openstack/openstack-helm-infra
Code Issues Proposed changes

Elasticsearch: Make templates job more generic

Browse Source 
This change updates the logic in our create-elasticsearch-templates
job to support creation of a variety of different API objects.

Change-Id: I380a55b93e7aabb606e713c21d71a383fef78b3f
This commit is contained in:
Steven Fitzpatrick 2021-02-03 18:08:37 +00:00
parent 1884f2c957
commit 0ab71ae35c
6 changed files with 86 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
elasticsearch/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.1.0 appVersion: v7.1.0
description: OpenStack-Helm ElasticSearch description: OpenStack-Helm ElasticSearch
name: elasticsearch name: elasticsearch
version: 0.1.4 version: 0.1.5
home: https://www.elastic.co/ home: https://www.elastic.co/
sources: sources:
- https://github.com/elastic/elasticsearch - https://github.com/elastic/elasticsearch

45
elasticsearch/templates/bin/_create_template.sh.tpl
View File

@ -2,44 +2,9 @@
set -ex set -ex
{{ range $template, $fields := .Values.conf.templates }} {{ range $object := .Values.conf.api_objects }}
curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
result=$(curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ -X{{ $object.method | default "PUT" | upper }} \
-XPUT "${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/{{$template}}" \ "${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/{{ $object.endpoint }}" \
-H 'Content-Type: application/json' -d @/tmp/{{$template}}.json \ -H 'Content-Type: application/json' -d '{{ $object.body | toJson }}'
| python -c "import sys, json; print(json.load(sys.stdin)['acknowledged'])")
if [ "$result" == "True" ]; then
echo "{{$template}} template created!"
else
echo "{{$template}} template not created!"
fi
{{ end }} {{ end }}
{{ range $policy_name, $fields := .Values.conf.snapshot_policies }}
result=$(curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
-XPUT "${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_slm/policy/{{$policy_name}}" \
-H 'Content-Type: application/json' -d @/tmp/{{$policy_name}}.json \
| python -c "import sys, json; print(json.load(sys.stdin)['acknowledged'])")
if [ "$result" == "True" ]; then
echo "Policy {{$policy_name}} created!"
else
echo "Policy {{$policy_name}} not created!"
fi
{{ end }}
{{ range $policy_name, $fields := .Values.conf.index_policies }}
result=$(curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
-XPUT "${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_ilm/policy/{{$policy_name}}" \
-H 'Content-Type: application/json' -d @/tmp/{{$policy_name}}.json \
| python -c "import sys, json; print(json.load(sys.stdin)['acknowledged'])")
if [ "$result" == "True" ]; then
echo "Policy {{$policy_name}} created!"
else
echo "Policy {{$policy_name}} not created!"
fi
{{ end }}

15
elasticsearch/templates/bin/_helm-tests.sh.tpl
View File

@ -50,21 +50,18 @@ function check_snapshot_repositories () {
{{ end }} {{ end }}
} }
{{ if and (.Values.manifests.job_elasticsearch_templates) (not (empty .Values.conf.templates)) }} {{ if .Values.manifests.job_elasticsearch_templates }}
# Tests whether elasticsearch has successfully generated the elasticsearch index mapping # Tests whether elasticsearch has successfully generated the elasticsearch index mapping
# templates defined by values.yaml # templates defined by values.yaml
function check_templates () { function check_templates () {
{{ range $template, $fields := .Values.conf.templates }} total_hits=$(curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \
{{$template}}_total_hits=$(curl -K- <<< "--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ -XGET "${ELASTICSEARCH_ENDPOINT}/_template" | jq length)
-XGET "${ELASTICSEARCH_ENDPOINT}/_template/{{$template}}" -H 'Content-Type: application/json' \ if [ "$total_hits" -gt 0 ]; then
| python -c "import sys, json; print(len(json.load(sys.stdin)))") echo "PASS: Successful hits on templates!"
if [ "${{$template}}_total_hits" -gt 0 ]; then
echo "PASS: Successful hits on {{$template}} template!"
else else
echo "FAIL: No hits on query for {{$template}} template! Exiting"; echo "FAIL: No hits on query for templates! Exiting";
exit 1; exit 1;
fi fi
{{ end }}
} }
{{ end }} {{ end }}

