From 06c111d22641ba5cc2dbbe0144d9d6722d94f159 Mon Sep 17 00:00:00 2001 From: ewolinetz Date: Wed, 11 Jan 2017 15:26:46 -0600 Subject: addressing comments --- roles/openshift_logging/tasks/generate_certs.yaml | 48 ++++++----------- .../tasks/generate_configmaps.yaml | 25 +++++++-- .../tasks/generate_jks_chain.yaml | 60 ---------------------- roles/openshift_logging/tasks/generate_pkcs12.yaml | 24 --------- roles/openshift_logging/tasks/install_fluentd.yaml | 15 +++++- roles/openshift_logging/tasks/install_logging.yaml | 6 +-- roles/openshift_logging/tasks/label_node.yaml | 8 +-- roles/openshift_logging/tasks/main.yaml | 5 ++ roles/openshift_logging/tasks/scale.yaml | 16 +++--- roles/openshift_logging/tasks/start_cluster.yaml | 24 ++++----- roles/openshift_logging/tasks/stop_cluster.yaml | 24 ++++----- roles/openshift_logging/tasks/upgrade_logging.yaml | 4 +- 12 files changed, 96 insertions(+), 163 deletions(-) delete mode 100644 roles/openshift_logging/tasks/generate_jks_chain.yaml delete mode 100644 roles/openshift_logging/tasks/generate_pkcs12.yaml (limited to 'roles/openshift_logging/tasks') diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index 6bfeccf61..bcf4881bb 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -31,14 +31,10 @@ register: signing_conf_file check_mode: no -- block: - - copy: src=signing.conf dest={{generated_certs_dir}}/signing.conf - check_mode: no - - - lineinfile: "dest={{generated_certs_dir}}/signing.conf regexp='# Top dir$' line='dir = {{generated_certs_dir}} # Top dir'" - check_mode: no - when: - - not signing_conf_file.stat.exists +- template: src=signing.conf.j2 dest={{generated_certs_dir}}/signing.conf + vars: + - top_dir: '{{generated_certs_dir}}' + when: not signing_conf_file.stat.exists - include: procure_server_certs.yaml loop_control: @@ -49,19 +45,6 @@ - procure_component: kibana-internal hostnames: "kibana, kibana-ops, {{openshift_logging_kibana_hostname}}, {{openshift_logging_kibana_ops_hostname}}" -# - include: procure_server_certs.yaml -# vars: -# - procure_component: kibana - -# - include: procure_server_certs.yaml -# vars: -# - procure_component: kibana-ops - -# - include: procure_server_certs.yaml -# vars: -# - procure_component: kibana-internal -# - hostnames: "kibana, kibana-ops, {{openshift_logging_kibana_hostname}}, {{openshift_logging_kibana_ops_hostname}}" - - name: Copy proxy TLS configuration file copy: src=server-tls.json dest={{generated_certs_dir}}/server-tls.json when: server_tls_json is undefined @@ -116,8 +99,8 @@ - name: Check for hostmount-anyuid scc entry shell: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get scc hostmount-anyuid -o go-template='{{ '{{' }}.users{{ '}}' }}' | - grep system:serviceaccount:{{openshift_logging_namespace}}:jks-generator + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get scc hostmount-anyuid -o jsonpath='{.users}' | + grep system:serviceaccount:{{openshift_logging_namespace | quote}}:jks-generator register: scc_result ignore_errors: yes when: not ansible_check_mode @@ -131,34 +114,33 @@ copy: src: generate-jks.sh dest: "{{generated_certs_dir}}/generate-jks.sh" + check_mode: no - name: Generate JKS chains template: src: jks_pod.j2 dest: "{{mktemp.stdout}}/jks_pod.yaml" + check_mode: no - name: create pod - shell: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f {{mktemp.stdout}}/jks_pod.yaml -n {{openshift_logging_namespace}} + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f {{mktemp.stdout}}/jks_pod.yaml -n {{openshift_logging_namespace}} -o name register: podoutput + check_mode: no -- shell: > - echo {{podoutput.stdout}} | awk -v podname='\\\".