentd_use_journal is defined
    24. 

  24. 

  25. - debug:
    26. 

  26.     msg: openshift_hosted_logging_use_journal is deprecated.  Fluentd will automatically detect which logging driver is being used.
    27. 

  27.   when: openshift_hosted_logging_use_journal is defined
    28. 

  28. 

  29. - fail:
    30. 

  30.     msg: Invalid openshift_logging_mux_client_mode [{{ openshift_logging_mux_client_mode }}], one of {{ __allowed_mux_client_modes }} allowed
    31. 

  31.   when: openshift_logging_mux_client_mode is defined and not openshift_logging_mux_client_mode in __allowed_mux_client_modes
    32. 

  32. 

  33. - debug:
    34. 

  34.     msg: WARNING Use of openshift_logging_mux_client_mode=minimal is not recommended due to current scaling issues
    35. 

  35.   when: openshift_logging_mux_client_mode is defined and openshift_logging_mux_client_mode == 'minimal'
    36. 

  36. 

  37. - name: Set default image variables based on openshift_deployment_type
    38. 

  38.   include_vars: "{{ var_file_name }}"
    39. 

  39.   with_first_found:
    40. 

  40.     - "{{ openshift_deployment_type }}.yml"
    41. 

  41.     - "default_images.yml"
    42. 

  42.   loop_control:
    43. 

  43.     loop_var: var_file_name
    44. 

  44. 

  45. - name: Set fluentd image facts
    46. 

  46.   set_fact:
    47. 

  47.     openshift_logging_fluentd_image_prefix: "{{ openshift_logging_fluentd_image_prefix | default(__openshift_logging_fluentd_image_prefix) }}"
    48. 

  48.     openshift_logging_fluentd_image_version: "{{ openshift_logging_fluentd_image_version | default(__openshift_logging_fluentd_image_version) }}"
    49. 

  49. 

  50. - include_tasks: determine_version.yaml
    51. 

  51. 

  52. # allow passing in a tempdir
    53. 

  53. - name: Create temp directory for doing work in
    54. 

  54.   command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
    55. 

  55.   register: mktemp
    56. 

  56.   changed_when: False
    57. 

  57. 

  58. - set_fact:
    59. 

  59.     tempdir: "{{ mktemp.stdout }}"
    60. 

  60. 

  61. - name: Create templates subdirectory
    62. 

  62.   file:
    63. 

  63.     state: directory
    64. 

  64.     path: "{{ tempdir }}/templates"
    65. 

  65.     mode: 0755
    66. 

  66.   changed_when: False
    67. 

  67. 

  68. # we want to make sure we have all the necessary components here
    69. 

  69. 

  70. # create service account
    71. 

  71. - name: Create Fluentd service account
    72. 

  72.   oc_serviceaccount:
    73. 

  73.     state: present
    74. 

  74.     name: "aggregated-logging-fluentd"
    75. 

  75.     namespace: "{{ openshift_logging_fluentd_namespace }}"
    76. 

  76.     image_pull_secrets: "{{ openshift_logging_image_pull_secret }}"
    77. 

  77.   when: openshift_logging_image_pull_secret != ''
    78. 

  78. 

  79. - name: Create Fluentd service account
    80. 

  80.   oc_serviceaccount:
    81. 

  81.     state: present
    82. 

  82.     name: "aggregated-logging-fluentd"
    83. 

  83.     namespace: "{{ openshift_logging_fluentd_namespace }}"
    84. 

  84.   when:
    85. 

  85.     - openshift_logging_image_pull_secret == ''
    86. 

  86. 

  87. # set service account scc
    88. 

  88. - name: Set privileged permissions for Fluentd
    89. 

  89.   oc_adm_policy_user:
    90. 

  90.     namespace: "{{ openshift_logging_fluentd_namespace }}"
    91. 

  91.     resource_kind: scc
    92. 

  92.     resource_name: privileged
    93. 

  93.     state: present
    94. 

  94.     user: "system:serviceaccount:{{ openshift_logging_fluentd_namespace }}:aggregated-logging-fluentd"
    95. 

