diff options
9 files changed, 63 insertions, 12 deletions
diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 620c82fd0..1c1e33c92 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -113,6 +113,8 @@ dest: "{{ tempdir }}/elasticsearch.yml" vars: allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}" + es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}" + es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas | default(0) }}" when: es_config_contents is undefined changed_when: no diff --git a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 index 2aaa44190..681f5a7e6 100644 --- a/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/openshift_logging_elasticsearch/templates/elasticsearch.yml.j2 @@ -6,8 +6,8 @@ script: indexed: on index: - number_of_shards: 1 - number_of_replicas: 0 + number_of_shards: {{ es_number_of_shards | default ('1') }} + number_of_replicas: {{ es_number_of_replicas | default ('0') }} unassigned.node_left.delayed_timeout: 2m translog: flush_threshold_size: 256mb @@ -28,11 +28,10 @@ cloud: discovery: type: kubernetes zen.ping.multicast.enabled: false - zen.minimum_master_nodes: {{es_min_masters}} + zen.minimum_master_nodes: ${NODE_QUORUM} gateway: - expected_master_nodes: ${NODE_QUORUM} - recover_after_nodes: ${RECOVER_AFTER_NODES} + recover_after_nodes: ${NODE_QUORUM} expected_nodes: ${RECOVER_EXPECTED_NODES} recover_after_time: ${RECOVER_AFTER_TIME} @@ -49,7 +48,7 @@ openshift.searchguard: keystore.path: /etc/elasticsearch/secret/admin.jks truststore.path: /etc/elasticsearch/secret/searchguard.truststore -openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default ('false')}} +openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default (false)}} path: data: /elasticsearch/persistent/${CLUSTER_NAME}/data diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 36390a2c2..d2db8432e 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -78,9 +78,6 @@ spec: name: "NODE_QUORUM" value: "{{es_node_quorum | int}}" - - name: "RECOVER_AFTER_NODES" - value: "{{es_recover_after_nodes}}" - - name: "RECOVER_EXPECTED_NODES" value: "{{es_recover_expected_nodes}}" - @@ -103,6 +100,13 @@ spec: readOnly: true - name: elasticsearch-storage mountPath: /elasticsearch/persistent + readinessProbe: + exec: + command: + - "/usr/share/elasticsearch/probe/readiness.sh" + initialDelaySeconds: 5 + timeoutSeconds: 4 + periodSeconds: 5 volumes: - name: elasticsearch secret: diff --git a/roles/openshift_logging_fluentd/defaults/main.yml b/roles/openshift_logging_fluentd/defaults/main.yml index ad92f499d..228196d74 100644 --- a/roles/openshift_logging_fluentd/defaults/main.yml +++ b/roles/openshift_logging_fluentd/defaults/main.yml @@ -28,7 +28,7 @@ openshift_logging_fluentd_ops_host: "{{ openshift_logging_fluentd_app_host }}" openshift_logging_fluentd_ops_port: "{{ openshift_logging_fluentd_app_port }}" ### Used by "hosted" and "secure-aggregator" deployments -openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal | default('') }}" +#openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal }}" openshift_logging_fluentd_journal_source: "{{ openshift_hosted_logging_journal_source | default('') }}" openshift_logging_fluentd_journal_read_from_head: "{{ openshift_hosted_logging_journal_read_from_head | default('') }}" diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml index d350eb41e..8194223e8 100644 --- a/roles/openshift_logging_fluentd/tasks/main.yaml +++ b/roles/openshift_logging_fluentd/tasks/main.yaml @@ -17,6 +17,18 @@ - include: determine_version.yaml +- set_fact: + openshift_logging_fluentd_use_journal: "{{ openshift_hosted_logging_use_journal }}" + when: + - openshift_hosted_logging_use_journal is defined + - openshift_logging_fluentd_use_journal