oadm ca create-server-cert --signer-cert=ca.crt --signer-key=ca.key --signer-serial=ca.serial.txt --hostnames=kibana.oc3.videonext.net --cert=kibana.crt --key=kibana.key
oc secrets new logging-deployer kibana.crt=kibana.crt kibana.key=kibana.key
[root@o3-master logging]# oc get pod/logging-deployer-67zp4 -w
NAME READY STATUS RESTARTS AGE
logging-deployer-67zp4 0/1 ContainerCreating 0 1m
logging-deployer-67zp4 1/1 Running 0 1m
logging-deployer-67zp4 0/1 Error 0 1m
[root@o3-master ~]# oc logs logging-deployer-67zp4
+ project=logging
+ mode=install
+ dir=/etc/deploy
+ secret_dir=/secret
+ master_url=https://kubernetes.default.svc.cluster.local
+ master_ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+ token_file=/var/run/secrets/kubernetes.io/serviceaccount/token
+ '[' -n 1 ']'
+ oc config set-cluster master --api-version=v1 --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt --server=https://kubernetes.default.svc.cluster.local
cluster "master" set.
++ cat /var/run/secrets/kubernetes.io/serviceaccount/token
+ oc config set-credentials account --token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJsb2dnaW5nIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImxvZ2dpbmctZGVwbG95ZXItdG9rZW4tcWE0bW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibG9nZ2luZy1kZXBsb3llciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjYzNzg5YzQ0LTIyYjEtMTFlNi1iZDM3LTUyNTQwMGQzNmE1YyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpsb2dnaW5nOmxvZ2dpbmctZGVwbG95ZXIifQ.b6rDEjuWXL3tFqfuoKbx4fKIvkeY9Y6R_utRHkwt0ZkWeoClSXquvDYUEZj6ngAIbz7XV3bs0lFm6my-l5_S4X12m84j4Ht-jdeo7n7wqUx2nS3cBSh8EISrueD0uVZZFABZt_xZiThLiHnBxAEN6OclxQ70Ehb96jgoQ4m4brmtlcsTNLogOK9pVGQ3ESfIKHSj0gvkDu3u97fDTLP5ibdstCxBUyhfdhEQRkMy0PZMuKv_giuDKASExWf-2qy-PcbTXTi6IM64Ccn0UHsIoz7_h-1kdxPufij4cIzN8el0BC_ZdnrShVnFOT125OpPo5qEf_WnFstWzOyROj9s6w
user "account" set.
+ oc config set-context current --cluster=master --user=account --namespace=logging
context "current" set.
+ oc config use-context current
switched to context "current".
+ for file in 'scripts/*.sh'
+ source scripts/install.sh
++ set -ex
+ for file in 'scripts/*.sh'
+ source scripts/upgrade.sh
++ set -ex
++ TIMES=300
++ fluentd_nodeselector=logging-infra-fluentd=true
+ for file in 'scripts/*.sh'
+ source scripts/util.sh
+ for file in 'scripts/*.sh'
+ source scripts/uuid_migrate.sh
+ case "${mode}" in
+ install_logging
+ initialize_install_vars
+ image_prefix=docker.io/openshift/origin-
+ image_version=latest
+ insecure_registry=false
+ hostname=kibana.oc3.videonext.net
+ ops_hostname=kibana-ops.example.com
+ public_master_url=https://o3-master.videonext.net:8443
+ es_instance_ram=1Gi
+ es_pvc_size=
+ es_pvc_prefix=logging-es-
+ es_cluster_size=1
+ es_node_quorum=1
+ es_recover_after_nodes=0
+ es_recover_expected_nodes=1
+ es_recover_after_time=5m
+ es_ops_instance_ram=8G
+ es_ops_pvc_size=
+ es_ops_pvc_prefix=logging-es-ops-
+ es_ops_cluster_size=1
+ es_ops_node_quorum=1
+ es_ops_recover_after_nodes=0
+ es_ops_recover_expected_nodes=1
+ es_ops_recover_after_time=5m
+ image_params=IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
+ generate_secrets
+ '[' '' '!=' true ']'
+ generate_signer_cert_and_conf