  95. 

  96. # set service account permissions
    97. 

  97. - name: Set cluster-reader permissions for Fluentd
    98. 

  98.   oc_adm_policy_user:
    99. 

  99.     namespace: "{{ openshift_logging_fluentd_namespace }}"
    100. 

  100.     resource_kind: cluster-role
    101. 

  101.     resource_name: cluster-reader
    102. 

  102.     state: present
    103. 

  103.     user: "system:serviceaccount:{{ openshift_logging_fluentd_namespace }}:aggregated-logging-fluentd"
    104. 

  104. 

  105. # create Fluentd configmap
    106. 

  106. - template:
    107. 

  107.     src: fluent.conf.j2
    108. 

  108.     dest: "{{ tempdir }}/fluent.conf"
    109. 

  109.   vars:
    110. 

  110.     deploy_type: "{{ openshift_logging_fluentd_deployment_type }}"
    111. 

  111.   when: fluentd_config_contents is undefined
    112. 

  112.   changed_when: no
    113. 

  113. 

  114. - copy:
    115. 

  115.     src: fluentd-throttle-config.yaml
    116. 

  116.     dest: "{{ tempdir }}/fluentd-throttle-config.yaml"
    117. 

  117.   when: fluentd_throttle_contents is undefined
    118. 

  118.   changed_when: no
    119. 

  119. 

  120. - copy:
    121. 

  121.     src: secure-forward.conf
    122. 

  122.     dest: "{{ tempdir }}/secure-forward.conf"
    123. 

  123.   when: fluentd_secureforward_contents is undefined
    124. 

  124.   changed_when: no
    125. 

  125. 

  126. - copy:
    127. 

  127.     content: "{{ fluentd_config_contents }}"
    128. 

  128.     dest: "{{ tempdir }}/fluent.conf"
    129. 

  129.   when: fluentd_config_contents is defined
    130. 

  130.   changed_when: no
    131. 

  131. 

  132. - copy:
    133. 

  133.     content: "{{ fluentd_throttle_contents }}"
    134. 

  134.     dest: "{{ tempdir }}/fluentd-throttle-config.yaml"
    135. 

  135.   when: fluentd_throttle_contents is defined
    136. 

  136.   changed_when: no
    137. 

  137. 

  138. - copy:
    139. 

  139.     content: "{{ fluentd_secureforward_contents }}"
    140. 

  140.     dest: "{{ tempdir }}/secure-forward.conf"
    141. 

  141.   when: fluentd_secureforward_contents is defined
    142. 

  142.   changed_when: no
    143. 

  143. 

  144. - name: Set Fluentd configmap
    145. 

  145.   oc_configmap:
    146. 

  146.     state: present
    147. 

  147.     name: "logging-fluentd"
    148. 

  148.     namespace: "{{ openshift_logging_fluentd_namespace }}"
    149. 

  149.     from_file:
    150. 

  150.       fluent.conf: "{{ tempdir }}/fluent.conf"
    151. 

  151.       throttle-config.yaml: "{{ tempdir }}/fluentd-throttle-config.yaml"
    152. 

  152.       secure-forward.conf: "{{ tempdir }}/secure-forward.conf"
    153. 

  153. 

  154. # create Fluentd secret
    155. 

  155. # TODO: add aggregation secrets if necessary
    156. 

  156. - name: Set logging-fluentd secret
    157. 

  157.   oc_secret:
    158. 

  158.     state: present
    159. 

  159.     name: logging-fluentd
    160. 

  160.     namespace: "{{ openshift_logging_fluentd_namespace }}"
    161. 

  161.     files:
    162. 

  162.       - name: ca
    163. 

  163.         path: "{{ generated_certs_dir }}/ca.crt"
    164. 

  164.       - name: key
    165. 

  165.         path: "{{ generated_certs_dir }}/system.logging.fluentd.key"
    166. 

  166.       - name: cert
    167. 

  167.         path: "{{ generated_certs_dir }}/system.logging.fluentd.crt"
    168. 

  168. 

