diff --git a/fluentbit/values_overrides/apparmor.yaml b/fluentbit/values_overrides/apparmor.yaml deleted file mode 100644 index 2b99c1b60..000000000 --- a/fluentbit/values_overrides/apparmor.yaml +++ /dev/null @@ -1,5 +0,0 @@ -pod: - mandatory_access_control: - type: apparmor - fluentbit: - fluentbit: runtime/default diff --git a/fluentd/templates/deployment-fluentd.yaml b/fluentd/templates/deployment-fluentd.yaml index 32100f52c..69bf167bf 100644 --- a/fluentd/templates/deployment-fluentd.yaml +++ b/fluentd/templates/deployment-fluentd.yaml @@ -100,7 +100,6 @@ spec: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -{{ dict "envAll" $envAll "podName" "fluentd" "containerNames" (list "fluentd") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: {{ dict "envAll" $envAll "application" "fluentd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} serviceAccountName: {{ $rcControllerName | quote }} diff --git a/fluentd/values_overrides/apparmor.yaml b/fluentd/values_overrides/apparmor.yaml deleted file mode 100644 index c94b98eb2..000000000 --- a/fluentd/values_overrides/apparmor.yaml +++ /dev/null @@ -1,11 +0,0 @@ -pod: - mandatory_access_control: - type: apparmor - fluentd: - fluentd: runtime/default - fluentd-daemonset-fluentd-exporter: - fluentd-exporter: runtime/default - init: runtime/default -monitoring: - prometheus: - enabled: true diff --git a/tools/deployment/common/fluentd-daemonset.sh b/tools/deployment/common/fluentd-daemonset.sh index e523e3f8c..985a2a5f4 100755 --- a/tools/deployment/common/fluentd-daemonset.sh +++ b/tools/deployment/common/fluentd-daemonset.sh @@ -304,4 +304,4 @@ helm upgrade --install fluentd-daemonset ./fluentd \ ./tools/deployment/common/wait-for-pods.sh osh-infra #NOTE: Validate Deployment info -helm status fluentd-daemonset \ No newline at end of file +helm status fluentd-daemonset diff --git a/tools/deployment/osh-infra-logging/055-fluentbit.sh b/tools/deployment/osh-infra-logging/055-fluentbit.sh deleted file mode 100755 index a8bd6c229..000000000 --- a/tools/deployment/osh-infra-logging/055-fluentbit.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -# Copyright 2019 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -set -xe - -#NOTE: Lint and package chart -make fluentbit - -: ${OSH_INFRA_EXTRA_HELM_ARGS_FLUENTBIT:="$(./tools/deployment/common/get-values-overrides.sh fluentbit)"} - - -#NOTE: Deploy command -helm upgrade --install fluentbit ./fluentbit \ - --namespace=osh-infra \ - ${OSH_INFRA_EXTRA_HELM_ARGS} \ - ${OSH_INFRA_EXTRA_HELM_ARGS_FLUENTBIT} - - -#NOTE: Wait for deploy -./tools/deployment/common/wait-for-pods.sh osh-infra - -#NOTE: Validate Deployment info -helm status fluentbit - -helm test fluentbit diff --git a/tools/deployment/osh-infra-logging/060-fluentd-daemonset.sh b/tools/deployment/osh-infra-logging/060-fluentd-daemonset.sh deleted file mode 100755 index 2e870af96..000000000 --- a/tools/deployment/osh-infra-logging/060-fluentd-daemonset.sh +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/bash - -# Copyright 2019 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -set -xe - -#NOTE: Lint and package chart -make fluentd - -tee /tmp/fluentd-daemonset.yaml < - bind 0.0.0.0 - port 24220 - @type monitor_agent - - - - - time_format %Y-%m-%dT%H:%M:%S.%NZ - @type json - - path /var/log/containers/*.log - read_from_head true - tag kubernetes.* - @type tail - - - - @type kubernetes_metadata - - - - bind 0.0.0.0 - port "#{ENV['FLUENTD_PORT']}" - @type forward - - - - @type null - - - - - chunk_limit_size 500K - flush_interval 5s - flush_thread_count 8 - queue_limit_length 16 - retry_forever false - retry_max_interval 30 - - host "#{ENV['ELASTICSEARCH_HOST']}" - include_tag_key true - logstash_format true - logstash_prefix libvirt - password "#{ENV['ELASTICSEARCH_PASSWORD']}" - port "#{ENV['ELASTICSEARCH_PORT']}" - @type elasticsearch - user "#{ENV['ELASTICSEARCH_USERNAME']}" - - - - - chunk_limit_size 500K - flush_interval 5s - flush_thread_count 8 - queue_limit_length 16 - retry_forever false - retry_max_interval 30 - - host "#{ENV['ELASTICSEARCH_HOST']}" - include_tag_key true - logstash_format true - logstash_prefix qemu - password "#{ENV['ELASTICSEARCH_PASSWORD']}" - port "#{ENV['ELASTICSEARCH_PORT']}" - @type elasticsearch - user "#{ENV['ELASTICSEARCH_USERNAME']}" - - - - - chunk_limit_size 500K - flush_interval 5s - flush_thread_count 8 - queue_limit_length 16 - retry_forever false - retry_max_interval 30 - - host "#{ENV['ELASTICSEARCH_HOST']}" - include_tag_key true - logstash_format true - logstash_prefix journal - password "#{ENV['ELASTICSEARCH_PASSWORD']}" - port "#{ENV['ELASTICSEARCH_PORT']}" - @type elasticsearch - user "#{ENV['ELASTICSEARCH_USERNAME']}" - - - - - chunk_limit_size 500K - flush_interval 5s - flush_thread_count 8 - queue_limit_length 16 - retry_forever false - retry_max_interval 30 - - host "#{ENV['ELASTICSEARCH_HOST']}" - include_tag_key true - logstash_format true - logstash_prefix kernel - password "#{ENV['ELASTICSEARCH_PASSWORD']}" - port "#{ENV['ELASTICSEARCH_PORT']}" - @type elasticsearch - user "#{ENV['ELASTICSEARCH_USERNAME']}" - - - - - chunk_limit_size 500K - flush_interval 5s - flush_thread_count 8 - queue_limit_length 16 - retry_forever false - retry_max_interval 30 - - flush_interval 15s - host "#{ENV['ELASTICSEARCH_HOST']}" - include_tag_key true - logstash_format true - password "#{ENV['ELASTICSEARCH_PASSWORD']}" - port "#{ENV['ELASTICSEARCH_PORT']}" - @type elasticsearch - type_name fluent - user "#{ENV['ELASTICSEARCH_USERNAME']}" - -EOF - -#NOTE: Deploy command -helm upgrade --install fluentd-daemonset ./fluentd \ - --namespace=osh-infra \ - --values=/tmp/fluentd-daemonset.yaml - -#NOTE: Wait for deploy -./tools/deployment/common/wait-for-pods.sh osh-infra - -#NOTE: Validate Deployment info -helm status fluentd-daemonset - -helm test fluentd-daemonset diff --git a/tools/deployment/osh-infra-logging/060-fluentd-daemonset.sh b/tools/deployment/osh-infra-logging/060-fluentd-daemonset.sh new file mode 120000 index 000000000..af568c5cf --- /dev/null +++ b/tools/deployment/osh-infra-logging/060-fluentd-daemonset.sh @@ -0,0 +1 @@ +../common/fluentd-daemonset.sh \ No newline at end of file diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 88d84ba3a..5570510b0 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -139,8 +139,8 @@ - ./tools/deployment/osh-infra-logging/030-radosgw-osh-infra.sh - ./tools/deployment/osh-infra-logging/040-ldap.sh - ./tools/deployment/osh-infra-logging/050-elasticsearch.sh - - ./tools/deployment/osh-infra-logging/055-fluentbit.sh - ./tools/deployment/osh-infra-logging/060-fluentd-daemonset.sh + - ./tools/deployment/osh-infra-logging/065-fluentd-deployment.sh - ./tools/deployment/osh-infra-logging/070-kibana.sh - ./tools/deployment/osh-infra-logging/600-kibana-selenium.sh || true @@ -311,11 +311,39 @@ - ./tools/deployment/osh-infra-logging/030-radosgw-osh-infra.sh - ./tools/deployment/osh-infra-logging/040-ldap.sh - ./tools/deployment/osh-infra-logging/050-elasticsearch.sh - - ./tools/deployment/osh-infra-logging/055-fluentbit.sh - ./tools/deployment/osh-infra-logging/060-fluentd-daemonset.sh + - ./tools/deployment/osh-infra-logging/065-fluentd-deployment.sh - ./tools/deployment/osh-infra-logging/070-kibana.sh - ./tools/deployment/osh-infra-logging/600-kibana-selenium.sh || true + + +- job: + name: openstack-helm-infra-aio-logging-apparmor + parent: openstack-helm-infra-functional + timeout: 7200 + pre-run: + - playbooks/osh-infra-upgrade-host.yaml + - playbooks/osh-infra-deploy-selenium.yaml + run: playbooks/osh-infra-gate-runner.yaml + post-run: playbooks/osh-infra-collect-logs.yaml + nodeset: openstack-helm-single-node + vars: + osh_params: + container_distro_name: ubuntu + container_distro_version: bionic + feature_gates: apparmor + gate_scripts: + - ./tools/deployment/osh-infra-logging/000-install-packages.sh + - ./tools/deployment/osh-infra-logging/005-deploy-k8s.sh + - ./tools/deployment/osh-infra-logging/010-ingress.sh + - ./tools/deployment/osh-infra-logging/020-ceph.sh + - ./tools/deployment/osh-infra-logging/025-ceph-ns-activate.sh + - ./tools/deployment/osh-infra-logging/030-radosgw-osh-infra.sh + - ./tools/deployment/osh-infra-logging/040-ldap.sh + - ./tools/deployment/osh-infra-logging/050-elasticsearch.sh + - ./tools/deployment/osh-infra-logging/070-kibana.sh + - job: name: openstack-helm-infra-metacontroller parent: openstack-helm-infra-functional