+ rm -rf /etc/deploy
rm: cannot remove '/etc/deploy': Permission denied
+ :
+ mkdir -p /secret
+ chmod 700 /secret
chmod: changing permissions of '/secret': Read-only file system
+ :
+ '[' -s /secret/ca.key ']'
++ date +%Y%m%d%H%M%S
+ openshift admin ca create-signer-cert --key=/etc/deploy/ca.key --cert=/etc/deploy/ca.crt --serial=/etc/deploy/ca.serial.txt --name=logging-signer-20160525195414
+ echo Generating signing configuration file
+ cat - conf/signing.conf
Generating signing configuration file
+ procure_server_cert kibana
+ local file=kibana hostnames=
+ '[' -s /secret/kibana.crt ']'
+ cp /secret/kibana.key /etc/deploy/kibana.key
+ cp /secret/kibana.crt /etc/deploy/kibana.crt
+ procure_server_cert kibana-ops
+ local file=kibana-ops hostnames=
+ '[' -s /secret/kibana-ops.crt ']'
+ '[' -n '' ']'
+ procure_server_cert kibana-internal kibana,kibana-ops,kibana.oc3.videonext.net,kibana-ops.example.com
+ local file=kibana-internal hostnames=kibana,kibana-ops,kibana.oc3.videonext.net,kibana-ops.example.com
+ '[' -s /secret/kibana-internal.crt ']'
+ '[' -n kibana,kibana-ops,kibana.oc3.videonext.net,kibana-ops.example.com ']'
+ openshift admin ca create-server-cert --key=/etc/deploy/kibana-internal.key --cert=/etc/deploy/kibana-internal.crt --hostnames=kibana,kibana-ops,kibana.oc3.videonext.net,kibana-ops.example.com --signer-cert=/etc/deploy/ca.crt --signer-key=/etc/deploy/ca.key --signer-serial=/etc/deploy/ca.serial.txt
+ '[' -s /secret/server-tls.json ']'
+ cp conf/server-tls.json /etc/deploy
+ cat /dev/null
+ cat /dev/null
+ fluentd_user=system.logging.fluentd
+ kibana_user=system.logging.kibana
+ curator_user=system.logging.curator
+ admin_user=system.admin
+ generate_PEM_cert system.logging.fluentd
+ NODE_NAME=system.logging.fluentd
+ dir=/etc/deploy
+ echo Generating keystore and certificate for node system.logging.fluentd
Generating keystore and certificate for node system.logging.fluentd
+ openssl req -out /etc/deploy/system.logging.fluentd.csr -new -newkey rsa:2048 -keyout /etc/deploy/system.logging.fluentd.key -subj /CN=system.logging.fluentd/OU=OpenShift/O=Logging/L=Test/C=DE -days 712 -nodes
Generating a 2048 bit RSA private key
...........................................................................................+++
................................................................................................+++
writing new private key to '/etc/deploy/system.logging.fluentd.key'
-----
+ echo Sign certificate request with CA
Sign certificate request with CA
+ openssl ca -in /etc/deploy/system.logging.fluentd.csr -notext -out /etc/deploy/system.logging.fluentd.crt -config /etc/deploy/signing.conf -extensions v3_req -batch -extensions server_ext
Using configuration from /etc/deploy/signing.conf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: May 25 19:54:18 2016 GMT
Not After : May 25 19:54:18 2018 GMT
Subject:
countryName = DE
localityName = Test
organizationName = Logging
organizationalUnitName = OpenShift
commonName = system.logging.fluentd
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
E6:16:3D:33:C7:95:FE:F8:2C:66:B6:15:FD:FB:D8:35:DB:E7:7F:7B
X509v3 Authority Key Identifier:
0.
