blob: 91eeb95a1c1f899a186ed460b528e439af65cb4d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
---
- set_fact: mux_ops_host={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_host, openshift_logging_es_host) }}
check_mode: no
- set_fact: mux_ops_port={{ (openshift_logging_use_ops | bool) | ternary(openshift_logging_es_ops_port, openshift_logging_es_port) }}
check_mode: no
- name: Check mux current replica count
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc/logging-mux
-o jsonpath='{.spec.replicas}' -n {{openshift_logging_namespace}}
register: mux_replica_count
when: not ansible_check_mode
ignore_errors: yes
changed_when: no
- name: Generating mux deploymentconfig
template: src=mux.j2 dest={{mktemp.stdout}}/templates/logging-mux-dc.yaml
vars:
component: mux
logging_component: mux
deploy_name: "logging-{{component}}"
image: "{{openshift_logging_image_prefix}}logging-fluentd:{{openshift_logging_image_version}}"
es_host: logging-es
es_port: "{{openshift_logging_es_port}}"
ops_host: "{{ mux_ops_host }}"
ops_port: "{{ mux_ops_port }}"
mux_cpu_limit: "{{openshift_logging_mux_cpu_limit}}"
mux_memory_limit: "{{openshift_logging_mux_memory_limit}}"
replicas: "{{mux_replica_count.stdout | default (0)}}"
mux_node_selector: "{{openshift_logging_mux_nodeselector | default({})}}"
check_mode: no
changed_when: no
- name: "Check mux hostmount-anyuid permissions"
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
get scc/hostmount-anyuid -o jsonpath='{.users}'
register: mux_hostmount_anyuid
check_mode: no
changed_when: no
- name: "Set hostmount-anyuid permissions for mux"
command: >
{{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
add-scc-to-user hostmount-anyuid system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd
register: mux_output
failed_when: mux_output.rc == 1 and 'exists' not in mux_output.stderr
check_mode: no
when: mux_hostmount_anyuid.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1
- name: "Check mux cluster-reader permissions"
command: >
{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
get clusterrolebinding/cluster-readers -o jsonpath='{.userNames}'
register: mux_cluster_reader
check_mode: no
changed_when: no
- name: "Set cluster-reader permissions for mux"
command: >
{{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
add-cluster-role-to-user cluster-reader system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd
register: mux2_output
failed_when: mux2_output.rc == 1 and 'exists' not in mux2_output.stderr
check_mode: no
when: mux_cluster_reader.stdout.find("system:serviceaccount:{{openshift_logging_namespace}}:aggregated-logging-fluentd") == -1
|
