Merge pull request #124 from Jeevaann/new-log

Create IDMS/ICSP based on OCP version

Author: ppc64le-cloud-bot

playbooks/roles/ocp-cluster-logging/README.md

@@ -75,8 +75,10 @@ Role Variables
 | cluster_log_forwarder | no | false  | Flag to be set to true to forward logs to external third-party systems and to default internal Elasticsearch log store. Logs at external system will be cleaned up automatically.  |
 | elastic_search_channel | yes | ""  | It is used to set subscription channel for ElasticSearch |
 | cluster_logging_channel | yes | ""  | It is used to set subscription channel for Cluster Logging |
+| loki_channel | yes | "" | It is used to set subscription channel for Loki |
 | elasticsearch_clf_cs | no | redhat-operators  | It is used to set Index-Image of Elasticsearch in the CatalogSource |
 | clusterlogging_clf_cs | no | redhat-operators  | It is used to set Index-Image of Cluster Logging in the CatalogSource |
+| loki_clf_cs | no | redhat-operators | It is used to set Index-Image of Loki operator in the CatalogSource |
 | log_label | no| test-clf  | It is used to identify logs |
 | elasticsearch_url | no |  ""  | It is used to set URL of external ElasticSearch instance. It uses insecure connection(HTTP). |
 | syslog_url | no | "" | It is used to set URL of external Syslog instance. It uses secure connection (TLS). |
@@ -88,9 +90,10 @@ Role Variables
 | log_dir_path | no | */root/clf_logs*  | Path on bastion node to save the fetched logs from external system.|
 | kibana_ldap_validation | no | false  | Set it to true for validating Kibana as LDAP user |
 | log_collector_type | no | `fluentd` | Log collector type. It can be `fluentd` or `vector` |
-| clf_clean_up | no | false  | It is used only for cleaning up Cluster Logging Operators, insatnces, Catalogsource, etc. from bastion. Playbook will skip remaining all other tasks.|
+| clf_clean_up | no | false  | It is used only for cleaning up Cluster Logging Operators, instances, Catalogsource, etc. from bastion. Playbook will skip remaining all other tasks.|
 
 #### Note: 
+- The Elasticsearch is used as a default log store for Logging versions below 5.9. For logging versions greater than or equal to 5.9, Lokistack is used as a default log store.
 - To send logs to particular external systems set only URL/secret varibables for that external system.
 - For the internal Elasticsearch and external loki logs will not be deleted.
 - ClusterLogForwarder instance always forwards logs to the default internal ElasticSearch.
@@ -112,14 +115,17 @@ syslog_url:  tls://rsyslogserver.east.example.com:514
     # To set Index images set variables as:  
     elasticsearch_clf_cs: brew.registry.redhat.io/rh-osbs/iib:11111
     clusterlogging_clf_cs: brew.registry.redhat.io/rh-osbs/iib:11111
+    loki_clf_cs: brew.registry.redhat.io/rh-osbs/iib:11111
 
     # To use default Openshift CatalogSource:   
     elasticsearch_clf_cs: ""
     clusterlogging_clf_cs: ""
+    loki_clf_cs: ""
 
     # To set channels for Elasticsearch and Cluster Logging
-    elastic_search_channel: "5.0"
-    cluster_logging_channel: "5.0"
+    elastic_search_channel: "stable-5.9"
+    cluster_logging_channel: "stable-5.9"
+    loki_channel: "stable-5.9"
 
     # To set URL of external Kafka instance
     kafka_url: tcp://{ip}:{port}

playbooks/roles/ocp-cluster-logging/files/clf-cleanup.yml

@@ -15,6 +15,10 @@
     shell: oc get ImageContentSourcePolicy | grep brew-registry | wc -l
     register: icsp_cnt
 
+  - name: Check if the ImageDigestMirrorSet exists
+    shell: oc get ImageDigestMirrorSet | grep fbc-clo-testing-idms | wc -l
+    register: idms
+
   - name: Check if the CatalogSource exists
     shell: oc get CatalogSource -n openshift-marketplace | grep "cluster-logging\|elasticsearch\|loki" | awk 'NR==1{print $1}''NR==2{print $1}''NR==3{print $1}' | xargs
     register: catalog_src
@@ -23,6 +27,10 @@
     shell: oc delete ImageContentSourcePolicy brew-registry
     when: icsp_cnt.stdout|int == 1
 
+  - name: Delete ImageDigestMirrorSet if it exists
+    shell: oc delete ImageDigestMirrorSet fbc-clo-testing-idms
+    when: idms.stdout|int == 1
+
   - name: Delete CatalogSource if it exists
     shell: oc delete CatalogSource -n openshift-marketplace  {{ catalog_src.stdout }}
     when: catalog_src.stdout|length > 0

playbooks/roles/ocp-cluster-logging/tasks/main.yml

@@ -3,6 +3,12 @@
 - set_fact:
       log_labels: "{{ log_label | default('test-clf', true) }}"
       clo_version: "{{ cluster_logging_channel | regex_search('\\d+\\.\\d+') | float }}"
+      logging_version: "{{ cluster_logging_channel.split('-')[1].replace('.', '-') }}"
+     
+
+- name: Get the ocp server version
+  shell:  oc version | grep  "Server Version" | awk '{print $3}' | cut -d . -f 1,2
+  register: ocp_version
 