Certificate is to be certified until May 25 19:54:18 2018 GMT (730 days)
Write out database with 1 new entries
Data Base Updated
+ generate_PEM_cert system.logging.kibana
+ NODE_NAME=system.logging.kibana
+ dir=/etc/deploy
+ echo Generating keystore and certificate for node system.logging.kibana
Generating keystore and certificate for node system.logging.kibana
+ openssl req -out /etc/deploy/system.logging.kibana.csr -new -newkey rsa:2048 -keyout /etc/deploy/system.logging.kibana.key -subj /CN=system.logging.kibana/OU=OpenShift/O=Logging/L=Test/C=DE -days 712 -nodes
Generating a 2048 bit RSA private key
...................................................+++
.......................................+++
writing new private key to '/etc/deploy/system.logging.kibana.key'
-----
+ echo Sign certificate request with CA
+ openssl ca -in /etc/deploy/system.logging.kibana.csr -notext -out /etc/deploy/system.logging.kibana.crt -config /etc/deploy/signing.conf -extensions v3_req -batch -extensions server_ext
Sign certificate request with CA
Using configuration from /etc/deploy/signing.conf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 3 (0x3)
Validity
Not Before: May 25 19:54:18 2016 GMT
Not After : May 25 19:54:18 2018 GMT
Subject:
countryName = DE
localityName = Test
organizationName = Logging
organizationalUnitName = OpenShift
commonName = system.logging.kibana
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
DE:32:BA:34:4F:D5:34:7C:DA:F4:F2:1B:4C:76:28:E0:D5:46:88:96
X509v3 Authority Key Identifier:
0.
Certificate is to be certified until May 25 19:54:18 2018 GMT (730 days)
Write out database with 1 new entries
Data Base Updated
+ generate_PEM_cert system.logging.curator
+ NODE_NAME=system.logging.curator
+ dir=/etc/deploy
+ echo Generating keystore and certificate for node system.logging.curator
Generating keystore and certificate for node system.logging.curator
+ openssl req -out /etc/deploy/system.logging.curator.csr -new -newkey rsa:2048 -keyout /etc/deploy/system.logging.curator.key -subj /CN=system.logging.curator/OU=OpenShift/O=Logging/L=Test/C=DE -days 712 -nodes
Generating a 2048 bit RSA private key
...............+++
..................................+++
writing new private key to '/etc/deploy/system.logging.curator.key'
-----
+ echo Sign certificate request with CA
Sign certificate request with CA
+ openssl ca -in /etc/deploy/system.logging.curator.csr -notext -out /etc/deploy/system.logging.curator.crt -config /etc/deploy/signing.conf -extensions v3_req -batch -extensions server_ext
Using configuration from /etc/deploy/signing.conf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4 (0x4)
Validity
Not Before: May 25 19:54:19 2016 GMT
Not After : May 25 19:54:19 2018 GMT
Subject:
countryName = DE
localityName = Test
organizationName = Logging
organizationalUnitName = OpenShift
commonName = system.logging.curator
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
D5:31:7F:3F:70:BB:60:E1:F8:C2:6D:7B:F1:6C:04:F9:0D:35:D6:F7
X509v3 Authority Key Identifier:
0.
Certificate is to be certified until May 25 19:54:19 2018 GMT (730 days)
Write out database with 1 new entries
Data Base Updated
+ generate_PEM_cert system.admin
+ NODE_NAME=system.admin
+ dir=/etc/deploy
+ echo Generating keystore and certificate for node system.admin
Generating keystore and certificate for node system.admin
+ openssl req -out /etc/deploy/system.admin.csr -new -newkey rsa:2048 -keyout /etc/deploy/system.admin.key -subj /CN=system.admin/OU=OpenShift/O=Logging/L=Test/C=DE -days 712 -nodes
Generating a 2048 bit RSA private key
....+++
..................................+++
writing new private key to '/etc/deploy/system.admin.key'
-----
+ echo Sign certificate request with CA
+ openssl ca -in /etc/deploy/system.admin.csr -notext -out /etc/deploy/system.admin.crt -config /etc/deploy/signing.conf -extensions v3_req -batch -extensions server_ext
Sign certificate request with CA
Using configuration from /etc/deploy/signing.conf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 5 (0x5)
Validity
Not Before: May 25 19:54:19 2016 GMT
Not After : May 25 19:54:19 2018 GMT
Subject:
countryName = DE
localityName = Test
organizationName = Logging
organizationalUnitName = OpenShift
commonName = system.admin
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
96:D4:5D:8D:EA:35:50:D5:8F:15:95:11:06:FF:3E:6E:F0:F2:1F:94
X509v3 Authority Key Identifier:
0.