is not defined + +- set_fact: + openshift_logging_fluentd_use_journal: "{{ __fluentd_use_journal }}" + when: + - openshift_hosted_logging_use_journal is not defined + - openshift_logging_fluentd_use_journal is not defined + # allow passing in a tempdir - name: Create temp directory for doing work in command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2 index 8e079120d..e185938e3 100644 --- a/roles/openshift_logging_fluentd/templates/fluentd.j2 +++ b/roles/openshift_logging_fluentd/templates/fluentd.j2 @@ -59,6 +59,9 @@ spec: - name: dockercfg mountPath: /etc/sysconfig/docker readOnly: true + - name: dockerdaemoncfg + mountPath: /etc/docker + readOnly: true env: - name: "K8S_HOST_URL" value: "{{ openshift_logging_fluentd_master_url }}" @@ -115,3 +118,6 @@ spec: - name: dockercfg hostPath: path: /etc/sysconfig/docker + - name: dockerdaemoncfg + hostPath: + path: /etc/docker diff --git a/roles/openshift_logging_fluentd/vars/main.yml b/roles/openshift_logging_fluentd/vars/main.yml index ad3fb0bdd..f601b738e 100644 --- a/roles/openshift_logging_fluentd/vars/main.yml +++ b/roles/openshift_logging_fluentd/vars/main.yml @@ -2,3 +2,4 @@ __latest_fluentd_version: "3_5" __allowed_fluentd_versions: ["3_5", "3_6"] __allowed_fluentd_types: ["hosted", "secure-aggregator", "secure-host"] +__fluentd_use_journal: "{{ (docker_log_driver == 'journald') | ternary(True, False) if docker_log_driver is defined else (openshift.docker.log_driver == 'journald') | ternary(True, False) if openshift.docker.log_driver is defined else openshift.docker.options | search('--log-driver=journald') if openshift.docker.options is defined else default(omit) }}" diff --git a/roles/openshift_logging_kibana/defaults/main.yml b/roles/openshift_logging_kibana/defaults/main.yml index 6474cd504..23337bcd2 100644 --- a/roles/openshift_logging_kibana/defaults/main.yml +++ b/roles/openshift_logging_kibana/defaults/main.yml @@ -9,7 +9,7 @@ openshift_logging_kibana_namespace: logging openshift_logging_kibana_nodeselector: "" openshift_logging_kibana_cpu_limit: null -openshift_logging_kibana_memory_limit: null +openshift_logging_kibana_memory_limit: 736Mi openshift_logging_kibana_hostname: "kibana.router.default.svc.cluster.local" @@ -26,7 +26,7 @@ openshift_logging_kibana_ops_deployment: false # Proxy settings openshift_logging_kibana_proxy_debug: false openshift_logging_kibana_proxy_cpu_limit: null -openshift_logging_kibana_proxy_memory_limit: null +openshift_logging_kibana_proxy_memory_limit: 96Mi #The absolute path on the control node to the cert file to use #for the public facing kibana certs diff --git a/roles/openshift_logging_kibana/templates/kibana.j2 b/roles/openshift_logging_kibana/templates/kibana.j2 index 9fefef9b7..ea506b12b 100644 --- a/roles/openshift_logging_kibana/templates/kibana.j2 +++ b/roles/openshift_logging_kibana/templates/kibana.j2 @@ -53,6 +53,12 @@ spec: value: "{{ es_host }}" - name: "ES_PORT" value: "{{ es_port }}" + - + name: "KIBANA_MEMORY_LIMIT" + valueFrom: + resourceFieldRef: + containerName: kibana + resource: limits.memory volumeMounts: - name: kibana mountPath: /etc/kibana/keys @@ -103,6 +109,27 @@ spec: - name: "OAP_DEBUG" value: "{{ openshift_logging_kibana_proxy_debug }}" + - + name: "OAP_OAUTH_SECRET_FILE" + value: "/secret/oauth-secret" + - + name: "OAP_SERVER_CERT_FILE" + value: "/secret/server-cert" + - + name: "OAP_SERVER_KEY_FILE" + value: "/secret/server-key" + - + name: "OAP_SERVER_TLS_FILE" + value: "/secret/server-tls.json" + - + name: "OAP_SESSION_SECRET_FILE" + value: "/secret/session-secret" + - + name: "OCP_AUTH_PROXY_MEMORY_LIMIT" + valueFrom: + resourceFieldRef: + containerName: kibana-proxy + resource: limits.memory volumeMounts: - name: kibana-proxy mountPath: /secret |