35
elasticsearch/templates/configmap-etc-templates.yaml
View File

@ -1,35 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc_templates }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Secret
metadata:
name: elasticsearch-templates-etc
type: Opaque
data:
{{ range $template, $fields := .Values.conf.templates }}
{{ $template }}.json: {{ toJson $fields | b64enc }}
{{ end }}
{{ range $policy_name, $fields := .Values.conf.snapshot_policies }}
{{ $policy_name }}.json: {{ toJson $fields | b64enc }}
{{ end }}
{{ range $policy_name, $fields := .Values.conf.index_policies }}
{{ $policy_name }}.json: {{ toJson $fields | b64enc }}
{{ end }}
{{- end }}

24
elasticsearch/templates/job-elasticsearch-template.yaml
View File

@ -12,7 +12,7 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- if and (.Values.manifests.job_elasticsearch_templates) (not (empty .Values.conf.templates)) }} {{- if .Values.manifests.job_elasticsearch_templates }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $esUserSecret := .Values.secrets.elasticsearch.user }} {{- $esUserSecret := .Values.secrets.elasticsearch.user }}
{{- $mounts_elasticsearch_templates := .Values.pod.mounts.elasticsearch_templates.elasticsearch_templates }} {{- $mounts_elasticsearch_templates := .Values.pod.mounts.elasticsearch_templates.elasticsearch_templates }}
@ -72,24 +72,6 @@ spec:
mountPath: /tmp/create_template.sh mountPath: /tmp/create_template.sh
subPath: create_template.sh subPath: create_template.sh
readOnly: true readOnly: true
{{ range $template, $fields := .Values.conf.templates }}
- name: elasticsearch-templates-etc
mountPath: /tmp/{{$template}}.json
subPath: {{$template}}.json
readOnly: true
{{ end }}
{{ range $policy_name, $fields := .Values.conf.snapshot_policies }}
- name: elasticsearch-templates-etc
mountPath: /tmp/{{$policy_name}}.json
subPath: {{$policy_name}}.json
readOnly: true
{{ end }}
{{ range $policy_name, $fields := .Values.conf.index_policies }}
- name: elasticsearch-templates-etc
mountPath: /tmp/{{$policy_name}}.json
subPath: {{$policy_name}}.json
readOnly: true
{{ end }}
{{ if $mounts_elasticsearch_templates.volumeMounts }}{{ toYaml $mounts_elasticsearch_templates.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_elasticsearch_templates.volumeMounts }}{{ toYaml $mounts_elasticsearch_templates.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:
- name: pod-tmp - name: pod-tmp
@ -98,9 +80,5 @@ spec:
configMap: configMap:
name: elasticsearch-bin name: elasticsearch-bin
defaultMode: 0555 defaultMode: 0555
- name: elasticsearch-templates-etc
secret:
secretName: elasticsearch-templates-etc
defaultMode: 0444
{{ if $mounts_elasticsearch_templates.volumes }}{{ toYaml $mounts_elasticsearch_templates.volumes | indent 8 }}{{ end }} {{ if $mounts_elasticsearch_templates.volumes }}{{ toYaml $mounts_elasticsearch_templates.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