Certificate is to be certified until May 25 19:54:19 2018 GMT (730 days)
Write out database with 1 new entries
Data Base Updated
++ join , logging-es logging-es.logging.svc.cluster.local logging-es-cluster logging-es-cluster.logging.svc.cluster.local logging-es-ops logging-es-ops.logging.svc.cluster.local logging-es-ops-cluster logging-es-ops-cluster.logging.svc.cluster.local
++ local IFS=,
++ shift
++ echo logging-es,logging-es.logging.svc.cluster.local,logging-es-cluster,logging-es-cluster.logging.svc.cluster.local,logging-es-ops,logging-es-ops.logging.svc.cluster.local,logging-es-ops-cluster,logging-es-ops-cluster.logging.svc.cluster.local
+ generate_JKS_chain logging-es logging-es,logging-es.logging.svc.cluster.local,logging-es-cluster,logging-es-cluster.logging.svc.cluster.local,logging-es-ops,logging-es-ops.logging.svc.cluster.local,logging-es-ops-cluster,logging-es-ops-cluster.logging.svc.cluster.local
+ dir=/etc/deploy
+ NODE_NAME=logging-es
+ CERT_NAMES=logging-es,logging-es.logging.svc.cluster.local,logging-es-cluster,logging-es-cluster.logging.svc.cluster.local,logging-es-ops,logging-es-ops.logging.svc.cluster.local,logging-es-ops-cluster,logging-es-ops-cluster.logging.svc.cluster.local
+ ks_pass=kspass
+ ts_pass=tspass
+ rm -rf logging-es
+ extension_names=
+ for name in '${CERT_NAMES//,/ }'
+ extension_names=,dns:logging-es
+ for name in '${CERT_NAMES//,/ }'
+ extension_names=,dns:logging-es,dns:logging-es.logging.svc.cluster.local
+ for name in '${CERT_NAMES//,/ }'
+ extension_names=,dns:logging-es,dns:logging-es.logging.svc.cluster.local,dns:logging-es-cluster
+ for name in '${CERT_NAMES//,/ }'
+ extension_names=,dns:logging-es,dns:logging-es.logging.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.logging.svc.cluster.local
+ for name in '${CERT_NAMES//,/ }'
+ extension_names=,dns:logging-es,dns:logging-es.logging.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.logging.svc.cluster.local,dns:logging-es-ops
+ for name in '${CERT_NAMES//,/ }'
+ extension_names=,dns:logging-es,dns:logging-es.logging.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.logging.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.logging.svc.cluster.local
+ for name in '${CERT_NAMES//,/ }'
+ extension_names=,dns:logging-es,dns:logging-es.logging.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.logging.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.logging.svc.cluster.local,dns:logging-es-ops-cluster
+ for name in '${CERT_NAMES//,/ }'
+ extension_names=,dns:logging-es,dns:logging-es.logging.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.logging.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.logging.svc.cluster.local,dns:logging-es-ops-cluster,dns:logging-es-ops-cluster.logging.svc.cluster.local
+ echo Generating keystore and certificate for node logging-es
Generating keystore and certificate for node logging-es
+ /bin/keytool -genkey -alias logging-es -keystore /etc/deploy/keystore.jks -keypass kspass -storepass kspass -keyalg RSA -keysize 2048 -validity 712 -dname 'CN=logging-es, OU=SSL, O=Test, L=Test, C=DE' -ext san=dns:localhost,ip:127.0.0.1,dns:logging-es,dns:logging-es.logging.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.logging.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.logging.svc.cluster.local,dns:logging-es-ops-cluster,dns:logging-es-ops-cluster.logging.svc.cluster.local
Generating certificate signing request for node logging-es
+ echo Generating certificate signing request for node logging-es
+ /bin/keytool -certreq -alias logging-es -keystore /etc/deploy/keystore.jks -storepass kspass -file /etc/deploy/logging-es.csr -keyalg rsa -dname 'CN=logging-es, OU=SSL, O=Test, L=Test, C=DE' -ext san=dns:localhost,ip:127.0.0.1,dns:logging-es,dns:logging-es.logging.svc.cluster.local,dns:logging-es-cluster,dns:logging-es-cluster.logging.svc.cluster.local,dns:logging-es-ops,dns:logging-es-ops.logging.svc.cluster.local,dns:logging-es-ops-cluster,dns:logging-es-ops-cluster.logging.svc.cluster.local
+ echo Sign certificate request with CA
+ openssl ca -in /etc/deploy/logging-es.csr -notext -out /etc/deploy/logging-es.crt -config /etc/deploy/signing.conf -extensions v3_req -batch -extensions server_ext
Sign certificate request with CA
Using configuration from /etc/deploy/signing.conf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 6 (0x6)
Validity
Not Before: May 25 19:54:23 2016 GMT
Not After : May 25 19:54:23 2018 GMT
Subject:
countryName = DE
localityName = Test
organizationName = Test
organizationalUnitName = SSL
commonName = logging-es
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
BA:18:A4:E2:C1:7E:5F:CF:47:D1:27:E6:EB:F0:8F:76:41:02:CE:BC
X509v3 Authority Key Identifier:
0.