*\\\"' '{print $2}' - register: podname - -- shell: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pod {{podname.stdout}} -o go-template='{{ '{{' }}index .status "phase"{{ '}}' }}' -n {{openshift_logging_namespace}} +- command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get {{podoutput.stdout}} -o jsonpath='{.status.phase}' -n {{openshift_logging_namespace}} register: result until: result.stdout.find("Succeeded") != -1 retries: 5 delay: 10 - name: Generate proxy session - shell: tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 200 + command: echo {{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(200)}} register: session_secret check_mode: no - name: Generate oauth client secret - shell: tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 + command: echo {{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}} register: oauth_secret check_mode: no diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml index 86882a5da..f9f9ee79f 100644 --- a/roles/openshift_logging/tasks/generate_configmaps.yaml +++ b/roles/openshift_logging/tasks/generate_configmaps.yaml @@ -4,37 +4,44 @@ src: elasticsearch-logging.yml dest: "{{mktemp.stdout}}/elasticsearch-logging.yml" when: es_logging_contents is undefined + changed_when: no - copy: src: elasticsearch.yml dest: "{{mktemp.stdout}}/elasticsearch.yml" when: es_config_contents is undefined + changed_when: no - lineinfile: dest: "{{mktemp.stdout}}/elasticsearch.yml" regexp: '^openshift\.operations\.allow_cluster_reader(.)*$' line: "\nopenshift.operations.allow_cluster_reader: {{openshift_logging_es_ops_allow_cluster_reader | lower}}" when: es_config_contents is undefined + changed_when: no - copy: content: "{{es_logging_contents}}" dest: "{{mktemp.stdout}}/elasticsearch-logging.yml" when: es_logging_contents is defined + changed_when: no - copy: content: "{{es_config_contents}}" dest: "{{mktemp.stdout}}/elasticsearch.yml" when: es_config_contents is defined + changed_when: no - - shell: > + - command: > {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-elasticsearch --from-file=logging.yml={{mktemp.stdout}}/elasticsearch-logging.yml --from-file=elasticsearch.yml={{mktemp.stdout}}/elasticsearch.yml -o yaml --dry-run register: es_configmap + changed_when: no - copy: content: "{{es_configmap.stdout}}" dest: "{{mktemp.stdout}}/templates/logging-elasticsearch-configmap.yaml" when: es_configmap.stdout is defined + changed_when: no check_mode: no - block: @@ -42,21 +49,25 @@ src: curator.yml dest: "{{mktemp.stdout}}/curator.yml" when: curator_config_contents is undefined + changed_when: no - copy: content: "{{curator_config_contents}}" dest: "{{mktemp.stdout}}/curator.yml" when: curator_config_contenets is defined + changed_when: no - - shell: > + - command: > {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-curator --from-file=config.yaml={{mktemp.stdout}}/curator.yml -o yaml --dry-run register: curator_configmap + changed_when: no - copy: content: "{{curator_configmap.stdout}}" dest: "{{mktemp.stdout}}/templates/logging-curator-configmap.yaml" when: curator_configmap.stdout is defined + changed_when: no check_mode: no - block: @@ -64,40 +75,48 @@ src: fluent.conf dest: "{{mktemp.stdout}}/fluent.conf" when: fluentd_config_contents is undefined + changed_when: no - copy: src: fluentd-throttle-config.yaml dest: "{{mktemp.stdout}}/fluentd-throttle-config.yaml" when: fluentd_throttle_contents is undefined + changed_when: no - copy: src: secure-forward.conf dest: "{{mktemp.stdout}}/secure-forward.conf" when: fluentd_securefoward_contents is undefined + changed_when: no - copy: content: "{{fluentd_config_contents}}" dest: "{{mktemp.stdout}}/fluent.conf" when: fluentd_config_contents is defined + changed_when: no - copy: content: "{{fluentd_throttle_contents}}" dest: "{{mktemp.stdout}}/fluentd-throttle-config.yaml" when: fluentd_throttle_contents is defined + changed_when: no - copy: content: "{{fluentd_secureforward_contents}}" dest: "{{mktemp.stdout}}/secure-forward.conf" when: fluentd_secureforward_contents is defined + changed_when: no - - shell: > + - command: > {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-fluentd --from-file=fluent.conf={{mktemp.stdout}}/fluent.conf --from-file=throttle-config.yaml={{mktemp.stdout}}/fluentd-throttle-config.yaml --from-file=secure-forward.conf={{mktemp.stdout}}/secure-forward.conf -o yaml --dry-run register: fluentd_configmap + changed_when: no - copy: content: "{{fluentd_configmap.stdout}}" dest: "{{mktemp.stdout}}/templates/logging-fluentd-configmap.yaml" when: fluentd_configmap.stdout is defined + changed_when: no check_mode: no diff --git a/roles/openshift_logging/tasks/generate_jks_chain.yaml b/roles/openshift_logging/tasks/generate_jks_chain.yaml deleted file mode 100644 index 14ffdc51f..000000000 --- a/roles/openshift_logging/tasks/generate_jks_chain.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- debug: msg="certs are {{chain_certs}} and oid is {{oid}}" - when: chain_certs is defined and oid is defined - -- debug: msg="certs are {{chain_certs}}" - when: chain_certs is defined and oid is undefined - -- name: Build extensions with certs - shell: echo "{{chain_certs}}{{ (oid) | ternary(',oid:1.2.3.4.5.5','') }}" - register: cert_ext - when: chain_certs is defined and oid is defined - check_mode: no - -- debug: msg="extensions are {{cert_ext.stdout}}" - when: cert_ext.stdout is defined - -- shell: > - echo {{ (cert_ext.stdout is defined) | ternary( '-ext san=dns:localhost,ip:127.0.0.1','') }}{{ (cert_ext.stdout is defined) | ternary( cert_ext.stdout, '') }} - register: extensions - check_mode: no - -- name: Checking for {{component}}.jks ... - stat: path="{{generated_certs_dir}}/{{component}}.jks" - register: jks_file - check_mode: no - -- name: Checking for truststore... - stat: path="{{generated_certs_dir}}/truststore.jks" - register: jks_truststore - check_mode: no - -- block: - - shell: > - keytool -genkey -alias {{component}} -keystore {{generated_certs_dir}}/{{component}}.jks -keypass kspass -storepass kspass - -keyalg RSA -keysize 2048 -validity 712 -dname "CN={{component}}, OU=OpenShift, O=Logging" {{extensions.stdout}} - - - shell: > - keytool -certreq -alias {{component}} -keystore {{generated_certs_dir}}/{{component}}.jks -storepass kspass - -file {{generated_certs_dir}}/{{component}}-jks.csr -keyalg RSA -dname "CN={{component}}, OU=OpenShift, O=Logging" {{extensions.stdout}} - - - shell: > - openssl ca -in {{generated_certs_dir}}/{{component}}-jks.csr -notext -out {{generated_certs_dir}}/{{component}}-jks.crt - -config {{generated_certs_dir}}/signing.conf -extensions v3_req -batch -extensions server_ext - - - shell: > - keytool -import -file {{generated_certs_dir}}/ca.crt -keystore {{generated_certs_dir}}/{{component}}.jks - -storepass kspass -noprompt -alias sig-ca - - - shell: > - keytool -import -file {{generated_certs_dir}}/{{component}}-jks.crt -keystore {{generated_certs_dir}}/{{component}}.jks - -storepass kspass -noprompt -alias {{component}} - - when: not jks_file.stat.exists - check_mode: no - -- block: - - shell: > - keytool -import -file {{generated_certs_dir}}/ca.crt -keystore {{generated_certs_dir}}/truststore.jks -storepass tspass -noprompt -alias sig-ca - when: not jks_truststore.stat.exists - check_mode: no diff --git a/roles/openshift_logging/tasks/generate_pkcs12.yaml b/roles/openshift_logging/tasks/generate_pkcs12.yaml deleted file mode 100644 index dde65746f..000000000 --- a/roles/openshift_logging/tasks/generate_pkcs12.