SSL and Logging Fixed (#69)

* Add Helm chart * Add 'tracectx.transactionid' to logging, add support for logstash formatted (json) logging * https://www.nomadproject.io/docs/internals/scheduling.html, add support for flat/text and logstash compatible logs files (to help with pushing logs to Elasticsearch), add persistent volume for Ansible RM, bump RM version * Revert changes to docker compose script, tidy up config file * Add missing PersistentVolume template, tidy up code * Minor Readme update * Minor values.yaml update * NFV-2455 #37 support https * Fix up logging import * NFV-2455 #37 fix up Kubernetes service ports to include https * NFV-2455 #37 remove bundled SSL certificate in favour of an SSL certificate "injected" by Kubernetes as a volume * NFV-2455 #37 make SSL optional (default to http) * NFV-2455 #37 change persistent volume directory names * NFV-2455 #37 change persistent volume directory names * Add README for Helm chart * NFV-2455 #37 fix up SSL configuration switch (boolean handling) * NFV-2455 #37 make http port the default, add information on how to install for https * Minor updates: allow Kubernetes SSL Nodeport for Ansible RM to be set explicitly, bump version number to 1.3.0 * Output Ansible logs to "main" log, make SSL enabled by default when installing with Helm, mount SSL secret volume only if SSL is enabled * Fix up version number to 1.3.2 * Fix up Docker image, update README
IBM · Mar 15, 2019 · cd9d6fa · cd9d6fa
1 parent 8f4390d
commit cd9d6fa
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 7 deletions.
diff --git a/ansible-adaptor/swagger_server/controllers/ans_handler.py b/ansible-adaptor/swagger_server/controllers/ans_handler.py
@@ -310,6 +310,7 @@ def run(self):
         run an ansible playbook (sync mode) and return Results
         """
         self.logger.info('ansible playbook run started')
+        self.pbex._tqm._stdout_callback = self.callback
         self.pbex.run()
         return self.callback.properties, self.callback.is_run_ok()
 
@@ -320,10 +321,14 @@ def run_async(self):
         self.logger.info(str(self.request_id) + ': ' + 'ansible playbook run started ' + self.started_at.isoformat())
 
         self.log_request_status('IN_PROGRESS', 'running playbook', '', '')
+        self.pbex._tqm._stdout_callback = self.callback
         self.pbex.run()
         self.finished_at = datetime.now()
         self.logger.info(str(self.request_id) + ': ' + 'ansible playbook run finished ' + self.finished_at.isoformat())
 
+        self.logger.debug("Ansible facts")
+        self.logger.debug(json.dumps(self.callback.facts))
+
         if self.callback.is_run_ok():
             self.logger.info(str(self.request_id) + ': ' + 'ansible ran OK')
 

diff --git a/helm/osslm-ansible-resource-manager/Chart.yaml b/helm/osslm-ansible-resource-manager/Chart.yaml
@@ -1,6 +1,6 @@
 name: osslm-ansible-resource-manager
-version: 1.3.1
-appVersion: 1.3.1
+version: 1.3.2
+appVersion: 1.3.2
 apiVersion: v1
 description: A Helm chart for the osslm-ansible-resource-manager
 # maintainers:

diff --git a/helm/osslm-ansible-resource-manager/README.md b/helm/osslm-ansible-resource-manager/README.md
@@ -41,7 +41,7 @@ NOTE: You can skip the need for persistent volumes by settings cassandra.persist
 Install Helm Chart
 
 ```
-helm install osslm-ansible-resource-manager-1.2.1.tgz --name osslm-ansible-rm --namespace default --values osslm-ansible-rm.values.yaml --debug
+helm install osslm-ansible-resource-manager-1.3.2.tgz --name osslm-ansible-rm --namespace default --values osslm-ansible-rm.values.yaml --debug
 #helm install osslm-ansible-resource-manager --name osslm-ansible-rm 
 ```
 

diff --git a/helm/osslm-ansible-resource-manager/templates/deployment.yaml b/helm/osslm-ansible-resource-manager/templates/deployment.yaml
@@ -33,7 +33,7 @@ spec:
           volumeMounts:
           - name: osslm-ansible-rm
             mountPath: /var/alm_ansible_rm
-          {{- if .Values.app.config.security.ssl.secretName }}
+          {{- if and .Values.app.config.security.ssl.enabled .Values.app.config.security.ssl.secretName }}
           - name: {{ .Values.app.config.security.ssl.secretName }}
             mountPath: /var/alm_ansible_rm/ssl
           {{- end }}

diff --git a/helm/osslm-ansible-resource-manager/templates/service.yaml b/helm/osslm-ansible-resource-manager/templates/service.yaml
@@ -18,5 +18,8 @@ spec:
     targetPort: 8443
     protocol: TCP
     name: https
+{{- if eq .Values.service.type "NodePort" }}
+    nodePort: {{ .Values.service.sslNodePort }}
+{{- end }}
   selector:
     app: osslm-ansible-rm
diff --git a/helm/osslm-ansible-resource-manager/values.yaml b/helm/osslm-ansible-resource-manager/values.yaml
@@ -1,8 +1,8 @@
 ## Docker Image for the osslm-ansible-rm application
 docker:
   ## Make this the full path, including registry host and port if using one
-  image: osslm-ansible-rm
-  version: 1.2.1
+  image: accanto/osslm-ansible-rm
+  version: 1.3.2
   imagePullPolicy: IfNotPresent
 
 ## Configuration for the application deployment
@@ -59,9 +59,10 @@ app:
       # us to bundle the log message and other metadata in a json log message and let Fielbeat extract them
       # as top level fields in the Elasticsearch index.
       LOG_TYPE: logstash
-      ssl_enabled: "false"
+      ssl_enabled: "true"
     security:
       ssl:
+        enabled: true
         secretName: osslm-ansible-rm-tls
 
 persistence:
@@ -75,6 +76,7 @@ service:
   # Using NodePort allows access to the IPs through http://k8s-host:nodePort/
   type: NodePort
   nodePort: 31080
+  sslNodePort: 31081
 
 cassandra:
   enabled: false