From e20d8ba804539203664a542521db5b64826ba05c Mon Sep 17 00:00:00 2001 From: adi0509 Date: Fri, 21 Aug 2020 23:24:08 +0530 Subject: LMA: Deployment of LMA solution.(ansible) Ansible playbooks for LMA deployment Signed-off-by: Adarsh Yadav Change-Id: I3ab71e139bc1668577506fb996105a834a9c3c65 --- .../logging/files/elastalert/ealert-conf-cm.yaml | 48 ++ .../logging/files/elastalert/ealert-key-cm.yaml | 68 +++ .../logging/files/elastalert/ealert-rule-cm.yaml | 132 ++++++ .../roles/logging/files/elastalert/elastalert.yaml | 76 +++ .../logging/files/elasticsearch/elasticsearch.yaml | 231 +++++++++ .../logging/files/elasticsearch/user-secret.yaml | 23 + .../roles/logging/files/fluentd/fluent-cm.yaml | 525 +++++++++++++++++++++ .../logging/files/fluentd/fluent-service.yaml | 34 ++ .../roles/logging/files/fluentd/fluent.yaml | 65 +++ .../roles/logging/files/kibana/kibana.yaml | 23 + .../roles/logging/files/namespace.yaml | 17 + .../roles/logging/files/nginx/nginx-conf-cm.yaml | 36 ++ .../roles/logging/files/nginx/nginx-key-cm.yaml | 68 +++ .../roles/logging/files/nginx/nginx-service.yaml | 28 ++ .../roles/logging/files/nginx/nginx.yaml | 58 +++ .../roles/logging/files/persistentVolume.yaml | 105 +++++ .../roles/logging/files/storageClass.yaml | 73 +++ .../ansible-server/roles/logging/tasks/main.yml | 165 +++++++ 18 files changed, 1775 insertions(+) create mode 100644 tools/lma/ansible-server/roles/logging/files/elastalert/ealert-conf-cm.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/elastalert/ealert-key-cm.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/elastalert/ealert-rule-cm.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/elastalert/elastalert.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/elasticsearch/elasticsearch.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/elasticsearch/user-secret.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/fluentd/fluent-cm.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/fluentd/fluent-service.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/fluentd/fluent.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/kibana/kibana.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/namespace.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/nginx/nginx-conf-cm.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/nginx/nginx-key-cm.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/nginx/nginx-service.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/nginx/nginx.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/persistentVolume.yaml create mode 100644 tools/lma/ansible-server/roles/logging/files/storageClass.yaml create mode 100644 tools/lma/ansible-server/roles/logging/tasks/main.yml (limited to 'tools/lma/ansible-server/roles/logging') diff --git a/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-conf-cm.yaml b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-conf-cm.yaml new file mode 100644 index 00000000..a320ef75 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-conf-cm.yaml @@ -0,0 +1,48 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastalert-config +data: + elastalert.yaml: | + # This is the folder that contains the rule yaml files + # Any .yaml file will be loaded as a rule + rules_folder: rules + # How often ElastAlert will query Elasticsearch + # The unit can be anything from weeks to seconds + run_every: + minutes: 1 + # ElastAlert will buffer results from the most recent + # period of time, in case some log sources are not in real time + buffer_time: + minutes: 15 + + scan_subdirectories: false + + # The Elasticsearch hostname for metadata writeback + # Note that every rule can have its own Elasticsearch host + es_host: logging-es-http + es_port: 9200 + es_username: ${ES_USERNAME} + es_password: ${ES_PASSWORD} + es_conn_timeout: 120 + verify_certs: False + use_ssl: True + client_cert: '/opt/elastalert/key/elastalert.pem' + client_key: '/opt/elastalert/key/elastalert.key' + writeback_index: elastalert_status + writeback_alias: elastalert_alerts + alert_time_limit: + days: 2 diff --git a/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-key-cm.yaml b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-key-cm.yaml new file mode 100644 index 00000000..0c606a9c --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-key-cm.yaml @@ -0,0 +1,68 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastalert-key +data: + elastalert.key: | + -----BEGIN PRIVATE KEY----- + MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC0uQ+B0gy3VB4w + 5CeWOx575lqSUuYvrGW3ILpV1gmj0ZZCMZUGvt4UvaCEaNPIAqNaHPmaslQqJb5C + PJH9pMN7vUVp3DACzmYrS4HdROHamn5gjebXs4hq43heLaIB1Kb+4F+7sEY88irK + xOevadcN35y5ld7lVUGRsj6JYcweaAeh/YZ/HaBT5RfdGF+x07NDus+mFqT8j3PD + rs2+JtEvEoWtjcxwFgloc9GkHsWZoV1AQHgyAWjmDXZtZeV0HQSkl7hWFG9vxTni + DvdrdhX0g+D+u8jWnlR4Za4jd64KbTp9C9trSHyMSRIvN5obm/H8O5MQ+sZ+NQ0X + PdK92MjbAgMBAAECggEASbRPxrpLxVjhFz91haeGvzErLxHwHvFIam9Gj0tDkzQe + +9AM3ztohzzvAhFejevFgzLd+WFRQf8yoQDi6XcQ4p5GeO38Bqj2siGRTRSSp/zq + HabBxqbJtA4hQQeLUwPPN5N6d6lke+an3RqBAuE/e8D+whGFXjJvE2SGbLEd9if2 + uzHj37sPsVi8kRvgZBDOozmt7YFzQVO/1V+4Lw6nz48M3t+hOHaUXY0Yd8nsk5A6 + kgoDQ4CGUHjtWfSrccZrYNk51Zows9/sX8axfJ94wKJSImWJcuW9PXIQhzT4exnH + sPOwY6Noy3nXRk9gcchT60fKpp+tsJZk3ezkwSpgwQKBgQDvsaYcbnIVdFZpaNKF + Tmt/w60CmfGeNozRygfi84ot7edUf93cB6WSKChcAE8fbq9Ji5USPNtfbnZfFXsI + IyTr2KHW3RkHuDEyu+Lan9JuReEH3QOG83vvN/oYA3J3hqUTCjEGkPjqnoFtdk8L + f7WH1jZvXYEMo0C48SXo+yGohQKBgQDBBGkzL928j1QB9NfiNFk70EalDsF8Im2W + n8bQ54KYspUybKD/Hmw0jIV7kdu2vhgGC4RYkn9c5qATtulbYJUgUBelaSi0vhXT + gfAuO+JIIZ50P+mkkxH/KIUyu1xWUB2jtMulqLLomdoBvfp/u51qCY6fT3WMCB+R + ouWLr2oZ3wKBgQCAuas4AaiLFRuDKKRGq0LYLsIvb3VvPmSKFjH+FETVPbrKipEf + pYup3p8uKYxUmSDSIoBAdyZpLe2sSuD0Ecu2TXU86yiSGL1zPawrNUHRrv2XN365 + bvHUGv/Y/aDvyAPHIeYKXLkRZ2ai3rK8vi1Dcitxy4mOu+36ZKezY4tD8QKBgQCd + hakJUj4nPd20fwqUnF5a1z5gRGuZkEtZiunp4ZaOYegrL8YwjraGKExjrYTfXcIj + ZNDMrDpvKfRoQnWt0mPB7DtwDiNfZmZPqBLI2Kxya6VygBqA6lncoEgcQBY6hsW5 + rbopZ0UjWTQ3CcFe71GnkUcpMuLetl51L7kgR7dShwKBgQC+vqjhe/h081JGLTo1 + tKeRUCaDA/V3VHjFKgM5g+S3/KzgU/EaB1rq3Qja1quGv0zHveca3zibdNQi1ENm + KSutWh2zQXzzvmycPmVcthhOxaKzRXDjG0mXiA0bnSgK3F2o9t4196RYhIiiSvAH + shVjZMTK04h8ciTLIqK/GtZr+g== + -----END PRIVATE KEY----- + elastalert.pem: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIJAORgkR7Y0Nk9MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV + BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg + Q29tcGFueSBMdGQwHhcNMjAwNjI4MTM1NjAwWhcNMjEwNjI4MTM1NjAwWjBCMQsw + CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh + dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA + tLkPgdIMt1QeMOQnljsee+ZaklLmL6xltyC6VdYJo9GWQjGVBr7eFL2ghGjTyAKj + Whz5mrJUKiW+QjyR/aTDe71FadwwAs5mK0uB3UTh2pp+YI3m17OIauN4Xi2iAdSm + /uBfu7BGPPIqysTnr2nXDd+cuZXe5VVBkbI+iWHMHmgHof2Gfx2gU+UX3RhfsdOz + Q7rPphak/I9zw67NvibRLxKFrY3McBYJaHPRpB7FmaFdQEB4MgFo5g12bWXldB0E + pJe4VhRvb8U54g73a3YV9IPg/rvI1p5UeGWuI3euCm06fQvba0h8jEkSLzeaG5vx + /DuTEPrGfjUNFz3SvdjI2wIDAQABo1AwTjAdBgNVHQ4EFgQUFAvjohHTavHmbRbj + Yq2h3cq7UMEwHwYDVR0jBBgwFoAUFAvjohHTavHmbRbjYq2h3cq7UMEwDAYDVR0T + BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAB9oDASl4OfF/D49i3KtVzjzge4up + WssBPYKVwASh3cXfLLe3NdY9ihdCXFd/8Rus0hBGaRPIyR06sZoHRDEfJ2xrRD6g + pr4iHRfaoEWqols7+iW0cgQehvw5efEpFL1vg9zK9kOwruS4ZUhDrak6GcO/O8Jh + 6lSGmidHSHrQmfqFeTotaezwylV/uHvRZHPvk2JhQfC+vFjn5/iN/0wCeQCwYvOC + rePq2ZFdYg/0bS9BYwKsT2w1Z/AU/wIMLmbNB1af+fTBBEQlxb4rAeDb+J9EoSQ5 + MVP7jm3BVnHQCs6CA4LV4yRQNF2K6GkWem1oUg/H3S2SG8TAUlKpX/1XRw== + -----END CERTIFICATE----- diff --git a/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-rule-cm.yaml b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-rule-cm.yaml new file mode 100644 index 00000000..af28b6f6 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elastalert/ealert-rule-cm.yaml @@ -0,0 +1,132 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: elastalert-rule +data: + rule-node4-vswitch.yaml: | + name: vswitch-3-sec + type: any + index: node4* + filter: + - range: + time_vswitchd: + gt: 3 #Greater than + + realert: + minutes: 0 + + alert: post + http_post_url: "http://10.10.120.211:31000/alerts" + http_post_static_payload: + type: threshold + label: vswitchd start time > 3 sec + http_post_payload: + index: _index + log: msg + log_path: log_path + time_vswitchd: time_vswitchd + num_hits: num_hits + num_matches: num_matches + + rule-node1-vswitch.yaml: | + name: vswitch-3-sec + type: any + index: node1* + filter: + - range: + time_vswitchd: + gt: 3 #Greater than + + realert: + minutes: 0 + + alert: post + http_post_url: "http://10.10.120.211:31000/alerts" + http_post_static_payload: + type: threshold + label: vswitchd start time > 3 sec + http_post_payload: + index: _index + log: msg + log_path: log_path + time_vswitchd: time_vswitchd + num_hits: num_hits + num_matches: num_matches + + rule-node4-blacklist.yaml: | + name: error-finder-node4 + type: blacklist + compare_key: alert + index: node4* + blacklist: + - "Failed to run test" + - "Failed to execute in '30' seconds" + - "('Result', 'Failed')" + - "could not open socket: connection refused" + - "Input/output error" + - "dpdk|ERR|EAL: Error - exiting with code: 1" + - "Failed to execute in '30' seconds" + - "dpdk|ERR|EAL: Driver cannot attach the device" + - "dpdk|EMER|Cannot create lock on" + - "device not found" + + realert: + minutes: 0 + + alert: post + http_post_url: "http://10.10.120.211:31000/alerts" + http_post_static_payload: + type: pattern-match + label: failed + http_post_payload: + index: _index + log: msg + log_path: log_path + reason: alert + num_hits: num_hits + num_matches: num_matches + rule-node1-blacklist.yaml: | + name: error-finder-node1 + type: blacklist + compare_key: alert + index: node1* + blacklist: + - "Failed to run test" + - "Failed to execute in '30' seconds" + - "('Result', 'Failed')" + - "could not open socket: connection refused" + - "Input/output error" + - "dpdk|ERR|EAL: Error - exiting with code: 1" + - "Failed to execute in '30' seconds" + - "dpdk|ERR|EAL: Driver cannot attach the device" + - "dpdk|EMER|Cannot create lock on" + - "device not found" + + realert: + minutes: 0 + + alert: post + http_post_url: "http://10.10.120.211:31000/alerts" + http_post_static_payload: + type: pattern-match + label: failed + http_post_payload: + index: _index + log: msg + log_path: log_path + reason: alert + num_hits: num_hits + num_matches: num_matches diff --git a/tools/lma/ansible-server/roles/logging/files/elastalert/elastalert.yaml b/tools/lma/ansible-server/roles/logging/files/elastalert/elastalert.yaml new file mode 100644 index 00000000..9e32e2b7 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elastalert/elastalert.yaml @@ -0,0 +1,76 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: elastalert +spec: + replicas: 1 + selector: + matchLabels: + run: elastalert + template: + metadata: + labels: + run: elastalert + spec: + volumes: + - name: econfig + configMap: + name: elastalert-config + items: + - key: elastalert.yaml + path: elastalert.yaml + - name: erule + configMap: + name: elastalert-rule + items: + - key: rule-node4-vswitch.yaml + path: rule-node4-vswitch.yaml + - key: rule-node4-blacklist.yaml + path: rule-node4-blacklist.yaml + - key: rule-node1-blacklist.yaml + path: rule-node1-blacklist.yaml + - name: ekey + configMap: + name: elastalert-key + items: + - key: elastalert.key + path: elastalert.key + - key: elastalert.pem + path: elastalert.pem + initContainers: + - name: init-myservice + image: busybox:1.28 + command: ['sh', '-c', 'until nslookup logging-es-http; do echo "waiting for myservice"; sleep 2; done;'] + containers: + - name: elastalert + image: adi0509/elastalert:latest + env: + - name: ES_USERNAME + value: "elastic" + - name: ES_PASSWORD + valueFrom: + secretKeyRef: + name: logging-es-elastic-user + key: elastic + command: [ "sh", "-c"] + args: ["elastalert-create-index --config /opt/elastalert/elastalert.yaml; python -m elastalert.elastalert --config /opt/elastalert/elastalert.yaml"] + volumeMounts: + - mountPath: /opt/elastalert/ + name: econfig + - mountPath: /opt/elastalert/rules/ + name: erule + - mountPath: /opt/elastalert/key + name: ekey diff --git a/tools/lma/ansible-server/roles/logging/files/elasticsearch/elasticsearch.yaml b/tools/lma/ansible-server/roles/logging/files/elasticsearch/elasticsearch.yaml new file mode 100644 index 00000000..5b0a8476 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elasticsearch/elasticsearch.yaml @@ -0,0 +1,231 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: logging +spec: + version: 7.8.0 + http: + service: + spec: + type: NodePort + ports: + - name: https + nodePort: 31111 + port: 9200 + protocol: TCP + targetPort: 9200 + auth: + fileRealm: + - secretName: custom-user + nodeSets: + - name: vm1-master + count: 1 + config: + node.master: true + node.data: false + node.attr.zone: vm1 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm1-master + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm1 + - name: vm1-data + count: 1 + config: + node.master: false + node.data: true + node.attr.zone: vm1 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm1-data + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm1 + - name: vm2-master + count: 1 + config: + node.master: true + node.data: false + node.attr.zone: vm2 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm2-master + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm2 + - name: vm2-data + count: 1 + config: + node.master: false + node.data: true + node.attr.zone: vm2 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm2-data + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm2 + - name: vm3-master + count: 1 + config: + node.master: true + node.data: false + node.attr.zone: vm3 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm3-master + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm3 + - name: vm3-data + count: 1 + config: + node.master: false + node.data: true + node.attr.zone: vm3 + cluster.routing.allocation.awareness.attributes: zone + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: log-vm3-data + podTemplate: + spec: + initContainers: + - name: sysctl + securityContext: + privileged: true + command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144'] + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - vm3 diff --git a/tools/lma/ansible-server/roles/logging/files/elasticsearch/user-secret.yaml b/tools/lma/ansible-server/roles/logging/files/elasticsearch/user-secret.yaml new file mode 100644 index 00000000..3e71fe92 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/elasticsearch/user-secret.yaml @@ -0,0 +1,23 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: Secret +apiVersion: v1 +metadata: + name: custom-user +stringData: + users: |- + elasticsearch:$2a$10$DzOu7/.Vo2FBDYworbUZe.LNL9tCUl18kpVZ6C/mvkKcXRzYrpmJu + users_roles: |- + kibana_admin:elasticsearch + superuser:elasticsearch diff --git a/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-cm.yaml b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-cm.yaml new file mode 100644 index 00000000..36ff80d6 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-cm.yaml @@ -0,0 +1,525 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: fluentd-config +data: + index_template.json: | + { + "index_patterns": [ + "node*" + ], + "settings": { + "index.lifecycle.name": "delete_policy", + "number_of_replicas": 1 + } + } + fluent.conf: | + + @type forward + port 24224 + bind 0.0.0.0 + tag log + + + #tag the .dat file + + @type rewrite_tag_filter + #Trex data + + key log_path + pattern /\/tmp\/result.*\/.*counts.dat/ + tag countdat.${tag} + + + key log_path + pattern /\/tmp\/result.*\/.*errors.dat/ + tag errordat.${tag} + + #Spirent data + + key log_path + pattern /\/tmp\/result.*\/stc-liveresults.dat.tx/ + tag stcdattx.${tag} + + + key log_path + pattern /\/tmp\/result.*\/stc-liveresults.dat.rx/ + tag stcdatrx.${tag} + + #Ixia data + + key log_path + pattern /\/tmp\/result.