| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227 |
- ---
- - fail:
- msg: Application logs destination is required
- when: not openshift_logging_mux_app_host or openshift_logging_mux_app_host == ''
- - fail:
- msg: Operations logs destination is required
- when: not openshift_logging_mux_ops_host or openshift_logging_mux_ops_host == ''
- - name: Set default image variables based on openshift_deployment_type
- include_vars: "{{ var_file_name }}"
- with_first_found:
- - "{{ openshift_deployment_type }}.yml"
- - "default_images.yml"
- loop_control:
- loop_var: var_file_name
- - name: Set mux image facts
- set_fact:
- openshift_logging_mux_image_prefix: "{{ openshift_logging_mux_image_prefix | default(__openshift_logging_mux_image_prefix) }}"
- openshift_logging_mux_image_version: "{{ openshift_logging_mux_image_version | default(__openshift_logging_mux_image_version) }}"
- - include_tasks: determine_version.yaml
- # allow passing in a tempdir
- - name: Create temp directory for doing work in
- command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
- register: mktemp
- changed_when: False
- - set_fact:
- tempdir: "{{ mktemp.stdout }}"
- - name: Create templates subdirectory
- file:
- state: directory
- path: "{{ tempdir }}/templates"
- mode: 0755
- changed_when: False
- # we want to make sure we have all the necessary components here
- # create service account
- - name: Create Mux service account
- oc_serviceaccount:
- state: present
- name: "aggregated-logging-mux"
- namespace: "{{ openshift_logging_mux_namespace }}"
- image_pull_secrets: "{{ openshift_logging_image_pull_secret }}"
- when: openshift_logging_image_pull_secret != ''
- - name: Create Mux service account
- oc_serviceaccount:
- state: present
- name: "aggregated-logging-mux"
- namespace: "{{ openshift_logging_mux_namespace }}"
- when:
- - openshift_logging_image_pull_secret == ''
- # set service account scc
- - name: Set privileged permissions for Mux
- oc_adm_policy_user:
- namespace: "{{ openshift_logging_mux_namespace }}"
- resource_kind: scc
- resource_name: privileged
- state: present
- user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux"
- # set service account permissions
- - name: Set cluster-reader permissions for Mux
- oc_adm_policy_user:
- namespace: "{{ openshift_logging_mux_namespace }}"
- resource_kind: cluster-role
- resource_name: cluster-reader
- state: present
- user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux"
- # set hostmount-anyuid permissions
- - name: Set hostmount-anyuid permissions for Mux
- oc_adm_policy_user:
- namespace: "{{ openshift_logging_mux_namespace }}"
- resource_kind: scc
- resource_name: hostmount-anyuid
- state: present
- user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux"
- # create Mux configmap
- - copy:
- src: fluent.conf
- dest: "{{mktemp.stdout}}/fluent-mux.conf"
- when: fluentd_mux_config_contents is undefined
- changed_when: no
- - copy:
- src: secure-forward.conf
- dest: "{{mktemp.stdout}}/secure-forward-mux.conf"
- when: fluentd_mux_securefoward_contents is undefined
- changed_when: no
- - copy:
- content: "{{fluentd_mux_config_contents}}"
- dest: "{{mktemp.stdout}}/fluent-mux.conf"
- when: fluentd_mux_config_contents is defined
- changed_when: no
- - copy:
- content: "{{fluentd_mux_secureforward_contents}}"
- dest: "{{mktemp.stdout}}/secure-forward-mux.conf"
- when: fluentd_mux_secureforward_contents is defined
- changed_when: no
- - name: Set Mux configmap
- oc_configmap:
- state: present
- name: "logging-mux"
