From 03ae4968030415d95f5397de806e2462284f0926 Mon Sep 17 00:00:00 2001
From: koneill94 <35918022+koneill94@users.noreply.github.com>
Date: Fri, 31 May 2019 16:15:32 +0100
Subject: [PATCH] Extended logging (#138)

* extended logging config added to routers

* fixed error

* clauses missed
---
 roles/openshiftpostdeployment/tasks/main.yml  | 47 +-----------
 .../openshiftpostdeployment/tasks/routers.yml | 74 +++++++++++++++++++
 .../templates/extended-logging-configmap.j2   | 11 +++
 3 files changed, 87 insertions(+), 45 deletions(-)
 create mode 100644 roles/openshiftpostdeployment/tasks/routers.yml
 create mode 100644 roles/openshiftpostdeployment/templates/extended-logging-configmap.j2

diff --git a/roles/openshiftpostdeployment/tasks/main.yml b/roles/openshiftpostdeployment/tasks/main.yml
index 63b0303..d288454 100644
--- a/roles/openshiftpostdeployment/tasks/main.yml
+++ b/roles/openshiftpostdeployment/tasks/main.yml
@@ -65,51 +65,6 @@
   command: /usr/local/bin/oc set volume dc/registry-console --add --type=secret --secret-name=console-secret -m /etc/cockpit/ws-certs.d -n default
   when: getCertificates == True
 
-- name: Setup secondary network routers
-  command: /usr/local/bin/oc adm router router-secondary --replicas=0 --selector='router=secondary' --service-account=router -n default
-  when: multinetwork
-
-- name: Setup secondary network router envs
-  command: /usr/local/bin/oc set env dc/router-secondary ROUTE_LABELS="router-secondary=true" -n default
-  when: multinetwork
-
-- name: Allow Source IP to be received on primary router from the HAProxy
-  command: /usr/local/bin/oc set env dc/router ROUTER_USE_PROXY_PROTOCOL=true -n default
-
-- name: Allow Source IP to be received on secondary router from HAProxy
-  command: /usr/local/bin/oc set env dc/router-secondary ROUTER_USE_PROXY_PROTOCOL=true -n default
-  when: multinetwork
-
-- name: Scale up secondary network routers
-  vars:
-    net2_scale: "{{ groups['nodes_net2'] | length }}"
-  command: /usr/local/bin/oc scale dc router-secondary --replicas={{ net2_scale }} -n default
-  when: multinetwork
-
-- name: Setup routers for private networks (extra gateway)
-  command: /usr/local/bin/oc adm router router-private --replicas=0 --selector='router-private=true' --service-account=router --stats-port=1937 --ports='7080:7080,7443:7443' -n default
-  when: extra_gateway_vip is defined
-
-- name: Setup private network router environment
-  command: /usr/local/bin/oc set env dc/router-private {{ item }} -n default
-  with_items:
-    - ROUTER_SERVICE_HTTP_PORT=7080
-    - ROUTER_SERVICE_HTTPS_PORT=7443
-    - ROUTE_LABELS="router-private=true"
-    - ROUTER_SERVICE_NO_SNI_PORT=11443
-    - ROUTER_SERVICE_SNI_PORT=11444
-  when: extra_gateway_vip is defined
-
-- name: Scale up private network routers
-  vars:
-    infra_scale: "{{ groups['nodes_infra'] | length }}"
-  command: /usr/local/bin/oc scale dc router-private --replicas={{ infra_scale }} -n default
-  when: extra_gateway_vip is defined
-
-- name: Allow Source IP to be received on private router from HAProxy
-  command: /usr/local/bin/oc set env dc/router-private ROUTER_USE_PROXY_PROTOCOL=true -n default
-  when: extra_gateway_vip is defined
-
 - name: Create 'monitoring' serviceaccount for monitoring use
   command: /usr/local/bin/oc create serviceaccount monitoring -n openshift-infra
 
@@ -145,5 +100,7 @@
       hostname: "prometheus"
   when: getCertificates == True
 