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1, DNS:logging-es, DNS:logging-es.logging.svc.cluster.local, DNS:logging-es-cluster, DNS:logging-es-cluster.logging.svc.cluster.local, DNS:logging-es-ops, DNS:logging-es-ops.logging.svc.cluster.local, DNS:logging-es-ops-cluster, DNS:logging-es-ops-cluster.logging.svc.cluster.local
Certificate is to be certified until May 25 19:54:23 2018 GMT (730 days)
Write out database with 1 new entries
Data Base Updated
+ echo 'Import back to keystore (including CA chain)'
Import back to keystore (including CA chain)
+ /bin/keytool -import -file /etc/deploy/ca.crt -keystore /etc/deploy/keystore.jks -storepass kspass -noprompt -alias sig-ca
Certificate was added to keystore
+ /bin/keytool -import -file /etc/deploy/logging-es.crt -keystore /etc/deploy/keystore.jks -storepass kspass -noprompt -alias logging-es
Certificate reply was installed in keystore
+ echo 'Import CA to truststore for validating client certs'
+ /bin/keytool -import -file /etc/deploy/ca.crt -keystore /etc/deploy/truststore.jks -storepass tspass -noprompt -alias sig-ca
Import CA to truststore for validating client certs
Certificate was added to keystore
+ echo All done for logging-es
All done for logging-es
+ openssl rand 16
+ openssl enc -aes-128-cbc -nosalt -out /etc/deploy/searchguard_node_key.key -pass pass:pass
+ cat /dev/urandom
+ tr -dc a-zA-Z0-9
+ fold -w 200
+ head -n 1
+ cat /dev/urandom
+ tr -dc a-zA-Z0-9
+ fold -w 64
+ head -n 1
Deleting secrets
+ echo 'Deleting secrets'
+ oc delete secret logging-fluentd logging-elasticsearch logging-kibana logging-kibana-proxy logging-kibana-ops-proxy logging-curator logging-curator-ops
Error from server: secrets "logging-fluentd" not found
Error from server: secrets "logging-elasticsearch" not found
Error from server: secrets "logging-kibana" not found
Error from server: secrets "logging-kibana-proxy" not found
Error from server: secrets "logging-kibana-ops-proxy" not found
Error from server: secrets "logging-curator" not found
Error from server: secrets "logging-curator-ops" not found
+ :
+ echo 'Creating secrets'
+ oc secrets new logging-elasticsearch key=/etc/deploy/keystore.jks truststore=/etc/deploy/truststore.jks searchguard.key=/etc/deploy/searchguard_node_key.key admin-key=/etc/deploy/system.admin.key admin-cert=/etc/deploy/system.admin.crt admin-ca=/etc/deploy/ca.crt
Creating secrets
secret/logging-elasticsearch
+ oc secrets new logging-kibana ca=/etc/deploy/ca.crt key=/etc/deploy/system.logging.kibana.key cert=/etc/deploy/system.logging.kibana.crt
secret/logging-kibana
+ oc secrets new logging-kibana-proxy oauth-secret=/etc/deploy/oauth-secret session-secret=/etc/deploy/session-secret server-key=/etc/deploy/kibana-internal.key server-cert=/etc/deploy/kibana-internal.crt server-tls.json=/etc/deploy/server-tls.json
secret/logging-kibana-proxy
+ oc secrets new logging-fluentd ca=/etc/deploy/ca.crt key=/etc/deploy/system.logging.fluentd.key cert=/etc/deploy/system.logging.fluentd.crt
secret/logging-fluentd
+ oc secrets new logging-curator ca=/etc/deploy/ca.crt key=/etc/deploy/system.logging.curator.key cert=/etc/deploy/system.logging.curator.crt
secret/logging-curator
+ oc secrets new logging-curator-ops ca=/etc/deploy/ca.crt key=/etc/deploy/system.logging.curator.key cert=/etc/deploy/system.logging.curator.crt
secret/logging-curator-ops
+ echo 'Attaching secrets to service accounts'