 - name: Check channel variables
   fail:
@@ -14,6 +20,7 @@
 # Set log directory
 - set_fact:
       cl_log_dir: "{{ log_dir_path | default('/root/clf_logs', true) }}"
+      ocp_version: "{{ ocp_version.stdout }}"
 
 # Validate external URLs and install python on external VMs
 - block:
@@ -36,7 +43,7 @@
   when: cluster_log_forwarder
 
 # Custom ImageContentSourcePolicy and CatalogSource
-- name: Create ImageContentSourcePolicy and CatalogSource for CLO less than or equal to 5.8
+- name: Create ImageContentSourcePolicy and CatalogSource for CLO less than 5.9
   block: 
   - name: Create CatalogSource
     template:
@@ -45,6 +52,16 @@
 
   - name: Run ImageContentSourcePolicy
     shell: oc apply -f "{{ role_path }}/files/ImageContentSourcePolicy.yml"
+    when: ocp_version | float < 4.13
+  
+  - name: Create ImageDigestMirrorSet
+    template:
+      src: "{{ role_path }}/templates/idms.yaml.j2"
+      dest: "{{ role_path }}/files/ImageDigestMirrorSet.yaml"
+
+  - name: Run ImageDigestMirrorSet
+    include_tasks: "{{ role_path }}/files/ImageDigestMirrorSet.yaml"
+    when: ocp_version | float >= 4.13
 
   - name: Run CatalogSource
     shell: oc apply -f "{{ role_path }}/files/CatalogSource.yml"
@@ -65,9 +82,9 @@
   when: 
     - elasticsearch_clf_cs != '' and clusterlogging_clf_cs != ''  
     - elasticsearch_clf_cs != None and clusterlogging_clf_cs != None
-    - clo_version | float <= 5.8
+    - clo_version | float < 5.9
 
-- name: Create ImageContentSourcePolicy and CatalogSource for CLO greater than 5.8
+- name: Create ImageContentSourcePolicy and CatalogSource for CLO greater than or equal to 5.9
   block: 
   - name: Create CatalogSource
     template:
@@ -76,6 +93,16 @@
 
   - name: Run ImageContentSourcePolicy
     shell: oc apply -f "{{ role_path }}/files/ImageContentSourcePolicy.yml"
+    when: ocp_version | float < 4.13
+
+  - name: Create ImageDigestMirrorSet
+    template:
+      src: "{{ role_path }}/templates/idms.yaml.j2"
+      dest: "{{ role_path }}/files/ImageDigestMirrorSet.yaml"
+
+  - name: Run ImageDigestMirrorSet
+    include_tasks: "{{ role_path }}/files/ImageDigestMirrorSet.yaml"
+    when: ocp_version | float >= 4.13
 
   - name: Run CatalogSource
     shell: oc apply -f "{{ role_path }}/files/NewCatalogSource.yml"
@@ -105,6 +132,10 @@
     shell: oc get ImageContentSourcePolicy | grep brew-registry | wc -l
     register: icsp
 
+  - name: Check if the ImageDigestMirrorSet exists
+    shell: oc get ImageDigestMirrorSet | grep fbc-clo-testing-idms | wc -l
+    register: idms
+
   - name: Check if the CatalogSource exists
     shell:  oc get CatalogSource -n openshift-marketplace | grep "cluster-logging\|elasticsearch" |wc -l
     register: output
@@ -119,6 +150,10 @@
     shell: oc delete ImageContentSourcePolicy brew-registry
     when: icsp.stdout|int == 1
 
+  - name: Delete ImageDigestMirrorSet if it exists
+    shell: oc delete ImageDigestMirrorSet fbc-clo-testing-idms
+    when: idms.stdout|int == 1
+
   - name: Delete CatalogSource if it exists
     shell: oc delete CatalogSource elasticsearch cluster-logging -n openshift-marketplace
     when: 

playbooks/roles/ocp-cluster-logging/templates/idms.yaml.j2

@@ -0,0 +1,43 @@
+- name: Create ImageDigestMirrorSet
+  k8s:
+    state: present
+    definition:
+      apiVersion: config.openshift.io/v1
+      kind: ImageDigestMirrorSet
+      metadata:
+        name: fbc-clo-testing-idms
+      spec:
+        imageDigestMirrors:
+        - mirrors:
+          - brew.registry.redhat.io
+          source: registry-proxy.engineering.redhat.com
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/loki-operator-bundle-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/loki-operator-bundle
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/cluster-logging-operator-bundle-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/cluster-logging-operator-bundle
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/cluster-logging-operator-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/logging-vector-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/vector-rhel9
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/log-file-metric-exporter-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/logging-eventrouter-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/eventrouter-rhel9
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/loki-operator-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/loki-rhel9-operator
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/logging-loki-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/logging-loki-rhel9
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/lokistack-gateway-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/lokistack-gateway-rhel9
+        - mirrors:
+          - quay.io/redhat-user-workloads/obs-logging-tenant/opa-openshift-v{{ logging_version }}
+          source: registry.redhat.io/openshift-logging/opa-openshift-rhel9