1 files changed, 38 insertions, 0 deletions

diff --git a/roles/openshift_logging/tasks/install_fluentd.yaml b/roles/openshift_logging/tasks/install_fluentd.yaml
new file mode 100644
index 000000000..35bd452ed
--- /dev/null
+++ b/roles/openshift_logging/tasks/install_fluentd.yaml
@@ -0,0 +1,38 @@
+---
+- shell: >
+    echo "{{ (openshift_logging_use_ops) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }}"
+  register: fluentd_ops_host
+  check_mode: no
+
+- shell: >
+    echo "{{ (openshift_logging_use_ops) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }}"
+  register: fluentd_ops_port
+  check_mode: no
+
+
+- name: Generating Fluentd daemonset
+  template: src=fluentd.j2 dest={{mktemp.stdout}}/templates/logging-fluentd.yaml
+  vars:
+    daemonset_name: logging-fluentd
+    daemonset_component: fluentd
+    daemonset_container_name: fluentd-elasticsearch
+    daemonset_serviceAccount: aggregated-logging-fluentd
+    ops_host: "{{ fluentd_ops_host.stdout }}"
+    ops_port: "{{ fluentd_ops_port.stdout }}"
+  check_mode: no
+
+- name: "Set permissions for fluentd"
+  command: >
+    {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
+    add-scc-to-user privileged system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd
+  register: fluentd_output
+  failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr"
+  check_mode: no
+
+- name: "Set additional permissions for fluentd"
+  command: >
+    {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
+    add-cluster-role-to-user cluster-reader system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd
+  register: fluentd2_output
+  failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr"
+  check_mode: no