Merge pull request #238 from sassoftware/f-iac-508

feat: (IAC-508) Viya 4 Monitoring replacing Elasticsearch with OpenSearch

docker-entrypoint.sh

@@ -20,4 +20,4 @@ do
 done
 
 echo  "Running: ansible-playbook $OPTS $@ playbooks/${PLAYBOOK}"
-exec ansible-playbook $OPTS $@ playbooks/${PLAYBOOK}
+ANSIBLE_STDOUT_CALLBACK=yaml exec ansible-playbook $OPTS $@ playbooks/${PLAYBOOK}

docs/CONFIG-VARS.md

@@ -135,7 +135,7 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create
 | Name | Description | Type | Default | Required | Notes | Tasks |
 | :--- | ---: | ---: | ---: | ---: | ---: | ---: |
 | V4M_VERSION | Branch or tag of [viya4-monitoring-kubernetes](https://github.com/sassoftware/viya4-monitoring-kubernetes) | string | stable | false | | cluster-logging, cluster-monitoring, viya-monitoring |
-| V4M_BASE_DOMAIN | Base domain in which subdomains for elasticsearch, kibana, grafana, prometheus and alertmanager will be created | string | | false | This or the per service fqdn's must be set | cluster-logging, cluster-monitoring, viya-monitoring |
+| V4M_BASE_DOMAIN | Base domain in which subdomains for search, dashboards, grafana, prometheus and alertmanager will be created | string | | false | This or the per service fqdn's must be set | cluster-logging, cluster-monitoring, viya-monitoring |
 | V4M_CERT | Path to tls certificate to use for all monitoring/logging services | string | | false | Alternately you can set the per service cert | cluster-logging, cluster-monitoring, viya-monitoring |
 | V4M_KEY | Path to tls key to use for all monitoring/logging services | string | | false | Alternately you can set the per service cert | cluster-logging, cluster-monitoring, viya-monitoring |
 | V4M_NODE_PLACEMENT_ENABLE | Enable workload node placement for viya4-monitoring-kubernetes stack | bool | false | false | | cluster-logging, cluster-monitoring, viya-monitoring |
@@ -164,17 +164,18 @@ When setting V4_CFG_MANAGE_STORAGE to true, A new storage classes will be create
 | Name | Description | Type | Default | Required | Notes | Tasks |
 | :--- | ---: | ---: | ---: | ---: | ---: | ---: |
 | V4M_LOGGING_NAMESPACE | Namespace for the logging resources | string | logging | false | | cluster-logging |
-| V4M_KIBANA_FQDN | FQDN to use for kibana ingress | string | kibana.<V4M_BASE_DOMAIN> | false | | cluster-logging |
-| V4M_KIBANA_CERT | Path to tls certificate to use for kibana ingress | string |<V4M_CERT> | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging |
-| V4M_KIBANA_KEY | Path to tls key to use for kibana ingress | string | <V4M_KEY> | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging |
-| V4M_KIBANA_PASSWORD | Kibana admin password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
-| V4M_KIBANASERVER_PASSWORD | Kibana server password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
+| V4M_KIBANA_FQDN | FQDN to use for dashboards ingress | string | dashboards.<V4M_BASE_DOMAIN> | false | | cluster-logging |
+| V4M_KIBANA_CERT | Path to tls certificate to use for dashboards ingress | string |<V4M_CERT> | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging |
+| V4M_KIBANA_KEY | Path to tls key to use for dashboards ingress | string | <V4M_KEY> | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging |
+| V4M_KIBANA_PASSWORD | Dashboards admin password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
+| V4M_KIBANASERVER_PASSWORD | Dashboards server password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
 | V4M_LOGCOLLECTOR_PASSWORD | Logcollector password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
 | V4M_METRICGETTER_PASSWORD | Metricgetter password | string | randomly generated | false | If not provided, a random password will be generated and written to the log output | cluster-logging |
 | | | | | | | |
-| V4M_ELASTICSEARCH_FQDN | FQDN to use for elasticsearch ingress  | string | elasticsearch.<V4M_BASE_DOMAIN> | false | | cluster-logging |
-| V4M_ELASTICSEARCH_CERT | Path to tls certificate to use for elasticsearch ingress | string |<V4M_CERT> | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging |
-| V4M_ELASTICSEARCH_KEY | Path to tls key to use for elasticsearch ingress | string | <V4M_KEY> | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging |
+| V4M_ELASTICSEARCH_FQDN | FQDN to use for search ingress  | string | search.<V4M_BASE_DOMAIN> | false | | cluster-logging |
+| V4M_ELASTICSEARCH_CERT | Path to tls certificate to use for search ingress | string |<V4M_CERT> | false | If both this and V4M_CERT are not set a self-signed cert will be used | cluster-logging |
+| V4M_ELASTICSEARCH_KEY | Path to tls key to use for search ingress | string | <V4M_KEY> | false | If both this and V4M_KEY are not set a self-signed cert will be used | cluster-logging |
+| V4M_OSD_NODEPORT_ENABLE |  If you want to make OpenSearch Dashboards accessible via NodePort, set the environment variable V4M_OSD_NODEPORT_ENABLE to true. OpenSearch Dashboards will be accessible from port 31034 | bool | false | false | | cluster-logging
 