- namespace: "{{ openshift_logging_mux_namespace }}"
- from_file:
- fluent.conf: "{{ tempdir }}/fluent-mux.conf"
- secure-forward.conf: "{{ tempdir }}/secure-forward-mux.conf"
- # create Mux secret
- - name: Set logging-mux secret
- oc_secret:
- state: present
- name: logging-mux
- namespace: "{{ openshift_logging_mux_namespace }}"
- files:
- - name: ca
- path: "{{ generated_certs_dir }}/ca.crt"
- - name: key
- path: "{{ generated_certs_dir }}/system.logging.mux.key"
- - name: cert
- path: "{{ generated_certs_dir }}/system.logging.mux.crt"
- - name: shared_key
- path: "{{ generated_certs_dir }}/mux_shared_key"
- # services
- - name: Set logging-mux service for external communication
- oc_service:
- state: present
- name: "logging-mux"
- namespace: "{{ openshift_logging_mux_namespace }}"
- selector:
- component: mux
- provider: openshift
- labels:
- logging-infra: 'support'
- ports:
- - name: mux-forward
- port: "{{ openshift_logging_mux_port }}"
- targetPort: "mux-forward"
- external_ips:
- - "{{ ansible_eth0.ipv4.address }}"
- when: openshift_logging_mux_allow_external | bool
- - name: Set logging-mux service for internal communication
- oc_service:
- state: present
- name: "logging-mux"
- namespace: "{{ openshift_logging_mux_namespace }}"
- selector:
- component: mux
- provider: openshift
- labels:
- logging-infra: 'support'
- ports:
- - name: mux-forward
- port: "{{ openshift_logging_mux_port }}"
- targetPort: "mux-forward"
- when: not openshift_logging_mux_allow_external | bool
- # create Mux DC
- - name: Generating mux deploymentconfig
- template:
- src: mux.j2
- dest: "{{mktemp.stdout}}/templates/logging-mux-dc.yaml"
- vars:
- component: mux
- logging_component: mux
- deploy_name: "logging-{{ component }}"
- image: "{{ openshift_logging_mux_image_prefix }}logging-fluentd:{{ openshift_logging_mux_image_version }}"
- es_host: "{{ openshift_logging_mux_app_host }}"
- es_port: "{{ openshift_logging_mux_app_port }}"
- ops_host: "{{ openshift_logging_mux_ops_host }}"
- ops_port: "{{ openshift_logging_mux_ops_port }}"
- mux_cpu_limit: "{{ openshift_logging_mux_cpu_limit }}"
- mux_cpu_request: "{{ openshift_logging_mux_cpu_request | min_cpu(openshift_logging_mux_cpu_limit | default(none)) }}"
- mux_memory_limit: "{{ openshift_logging_mux_memory_limit }}"
- mux_replicas: "{{ openshift_logging_mux_replicas | default(1) }}"
- mux_node_selector: "{{ openshift_logging_mux_nodeselector | default({}) }}"
- check_mode: no
- changed_when: no
- - name: Create Mux PVC
- oc_pvc:
- state: present
- name: "{{ openshift_logging_mux_file_buffer_pvc_name }}"
- namespace: "{{ openshift_logging_mux_namespace }}"
- volume_capacity: "{{ openshift_logging_mux_file_buffer_pvc_size }}"
- access_modes: "{{ openshift_logging_mux_file_buffer_pvc_access_modes | list }}"
- selector: "{{ openshift_logging_mux_file_buffer_pvc_pv_selector }}"
- storage_class_name: "{{ openshift_logging_mux_file_buffer_pvc_storage_class_name | default('', true) }}"
- when:
- - openshift_logging_mux_file_buffer_storage_type == "pvc"
- - name: Set logging-mux DC
- oc_obj:
- state: present
- name: logging-mux
- namespace: "{{ openshift_logging_mux_namespace }}"
- kind: dc
- files:
- - "{{ tempdir }}/templates/logging-mux-dc.yaml"
- delete_after: true
- - name: Add mux namespaces
- oc_project:
- state: present
- name: "{{ item }}"
- node_selector: ""
- with_items: "{{ openshift_logging_mux_namespaces | union(openshift_logging_mux_default_namespaces) }}"
- - name: Delete temp directory
- file:
- name: "{{ tempdir }}"
- state: absent
- changed_when: False
|