144
elasticsearch/values.yaml
View File

@ -24,11 +24,11 @@ images:
ceph_key_placement: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216 ceph_key_placement: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216
s3_bucket: docker.io/openstackhelm/ceph-daemon:ubuntu_bionic-20191216 s3_bucket: docker.io/openstackhelm/ceph-daemon:ubuntu_bionic-20191216
s3_user: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216 s3_user: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216
helm_tests: docker.io/openstackhelm/heat:newton-ubuntu_xenial helm_tests: docker.io/openstackhelm/elasticsearch-s3:latest-7_6_2
prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.1.0 prometheus_elasticsearch_exporter: docker.io/justwatch/elasticsearch_exporter:1.1.0
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
snapshot_repository: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216 snapshot_repository: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20191216
elasticsearch_templates: docker.io/openstackhelm/heat:newton elasticsearch_templates: docker.io/openstackhelm/elasticsearch-s3:latest-7_6_2
image_repo_sync: docker.io/docker:17.07.0 image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"
local_registry: local_registry:
@ -746,75 +746,77 @@ conf:
ca: null ca: null
client_private_key: null client_private_key: null
client_cert: null client_cert: null
templates: api_objects:
fluent: - endpoint: _template/fluent
index_patterns: "logstash-*" body:
settings: index_patterns: "logstash-*"
index: settings:
number_of_shards: 1 index:
mappings: number_of_shards: 1
properties: mappings:
kubernetes: properties:
properties: kubernetes:
container_name: properties:
type: keyword container_name:
index: false type: keyword
docker_id: index: false
type: keyword docker_id:
index: false type: keyword
host: index: false
type: keyword host:
index: false type: keyword
namespace_name: index: false
type: keyword namespace_name:
index: false type: keyword
pod_id: index: false
type: keyword pod_id:
index: false type: keyword
pod_name: index: false
type: keyword pod_name:
index: false type: keyword
snapshot_policies: index: false
non-security-snapshots: - endpoint: _ilm/policy/delete_all_indexes
schedule: "0 30 1 * * ?" body:
name: "<non-security-logs-snapshot-{now/d}>" policy:
repository: logstash_snapshots phases:
config: delete:
indices: ["^(.*calico-|.*ceph-|.*jenkins-|.*journal-|.*kernel_syslog-|.*kubernetes-|.*libvirt-|.*logstash-|.*openvswitch-|.*utility_access-).*$"] min_age: 14d
ignore_unavailable: true actions:
include_global_state: false delete: {}
wait_for_completion: true - endpoint: _slm/policy/non-security-snapshots
max_wait: 64800 body:
wait_interval: 30 schedule: "0 30 1 * * ?"
ignore_empty_list: true name: "<non-security-logs-snapshot-{now/d}>"
continue_if_exception: true repository: logstash_snapshots
disable_action: false config:
retention: indices: ["^(.*calico-|.*ceph-|.*jenkins-|.*journal-|.*kernel_syslog-|.*kubernetes-|.*libvirt-|.*logstash-|.*openvswitch-|.*utility_access-).*$"]
expire_after: 29d ignore_unavailable: true
security-snapshots: include_global_state: false
schedule: "0 30 1 * * ?" wait_for_completion: true
name: "<security-logs-snapshot-{now/d}>" max_wait: 64800
repository: logstash_snapshots wait_interval: 30
config: ignore_empty_list: true
indices: ["^(.*airship-|.*audit_tsee-|.*auth-|.*flows-|.*lma-|.*openstack-).*$"] continue_if_exception: true
ignore_unavailable: true disable_action: false
include_global_state: false retention:
wait_for_completion: true expire_after: 29d
max_wait: 18000 - endpoint: _slm/policy/security-snapshots
wait_interval: 30 body:
ignore_empty_list: true schedule: "0 30 1 * * ?"
continue_if_exception: true name: "<security-logs-snapshot-{now/d}>"
disable_action: false repository: logstash_snapshots
retention: config:
expire_after: 179d indices: ["^(.*airship-|.*audit_tsee-|.*auth-|.*flows-|.*lma-|.*openstack-).*$"]
index_policies: ignore_unavailable: true
delete_all_indexes: include_global_state: false
policy: wait_for_completion: true
phases: max_wait: 18000
delete: wait_interval: 30
min_age: 14d ignore_empty_list: true
actions: continue_if_exception: true
delete: {} disable_action: false
retention:
expire_after: 179d
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry: