feat: (IAC-508) Viya 4 Monitoring replacing Elasticsearch with OpenSearch

docker-entrypoint.sh

@@ -20,4 +20,4 @@ do
 done
 
 echo  "Running: ansible-playbook $OPTS $@ playbooks/${PLAYBOOK}"
-exec ansible-playbook $OPTS $@ playbooks/${PLAYBOOK}
+ANSIBLE_STDOUT_CALLBACK=yaml exec ansible-playbook $OPTS $@ playbooks/${PLAYBOOK}

docs/CONFIG-VARS.md

@@ -164,21 +164,22 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create
 | Name | Description | Type | Default | Required | Notes | Tasks |
 | :--- | ---: | ---: | ---: | ---: | ---: | ---: |
 | V4M_LOGGING_NAMESPACE | Namespace for the logging resources | string | logging | false | | cluster-logging |
-| V4M_KIBANA_FQDN | FQDN to use for kibana ingress | string | kibana.<V4M_BASE_DOMAIN> | false | | cluster-logging |
+| V4M_KIBANA_FQDN | FQDN to use for kibana ingress | string | dashboards.<V4M_BASE_DOMAIN> | false | | cluster-logging |
 | V4M_KIBANA_CERT | Path to tls certificate to use for kibana ingress | string |<V4M_CERT> | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging |
 | V4M_KIBANA_KEY | Path to tls key to use for kibana ingress | string | <V4M_KEY> | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging |
 | V4M_KIBANA_PASSWORD | Kibana admin password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
 | V4M_KIBANASERVER_PASSWORD | Kibana server password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
 | V4M_LOGCOLLECTOR_PASSWORD | Logcollector password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
 | V4M_METRICGETTER_PASSWORD | Metricgetter password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
 | | | | | | | |
-| V4M_ELASTICSEARCH_FQDN | FQDN to use for elasticsearch ingress  | string | elasticsearch.<V4M_BASE_DOMAIN> | false | | cluster-logging |
+| V4M_ELASTICSEARCH_FQDN | FQDN to use for elasticsearch ingress  | string | search.<V4M_BASE_DOMAIN> | false | | cluster-logging |
 | V4M_ELASTICSEARCH_CERT | Path to tls certificate to use for elasticsearch ingress | string |<V4M_CERT> | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging |
 | V4M_ELASTICSEARCH_KEY | Path to tls key to use for elasticsearch ingress | string | <V4M_KEY> | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging |
+| V4M_OSD_NODEPORT_ENABLE |  If you want to make OpenSearch Dashboards accessible via NodePort, set the environment variable V4M_OSD_NODEPORT_ENABLE to true. OpenSearch Dashboards will be accessible from port 31034 | bool | false | false | | cluster-logging
 
 ## TLS
 
-Viya 4 supports 2 different types of certificate generators, Cert-manager and openssl. When using the openssl certificate generator, you must provide: V4_CFG_TLS_CERT, V4_CFG_TLS_KEY, V4_CFG_TLS_TRUSTED_CA_CERTS. Also, the openssl certificate generator cannot be used in conjunction with the viya4-monitoring-kubernetes stack.
+Viya 4 supports 2 different types of certificate generators, Cert-manager and openssl. The openssl certificate generator cannot be used in conjunction with the viya4-monitoring-kubernetes stack.
 
 | Name | Description | Type | Default | Required | Notes | Tasks |
 | :--- | ---: | ---: | ---: | ---: | ---: | ---: |
@@ -193,9 +194,9 @@ Viya 4 supports 2 different types of certificate generators, Cert-manager and op
 
 Notes:
 
-*Values can be use to configure the tls generator when V4_CFG_TLS_MODE is not set to `disabled` and one of the following conditions is met.*
+*Values can be used to configure the tls generator when V4_CFG_TLS_MODE is not set to `disabled` and one of the following conditions is met.*
   - V4_CFG_TLS_GENERATOR is set to `cert-manager` and no V4_CFG_TLS_CERT/V4_CFG_TLS_KEY are defined
-  - V4_CFG_TLS_GENERATOR is set to `openssl`
+  - V4_CFG_TLS_GENERATOR is set to `openssl` and no V4_CFG_TLS_CERT/V4_CFG_TLS_KEY are defined
 
 ## Postgres
 
@@ -282,7 +283,7 @@ V4_CFG_POSTGRES_SERVERS:
 | CERT_MANAGER_NAMESPACE | cert-manager helm install namespace | string | cert-manager | false | | baseline |
 | CERT_MANAGER_CHART_URL | cert-manager helm chart url | string | https://charts.jetstack.io/ | false | | baseline |
 | CERT_MANAGER_CHART_NAME| cert-manager helm chart name | string | cert-manager| false | | baseline |
-| CERT_MANAGER_CHART_VERSION | cert-manager helm chart version | string | 1.6.1 | false | | baseline |
+| CERT_MANAGER_CHART_VERSION | cert-manager helm chart version | string | 1.7.2 | false | | baseline |
 | CERT_MANAGER_CONFIG | cert-manager helm values | string | see [here](../roles/baseline/defaults/main.yml) | false | | baseline |
 
 ### Cluster Autoscaler

docs/Troubleshooting.md

@@ -21,3 +21,24 @@ Example:
     -e TFSTATE=$HOME/viya4-iac-aws/terraform.tfstate \
     viya4-deployment --tags "baseline,viya,cluster-logging,cluster-monitoring,viya-monitoring,install" -vvv
   ```
+## Viya4 Monitoring and Logging
+### Symptom:
+While deploying Viya4 to a cluster with the "cluster-logging" and "install" Ansible task tags specified, the following error message is encountered.
+
+  ```bash
+TASK [monitoring : cluster-logging - deploy] ********************************************************************************
+fatal: [localhost]: FAILED! => changed=false
+  cmd: /home/user/.ansible/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh
+  msg: '[Errno 2] No such file or directory: b''/home/user/.ansible/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh'''
+  rc: 2
+
+PLAY RECAP ******************************************************************************************************************
+localhost                  : ok=52   changed=12   unreachable=0    failed=1    skipped=41   rescued=0    ignored=0
+  ```
+
+### Diagnosis:
+A release of sassoftware/viya4-monitoring-kubernetes prior to 1.2.0 was run by a release of sassoftware/viya4-deployment at release 4.13.0 or later.
+Releases of sassoftware/viya4-monitoring-kubernetes prior to 1.2.0 do not support the installation of OpenSearch logging software which sassoftware/viya4-deployment 4.13.0 or later will attempt to install.
+
+### Solution:
+When running DAC releases 4.13.0 or later, specify either the stable branch or a valid sassoftware/viya4-monitoring-kubernetes release tag of 1.2.0 or later for the value of the V4M_VERSION sassoftware/viya4-deployment variable, For more details on supported variables, refer to [CONFIG-VARS.md](./CONFIG-VARS.md)

docs/user/Dependencies.md

@@ -13,7 +13,7 @@ SOURCE | NAME | VERSION
 ~ | docker | any
 ~ | git | any
 ~ | kustomize | 3.7.0
-~ | kubectl | 1.20 - 1.22
+~ | kubectl | 1.21 - 1.23
 ~ | AWS IAM Authenticator | 1.18.9/2020-11-02
 ~ | Helm | 3
 pip3 | ansible | 2.10.7

roles/monitoring/defaults/main.yaml

@@ -8,19 +8,20 @@ V4M_NODE_PLACEMENT_ENABLE: false
 V4M_BASE_DOMAIN: "{{ V4_CFG_BASE_DOMAIN }}"
 V4M_CERT: null
 V4M_KEY: null
+V4M_KB_KNOWN_NODEPORT_ENABLE: false
 
 V4M_LOGGING_NAMESPACE: logging
 V4M_MONITORING_NAMESPACE: monitoring
 
-V4M_KIBANA_FQDN: "kibana.{{ V4M_BASE_DOMAIN }}"
+V4M_KIBANA_FQDN: "dashboards.{{ V4M_BASE_DOMAIN }}"
 V4M_KIBANA_CERT: "{{ V4M_CERT }}"
 V4M_KIBANA_KEY: "{{ V4M_KEY }}"
 V4M_KIBANA_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}"
 V4M_KIBANASERVER_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}"
 V4M_LOGCOLLECTOR_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}"
 V4M_METRICGETTER_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}"
 
-V4M_ELASTICSEARCH_FQDN: "elasticsearch.{{ V4M_BASE_DOMAIN }}"
+V4M_ELASTICSEARCH_FQDN: "search.{{ V4M_BASE_DOMAIN }}"
 V4M_ELASTICSEARCH_CERT: "{{ V4M_CERT }}"
 V4M_ELASTICSEARCH_KEY: "{{ V4M_KEY }}"
 

roles/monitoring/tasks/cluster-logging.yaml

@@ -21,6 +21,15 @@
   tags:
     - install
 
+- name: Set password facts
+  set_fact:
+    V4M_KIBANA_PASSWORD: "{{ V4M_KIBANA_PASSWORD }}"
+    V4M_KIBANASERVER_PASSWORD: "{{ V4M_KIBANASERVER_PASSWORD }}"
+    V4M_LOGCOLLECTOR_PASSWORD: "{{ V4M_LOGCOLLECTOR_PASSWORD }}" 
+    V4M_METRICGETTER_PASSWORD: "{{ V4M_METRICGETTER_PASSWORD }}" 
+  tags:
+    - install
+
 - name: cluster-logging - save credentials
   set_fact: 
     "{{ logging_map['secret'][item.metadata.name] }}": "{{ item.data.password|b64decode }}"
@@ -35,17 +44,27 @@
 - name: cluster-logging - output credentials