+ oc secrets add serviceaccount/aggregated-logging-kibana logging-kibana logging-kibana-proxy
Attaching secrets to service accounts
+ oc secrets add serviceaccount/aggregated-logging-elasticsearch logging-elasticsearch
+ oc secrets add serviceaccount/aggregated-logging-fluentd logging-fluentd
+ oc secrets add serviceaccount/aggregated-logging-curator logging-curator
+ '[' -n '' ']'
+ generate_support_objects
++ cat /etc/deploy/oauth-secret
+ oc new-app -f templates/support.yaml --param OAUTH_SECRET=sZl5tjf5SOdvGwZ9RAlfCzPdvzplkMVOREr0KrYlMgLvjBPSw1GwjfGg5rrMJPWb --param KIBANA_HOSTNAME=kibana.oc3.videonext.net --param KIBANA_OPS_HOSTNAME=kibana-ops.example.com --param IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin- --param INSECURE_REGISTRY=false
--> Deploying template logging-support-template-maker for "templates/support.yaml"
With parameters:
OAUTH_SECRET=sZl5tjf5SOdvGwZ9RAlfCzPdvzplkMVOREr0KrYlMgLvjBPSw1GwjfGg5rrMJPWb
KIBANA_HOSTNAME=kibana.oc3.videonext.net
KIBANA_OPS_HOSTNAME=kibana-ops.example.com
IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
INSECURE_REGISTRY=false
--> Creating resources ...
template "logging-support-template" created
template "logging-imagestream-template" created
template "logging-pvc-template" created
--> Success
Run 'oc status' to view your app.
+ oc new-app logging-support-template
--> Deploying template logging-support-template for "logging-support-template"
--> Creating resources ...
service "logging-es" created
service "logging-es-cluster" created
service "logging-es-ops" created
service "logging-es-ops-cluster" created
service "logging-kibana" created
service "logging-kibana-ops" created
oauthclient "kibana-proxy" created
--> Success
Run 'oc status' to view your app.
+ kibana_keys=
+ '[' -e /etc/deploy/kibana.crt ']'
+ kibana_keys='--cert=/etc/deploy/kibana.crt --key=/etc/deploy/kibana.key'
+ oc create route reencrypt --service=logging-kibana --hostname=kibana.oc3.videonext.net --dest-ca-cert=/etc/deploy/ca.crt --ca-cert=/etc/deploy/ca.crt --cert=/etc/deploy/kibana.crt --key=/etc/deploy/kibana.key
route "logging-kibana" created
+ kibana_keys=
+ '[' -e /etc/deploy/kibana-ops.crt ']'
+ oc create route reencrypt --service=logging-kibana-ops --hostname=kibana-ops.example.com --dest-ca-cert=/etc/deploy/ca.crt --ca-cert=/etc/deploy/ca.crt
route "logging-kibana-ops" created
+ generate_templates
+ echo '(Re-)Creating templates'
+ generate_es_template
+ create_template_optional_nodeselector '' es --param ES_CLUSTER_NAME=es --param ES_INSTANCE_RAM=1Gi --param ES_NODE_QUORUM=1 --param ES_RECOVER_AFTER_NODES=0 --param ES_RECOVER_EXPECTED_NODES=1 --param ES_RECOVER_AFTER_TIME=5m --param IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
+ local nodeselector=
+ shift
+ local template=es
+ shift
+ cp templates/es.yaml /etc/deploy/es.yaml
(Re-)Creating templates
+ [[ -n '' ]]
+ oc new-app -f /etc/deploy/es.yaml --param ES_CLUSTER_NAME=es --param ES_INSTANCE_RAM=1Gi --param ES_NODE_QUORUM=1 --param ES_RECOVER_AFTER_NODES=0 --param ES_RECOVER_EXPECTED_NODES=1 --param ES_RECOVER_AFTER_TIME=5m --param IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
--> Deploying template logging-elasticsearch-template-maker for "/etc/deploy/es.yaml"
With parameters:
ES_CLUSTER_NAME=es
ES_INSTANCE_RAM=1Gi
ES_NODE_QUORUM=1
ES_RECOVER_AFTER_NODES=0
ES_RECOVER_EXPECTED_NODES=1
ES_RECOVER_AFTER_TIME=5m
IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
IMAGE_VERSION_DEFAULT=latest
--> Creating resources ...