 ## TLS
 
@@ -270,7 +271,7 @@ V4_CFG_POSTGRES_SERVERS:
 | V4_CFG_CLUSTER_NODE_POOL_MODE | What mode of cluster node pool to use | string | "standard" | false | [standard, minimal] | viya |
 | V4_CFG_EMBEDDED_LDAP_ENABLE | Deploy openldap in the namespace for authentication | bool | false | false | [Openldap Config](../roles/vdm/templates/generators/openldap-bootstrap-config.yaml) | viya |
 | V4_CFG_CONSUL_ENABLE_LOADBALANCER | Setup LB to access consul ui | bool | false | false | Consul ui port is 8500 | viya |
-| V4_CFG_ELASTICSEARCH_ENABLE | Enable opendistro elasticsearch | bool | true | false | When deploying LTS less than 2020.1 or Stable less than 2020.1.2 set to false | viya |
+| V4_CFG_ELASTICSEARCH_ENABLE | Enable opendistro search | bool | true | false | When deploying LTS less than 2020.1 or Stable less than 2020.1.2 set to false | viya |
 
 ## 3rd Party tools
 

docs/Troubleshooting.md

@@ -21,3 +21,24 @@ Example:
     -e TFSTATE=$HOME/viya4-iac-aws/terraform.tfstate \
     viya4-deployment --tags "baseline,viya,cluster-logging,cluster-monitoring,viya-monitoring,install" -vvv
   ```
+## Viya4 Monitoring and Logging
+### Symptom:
+While deploying Viya4 to a cluster with the "cluster-logging" and "install" Ansible task tags specified, the following error message is encountered.
+
+  ```bash
+TASK [monitoring : cluster-logging - deploy] ********************************************************************************
+fatal: [localhost]: FAILED! => changed=false
+  cmd: /home/user/.ansible/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh
+  msg: '[Errno 2] No such file or directory: b''/home/user/.ansible/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh'''
+  rc: 2
+
+PLAY RECAP ******************************************************************************************************************
+localhost                  : ok=52   changed=12   unreachable=0    failed=1    skipped=41   rescued=0    ignored=0
+  ```
+
+### Diagnosis:
+A release of sassoftware/viya4-monitoring-kubernetes prior to 1.2.0 was run by a release of sassoftware/viya4-deployment at release 4.13.0 or later.
+Releases of sassoftware/viya4-monitoring-kubernetes prior to 1.2.0 do not support the installation of OpenSearch logging software which sassoftware/viya4-deployment 4.13.0 or later will attempt to install.
+
+### Solution:
+When running DAC releases 4.13.0 or later, specify either the stable branch or a valid sassoftware/viya4-monitoring-kubernetes release tag of 1.2.0 or later for the value of the V4M_VERSION sassoftware/viya4-deployment variable, For more details on supported variables, refer to [CONFIG-VARS.md](./CONFIG-VARS.md)

roles/monitoring/defaults/main.yaml

@@ -8,19 +8,20 @@ V4M_NODE_PLACEMENT_ENABLE: false
 V4M_BASE_DOMAIN: "{{ V4_CFG_BASE_DOMAIN }}"
 V4M_CERT: null
 V4M_KEY: null
+V4M_KB_KNOWN_NODEPORT_ENABLE: false
 
 V4M_LOGGING_NAMESPACE: logging
 V4M_MONITORING_NAMESPACE: monitoring
 
-V4M_KIBANA_FQDN: "kibana.{{ V4M_BASE_DOMAIN }}"
+V4M_KIBANA_FQDN: "dashboards.{{ V4M_BASE_DOMAIN }}"
 V4M_KIBANA_CERT: "{{ V4M_CERT }}"
 V4M_KIBANA_KEY: "{{ V4M_KEY }}"
 V4M_KIBANA_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}"
 V4M_KIBANASERVER_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}"
 V4M_LOGCOLLECTOR_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}"
 V4M_METRICGETTER_PASSWORD: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') }}"
 
-V4M_ELASTICSEARCH_FQDN: "elasticsearch.{{ V4M_BASE_DOMAIN }}"
+V4M_ELASTICSEARCH_FQDN: "search.{{ V4M_BASE_DOMAIN }}"
 V4M_ELASTICSEARCH_CERT: "{{ V4M_CERT }}"
 V4M_ELASTICSEARCH_KEY: "{{ V4M_KEY }}"
 

roles/monitoring/tasks/cluster-logging.yaml

@@ -21,6 +21,15 @@
   tags:
     - install
 
+- name: Set password facts
+  set_fact:
+    V4M_KIBANA_PASSWORD: "{{ V4M_KIBANA_PASSWORD }}"
+    V4M_KIBANASERVER_PASSWORD: "{{ V4M_KIBANASERVER_PASSWORD }}"
+    V4M_LOGCOLLECTOR_PASSWORD: "{{ V4M_LOGCOLLECTOR_PASSWORD }}" 