   debug:
     msg:
-      - "Kibana admin  - username: admin,        password: {{ V4M_KIBANA_PASSWORD }}"
-      - "Kibana Server - username: kibanaserver, password: {{ V4M_KIBANASERVER_PASSWORD }}"
-      - "Log Collector - username: logcollector, password: {{ V4M_LOGCOLLECTOR_PASSWORD }}"
-      - "Metric Getter - username: metricgetter, password: {{ V4M_METRICGETTER_PASSWORD }}"
+      - "OpenSearch admin  - username: admin,                   password: {{ V4M_KIBANA_PASSWORD }}"
+      - "OpenSearch Dashboards Server - username: kibanaserver, password: {{ V4M_KIBANASERVER_PASSWORD }}"
+      - "Log Collector - username: logcollector,                password: {{ V4M_LOGCOLLECTOR_PASSWORD }}"
+      - "Metric Getter - username: metricgetter,                password: {{ V4M_METRICGETTER_PASSWORD }}"
+  tags:
+    - install
+
+- name: cluster-logging - opensearch user values
+  template:
+    src: "user-values-elasticsearch-opensearch.yaml"
+    dest: "{{ tmpdir.path }}/logging/user-values-opensearch.yaml"
+    mode: "0660"
   tags:
     - install
+    - update
+    - uninstall
 
-- name: cluster-logging - user values
+- name: cluster-logging - osd user values
   template:
-    src: "user-values-elasticsearch-open.yaml"
-    dest: "{{ tmpdir.path }}/logging/user-values-elasticsearch-open.yaml"
+    src: "user-values-osd-opensearch.yaml"
+    dest: "{{ tmpdir.path }}/logging/user-values-osd.yaml"
     mode: "0660"
   tags:
     - install
@@ -54,7 +73,7 @@
 
 - name: cluster-logging - deploy
   command:
-    cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging_open.sh"
+    cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh"
   environment: "{{ logging_map['env'] }}"
   tags:
     - install
@@ -108,7 +127,7 @@
 
 - name: cluster-logging - uninstall
   command:
-    cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/remove_logging_open.sh"
+    cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/remove_logging.sh"
   environment: "{{ logging_map['env'] }}"
   tags:
     - uninstall

roles/monitoring/tasks/cluster-monitoring.yaml

@@ -21,6 +21,12 @@
     - install
     - update
 
+- name: Set password fact
+  set_fact:
+    V4M_GRAFANA_PASSWORD: "{{ V4M_GRAFANA_PASSWORD }}"
+  tags:
+    - install
+
 - name: cluster-monitoring - save credentials
   set_fact:
     V4M_GRAFANA_PASSWORD: "{{ monitoring_creds.resources[0].data['admin-password']|b64decode }}"

roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml

@@ -0,0 +1,14 @@
+persistence:
+  storageClass: {{ V4M_STORAGECLASS }}
+ingress:
+  ingressClassName: nginx
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+  enabled: true
+  path: /
+  hosts:
+    - {{ V4M_ELASTICSEARCH_FQDN }}
+  tls:
+    - secretName: elasticsearch-ingress-tls-secret
+      hosts:
+        - {{ V4M_ELASTICSEARCH_FQDN }}

roles/monitoring/templates/user-values-osd-opensearch.yaml

@@ -0,0 +1,16 @@
+ingress:
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+  enabled: true
+  ingressClassName: nginx
+  hosts:
+    - host: {{ V4M_KIBANA_FQDN }}
+      paths:
+        - path: /
+          backend:
+            serviceName: v4m-osd
+            servicePort: 443
+  tls:
+    - secretName: kibana-ingress-tls-secret
+      hosts:
+        - {{ V4M_KIBANA_FQDN }}

roles/monitoring/vars/main.yaml

@@ -16,6 +16,7 @@ logging_map:
     ES_LOGCOLLECTOR_PASSWD: "{{ V4M_LOGCOLLECTOR_PASSWORD }}"
     ES_METRICGETTER_PASSWD: "{{ V4M_METRICGETTER_PASSWORD }}"
     LOG_NS: "{{ V4M_LOGGING_NAMESPACE }}"
+    KB_KNOWN_NODEPORT_ENABLE: "{{ V4M_KB_KNOWN_NODEPORT_ENABLE }}"
 
 monitoring_env:
   USER_DIR: "{{ tmpdir.path }}"