shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225
							---
- fail:
    msg: Application logs destination is required
  when: not openshift_logging_mux_app_host or openshift_logging_mux_app_host == ''

- fail:
    msg: Operations logs destination is required
  when: not openshift_logging_mux_ops_host or openshift_logging_mux_ops_host == ''

- name: Set default image variables based on openshift_deployment_type
  include_vars: "{{ var_file_name }}"
  with_first_found:
    - "{{ openshift_deployment_type }}.yml"
    - "default_images.yml"
  loop_control:
    loop_var: var_file_name

- name: Set mux image facts
  set_fact:
    openshift_logging_mux_image_prefix: "{{ openshift_logging_mux_image_prefix | default(__openshift_logging_mux_image_prefix) }}"
    openshift_logging_mux_image_version: "{{ openshift_logging_mux_image_version | default(__openshift_logging_mux_image_version) }}"

- include_tasks: determine_version.yaml

# allow passing in a tempdir
- name: Create temp directory for doing work in
  command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX
  register: mktemp
  changed_when: False

- set_fact:
    tempdir: "{{ mktemp.stdout }}"

- name: Create templates subdirectory
  file:
    state: directory
    path: "{{ tempdir }}/templates"
    mode: 0755
  changed_when: False

# we want to make sure we have all the necessary components here

# create service account
- name: Create Mux service account
  oc_serviceaccount:
    state: present
    name: "aggregated-logging-mux"
    namespace: "{{ openshift_logging_mux_namespace }}"
    image_pull_secrets: "{{ openshift_logging_image_pull_secret }}"
  when: openshift_logging_image_pull_secret != ''

- name: Create Mux service account
  oc_serviceaccount:
    state: present
    name: "aggregated-logging-mux"
    namespace: "{{ openshift_logging_mux_namespace }}"
  when:
    - openshift_logging_image_pull_secret == ''

# set service account scc
- name: Set privileged permissions for Mux
  oc_adm_policy_user:
    namespace: "{{ openshift_logging_mux_namespace }}"
    resource_kind: scc
    resource_name: privileged
    state: present
    user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux"

# set service account permissions
- name: Set cluster-reader permissions for Mux
  oc_adm_policy_user:
    namespace: "{{ openshift_logging_mux_namespace }}"
    resource_kind: cluster-role
    resource_name: cluster-reader
    state: present
    user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux"

# set hostmount-anyuid permissions
- name: Set hostmount-anyuid permissions for Mux
  oc_adm_policy_user:
    namespace: "{{ openshift_logging_mux_namespace }}"
    resource_kind: scc
    resource_name: hostmount-anyuid
    state: present
    user: "system:serviceaccount:{{ openshift_logging_mux_namespace }}:aggregated-logging-mux"

# create Mux configmap
- copy:
    src: fluent.conf
    dest: "{{mktemp.stdout}}/fluent-mux.conf"
  changed_when: no

- copy:
    src: secure-forward.conf
    dest: "{{mktemp.stdout}}/secure-forward-mux.conf"
  changed_when: no

- import_role:
    name: openshift_logging
    tasks_from: patch_configmap_files.yaml
  vars:
    configmap_name: "logging-mux"
    configmap_namespace: "{{ openshift_logging_mux_namespace }}"
    configmap_file_names:
      - current_file: "fluent.conf"
        new_file: "{{ tempdir }}/fluent-mux.conf"
      - current_file: "secure-forward.conf"
        new_file: "{{ tempdir }}/secure-forward-mux.conf"

- name: Set Mux configmap
  oc_configmap:
    state: present
    name: "logging-mux"
    namespace: "{{ openshift_logging_mux_namespace }}"
    from_file:
      fluent.conf: "{{ tempdir }}/fluent-mux.conf"
      secure-forward.conf: "{{ tempdir }}/secure-forward-mux.conf"