  169. # create Fluentd daemonset
    170. 

  170. # this should change based on the type of fluentd deployment to be done...
    171. 

  171. # TODO: pass in aggregation configurations
    172. 

  172. - name: Generate logging-fluentd daemonset definition
    173. 

  173.   template:
    174. 

  174.     src: fluentd.j2
    175. 

  175.     dest: "{{ tempdir }}/templates/logging-fluentd.yaml"
    176. 

  176.   vars:
    177. 

  177.     daemonset_name: logging-fluentd
    178. 

  178.     daemonset_component: fluentd
    179. 

  179.     daemonset_container_name: fluentd-elasticsearch
    180. 

  180.     daemonset_serviceAccount: aggregated-logging-fluentd
    181. 

  181.     app_host: "{{ openshift_logging_fluentd_app_host }}"
    182. 

  182.     app_port: "{{ openshift_logging_fluentd_app_port }}"
    183. 

  183.     ops_host: "{{ openshift_logging_fluentd_ops_host }}"
    184. 

  184.     ops_port: "{{ openshift_logging_fluentd_ops_port }}"
    185. 

  185.     fluentd_nodeselector_key: "{{ openshift_logging_fluentd_nodeselector.keys()[0] }}"
    186. 

  186.     fluentd_nodeselector_value: "{{ openshift_logging_fluentd_nodeselector.values()[0] }}"
    187. 

  187.     fluentd_cpu_limit: "{{ openshift_logging_fluentd_cpu_limit }}"
    188. 

  188.     fluentd_cpu_request: "{{ openshift_logging_fluentd_cpu_request | min_cpu(openshift_logging_fluentd_cpu_limit | default(none)) }}"
    189. 

  189.     fluentd_memory_limit: "{{ openshift_logging_fluentd_memory_limit }}"
    190. 

  190.     audit_container_engine: "{{ openshift_logging_fluentd_audit_container_engine | default(False) | bool }}"
    191. 

  191.     audit_log_file: "{{ openshift_logging_fluentd_audit_file | default() }}"
    192. 

  192.     audit_pos_log_file: "{{ openshift_logging_fluentd_audit_pos_file | default() }}"
    193. 

  193.   check_mode: no
    194. 

  194.   changed_when: no
    195. 

  195. 

  196. - name: Set logging-fluentd daemonset
    197. 

  197.   oc_obj:
    198. 

  198.     state: present
    199. 

  199.     name: logging-fluentd
    200. 

  200.     namespace: "{{ openshift_logging_fluentd_namespace }}"
    201. 

  201.     kind: daemonset
    202. 

  202.     files:
    203. 

  203.       - "{{ tempdir }}/templates/logging-fluentd.yaml"
    204. 

  204.     delete_after: true
    205. 

  205. 

  206. # Scale up Fluentd
    207. 

  207. - name: Retrieve list of Fluentd hosts
    208. 

  208.   oc_obj:
    209. 

  209.     state: list
    210. 

  210.     kind: node
    211. 

  211.   when: "'--all' in openshift_logging_fluentd_hosts"
    212. 

  212.   register: fluentd_hosts
    213. 

  213. 

  214. - name: Set openshift_logging_fluentd_hosts
    215. 

  215.   set_fact:
    216. 

  216.     openshift_logging_fluentd_hosts: "{{ fluentd_hosts.results.results[0]['items'] | map(attribute='metadata.name') | list }}"
    217. 

  217.   when: "'--all' in openshift_logging_fluentd_hosts"
    218. 

  218. 

  219. - include_tasks: label_and_wait.yaml
    220. 

  220.   vars:
    221. 

  221.     node: "{{ fluentd_host }}"
    222. 

  222.   with_items: "{{ openshift_logging_fluentd_hosts }}"
    223. 

  223.   loop_control:
    224. 

  224.     loop_var: fluentd_host
    225. 

  225. 

  226. - name: Delete temp directory
    227. 

  227.   file:
    228. 

  228.     name: "{{ tempdir }}"
    229. 

  229.     state: absent
    230. 

  230.   changed_when: False
    231.