*\/.*Statistics.csv/ + tag ixia.${tag} + + #log files + + key log_path + pattern /vsperf-overall/ + tag vsperf.${tag} + + + key log_path + pattern /vswitchd/ + tag vswitchd.${tag} + + + key log_path + pattern /\/var\/log\/userspace/ + tag userspace.${tag} + + + key log_path + pattern /\/var\/log\/sriovdp/ + tag sriovdp.${tag} + + + key log_path + pattern /\/var\/log\/pods/ + tag pods.${tag} + + + + #to find error + @include error.conf + + #to parse time-series data + @include time-series.conf + + #to calculate time analysis + @include time-analysis.conf + + #give tag 'node1' if host is worker and tag 'node4' if host is pod12-node4 + + @type rewrite_tag_filter + + key host + pattern /pod12-node4/ + tag node4 + + + key host + pattern /worker/ + tag node1 + + + + + + @type elasticsearch_genid + hash_id_key _hash1 + + + #send the node1 log to node1 index in elasticsearch + + @type copy + + @type elasticsearch + host logging-es-http + port 9200 + scheme https + ssl_verify false + user "#{ENV['FLUENT_ELASTICSEARCH_USER']}" + password "#{ENV['FLUENT_ELASTICSEARCH_PASSWORD']}" + logstash_format true + logstash_prefix node1 + logstash_dateformat %Y%m%d + flush_interval 1s + id_key _hash1 + remove_keys _hash1 + + enable_ilm true + application_name ${tag} + index_date_pattern "" + ilm_policy_id delete_policy + template_name delpol-test + template_file /fluentd/etc/index_template.json + ilm_policy { + "policy": { + "phases": { + "delete": { + "min_age": "3m", + "actions": { + "delete": {} + } + } + } + } + } + + + @type stdout + + + + + @type elasticsearch_genid + hash_id_key _hash4 + + + #send the node4 log to node4 index in elasticsearch + + @type copy + + @type elasticsearch + host logging-es-http + port 9200 + scheme https + ssl_verify false + user "#{ENV['FLUENT_ELASTICSEARCH_USER']}" + password "#{ENV['FLUENT_ELASTICSEARCH_PASSWORD']}" + logstash_format true + logstash_prefix node4 + logstash_dateformat %Y%m%d + flush_interval 1s + id_key _hash4 + remove_keys _hash4 + + enable_ilm true + application_name ${tag} + index_date_pattern "" + ilm_policy_id delete_policy + template_name delpol-test + template_file /fluentd/etc/index_template.json + ilm_policy { + "policy": { + "phases": { + "delete": { + "min_age": "3m", + "actions": { + "delete": {} + } + } + } + } + } + + + @type stdout + + + error.conf: | + + @type parser + reserve_data true + key_name msg + emit_invalid_record_to_error false + + @type regexp + expression /(?\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3}).*(?Failed to run test|Failed to execute in '30' seconds|\('Result', 'Failed'\)|could not open socket: connection refused|Input\/output error)/ + + + + + @type parser + reserve_data true + key_name msg + emit_invalid_record_to_error false + + @type regexp + expression /(?\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z).*(?dpdk\|ERR\|EAL: Error - exiting with code: 1|Failed to execute in '30' seconds|dpdk\|ERR\|EAL: Driver cannot attach the device|dpdk\|EMER\|Cannot create lock on)/ + + + + @type parser + reserve_data true + key_name msg + emit_invalid_record_to_error false + + @type regexp + expression /(?\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z).*dpdk\|ERR\|VHOST_CONFIG:.*(?device not found)/ + + + time-series.conf: | + #parse *counts.dat + + @type parser + key_name msg + reserve_data true + emit_invalid_record_to_error false + + @type regexp + expression /^(?[\.\d]*),(?\d*),(?\d*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*)$/ + types rx_port:integer,tx_port:integer,rx_pkts:float,tx_pkts:float,rx_pps:float,tx_pps:float,rx_bps_num:float,rx_bps_den:float,tx_bps_num:float,tx_bps_den:float + + + + #parse *errors.dat + + @type parser + key_name msg + reserve_data true + emit_invalid_record_to_error false + + @type regexp + expression /^(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*)$/ + types ts:integer,dropped:integer,ooo:integer,dup:integer,seq_too_high:integer,seq_too_low:integer + + + + #parse stc-liveresults.dat.tx + + @type parser + key_name msg + reserve_data true + emit_invalid_record_to_error false + + @type regexp + expression /^(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*)$/ + types ts:integer,StrId:integer,BlkId:integer,FrCnt:integer,FrRate:integer,ERxFrCnt:integer,OctCnt:integer,OctRate:integer,bitCnt:integer,bitRate:integer + + + + #parse stc-liveresults.dat.rx + + @type parser + key_name msg + reserve_data true + emit_invalid_record_to_error false + + @type regexp + expression /^(?[\.\d]*),(.*, |)(?.*),(?[\.\d]*),(?[\.\d]*),(?.*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*),(?[\.\d]*)$/ + types ts:integer,DrpFrCnt:integer,SeqRnLen:integer,FrCnt:integer,FrRate:integer,MaxLat:integer,MinLat:integer,OctCnt:integer,OctRate:integer + + + time-analysis.conf: | + # 1. Test Duration - Duration Between: first line and last line. + # 2. Setup Duration - Duration Between: Creating result directory TO Class found --- + # 3. Traffic Duration - Duration between From Starting traffic at 0.1 Gbps speed TO Traffic Results + # 4. Iteration Durations -- Example: Duration between - Starting traffic at 10.0 Gbps TO Starting traffic at 5.0 Gbps speed + # 5. Reporting Duration - Duration between From Traffic Results TO Write results to file + # 6. Vswitchd start Duration- Duration between From Starting vswitchd... TO send_traffic with + + + @type rewrite_tag_filter + + key msg + pattern /Creating result directory:/ + tag firstline.