+    V4M_METRICGETTER_PASSWORD: "{{ V4M_METRICGETTER_PASSWORD }}" 
+  tags:
+    - install
+
 - name: cluster-logging - save credentials
   set_fact: 
     "{{ logging_map['secret'][item.metadata.name] }}": "{{ item.data.password|b64decode }}"
@@ -35,17 +44,27 @@
 - name: cluster-logging - output credentials
   debug:
     msg:
-      - "Kibana admin  - username: admin,        password: {{ V4M_KIBANA_PASSWORD }}"
-      - "Kibana Server - username: kibanaserver, password: {{ V4M_KIBANASERVER_PASSWORD }}"
-      - "Log Collector - username: logcollector, password: {{ V4M_LOGCOLLECTOR_PASSWORD }}"
-      - "Metric Getter - username: metricgetter, password: {{ V4M_METRICGETTER_PASSWORD }}"
+      - "OpenSearch admin  - username: admin,                   password: {{ V4M_KIBANA_PASSWORD }}"
+      - "OpenSearch Dashboards Server - username: kibanaserver, password: {{ V4M_KIBANASERVER_PASSWORD }}"
+      - "Log Collector - username: logcollector,                password: {{ V4M_LOGCOLLECTOR_PASSWORD }}"
+      - "Metric Getter - username: metricgetter,                password: {{ V4M_METRICGETTER_PASSWORD }}"
+  tags:
+    - install
+
+- name: cluster-logging - opensearch user values
+  template:
+    src: "user-values-elasticsearch-opensearch.yaml"
+    dest: "{{ tmpdir.path }}/logging/user-values-opensearch.yaml"
+    mode: "0660"
   tags:
     - install
+    - update
+    - uninstall
 
-- name: cluster-logging - user values
+- name: cluster-logging - osd user values
   template:
-    src: "user-values-elasticsearch-open.yaml"
-    dest: "{{ tmpdir.path }}/logging/user-values-elasticsearch-open.yaml"
+    src: "user-values-osd-opensearch.yaml"
+    dest: "{{ tmpdir.path }}/logging/user-values-osd.yaml"
     mode: "0660"
   tags:
     - install
@@ -54,7 +73,7 @@
 
 - name: cluster-logging - deploy
   command:
-    cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging_open.sh"
+    cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/deploy_logging.sh"
   environment: "{{ logging_map['env'] }}"
   tags:
     - install
@@ -108,7 +127,7 @@
 
 - name: cluster-logging - uninstall
   command:
-    cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/remove_logging_open.sh"
+    cmd: "{{ tmpdir.path }}/viya4-monitoring-kubernetes/logging/bin/remove_logging.sh"
   environment: "{{ logging_map['env'] }}"
   tags:
     - uninstall

roles/monitoring/tasks/cluster-monitoring.yaml

@@ -21,6 +21,12 @@
     - install
     - update
 
+- name: Set password fact
+  set_fact:
+    V4M_GRAFANA_PASSWORD: "{{ V4M_GRAFANA_PASSWORD }}"
+  tags:
+    - install
+
 - name: cluster-monitoring - save credentials
   set_fact:
     V4M_GRAFANA_PASSWORD: "{{ monitoring_creds.resources[0].data['admin-password']|b64decode }}"

roles/monitoring/templates/user-values-elasticsearch-opensearch.yaml

@@ -0,0 +1,14 @@
+persistence:
+  storageClass: {{ V4M_STORAGECLASS }}
+ingress:
+  ingressClassName: nginx
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+  enabled: true
+  path: /
+  hosts:
+    - {{ V4M_ELASTICSEARCH_FQDN }}
+  tls:
+    - secretName: elasticsearch-ingress-tls-secret
+      hosts:
+        - {{ V4M_ELASTICSEARCH_FQDN }}

roles/monitoring/templates/user-values-osd-opensearch.yaml

@@ -0,0 +1,16 @@
+ingress:
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+  enabled: true
+  ingressClassName: nginx
+  hosts:
+    - host: {{ V4M_KIBANA_FQDN }}
+      paths:
+        - path: /
+          backend:
+            serviceName: v4m-osd
+            servicePort: 443
+  tls:
+    - secretName: kibana-ingress-tls-secret
+      hosts:
+        - {{ V4M_KIBANA_FQDN }}

roles/monitoring/vars/main.yaml

@@ -16,6 +16,7 @@ logging_map:
     ES_LOGCOLLECTOR_PASSWD: "{{ V4M_LOGCOLLECTOR_PASSWORD }}"
     ES_METRICGETTER_PASSWD: "{{ V4M_METRICGETTER_PASSWORD }}"
     LOG_NS: "{{ V4M_LOGGING_NAMESPACE }}"
+    KB_KNOWN_NODEPORT_ENABLE: "{{ V4M_KB_KNOWN_NODEPORT_ENABLE }}"
 
 monitoring_env:
   USER_DIR: "{{ tmpdir.path }}"