template "logging-es-template" created
--> Success
Run 'oc status' to view your app.
+ '[' false == true ']'
+ generate_kibana_template
+ create_template_optional_nodeselector '' kibana --param OAP_PUBLIC_MASTER_URL=https://o3-master.videonext.net:8443 --param OAP_MASTER_URL=https://kubernetes.default.svc.cluster.local --param IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
+ local nodeselector=
+ shift
+ local template=kibana
+ shift
+ cp templates/kibana.yaml /etc/deploy/kibana.yaml
+ [[ -n '' ]]
+ oc new-app -f /etc/deploy/kibana.yaml --param OAP_PUBLIC_MASTER_URL=https://o3-master.videonext.net:8443 --param OAP_MASTER_URL=https://kubernetes.default.svc.cluster.local --param IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
--> Deploying template logging-kibana-template-maker for "/etc/deploy/kibana.yaml"
With parameters:
KIBANA_DEPLOY_NAME=kibana
OAP_MASTER_URL=https://kubernetes.default.svc.cluster.local
OAP_PUBLIC_MASTER_URL=https://o3-master.videonext.net:8443
ES_HOST=logging-es
ES_PORT=9200
OAP_DEBUG=false
IMAGE_VERSION_DEFAULT=latest
IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
--> Creating resources ...
template "logging-kibana-template" created
--> Success
Run 'oc status' to view your app.
+ '[' false == true ']'
+ generate_curator_template
+ create_template_optional_nodeselector '' curator --param ES_HOST=logging-es --param MASTER_URL=https://kubernetes.default.svc.cluster.local --param CURATOR_DEPLOY_NAME=curator --param IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
+ local nodeselector=
+ shift
+ local template=curator
+ shift
+ cp templates/curator.yaml /etc/deploy/curator.yaml
+ [[ -n '' ]]
+ oc new-app -f /etc/deploy/curator.yaml --param ES_HOST=logging-es --param MASTER_URL=https://kubernetes.default.svc.cluster.local --param CURATOR_DEPLOY_NAME=curator --param IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
--> Deploying template logging-curator-template-maker for "/etc/deploy/curator.yaml"
With parameters:
CURATOR_DEPLOY_NAME=curator
MASTER_URL=https://kubernetes.default.svc.cluster.local
ES_HOST=logging-es
ES_PORT=9200
ES_CLIENT_CERT=/etc/curator/keys/cert
ES_CLIENT_KEY=/etc/curator/keys/key
ES_CA=/etc/curator/keys/ca
CURATOR_DEFAULT_DAYS=30
CURATOR_CONF_LOCATION=/etc/curator
CURATOR_RUN_HOUR=0
CURATOR_RUN_MINUTE=0
IMAGE_VERSION_DEFAULT=latest
IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
--> Creating resources ...
template "logging-curator-template" created
--> Success
Run 'oc status' to view your app.