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- debug: msg="certs are {{chain_certs}} and oid is {{oid}}" - when: chain_certs is defined and oid is defined - -- debug: msg="certs are {{chain_certs}}" - when: chain_certs is defined and oid is undefined - -- name: Build extensions with certs - shell: echo "{{chain_certs}}{{ (oid) | ternary(',oid=1.2.3.4.5.5','') }}" - register: cert_ext - when: chain_certs is defined and oid is defined - -- debug: msg="extensions are {{cert_ext.stdout}}" - when: cert_ext.stdout is defined - -- include: generate_pems.yaml - -- local_action: stat path="{{mktemp.stdout}}/{{component}}.pkcs12" - register: pkcs_file - become: no - -- name: Generating pkcs12 chain for {{component}} - command: openssl pkcs12 -export -out {{generated_certs_dir}}/{{component}}.pkcs12 -inkey {{generated_certs_dir}}/{{component}}.key -in {{generated_certs_dir}}/{{component}}.crt -password pass:pass - when: not pkcs_file.stat.exists diff --git a/roles/openshift_logging/tasks/install_fluentd.yaml b/roles/openshift_logging/tasks/install_fluentd.yaml index 35bd452ed..6f93081d7 100644 --- a/roles/openshift_logging/tasks/install_fluentd.yaml +++ b/roles/openshift_logging/tasks/install_fluentd.yaml @@ -1,14 +1,23 @@ --- -- shell: > +- command: > echo "{{ (openshift_logging_use_ops) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }}" register: fluentd_ops_host check_mode: no -- shell: > +- command: > echo "{{ (openshift_logging_use_ops) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }}" register: fluentd_ops_port check_mode: no +- command: > + echo "{{openshift_logging_fluentd_nodeselector.keys()[0]}}" + register: openshift_logging_fluentd_nodeselector_key + check_mode: no + +- command: > + echo "{{openshift_logging_fluentd_nodeselector.values()[0]}}" + register: openshift_logging_fluentd_nodeselector_value + check_mode: no - name: Generating Fluentd daemonset template: src=fluentd.j2 dest={{mktemp.stdout}}/templates/logging-fluentd.yaml @@ -19,6 +28,8 @@ daemonset_serviceAccount: aggregated-logging-fluentd ops_host: "{{ fluentd_ops_host.stdout }}" ops_port: "{{ fluentd_ops_port.stdout }}" + fluentd_nodeselector_key: "{{openshift_logging_fluentd_nodeselector_key.stdout}}" + fluentd_nodeselector_value: "{{openshift_logging_fluentd_nodeselector_value.stdout}}" check_mode: no - name: "Set permissions for fluentd" diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 591f11476..09630e213 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -24,14 +24,14 @@ loop_var: install_component - name: Register API objects from generated templates - shell: ls -d -1 {{mktemp.stdout}}/templates/* | sort + command: ls -1 {{mktemp.stdout}}/templates/ register: logging_objects check_mode: no - name: Creating API objects from generated templates command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig apply -f {{file}} -n {{openshift_logging_namespace}} - with_items: "{{logging_objects.stdout_lines}}" + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig apply -f {{mktemp.stdout}}/templates/{{file}} -n {{openshift_logging_namespace}} + with_items: "{{logging_objects.stdout_lines | sort}}" loop_control: loop_var: file when: not ansible_check_mode diff --git a/roles/openshift_logging/tasks/label_node.yaml b/roles/openshift_logging/tasks/label_node.yaml index 55cfea38c..f35ccc3b6 100644 --- a/roles/openshift_logging/tasks/label_node.yaml +++ b/roles/openshift_logging/tasks/label_node.yaml @@ -1,12 +1,12 @@ --- -- shell: > +- command: > {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get node {{host}} - --template='{{ '{{index .metadata.labels "' }}{{label}}{{ '"}}' }}' + -o jsonpath='{.metadata.labels.