+- include_tasks: routers.yml
+
 - include_tasks: squid-whitelist.yml
   when: multinetwork
diff --git a/roles/openshiftpostdeployment/tasks/routers.yml b/roles/openshiftpostdeployment/tasks/routers.yml
new file mode 100644
index 0000000..a987320
--- /dev/null
+++ b/roles/openshiftpostdeployment/tasks/routers.yml
@@ -0,0 +1,74 @@
+# Default routers
+- name: Setup default router environment
+  command: /usr/local/bin/oc set env dc/router {{ item }} -n default
+  with_items:
+    - ROUTER_USE_PROXY_PROTOCOL=true
+    - ROUTER_LOG_LEVEL=debug
+
+- name: Setup rsyslog configMap for default router extended logging
+  template:
+    src: templates/extended-logging-configmap.j2
+    dest: ~/extended-logging-configmap.yml
+    force: yes
+    backup: no
+
+- name: Create rsyslog configMap for default router extended logging
+  command: /usr/local/bin/oc create -f ~/extended-logging-configmap.yml
+
+- name: Remove configMap template
+  file:
+    path: ~/extended-logging-configmap.yml
+    state: absent
+
+- name: Patch router deployment
+  command: /usr/local/bin/oc patch dc/router -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","env":[{"name":"ROUTER_SYSLOG_ADDRESS","value":"/var/lib/rsyslog/rsyslog.sock"}],"volumeMounts":[{"mountPath":"/var/lib/rsyslog","name":"rsyslog-socket"}]},{"name":"syslog","command":["/sbin/rsyslogd","-n","-i","/tmp/rsyslog.pid","-f","/etc/rsyslog/rsyslog.conf"],"image":"registry.redhat.io/openshift3/ose-haproxy-router:v3.11","imagePullPolicy":"IfNotPresent","resources":{"requests":{"cpu":"100m","memory":"256Mi"}},"volumeMounts":[{"mountPath":"/etc/rsyslog","name":"rsyslog-config"},{"mountPath":"/var/lib/rsyslog","name":"rsyslog-socket"}]}],"volumes":[{"configMap":{"name":"rsyslog-config"},"name":"rsyslog-config"},{"emptyDir":{},"name":"rsyslog-socket"}]}}}}' -n default
+
+# Net2 routers
+- name: Setup secondary network routers
+  command: /usr/local/bin/oc adm router router-secondary --replicas=0 --selector='router=secondary' --service-account=router -n default
+  when: multinetwork
+
+- name: Setup secondary network router envs
+  command: /usr/local/bin/oc set env dc/router-secondary {{ item }} -n default
+  with_items:
+    - ROUTE_LABELS="router-secondary=true"
+    - ROUTER_LOG_LEVEL=debug
+    - ROUTER_USE_PROXY_PROTOCOL=true
+  when: multinetwork
+
+- name: Patch secondary router deployment to use extended logging
+  command: /usr/local/bin/oc patch dc/router-secondary -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","env":[{"name":"ROUTER_SYSLOG_ADDRESS","value":"/var/lib/rsyslog/rsyslog.sock"}],"volumeMounts":[{"mountPath":"/var/lib/rsyslog","name":"rsyslog-socket"}]},{"name":"syslog","command":["/sbin/rsyslogd","-n","-i","/tmp/rsyslog.pid","-f","/etc/rsyslog/rsyslog.conf"],"image":"registry.redhat.io/openshift3/ose-haproxy-router:v3.11","imagePullPolicy":"IfNotPresent","resources":{"requests":{"cpu":"100m","memory":"256Mi"}},"volumeMounts":[{"mountPath":"/etc/rsyslog","name":"rsyslog-config"},{"mountPath":"/var/lib/rsyslog","name":"rsyslog-socket"}]}],"volumes":[{"configMap":{"name":"rsyslog-config"},"name":"rsyslog-config"},{"emptyDir":{},"name":"rsyslog-socket"}]}}}}' -n default
+  when: multinetwork
+
+- name: Scale up secondary network routers
+  vars:
+    net2_scale: "{{ groups['nodes_net2'] | length }}"
+  command: /usr/local/bin/oc scale dc router-secondary --replicas={{ net2_scale }} -n default
+  when: multinetwork
+
+# Extra gateway routers
+- name: Setup routers for private networks (extra gateway)
+  command: /usr/local/bin/oc adm router router-private --replicas=0 --selector='router-private=true' --service-account=router --stats-port=1937 --ports='7080:7080,7443:7443' -n default
+  when: extra_gateway_vip is defined
+
+- name: Setup private network router environment
+  command: /usr/local/bin/oc set env dc/router-private {{ item }} -n default
+  with_items:
+    - ROUTER_SERVICE_HTTP_PORT=7080
+    - ROUTER_SERVICE_HTTPS_PORT=7443
+    - ROUTE_LABELS="router-private=true"
+    - ROUTER_SERVICE_NO_SNI_PORT=11443
+    - ROUTER_SERVICE_SNI_PORT=11444
+    - ROUTER_USE_PROXY_PROTOCOL=true
+    - ROUTER_LOG_LEVEL=debug
+  when: extra_gateway_vip is defined
+
+- name: Patch private router deployment to use extended logging
+  command: /usr/local/bin/oc patch dc/router-private -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","env":[{"name":"ROUTER_SYSLOG_ADDRESS","value":"/var/lib/rsyslog/rsyslog.sock"}],"volumeMounts":[{"mountPath":"/var/lib/rsyslog","name":"rsyslog-socket"}]},{"name":"syslog","command":["/sbin/rsyslogd","-n","-i","/tmp/rsyslog.pid","-f","/etc/rsyslog/rsyslog.conf"],"image":"registry.redhat.io/openshift3/ose-haproxy-router:v3.11","imagePullPolicy":"IfNotPresent","resources":{"requests":{"cpu":"100m","memory":"256Mi"}},"volumeMounts":[{"mountPath":"/etc/rsyslog","name":"rsyslog-config"},{"mountPath":"/var/lib/rsyslog","name":"rsyslog-socket"}]}],"volumes":[{"configMap":{"name":"rsyslog-config"},"name":"rsyslog-config"},{"emptyDir":{},"name":"rsyslog-socket"}]}}}}' -n default
+  when: extra_gateway_vip is defined
+
+- name: Scale up private network routers
+  vars:
+    infra_scale: "{{ groups['nodes_infra'] | length }}"
+  command: /usr/local/bin/oc scale dc router-private --replicas={{ infra_scale }} -n default
+  when: extra_gateway_vip is defined
diff --git a/roles/openshiftpostdeployment/templates/extended-logging-configmap.j2 b/roles/openshiftpostdeployment/templates/extended-logging-configmap.j2
new file mode 100644
index 0000000..1ec86fe
--- /dev/null
+++ b/roles/openshiftpostdeployment/templates/extended-logging-configmap.j2
@@ -0,0 +1,11 @@
+apiVersion: v1
+data:
+  rsyslog.conf: |
+    $ModLoad imuxsock
+    $SystemLogSocketName /var/lib/rsyslog/rsyslog.sock
+    $ModLoad omstdout.so
+    *.* :omstdout:
+kind: ConfigMap
+metadata:
+  name: rsyslog-config
+  namespace: default