+ '[' false == true ']'
+ generate_fluentd_template
+ es_host=logging-es
+ es_ops_host=logging-es
+ '[' false == true ']'
+ create_template_optional_nodeselector logging-infra-fluentd=true fluentd --param ES_HOST=logging-es --param OPS_HOST=logging-es --param MASTER_URL=https://kubernetes.default.svc.cluster.local --param IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
+ local nodeselector=logging-infra-fluentd=true
+ shift
+ local template=fluentd
+ shift
+ cp templates/fluentd.yaml /etc/deploy/fluentd.yaml
+ [[ -n logging-infra-fluentd=true ]]
++ extract_nodeselector logging-infra-fluentd=true
++ local inputstring=logging-infra-fluentd=true
++ selectors=()
++ local selectors
++ for keyvalstr in '${inputstring//\,/ }'
++ keyval=(${keyvalstr//=/ })
++ [[ -n logging-infra-fluentd ]]
++ [[ -n true ]]
++ selectors+=("\"${keyval[0]}\": \"${keyval[1]}\"")
++ [[ 1 -gt 0 ]]
+++ join , '"logging-infra-fluentd": "true"'
+++ local IFS=,
+++ shift
+++ echo '"logging-infra-fluentd": "true"'
++ echo nodeSelector: '{' '"logging-infra-fluentd":' '"true"' '}'
+ sed '/serviceAccountName/ i\ nodeSelector: { "logging-infra-fluentd": "true" }' templates/fluentd.yaml
+ oc new-app -f /etc/deploy/fluentd.yaml --param ES_HOST=logging-es --param OPS_HOST=logging-es --param MASTER_URL=https://kubernetes.default.svc.cluster.local --param IMAGE_VERSION_DEFAULT=latest,IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
--> Deploying template logging-fluentd-template-maker for "/etc/deploy/fluentd.yaml"
With parameters:
MASTER_URL=https://kubernetes.default.svc.cluster.local
ES_HOST=logging-es
ES_PORT=9200
ES_CLIENT_CERT=/etc/fluent/keys/cert
ES_CLIENT_KEY=/etc/fluent/keys/key
ES_CA=/etc/fluent/keys/ca
OPS_HOST=logging-es
OPS_PORT=9200
OPS_CLIENT_CERT=/etc/fluent/keys/cert
OPS_CLIENT_KEY=/etc/fluent/keys/key
OPS_CA=/etc/fluent/keys/ca
ES_COPY=false
ES_COPY_HOST=
ES_COPY_PORT=
ES_COPY_SCHEME=https
ES_COPY_CLIENT_CERT=
ES_COPY_CLIENT_KEY=
ES_COPY_CA=
ES_COPY_USERNAME=
ES_COPY_PASSWORD=
OPS_COPY_HOST=
OPS_COPY_PORT=
OPS_COPY_SCHEME=https
OPS_COPY_CLIENT_CERT=
OPS_COPY_CLIENT_KEY=
OPS_COPY_CA=
OPS_COPY_USERNAME=
OPS_COPY_PASSWORD=
IMAGE_PREFIX_DEFAULT=docker.io/openshift/origin-
IMAGE_VERSION_DEFAULT=latest
--> Creating resources ...
template "logging-fluentd-template" created
--> Success
Run 'oc status' to view your app.
+ generate_objects
+ echo '(Re-)Creating deployed objects'
+ oc new-app logging-imagestream-template
(Re-)Creating deployed objects
--> Deploying template logging-imagestream-template for "logging-imagestream-template"
With parameters:
IMAGE_PREFIX=docker.io/openshift/origin-
--> Creating resources ...
imagestream "logging-auth-proxy" created
imagestream "logging-elasticsearch" created
imagestream "logging-fluentd" created
imagestream "logging-kibana" created
imagestream "logging-curator" created
--> Success
Run 'oc status' to view your app.
+ generate_es
+ pvcs=()
+ declare -A pvcs
++ oc get persistentvolumeclaim '--template={{range .items}}{{.metadata.name}} {{end}}'
+ (( n=1 ))
+ (( n<=1 ))
+ pvc=logging-es-1
+ '[' '' '!=' 1 -a '' '!=' '' ']'
+ '[' '' = 1 ']'
+ oc new-app logging-es-template
error: error processing template logging/logging-es-template: [unable to parse quantity's suffix]
[root@o3-master ~]#