{{ label }}}' register: label_value failed_when: label_value.rc == 1 and 'exists' not in label_value.stderr when: not ansible_check_mode -- shell: > +- command: > {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node {{host}} {{label}}={{value}} --overwrite register: label_result failed_when: label_result.rc == 1 and 'exists' not in label_result.stderr @@ -17,7 +17,7 @@ - unlabel is not defined or not unlabel - not ansible_check_mode -- shell: > +- command: > {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node {{host}} {{label}}- register: label_result failed_when: label_result.rc == 1 and 'exists' not in label_result.stderr diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index b64c24ade..c4ec1b255 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -1,4 +1,9 @@ --- +- fail: + msg: Only one Fluentd nodeselector key pair should be provided + when: "{{ openshift_logging_fluentd_nodeselector.keys() | count }} > 1" + + - name: Create temp directory for doing work in command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX register: mktemp diff --git a/roles/openshift_logging/tasks/scale.yaml b/roles/openshift_logging/tasks/scale.yaml index 3d86ea171..aa3e39641 100644 --- a/roles/openshift_logging/tasks/scale.yaml +++ b/roles/openshift_logging/tasks/scale.yaml @@ -1,26 +1,26 @@ --- -- shell: > +- command: > {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get {{object}} - --template='{{ '{{.spec.replicas}}' }}' -n {{openshift_logging_namespace}} + -o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}} register: replica_count failed_when: replica_count.rc == 1 and 'exists' not in replica_count.stderr when: not ansible_check_mode -- shell: > +- command: > {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale {{object}} --replicas={{desired}} -n {{openshift_logging_namespace}} register: scale_result failed_when: scale_result.rc == 1 and 'exists' not in scale_result.stderr when: - - replica_count.stdout != desired - not ansible_check_mode + - replica_count.stdout|int != desired -- shell: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig describe {{object}} -n {{openshift_logging_namespace}} | awk -v statusrx='Pods Status:' '$0 ~ statusrx {print $3}' +- command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get {{object}} -n {{openshift_logging_namespace}} -o jsonpath='{.status.replicas}' register: replica_counts - until: replica_counts.stdout.find("{{desired}}") != -1 + until: replica_counts.stdout|int == desired retries: 30 delay: 10 when: - - replica_count.stdout != desired - not ansible_check_mode + - replica_count.stdout|int != desired diff --git a/roles/openshift_logging/tasks/start_cluster.yaml b/roles/openshift_logging/tasks/start_cluster.yaml index cdfc5f2d3..090ca8359 100644 --- a/roles/openshift_logging/tasks/start_cluster.yaml +++ b/roles/openshift_logging/tasks/start_cluster.yaml @@ -1,16 +1,16 @@ --- -- shell: > - echo "{{openshift_logging_fluentd_nodeselector}}" | cut -d':' -f1 +- command: > + echo "{{openshift_logging_fluentd_nodeselector.keys()[0]}}" register: openshift_logging_fluentd_nodeselector_key check_mode: no -- shell: > - echo "{{openshift_logging_fluentd_nodeselector}}" | cut -d' ' -f2 +- command: > + echo "{{openshift_logging_fluentd_nodeselector.values()[0]}}" register: openshift_logging_fluentd_nodeselector_value check_mode: no -- shell: > - {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get node -o name | sed "s,^node/,,g" +- command: > + {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get node -o jsonpath='{.items[*].metadata.name}' register: fluentd_hosts when: "'--all' in openshift_logging_fluentd_hosts" check_mode: no @@ -25,7 +25,7 @@ loop_control: loop_var: fluentd_host -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es -o name -n {{openshift_logging_namespace}} register: es_dc check_mode: no @@ -38,7 +38,7 @@ loop_control: loop_var: object -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana -o name -n {{openshift_logging_namespace}} register: kibana_dc check_mode: no @@ -51,7 +51,7 @@ loop_control: loop_var: object -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator -o name -n {{openshift_logging_namespace}} register: curator_dc check_mode: no @@ -64,7 +64,7 @@ loop_control: loop_var: object -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es-ops -o name -n {{openshift_logging_namespace}} register: es_dc check_mode: no @@ -78,7 +78,7 @@ loop_var: object when: openshift_logging_use_ops -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana-ops -o name -n {{openshift_logging_namespace}} register: kibana_dc check_mode: no @@ -92,7 +92,7 @@ loop_var: object when: openshift_logging_use_ops -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator-ops -o name -n {{openshift_logging_namespace}} register: curator_dc check_mode: no diff --git a/roles/openshift_logging/tasks/stop_cluster.yaml b/roles/openshift_logging/tasks/stop_cluster.yaml index e018d0618..dd3693f7e 100644 --- a/roles/openshift_logging/tasks/stop_cluster.yaml +++ b/roles/openshift_logging/tasks/stop_cluster.yaml @@ -1,14 +1,14 @@ --- -- shell: > - echo "{{openshift_logging_fluentd_nodeselector}}" | cut -d':' -f1 +- command: > + echo "{{openshift_logging_fluentd_nodeselector.keys()[0]}}" register: openshift_logging_fluentd_nodeselector_key -- shell: > - echo "{{openshift_logging_fluentd_nodeselector}}" | cut -d' ' -f2 +- command: > + echo "{{openshift_logging_fluentd_nodeselector.values()[0]}}" register: openshift_logging_fluentd_nodeselector_value -- shell: > - {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get node -o name | sed "s,^node/,,g" +- command: > + {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get node -o jsonpath='{.items[*].metadata.name}' register: fluentd_hosts when: "'--all' in openshift_logging_fluentd_hosts" @@ -22,7 +22,7 @@ loop_control: loop_var: fluentd_host -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es -o name -n {{openshift_logging_namespace}} register: es_dc @@ -34,7 +34,7 @@ loop_control: loop_var: object -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana -o name -n {{openshift_logging_namespace}} register: kibana_dc @@ -46,7 +46,7 @@ loop_control: loop_var: object -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator -o name -n {{openshift_logging_namespace}} register: curator_dc @@ -58,7 +58,7 @@ loop_control: loop_var: object -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es-ops -o name -n {{openshift_logging_namespace}} register: es_dc @@ -71,7 +71,7 @@ loop_var: object when: openshift_logging_use_ops -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=kibana-ops -o name -n {{openshift_logging_namespace}} register: kibana_dc @@ -84,7 +84,7 @@ loop_var: object when: openshift_logging_use_ops -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=curator-ops -o name -n {{openshift_logging_namespace}} register: curator_dc diff --git a/roles/openshift_logging/tasks/upgrade_logging.yaml b/roles/openshift_logging/tasks/upgrade_logging.yaml index b2c8022d5..9b285a5fe 100644 --- a/roles/openshift_logging/tasks/upgrade_logging.yaml +++ b/roles/openshift_logging/tasks/upgrade_logging.yaml @@ -8,7 +8,7 @@ start_cluster: False # ensure that ES is running -- shell: > +- command: > {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig get dc -l component=es -o name -n {{openshift_logging_namespace}} register: es_dc check_mode: no @@ -26,7 +26,7 @@ dest: {{mktemp.stdout}}/es_migration.sh - name: Run upgrade scripts - shell: > + command: > sh {{mktemp.stdout}}/es_migration.sh {{openshift.common.config_base}}/logging/ca.crt {{openshift.common.config_base}}/logging/system.admin.key {{openshift.common.config_base}}/logging/system.admin.crt {{openshift_logging_es_host}} {{openshift_logging_es_port}} {{openshift_logging_namespace}} - name: Start up rest of cluster -- cgit v1.2.1