${tag} + + + key msg + pattern /Write results to file/ + tag lastline.${tag} + + + + key msg + pattern /Class found/ + tag setupend.${tag} + + + key msg + pattern /Starting traffic at 0.1 Gbps speed/ + tag trafficstart.${tag} + + + key msg + pattern /Traffic Results/ + tag trafficend.${tag} + + + key msg + pattern /Starting traffic at 10.0 Gbps/ + tag iterationstart.${tag} + + + key msg + pattern /Starting traffic at 5.0 Gbps speed/ + tag iterationend.${tag} + + + key msg + pattern /Starting vswitchd/ + tag vswitchstart.${tag} + + + key msg + pattern /send_traffic/ + tag vswitch.${tag} + + + key msg + pattern ^.*$ + tag logs.${tag} + + + + ############################################################################################# + #save the starting log and append that log in ending log + ############################################################################################# + + @type record_transformer + enable_ruby true + + msg ${$vswitch_start="";$reportstart="";$firstline="";$traffic_start="";$iteration_start="";$firstline = record["msg"];return record["msg"];} + + + + @type record_transformer + enable_ruby true + + newmsg ${record["msg"]+" | "+$firstline + " | "+ $reportstart} + + + + + @type record_transformer + enable_ruby true + + newmsg ${record["msg"]+" "+$firstline} + + + + + @type record_transformer + enable_ruby true + + msg ${if $traffic_start.eql?("");$traffic_start=record["msg"];end;return record["msg"];} + + + + @type record_transformer + enable_ruby true + + newmsg ${if $reportstart.eql?("");$reportstart=record["msg"];end;return record["msg"]+" "+$traffic_start;} + + + + + @type record_transformer + enable_ruby true + + msg ${if $iteration_start.eql?("");$iteration_start=record["msg"];end;return record["msg"];} + + + + @type record_transformer + enable_ruby true + + newmsg ${record["msg"]+" "+$iteration_start} + + + + + @type record_transformer + enable_ruby true + + msg ${$vswitch_start=record["msg"];return record["msg"];} + + + + @type record_transformer + enable_ruby true + + newmsg ${record["msg"]+" "+$vswitch_start} + + + ############################################################################################# + #parse time from the log + ############################################################################################# + + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + + @type regexp + expression /^(?.*) : Class found: Trex. (?.*) : .*$/ + + + + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + + @type regexp + expression /^(?.*) : Starting traffic at 5.0 Gbps speed (?.*) : Starting traffic at 10.0 Gbps speed$/ + + + + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + + @type regexp + expression /^(?.*) : send_traffic with <.*> (?.*) : Starting vswitchd...$/ + + + + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + + @type regexp + expression /^(?.*) : Traffic Results: (?.*) : Starting traffic at 0.1 Gbps speed/ + + + + @type parser + key_name newmsg + reserve_data true + remove_key_name_field true + + @type regexp + expression /^(?.*) : Write results to file: .* \| (?.*) : Creating result directory: .* \| (?.*) : Traffic Results:$/ + + + ############################################################################################# + #calculate time + ############################################################################################# + + @type record_transformer + enable_ruby + + setup_duration ${ require 'time';Time.parse(record["setupend"])-Time.parse(record["setupstart"]); } + + + + @type record_transformer + enable_ruby + + iteration_duration ${ require 'time';Time.parse(record["iterationend"])-Time.parse(record["iterationstart"]); } + + + + @type record_transformer + enable_ruby + + vswitch_duration ${ require 'time';Time.parse(record["vswitch"])-Time.parse(record["vswitchstart"]); } + + + + @type record_transformer + enable_ruby + + traffic_duration ${ require 'time';Time.parse(record["trafficend"])-Time.parse(record["trafficstart"]); } + + + + @type record_transformer + enable_ruby + + test_duration ${ require 'time';Time.parse(record["lastline"])-Time.parse(record["firstline"]); } + + + report_duration ${ require 'time';Time.parse(record["lastline"])-Time.parse(record["reportstart"]); } + + + ############################################################################################# diff --git a/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-service.yaml b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-service.yaml new file mode 100644 index 00000000..9a43b82f --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent-service.yaml @@ -0,0 +1,34 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: fluentd + labels: + run: fluentd +spec: + type: NodePort + ports: + - name: tcp + port: 32224 + targetPort: 24224 + protocol: TCP + nodePort: 32224 + - name: udp + port: 32224 + targetPort: 24224 + protocol: UDP + nodePort: 32224 + selector: + run: fluentd diff --git a/tools/lma/ansible-server/roles/logging/files/fluentd/fluent.yaml b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent.yaml new file mode 100644 index 00000000..3830f682 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/fluentd/fluent.yaml @@ -0,0 +1,65 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fluentd +spec: + replicas: 2 + selector: + matchLabels: + run: fluentd + template: + metadata: + labels: + run: fluentd + spec: + volumes: + - name: fconfig + configMap: + name: fluentd-config + items: + - key: fluent.conf + path: fluent.conf + - key: error.conf + path: error.conf + - key: time-series.conf + path: time-series.conf + - key: time-analysis.conf + path: time-analysis.conf + - key: index_template.json + path: index_template.json + initContainers: + - name: init-myservice + image: busybox:1.28 + command: ['sh', '-c', 'until nslookup logging-es-http; do echo "waiting for myservice"; sleep 2; done;'] + containers: + - name: fluentd + image: adi0509/fluentd:latest + env: + - name: FLUENT_ELASTICSEARCH_USER + value: "elastic" + - name: FLUENT_ELASTICSEARCH_PASSWORD + valueFrom: + secretKeyRef: + name: logging-es-elastic-user + key: elastic + ports: + - containerPort: 24224 + protocol: TCP + - containerPort: 24224 + protocol: UDP + volumeMounts: + - name: fconfig + mountPath: /fluentd/etc/ diff --git a/tools/lma/ansible-server/roles/logging/files/kibana/kibana.yaml b/tools/lma/ansible-server/roles/logging/files/kibana/kibana.yaml new file mode 100644 index 00000000..5ec6937e --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/kibana/kibana.yaml @@ -0,0 +1,23 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: kibana.k8s.elastic.co/v1 +kind: Kibana +metadata: + name: logging +spec: + version: 7.8.0 + count: 1 + elasticsearchRef: + name: logging + namespace: logging diff --git a/tools/lma/ansible-server/roles/logging/files/namespace.yaml b/tools/lma/ansible-server/roles/logging/files/namespace.yaml new file mode 100644 index 00000000..6964af5c --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/namespace.yaml @@ -0,0 +1,17 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Namespace +metadata: + name: logging diff --git a/tools/lma/ansible-server/roles/logging/files/nginx/nginx-conf-cm.yaml b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-conf-cm.yaml new file mode 100644 index 00000000..f5a11e80 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-conf-cm.yaml @@ -0,0 +1,36 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config +data: + default.conf: | + server { + listen 80; + ssl on; + ssl_certificate /etc/ssl/certs/kibana-access.pem; + ssl_certificate_key /etc/ssl/private/kibana-access.key; + + location / { + proxy_pass https://logging-kb-http:5601; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + proxy_read_timeout 300s; + proxy_connect_timeout 75s; + } + } diff --git a/tools/lma/ansible-server/roles/logging/files/nginx/nginx-key-cm.yaml b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-key-cm.yaml new file mode 100644 index 00000000..93d7d6ec --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-key-cm.yaml @@ -0,0 +1,68 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-key +data: + kibana-access.key: | + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDI92SBrcEdzxqS + rt883bVcj4F4RuKtm+AjjOEhbFUd3XOp5Wa5NzyYQSTP9ZJHG0dYiTAKOJBVcgbc + YRMNUAzHAIskf1q2/SvwyLNRMJLkBD5HHjbnEcuKQm/+nPdzkfvo2zfRNTDPKS83 + HqFQ779hT8ZLkSzoPuR0QD17ZNWYVMZv/r9wqnjX8U/k5AjrJOIxuaO9nGAgv2Pu + Qm6wuU8UBEaMRgPVHQ3ztflQr9QPr/S6HU0cl4Gu+Nwid6iC1RVYxANNq7E7wRvq + GMKRS5cA9Nlnu/b7IEI4LSx5yeTSDzwmZKTNnUWi2cpqk30M4G4cUokoz9bP+62I + YWEh3B8HAgMBAAECggEBAI1luzqepTSzBhBUp88sczGX6tFUlqLt/Ism0TPyBAVK + TdopBNima6T4mM0VDIGpSM6bX8ihObRU0Uz3pC8GtqbB1CSu0oXTpbn5jGlAkumJ + rsPdF2YHGD3ENwZfLKANA8A3lZNGKHxpjsXqcDgBJ5dxSKTclUsnDRhaJqgOL1bI + d9QCXdA1vbpxHDJWSo73E7omv3AyHi3HxMWU4gzyerUFSMFGqm0W5dPeeresNE3a + bv9/46YdykufuRuJZqsUDLCgUUcJPhbE5iOrB4iv8oaDqT0onxwzRQTSgidPxbp2 + EmjVHpFCACltOKSqELM4+PQFCk8xUBya8HWD5UHrVDkCgYEA4y3WwmhtLUT/g3G3 + cowvmxjgPl6xqkqTA7Xcdc3sk+6/jS1kayT5TL1qfpd1QL/K617jva9mfSMZ8ei9 + Y7M/2QkSb0uHKulGR0+if+7sT0L8OYO/OE7c+HTZmZK4hD1CCJN2M34D9Qo2fzQ6 + 4v+AO1wGiAtiNev0YIBKYNSco+sCgYEA4nY8m93XuC19z991sFRvE0UBeKcN2esg + TwY9UuYHJ56s+6UozkUgZArwYFW8LWFeIjkrrKELBNDsmJtTZ006TyUWxY/ccdjV + fJZTLV3niv6IQzy74aOmXV2vtNjxyBlllT9mvig6T0t0TvAtolsuSVHBL09zxcy4 + wN4pGIfqllUCgYBYLq/hMKXIX7MK87YwqYfFHWfV7e3q2x2r4AjeVXuShKcoBsmm + 6Wg3yIKw9tuVsZzzthaSx6XxxxFIHH5/V9Hdzi6wstGZ74jPH3NFU5m4vpinPqOY + GMyfSMQ6X4BuHFUofQzxueWRVVCIGd8Nw/2jjPogDsMliRyH5OR6J61R1wKBgEa6 + 8SEpf7fJlZL4UzS4mlylX9lEK+JVOqkT5NFggPmR6KtMIVuTYZN9iyg7fuOZlqIP + wyFOxzdA3bSoRrtr9ntDtUINNaflNoCMHvx7aNcTupFthazqxQpCOZ+9Zn691+lu + fPOFcvjTM0d4YnhkDCfgPfs90IYF8+phOOqtgMplAoGBAI+mcaUH7ADYxlONCi1E + gNHRvHJRBdQBaydKUfPxbe3vS5QJb8Gb5RU46vDl3w+YHUVwUi+Hj68zuKExXxhD + 9CGTAQIejtHWScZ1Djl3bcvNa/czHyuNVsGwvJ3fy1JzpxRmUUMPSdJ90A1n57Tk + LFEmZhwaj7YF869wfKngQ57d + -----END PRIVATE KEY----- + kibana-access.pem: | + -----BEGIN CERTIFICATE----- + MIIDVzCCAj+gAwIBAgIJAIQzf1mxHsvgMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV + BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg + Q29tcGFueSBMdGQwHhcNMjAwNjI1MTY1NzQ3WhcNMjEwNjI1MTY1NzQ3WjBCMQsw + CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh + dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA + yPdkga3BHc8akq7fPN21XI+BeEbirZvgI4zhIWxVHd1zqeVmuTc8mEEkz/WSRxtH + WIkwCjiQVXIG3GETDVAMxwCLJH9atv0r8MizUTCS5AQ+Rx425xHLikJv/pz3c5H7 + 6Ns30TUwzykvNx6hUO+/YU/GS5Es6D7kdEA9e2TVmFTGb/6/cKp41/FP5OQI6yTi + MbmjvZxgIL9j7kJusLlPFARGjEYD1R0N87X5UK/UD6/0uh1NHJeBrvjcIneogtUV + WMQDTauxO8Eb6hjCkUuXAPTZZ7v2+yBCOC0secnk0g88JmSkzZ1FotnKapN9DOBu + HFKJKM/Wz/utiGFhIdwfBwIDAQABo1AwTjAdBgNVHQ4EFgQUrz/R+M2XkTTfjrau + VVBW6+pdatgwHwYDVR0jBBgwFoAUrz/R+M2XkTTfjrauVVBW6+pdatgwDAYDVR0T + BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAyIhJLwg9oTil0Rb1zbYQb0Mr0UYz + rlS4f8QkxygkGLAZ8q9VkR+NpKfqhYDSHofGg5Yg5/p54NRJh5M4ASuM7N9AK0LH + KbCvS+YRNWhmo+7H7zjDNkV8FbzG41nkt9jQjaKFF7GdKr4HkWvupMX6PwsAZ0jI + b2Y6QzFQP9wF0QoBHrK42u3eWbfYv2IIDd6xsV90ilKRDtKkCiI4dyKGK46YDyZB + 3eqJ08Pm67HDbxQLydRXkNJvd33PASRgE/VOh44n3xWG+Gu4IMz7EO/4monyuv1Q + V2v1A9NV+ZnAq4PT7WJY7fWYavDUr+kwxMAGNQkG/Cg3X4FYrRwrq6gk7Q== + -----END CERTIFICATE----- diff --git a/tools/lma/ansible-server/roles/logging/files/nginx/nginx-service.yaml b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-service.yaml new file mode 100644 index 00000000..8aea53dd --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/nginx/nginx-service.yaml @@ -0,0 +1,28 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: nginx + labels: + run: nginx +spec: + type: NodePort + ports: + - port: 8000 + targetPort: 80 + protocol: TCP + nodePort: 32000 + selector: + run: nginx diff --git a/tools/lma/ansible-server/roles/logging/files/nginx/nginx.yaml b/tools/lma/ansible-server/roles/logging/files/nginx/nginx.yaml new file mode 100644 index 00000000..fdf5c835 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/nginx/nginx.yaml @@ -0,0 +1,58 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + replicas: 2 + selector: + matchLabels: + run: nginx + template: + metadata: + labels: + run: nginx + spec: + volumes: + - name: nconfig + configMap: + name: nginx-config + items: + - key: default.conf + path: default.conf + - name: nkey + configMap: + name: nginx-key + items: + - key: kibana-access.key + path: kibana-access.key + - key: kibana-access.pem + path: kibana-access.pem + initContainers: + - name: init-myservice + image: busybox:1.28 + command: ['sh', '-c', 'until nslookup logging-kb-http; do echo "waiting for myservice"; sleep 2; done;'] + containers: + - name: nginx + image: nginx + volumeMounts: + - mountPath: /etc/nginx/conf.d/ + name: nconfig + - mountPath: /etc/ssl/certs/ + name: nkey + - mountPath: /etc/ssl/private/ + name: nkey + ports: + - containerPort: 80 diff --git a/tools/lma/ansible-server/roles/logging/files/persistentVolume.yaml b/tools/lma/ansible-server/roles/logging/files/persistentVolume.yaml new file mode 100644 index 00000000..c1a96077 --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/persistentVolume.yaml @@ -0,0 +1,105 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-master-vm1 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm1-master + nfs: + server: 10.10.120.211 + path: "/srv/nfs/master" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-data-vm1 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm1-data + nfs: + server: 10.10.120.211 + path: "/srv/nfs/data" + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-master-vm2 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm2-master + nfs: + server: 10.10.120.203 + path: "/srv/nfs/master" + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-data-vm2 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm2-data + nfs: + server: 10.10.120.203 + path: "/srv/nfs/data" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-master-vm3 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm3-master + nfs: + server: 10.10.120.204 + path: "/srv/nfs/master" + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-data-vm3 +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: log-vm3-data + nfs: + server: 10.10.120.204 + path: "/srv/nfs/data" diff --git a/tools/lma/ansible-server/roles/logging/files/storageClass.yaml b/tools/lma/ansible-server/roles/logging/files/storageClass.yaml new file mode 100644 index 00000000..a2f1e3aa --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/files/storageClass.yaml @@ -0,0 +1,73 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#storage class for VM1 master +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm1-master +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM1 data +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm1-data +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM2 master +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm2-master +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM2 data +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm2-data +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM3 master +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm3-master +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true +--- +#storage class for VM3 data +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: log-vm3-data +reclaimPolicy: Retain +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: Immediate +allowVolumeExpansion: true diff --git a/tools/lma/ansible-server/roles/logging/tasks/main.yml b/tools/lma/ansible-server/roles/logging/tasks/main.yml new file mode 100644 index 00000000..dcbf4d4d --- /dev/null +++ b/tools/lma/ansible-server/roles/logging/tasks/main.yml @@ -0,0 +1,165 @@ +# Copyright 2020 Adarsh yadav +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +#EFK setup in k8s cluster + +#*********************************************************************************************************** +#copy all yaml to /tmp/files/ +#*********************************************************************************************************** +- name: copy all yaml to /tmp/files/ + copy: + src: ../files/ + dest: /tmp/files/ + +#*********************************************************************************************************** +#Creating Namespace +#*********************************************************************************************************** +- name: Creating Namespace + k8s: + state: present + src: /tmp/files/namespace.yaml + namespace: logging + +#*********************************************************************************************************** +#creating Storage Class +#*********************************************************************************************************** +- name: creating Storage Class + k8s: + state: present + src: /tmp/files/storageClass.yaml + namespace: logging + +#*********************************************************************************************************** +#creating Persistent Volume +#*********************************************************************************************************** +- name: creating Persistent Volume + k8s: + state: present + src: /tmp/files/persistentVolume.yaml + namespace: logging + +#*********************************************************************************************************** +#add user +#*********************************************************************************************************** +- name: add user + k8s: + state: present + src: /tmp/files/elasticsearch/user-secret.yaml + namespace: logging + +#*********************************************************************************************************** +#Starting Elasticsearch operator +#*********************************************************************************************************** +- name: Starting Elasticsearch operator + shell: kubectl apply -f https://download.elastic.co/downloads/eck/1.2.0/all-in-one.yaml + ignore_errors: yes + +#*********************************************************************************************************** +#Starting Elasticsearch +#*********************************************************************************************************** +- name: Starting Elasticsearch + k8s: + state: present + src: /tmp/files/elasticsearch/elasticsearch.yaml + namespace: logging + +#*********************************************************************************************************** +#Starting Kibana +#*********************************************************************************************************** +- name: Starting Kibana + k8s: + state: present + src: /tmp/files/kibana/kibana.yaml + namespace: logging + +#*********************************************************************************************************** +#Starting nginx +#*********************************************************************************************************** +- name: creating nginx configmap + k8s: + state: present + src: /tmp/files/nginx/nginx-conf-cm.yaml + namespace: logging + +- name: creating nginx key configmap + k8s: + state: present + src: /tmp/files/nginx/nginx-key-cm.yaml + namespace: logging + +- name: creating nginx pod + k8s: + state: present + src: /tmp/files/nginx/nginx.yaml + namespace: logging + +- name: creating nginx service + k8s: + state: present + src: /tmp/files/nginx/nginx-service.yaml + namespace: logging +#*********************************************************************************************************** +#Starting fluentd +#*********************************************************************************************************** +- name: creating fluentd configmap + k8s: + state: present + src: /tmp/files/fluentd/fluent-cm.yaml + namespace: logging + +- name: creating fluentd pod + k8s: + state: present + src: /tmp/files/fluentd/fluent.yaml + namespace: logging + +- name: creating fluentd service + k8s: + state: present + src: /tmp/files/fluentd/fluent-service.yaml + namespace: logging +#*********************************************************************************************************** +#Starting elastalert +#*********************************************************************************************************** +- name: creating elastalert config configmap + k8s: + state: present + src: /tmp/files/elastalert/ealert-conf-cm.yaml + namespace: logging + +- name: creating elastalert key configmap + k8s: + state: present + src: /tmp/files/elastalert/ealert-key-cm.yaml + namespace: logging + +- name: creating elastalert rule configmap + k8s: + state: present + src: /tmp/files/elastalert/ealert-rule-cm.yaml + namespace: logging + +- name: creating elastalert pod + k8s: + state: present + src: /tmp/files/elastalert/elastalert.yaml + namespace: logging + +#*********************************************************************************************************** +#removing /tmp/files +#*********************************************************************************************************** +- name: Removing /tmp/files + file: + path: "/tmp/files" + state: absent -- cgit 1.2.3-korg