# create Mux secret
- name: Set logging-mux secret
  oc_secret:
    state: present
    name: logging-mux
    namespace: "{{ openshift_logging_mux_namespace }}"
    files:
      - name: ca
        path: "{{ generated_certs_dir }}/ca.crt"
      - name: key
        path: "{{ generated_certs_dir }}/system.logging.mux.key"
      - name: cert
        path: "{{ generated_certs_dir }}/system.logging.mux.crt"
      - name: shared_key
        path: "{{ generated_certs_dir }}/mux_shared_key"

# services
- name: Set logging-mux service for external communication
  oc_service:
    state: present
    name: "logging-mux"
    namespace: "{{ openshift_logging_mux_namespace }}"
    selector:
      component: mux
      provider: openshift
    labels:
      logging-infra: 'support'
    ports:
      - name: mux-forward
        port: "{{ openshift_logging_mux_port }}"
        targetPort: "mux-forward"
    external_ips:
      - "{{ ansible_eth0.ipv4.address }}"
  when: openshift_logging_mux_allow_external | bool

- name: Set logging-mux service for internal communication
  oc_service:
    state: present
    name: "logging-mux"
    namespace: "{{ openshift_logging_mux_namespace }}"
    selector:
      component: mux
      provider: openshift
    labels:
      logging-infra: 'support'
    ports:
      - name: mux-forward
        port: "{{ openshift_logging_mux_port }}"
        targetPort: "mux-forward"
  when: not openshift_logging_mux_allow_external | bool

# create Mux DC
- name: Generating mux deploymentconfig
  template:
    src: mux.j2
    dest: "{{mktemp.stdout}}/templates/logging-mux-dc.yaml"
  vars:
    component: mux
    logging_component: mux
    deploy_name: "logging-{{ component }}"
    image: "{{ openshift_logging_mux_image_prefix }}logging-fluentd:{{ openshift_logging_mux_image_version }}"
    es_host: "{{ openshift_logging_mux_app_host }}"
    es_port: "{{ openshift_logging_mux_app_port }}"
    ops_host: "{{ openshift_logging_mux_ops_host }}"
    ops_port: "{{ openshift_logging_mux_ops_port }}"
    mux_cpu_limit: "{{ openshift_logging_mux_cpu_limit }}"
    mux_cpu_request: "{{ openshift_logging_mux_cpu_request | min_cpu(openshift_logging_mux_cpu_limit | default(none)) }}"
    mux_memory_limit: "{{ openshift_logging_mux_memory_limit }}"
    mux_replicas: "{{ openshift_logging_mux_replicas | default(1) }}"
    mux_node_selector: "{{ openshift_logging_mux_nodeselector | default({}) }}"
  check_mode: no
  changed_when: no

- name: Create Mux PVC
  oc_pvc:
    state: present
    name: "{{ openshift_logging_mux_file_buffer_pvc_name }}"
    namespace: "{{ openshift_logging_mux_namespace }}"
    volume_capacity: "{{ openshift_logging_mux_file_buffer_pvc_size }}"
    access_modes: "{{ openshift_logging_mux_file_buffer_pvc_access_modes | list }}"
    selector: "{{ openshift_logging_mux_file_buffer_pvc_pv_selector }}"
    storage_class_name: "{{ openshift_logging_mux_file_buffer_pvc_storage_class_name | default('', true) }}"
  when:
    - openshift_logging_mux_file_buffer_storage_type == "pvc"

- name: Set logging-mux DC
  oc_obj:
    state: present
    name: logging-mux
    namespace: "{{ openshift_logging_mux_namespace }}"
    kind: dc
    files:
      - "{{ tempdir }}/templates/logging-mux-dc.yaml"
    delete_after: true

- name: Add mux namespaces
  oc_project:
    state: present
    name: "{{ item }}"
    node_selector: ""
  with_items: "{{ openshift_logging_mux_namespaces | union(openshift_logging_mux_default_namespaces) }}"

- name: Delete temp directory
  file:
    name: "{{ tempdir }}"
    state: absent
  changed_when: False