From 9835c45b64447876d15cb8d8e916b48e9fc87596 Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Wed, 18 May 2022 17:05:55 -0400 Subject: [PATCH 1/9] (IAC-508) Update script names for OpenSearch, new V4M Nodeport Enable variable" --- docs/CONFIG-VARS.md | 9 +++++---- roles/monitoring/tasks/cluster-logging.yaml | 4 ++-- roles/monitoring/vars/main.yaml | 1 + 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 6abd8070..7c7eba8b 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -175,10 +175,11 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create | V4M_ELASTICSEARCH_FQDN | FQDN to use for elasticsearch ingress | string | elasticsearch. | false | | cluster-logging | | V4M_ELASTICSEARCH_CERT | Path to tls certificate to use for elasticsearch ingress | string | | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging | | V4M_ELASTICSEARCH_KEY | Path to tls key to use for elasticsearch ingress | string | | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging | +| V4M_KB_KNOWN_NODEPORT_ENABLE | If you want to make OpenSearch Dashboards accessible via NodePort, set the environment variable V4M_KB_KNOWN_NODEPORT_ENABLE to true. OpenSearch Dashboards will be accessible from port 31034 | bool | false | false | | cluster-logging ## TLS -Viya 4 supports 2 different types of certificate generators, Cert-manager and openssl. When using the openssl certificate generator, you must provide: V4_CFG_TLS_CERT, V4_CFG_TLS_KEY, V4_CFG_TLS_TRUSTED_CA_CERTS. Also, the openssl certificate generator cannot be used in conjunction with the viya4-monitoring-kubernetes stack. +Viya 4 supports 2 different types of certificate generators, Cert-manager and openssl. The openssl certificate generator cannot be used in conjunction with the viya4-monitoring-kubernetes stack. | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | @@ -193,9 +194,9 @@ Viya 4 supports 2 different types of certificate generators, Cert-manager and op Notes: -*Values can be use to configure the tls generator when V4_CFG_TLS_MODE is not set to `disabled` and one of the following conditions is met.* +*Values can be used to configure the tls generator when V4_CFG_TLS_MODE is not set to `disabled` and one of the following conditions is met.* - V4_CFG_TLS_GENERATOR is set to `cert-manager` and no V4_CFG_TLS_CERT/V4_CFG_TLS_KEY are defined - - V4_CFG_TLS_GENERATOR is set to `openssl` + - V4_CFG_TLS_GENERATOR is set to `openssl` and no V4_CFG_TLS_CERT/V4_CFG_TLS_KEY are defined ## Postgres @@ -282,7 +283,7 @@ V4_CFG_POSTGRES_SERVERS: | CERT_MANAGER_NAMESPACE | cert-manager helm install namespace | string | cert-manager | false | | baseline | | CERT_MANAGER_CHART_URL | cert-manager helm chart url | string | https://charts.jetstack.io/ | false | | baseline | | CERT_MANAGER_CHART_NAME| cert-manager helm chart name | string | cert-manager| false | | baseline | -| CERT_MANAGER_CHART_VERSION | cert-manager helm chart version | string | 1.6.1 | false | | baseline | +| CERT_MANAGER_CHART_VERSION | cert-manager helm chart version | string | 1.7.2 | false | | baseline | | CERT_MANAGER_CONFIG | cert-manager helm values | string | see [here](../roles/baseline/defaults/main.yml) | false | | baseline | ### Cluster Autoscaler diff --git a/roles/monitoring/tasks/cluster-logging.yaml b/roles/monitoring/tasks/cluster-logging.yaml index c9534972..42d78a2c 100644 --- a/roles/monitoring/tasks/cluster-logging.yaml +++ b/roles/monitoring/tasks/cluster-logging.yaml @@ -54,7 +54,7 @@ - name: cluster-logging - deploy command: - cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging_open.sh" + cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging_opensearch.sh" environment: "{{ logging_map['env'] }}" tags: - install @@ -108,7 +108,7 @@ - name: cluster-logging - uninstall command: - cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/remove_logging_open.sh" + cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/remove_logging_opensearch.sh" environment: "{{ logging_map['env'] }}" tags: - uninstall diff --git a/roles/monitoring/vars/main.yaml b/roles/monitoring/vars/main.yaml index ebebe97f..976a96e8 100644 --- a/roles/monitoring/vars/main.yaml +++ b/roles/monitoring/vars/main.yaml @@ -16,6 +16,7 @@ logging_map: ES_LOGCOLLECTOR_PASSWD: "{{ V4M_LOGCOLLECTOR_PASSWORD }}" ES_METRICGETTER_PASSWD: "{{ V4M_METRICGETTER_PASSWORD }}" LOG_NS: "{{ V4M_LOGGING_NAMESPACE }}" + KB_KNOWN_NODEPORT_ENABLE: "{{ V4M_KB_KNOWN_NODEPORT_ENABLE }}" monitoring_env: USER_DIR: "{{ tmpdir.path }}" From 06cd66bf621c490cd942007eb0fd8c692f6a5ec5 Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Fri, 20 May 2022 12:19:42 -0400 Subject: [PATCH 2/9] (IAC-508) Add V4M_KB_KNOWN_NODEPORT_ENABLE default value --- roles/monitoring/defaults/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/monitoring/defaults/main.yaml b/roles/monitoring/defaults/main.yaml index d49ced1b..d261a885 100644 --- a/roles/monitoring/defaults/main.yaml +++ b/roles/monitoring/defaults/main.yaml @@ -8,6 +8,7 @@ V4M_NODE_PLACEMENT_ENABLE: false V4M_BASE_DOMAIN: "{{ V4_CFG_BASE_DOMAIN }}" V4M_CERT: null V4M_KEY: null +V4M_KB_KNOWN_NODEPORT_ENABLE: false V4M_LOGGING_NAMESPACE: logging V4M_MONITORING_NAMESPACE: monitoring From 2421156b95d173d2b89e683abe4d38d478fcbc0e Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Fri, 20 May 2022 12:20:43 -0400 Subject: [PATCH 3/9] (IAC-508) Change tempdir to regular dir to prevent deletion by Ansible --- playbooks/playbook.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/playbooks/playbook.yaml b/playbooks/playbook.yaml index af4c0356..cf21e718 100644 --- a/playbooks/playbook.yaml +++ b/playbooks/playbook.yaml @@ -1,7 +1,8 @@ - hosts: localhost tasks: - name: global tmp dir - tempfile: + file: + path: /home/david/.ansible_deleteme state: directory register: tmpdir tags: From 1460cac5bb3489cb0c5bf21aefbc4b1098df965f Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Thu, 26 May 2022 16:34:29 -0400 Subject: [PATCH 4/9] (IAC-508) monitoring default updates and deploy script names changes prior to trying move2opensearch branch --- roles/monitoring/defaults/main.yaml | 4 ++-- roles/monitoring/tasks/cluster-logging.yaml | 25 ++++++++++++++++++--- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/roles/monitoring/defaults/main.yaml b/roles/monitoring/defaults/main.yaml index d261a885..e8b9e315 100644 --- a/roles/monitoring/defaults/main.yaml +++ b/roles/monitoring/defaults/main.yaml @@ -13,7 +13,7 @@ V4M_KB_KNOWN_NODEPORT_ENABLE: false V4M_LOGGING_NAMESPACE: logging V4M_MONITORING_NAMESPACE: monitoring -V4M_KIBANA_FQDN: "kibana.{{ V4M_BASE_DOMAIN }}" +V4M_KIBANA_FQDN: "dashboards.{{ V4M_BASE_DOMAIN }}" V4M_KIBANA_CERT: "{{ V4M_CERT }}" V4M_KIBANA_KEY: "{{ V4M_KEY }}" V4M_KIBANA_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}" @@ -21,7 +21,7 @@ V4M_KIBANASERVER_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters V4M_LOGCOLLECTOR_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}" V4M_METRICGETTER_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}" -V4M_ELASTICSEARCH_FQDN: "elasticsearch.{{ V4M_BASE_DOMAIN }}" +V4M_ELASTICSEARCH_FQDN: "search.{{ V4M_BASE_DOMAIN }}" V4M_ELASTICSEARCH_CERT: "{{ V4M_CERT }}" V4M_ELASTICSEARCH_KEY: "{{ V4M_KEY }}" diff --git a/roles/monitoring/tasks/cluster-logging.yaml b/roles/monitoring/tasks/cluster-logging.yaml index 42d78a2c..9824c885 100644 --- a/roles/monitoring/tasks/cluster-logging.yaml +++ b/roles/monitoring/tasks/cluster-logging.yaml @@ -42,16 +42,35 @@ tags: - install -- name: cluster-logging - user values +- name: cluster-logging - opensearch user values template: - src: "user-values-elasticsearch-open.yaml" - dest: "{{ tmpdir.path }}/logging/user-values-elasticsearch-open.yaml" + src: "user-values-elasticsearch-opensearch.yaml" + dest: "{{ tmpdir.path }}/logging/user-values-elasticsearch-opensearch.yaml" mode: "0660" tags: - install - update - uninstall +- name: cluster-logging - osd user values + template: + src: "user-values-osd-opensearch.yaml" + dest: "{{ tmpdir.path }}/logging/user-values-osd-opensearch.yaml" + mode: "0660" + tags: + - install + - update + - uninstall + +- name : Display logging map prior to deploy V4M deploy + ansible.builtin.debug: + var: "logging_map['env']" + verbosity: 1 + tags: + - install + - update + - uninstall + - name: cluster-logging - deploy command: cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging_opensearch.sh" From d28830fc2ce7d3816c919f2afa8a9f650e9642c9 Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Tue, 14 Jun 2022 14:35:05 -0400 Subject: [PATCH 5/9] (IAC-508) add updates for V4M OpenSearch support --- docker-entrypoint.sh | 2 +- docs/CONFIG-VARS.md | 2 +- docs/Troubleshooting.md | 21 ++++++++++++ docs/user/Dependencies.md | 2 +- playbooks/playbook.yaml | 3 +- roles/monitoring/tasks/cluster-logging.yaml | 34 +++++++++---------- .../monitoring/tasks/cluster-monitoring.yaml | 1 + .../user-values-elasticsearch-opensearch.yaml | 14 ++++++++ .../templates/user-values-osd-opensearch.yaml | 16 +++++++++ 9 files changed, 73 insertions(+), 22 deletions(-) create mode 100644 roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml create mode 100644 roles/monitoring/templates/user-values-osd-opensearch.yaml diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 398126aa..fa166d93 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -20,4 +20,4 @@ do done echo "Running: ansible-playbook $OPTS $@ playbooks/${PLAYBOOK}" -exec ansible-playbook $OPTS $@ playbooks/${PLAYBOOK} +ANSIBLE_STDOUT_CALLBACK=yaml exec ansible-playbook $OPTS $@ playbooks/${PLAYBOOK} diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 7c7eba8b..371ff377 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -175,7 +175,7 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create | V4M_ELASTICSEARCH_FQDN | FQDN to use for elasticsearch ingress | string | elasticsearch. | false | | cluster-logging | | V4M_ELASTICSEARCH_CERT | Path to tls certificate to use for elasticsearch ingress | string | | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging | | V4M_ELASTICSEARCH_KEY | Path to tls key to use for elasticsearch ingress | string | | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging | -| V4M_KB_KNOWN_NODEPORT_ENABLE | If you want to make OpenSearch Dashboards accessible via NodePort, set the environment variable V4M_KB_KNOWN_NODEPORT_ENABLE to true. OpenSearch Dashboards will be accessible from port 31034 | bool | false | false | | cluster-logging +| V4M_OSD_NODEPORT_ENABLE | If you want to make OpenSearch Dashboards accessible via NodePort, set the environment variable V4M_OSD_NODEPORT_ENABLE to true. OpenSearch Dashboards will be accessible from port 31034 | bool | false | false | | cluster-logging ## TLS diff --git a/docs/Troubleshooting.md b/docs/Troubleshooting.md index 28adb927..1bb96540 100644 --- a/docs/Troubleshooting.md +++ b/docs/Troubleshooting.md @@ -21,3 +21,24 @@ Example: -e TFSTATE=$HOME/viya4-iac-aws/terraform.tfstate \ viya4-deployment --tags "baseline,viya,cluster-logging,cluster-monitoring,viya-monitoring,install" -vvv ``` +## Viya4 Monitoring and Logging +### Symptom: +While deploying Viya4 to a cluster with the "cluster-logging" and "install" Ansible task tags specified, the following error message is encountered. + + ```bash +TASK [monitoring : cluster-logging - deploy] ******************************************************************************** +fatal: [localhost]: FAILED! => changed=false + cmd: /home/user/.ansible/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh + msg: '[Errno 2] No such file or directory: b''/home/user/.ansible/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh''' + rc: 2 + +PLAY RECAP ****************************************************************************************************************** +localhost : ok=52 changed=12 unreachable=0 failed=1 skipped=41 rescued=0 ignored=0 + ``` + +### Diagnosis: +A release of sassoftware/viya4-monitoring-kubernetes prior to 1.2.0 was run by a release of sassoftware/viya4-deployment at release 4.13.0 or later. +Releases of sassoftware/viya4-monitoring-kubernetes prior to 1.2.0 do not support the installation of OpenSearch logging software which sassoftware/viya4-deployment 4.13.0 or later will attempt to install. + +### Solution: +When running DAC releases 4.13.0 or later, specify either the stable branch or a valid sassoftware/viya4-monitoring-kubernetes release tag of 1.2.0 or later for the value of the V4M_VERSION sassoftware/viya4-deployment variable, For more details on supported variables, refer to [CONFIG-VARS.md](./CONFIG-VARS.md) diff --git a/docs/user/Dependencies.md b/docs/user/Dependencies.md index 47885971..665fcef6 100644 --- a/docs/user/Dependencies.md +++ b/docs/user/Dependencies.md @@ -13,7 +13,7 @@ SOURCE | NAME | VERSION ~ | docker | any ~ | git | any ~ | kustomize | 3.7.0 -~ | kubectl | 1.20 - 1.22 +~ | kubectl | 1.21 - 1.23 ~ | AWS IAM Authenticator | 1.18.9/2020-11-02 ~ | Helm | 3 pip3 | ansible | 2.10.7 diff --git a/playbooks/playbook.yaml b/playbooks/playbook.yaml index cf21e718..af4c0356 100644 --- a/playbooks/playbook.yaml +++ b/playbooks/playbook.yaml @@ -1,8 +1,7 @@ - hosts: localhost tasks: - name: global tmp dir - file: - path: /home/david/.ansible_deleteme + tempfile: state: directory register: tmpdir tags: diff --git a/roles/monitoring/tasks/cluster-logging.yaml b/roles/monitoring/tasks/cluster-logging.yaml index 9824c885..1e7b69f9 100644 --- a/roles/monitoring/tasks/cluster-logging.yaml +++ b/roles/monitoring/tasks/cluster-logging.yaml @@ -21,6 +21,15 @@ tags: - install +- name: Set password facts + set_fact: + V4M_KIBANA_PASSWORD: "{{ V4M_KIBANA_PASSWORD }}" + V4M_KIBANASERVER_PASSWORD: "{{ V4M_KIBANASERVER_PASSWORD }}" + V4M_LOGCOLLECTOR_PASSWORD: "{{ V4M_LOGCOLLECTOR_PASSWORD }}" + V4M_METRICGETTER_PASSWORD: "{{ V4M_METRICGETTER_PASSWORD }}" + tags: + - install + - name: cluster-logging - save credentials set_fact: "{{ logging_map['secret'][item.metadata.name] }}": "{{ item.data.password|b64decode }}" @@ -35,17 +44,17 @@ - name: cluster-logging - output credentials debug: msg: - - "Kibana admin - username: admin, password: {{ V4M_KIBANA_PASSWORD }}" - - "Kibana Server - username: kibanaserver, password: {{ V4M_KIBANASERVER_PASSWORD }}" - - "Log Collector - username: logcollector, password: {{ V4M_LOGCOLLECTOR_PASSWORD }}" - - "Metric Getter - username: metricgetter, password: {{ V4M_METRICGETTER_PASSWORD }}" + - "OpenSearch admin - username: admin, password: {{ V4M_KIBANA_PASSWORD }}" + - "OpenSearch Dashboards Server - username: kibanaserver, password: {{ V4M_KIBANASERVER_PASSWORD }}" + - "Log Collector - username: logcollector, password: {{ V4M_LOGCOLLECTOR_PASSWORD }}" + - "Metric Getter - username: metricgetter, password: {{ V4M_METRICGETTER_PASSWORD }}" tags: - install - name: cluster-logging - opensearch user values template: src: "user-values-elasticsearch-opensearch.yaml" - dest: "{{ tmpdir.path }}/logging/user-values-elasticsearch-opensearch.yaml" + dest: "{{ tmpdir.path }}/logging/user-values-opensearch.yaml" mode: "0660" tags: - install @@ -55,25 +64,16 @@ - name: cluster-logging - osd user values template: src: "user-values-osd-opensearch.yaml" - dest: "{{ tmpdir.path }}/logging/user-values-osd-opensearch.yaml" + dest: "{{ tmpdir.path }}/logging/user-values-osd.yaml" mode: "0660" tags: - install - update - uninstall -- name : Display logging map prior to deploy V4M deploy - ansible.builtin.debug: - var: "logging_map['env']" - verbosity: 1 - tags: - - install - - update - - uninstall - - name: cluster-logging - deploy command: - cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging_opensearch.sh" + cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh" environment: "{{ logging_map['env'] }}" tags: - install @@ -127,7 +127,7 @@ - name: cluster-logging - uninstall command: - cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/remove_logging_opensearch.sh" + cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/remove_logging.sh" environment: "{{ logging_map['env'] }}" tags: - uninstall diff --git a/roles/monitoring/tasks/cluster-monitoring.yaml b/roles/monitoring/tasks/cluster-monitoring.yaml index fd576cdc..d770c71c 100644 --- a/roles/monitoring/tasks/cluster-monitoring.yaml +++ b/roles/monitoring/tasks/cluster-monitoring.yaml @@ -21,6 +21,7 @@ - install - update + V4M_GRAFANA_PASSWORD: "{{ V4M_GRAFANA_PASSWORD }}" - name: cluster-monitoring - save credentials set_fact: V4M_GRAFANA_PASSWORD: "{{ monitoring_creds.resources[0].data['admin-password']|b64decode }}" diff --git a/roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml b/roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml new file mode 100644 index 00000000..eb29752e --- /dev/null +++ b/roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml @@ -0,0 +1,14 @@ +persistence: + storageClass: {{ V4M_STORAGECLASS }} +ingress: + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + enabled: true + path: / + hosts: + - {{ V4M_ELASTICSEARCH_FQDN }} + tls: + - secretName: elasticsearch-ingress-tls-secret + hosts: + - {{ V4M_ELASTICSEARCH_FQDN }} \ No newline at end of file diff --git a/roles/monitoring/templates/user-values-osd-opensearch.yaml b/roles/monitoring/templates/user-values-osd-opensearch.yaml new file mode 100644 index 00000000..31084a04 --- /dev/null +++ b/roles/monitoring/templates/user-values-osd-opensearch.yaml @@ -0,0 +1,16 @@ +ingress: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + enabled: true + ingressClassName: nginx + hosts: + - host: {{ V4M_KIBANA_FQDN }} + paths: + - path: / + backend: + serviceName: v4m-osd + servicePort: 443 + tls: + - secretName: kibana-ingress-tls-secret + hosts: + - {{ V4M_KIBANA_FQDN }} \ No newline at end of file From ba4e6a5f9da0e2e97ea0c6de203ce016335c5ea5 Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Tue, 14 Jun 2022 14:58:25 -0400 Subject: [PATCH 6/9] (IAC-508) Add set_fact for Grafana password --- roles/monitoring/tasks/cluster-monitoring.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/monitoring/tasks/cluster-monitoring.yaml b/roles/monitoring/tasks/cluster-monitoring.yaml index d770c71c..03bb752c 100644 --- a/roles/monitoring/tasks/cluster-monitoring.yaml +++ b/roles/monitoring/tasks/cluster-monitoring.yaml @@ -21,7 +21,12 @@ - install - update +- name: Set password fact + set_fact: V4M_GRAFANA_PASSWORD: "{{ V4M_GRAFANA_PASSWORD }}" + tags: + - install + - name: cluster-monitoring - save credentials set_fact: V4M_GRAFANA_PASSWORD: "{{ monitoring_creds.resources[0].data['admin-password']|b64decode }}" From ffdc50c4868514b3562c254917f1c64b11503894 Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Tue, 14 Jun 2022 15:04:39 -0400 Subject: [PATCH 7/9] (IAC-508) add end of file newlines for yaml --- .../templates/user-values-elasticsearch-opensearch.yaml | 2 +- roles/monitoring/templates/user-values-osd-opensearch.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml b/roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml index eb29752e..5c19a839 100644 --- a/roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml +++ b/roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml @@ -11,4 +11,4 @@ ingress: tls: - secretName: elasticsearch-ingress-tls-secret hosts: - - {{ V4M_ELASTICSEARCH_FQDN }} \ No newline at end of file + - {{ V4M_ELASTICSEARCH_FQDN }} diff --git a/roles/monitoring/templates/user-values-osd-opensearch.yaml b/roles/monitoring/templates/user-values-osd-opensearch.yaml index 31084a04..05768ef9 100644 --- a/roles/monitoring/templates/user-values-osd-opensearch.yaml +++ b/roles/monitoring/templates/user-values-osd-opensearch.yaml @@ -13,4 +13,4 @@ ingress: tls: - secretName: kibana-ingress-tls-secret hosts: - - {{ V4M_KIBANA_FQDN }} \ No newline at end of file + - {{ V4M_KIBANA_FQDN }} From db9240c2d19d6ee771cb62dc074682c3b8872471 Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Tue, 14 Jun 2022 16:09:30 -0400 Subject: [PATCH 8/9] (IAC-508) also update kibana,elasticsearch FQDNs in response to review comment --- docs/CONFIG-VARS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 371ff377..4add04c0 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -164,7 +164,7 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | | V4M_LOGGING_NAMESPACE | Namespace for the logging resources | string | logging | false | | cluster-logging | -| V4M_KIBANA_FQDN | FQDN to use for kibana ingress | string | kibana. | false | | cluster-logging | +| V4M_KIBANA_FQDN | FQDN to use for kibana ingress | string | dashboards. | false | | cluster-logging | | V4M_KIBANA_CERT | Path to tls certificate to use for kibana ingress | string | | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging | | V4M_KIBANA_KEY | Path to tls key to use for kibana ingress | string | | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging | | V4M_KIBANA_PASSWORD | Kibana admin password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | @@ -172,7 +172,7 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create | V4M_LOGCOLLECTOR_PASSWORD | Logcollector password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | | V4M_METRICGETTER_PASSWORD | Metricgetter password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | | | | | | | | | -| V4M_ELASTICSEARCH_FQDN | FQDN to use for elasticsearch ingress | string | elasticsearch. | false | | cluster-logging | +| V4M_ELASTICSEARCH_FQDN | FQDN to use for elasticsearch ingress | string | search. | false | | cluster-logging | | V4M_ELASTICSEARCH_CERT | Path to tls certificate to use for elasticsearch ingress | string | | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging | | V4M_ELASTICSEARCH_KEY | Path to tls key to use for elasticsearch ingress | string | | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging | | V4M_OSD_NODEPORT_ENABLE | If you want to make OpenSearch Dashboards accessible via NodePort, set the environment variable V4M_OSD_NODEPORT_ENABLE to true. OpenSearch Dashboards will be accessible from port 31034 | bool | false | false | | cluster-logging From 66812c5f5b7ab834fd38c15679c3adde5a4cb609 Mon Sep 17 00:00:00 2001 From: "David.Houck" Date: Wed, 15 Jun 2022 11:59:30 -0400 Subject: [PATCH 9/9] (IAC-508) change kibana->dashboards, elasticsearch->search per review comments --- docs/CONFIG-VARS.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 4add04c0..c8022351 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -135,7 +135,7 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | | V4M_VERSION | Branch or tag of [viya4-monitoring-kubernetes](https://github.com/sassoftware/viya4-monitoring-kubernetes) | string | stable | false | | cluster-logging, cluster-monitoring, viya-monitoring | -| V4M_BASE_DOMAIN | Base domain in which subdomains for elasticsearch, kibana, grafana, prometheus and alertmanager will be created | string | | false | This or the per service fqdn's must be set | cluster-logging, cluster-monitoring, viya-monitoring | +| V4M_BASE_DOMAIN | Base domain in which subdomains for search, dashboards, grafana, prometheus and alertmanager will be created | string | | false | This or the per service fqdn's must be set | cluster-logging, cluster-monitoring, viya-monitoring | | V4M_CERT | Path to tls certificate to use for all monitoring/logging services | string | | false | Alternately you can set the per service cert | cluster-logging, cluster-monitoring, viya-monitoring | | V4M_KEY | Path to tls key to use for all monitoring/logging services | string | | false | Alternately you can set the per service cert | cluster-logging, cluster-monitoring, viya-monitoring | | V4M_NODE_PLACEMENT_ENABLE | Enable workload node placement for viya4-monitoring-kubernetes stack | bool | false | false | | cluster-logging, cluster-monitoring, viya-monitoring | @@ -164,17 +164,17 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create | Name | Description | Type | Default | Required | Notes | Tasks | | :--- | ---: | ---: | ---: | ---: | ---: | ---: | | V4M_LOGGING_NAMESPACE | Namespace for the logging resources | string | logging | false | | cluster-logging | -| V4M_KIBANA_FQDN | FQDN to use for kibana ingress | string | dashboards. | false | | cluster-logging | -| V4M_KIBANA_CERT | Path to tls certificate to use for kibana ingress | string | | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging | -| V4M_KIBANA_KEY | Path to tls key to use for kibana ingress | string | | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging | -| V4M_KIBANA_PASSWORD | Kibana admin password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | -| V4M_KIBANASERVER_PASSWORD | Kibana server password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | +| V4M_KIBANA_FQDN | FQDN to use for dashboards ingress | string | dashboards. | false | | cluster-logging | +| V4M_KIBANA_CERT | Path to tls certificate to use for dashboards ingress | string | | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging | +| V4M_KIBANA_KEY | Path to tls key to use for dashboards ingress | string | | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging | +| V4M_KIBANA_PASSWORD | Dashboards admin password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | +| V4M_KIBANASERVER_PASSWORD | Dashboards server password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | | V4M_LOGCOLLECTOR_PASSWORD | Logcollector password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | | V4M_METRICGETTER_PASSWORD | Metricgetter password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging | | | | | | | | | -| V4M_ELASTICSEARCH_FQDN | FQDN to use for elasticsearch ingress | string | search. | false | | cluster-logging | -| V4M_ELASTICSEARCH_CERT | Path to tls certificate to use for elasticsearch ingress | string | | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging | -| V4M_ELASTICSEARCH_KEY | Path to tls key to use for elasticsearch ingress | string | | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging | +| V4M_ELASTICSEARCH_FQDN | FQDN to use for search ingress | string | search. | false | | cluster-logging | +| V4M_ELASTICSEARCH_CERT | Path to tls certificate to use for search ingress | string | | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging | +| V4M_ELASTICSEARCH_KEY | Path to tls key to use for search ingress | string | | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging | | V4M_OSD_NODEPORT_ENABLE | If you want to make OpenSearch Dashboards accessible via NodePort, set the environment variable V4M_OSD_NODEPORT_ENABLE to true. OpenSearch Dashboards will be accessible from port 31034 | bool | false | false | | cluster-logging ## TLS @@ -271,7 +271,7 @@ V4_CFG_POSTGRES_SERVERS: | V4_CFG_CLUSTER_NODE_POOL_MODE | What mode of cluster node pool to use | string | "standard" | false | [standard, minimal] | viya | | V4_CFG_EMBEDDED_LDAP_ENABLE | Deploy openldap in the namespace for authentication | bool | false | false | [Openldap Config](../roles/vdm/templates/generators/openldap-bootstrap-config.yaml) | viya | | V4_CFG_CONSUL_ENABLE_LOADBALANCER | Setup LB to access consul ui | bool | false | false | Consul ui port is 8500 | viya | -| V4_CFG_ELASTICSEARCH_ENABLE | Enable opendistro elasticsearch | bool | true | false | When deploying LTS less than 2020.1 or Stable less than 2020.1.2 set to false | viya | +| V4_CFG_ELASTICSEARCH_ENABLE | Enable opendistro search | bool | true | false | When deploying LTS less than 2020.1 or Stable less than 2020.1.2 set to false | viya | ## 3rd Party tools