diff options
author | Suren A. Chilingaryan <csa@suren.me> | 2018-04-14 02:09:54 +0200 |
---|---|---|
committer | Suren A. Chilingaryan <csa@suren.me> | 2018-04-14 02:09:54 +0200 |
commit | 110ae6da8d80b63a068f4537383e775d958cf9a9 (patch) | |
tree | 1e3e84f1245d48518e0147400c6a3c624db10ee5 /roles | |
parent | 5b9f90a1b410a0464eaad713c00b287174da80d2 (diff) | |
download | ands-110ae6da8d80b63a068f4537383e775d958cf9a9.tar.gz ands-110ae6da8d80b63a068f4537383e775d958cf9a9.tar.bz2 ands-110ae6da8d80b63a068f4537383e775d958cf9a9.tar.xz ands-110ae6da8d80b63a068f4537383e775d958cf9a9.zip |
Provide support for global OpenShift resources (ClusterRoles, etc.)
Diffstat (limited to 'roles')
-rw-r--r-- | roles/ands_kaas/00-local-volumes.yml.j2 | 67 | ||||
-rw-r--r-- | roles/ands_kaas/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/ands_kaas/tasks/oc.yml | 2 | ||||
-rw-r--r-- | roles/ands_kaas/tasks/template.yml | 2 | ||||
-rw-r--r-- | roles/ands_openshift/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/ands_openshift/tasks/projects.yml | 4 | ||||
-rw-r--r-- | roles/ands_openshift/tasks/projects_resources.yml | 20 | ||||
-rw-r--r-- | roles/ands_openshift/tasks/resources.yml | 9 | ||||
-rw-r--r-- | roles/ands_openshift/tasks/users_resources.yml | 21 |
9 files changed, 37 insertions, 92 deletions
diff --git a/roles/ands_kaas/00-local-volumes.yml.j2 b/roles/ands_kaas/00-local-volumes.yml.j2 deleted file mode 100644 index 8d1a1c8..0000000 --- a/roles/ands_kaas/00-local-volumes.yml.j2 +++ /dev/null @@ -1,67 +0,0 @@ ---- -apiVersion: v1 -kind: Template -metadata: - name: {{ kaas_project }}-local-volumes - annotations: - descriptions: "{{ kaas_project }} local volumes" -objects: -{% for name, vol in kaas_project_local_volumes.iteritems() %} -{% set voltypes = kaas_storage_domains | json_query("[*].volumes." + vol.volume + ".type") %} -{% set voltype = voltypes[0] | default('host') %} -{% set mntpaths = kaas_storage_domains | json_query("[*].volumes." + vol.volume + ".mount") %} -{% set mntpath = mntpaths[0] | default('') %} -{% set oc_name = vol.name | default(name) | regex_replace('_','-') %} -{% set cfgpath = vol.path | default("") %} -{% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %} -{% if oc_name | regex_search("^" + kaas_project) %} -{% set pvprefix = oc_name %} -{% else %} -{% set pvprefix = (kaas_project + "-" + oc_name) | regex_replace('_','-') %} -{% endif %} -{% set i = 0 %} -{% for id in vol.nodes | default(hostvars[inventory_hostname]['ands_volume_' + vol.volume + '_server_ids']) %} -{% set srvid = (id | string) %} -{% set server_name = hostvars[inventory_hostname]['ands_host_' + srvid + '_public_hostname'] %} -{% set openshift_name = hostvars[inventory_hostname]['ands_host_' + srvid + '_openshift_fqdn'] %} -{% set pvname = pvprefix + '-' + server_name %} -{% set pvcname = oc_name + '-' + (i|string) %} - - apiVersion: v1 - kind: PersistentVolume - metadata: - name: {{ pvname }} - annotations: - "volume.alpha.kubernetes.io/node-affinity": '{ - "requiredDuringSchedulingIgnoredDuringExecution": { - "nodeSelectorTerms": [ - { "matchExpressions": [ { "key": "kubernetes.io/hostname", "operator": "In", "values": ["{{ openshift_name }}"] } ]} - ] - } - }' - spec: - storageClassName: kaas-local-storage - persistentVolumeReclaimPolicy: Retain - local: - path: "{{ mntpath }}{{ path }}" - readOnly: {{ not (vol.write | default(false)) }} - accessModes: - - ReadWriteOnce - capacity: - storage: {{ vol.capacity | default(kaas_default_volume_capacity) }} - claimRef: - name: {{ pvcname }} - namespace: {{ kaas_project }} - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: {{ pvcname }} - spec: - volumeName: {{ pvname }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ vol.capacity | default(kaas_default_volume_capacity) }} -{% set i = i + 1 %} -{% endfor %} -{% endfor %} diff --git a/roles/ands_kaas/tasks/main.yml b/roles/ands_kaas/tasks/main.yml index f1cff02..fed0525 100644 --- a/roles/ands_kaas/tasks/main.yml +++ b/roles/ands_kaas/tasks/main.yml @@ -7,6 +7,6 @@ loop_control: loop_var: kaas_project vars: - do_subrole: "{{ subrole | default('project') }}" + do_subrole: "{{ kaas_subrole | default(subrole | default('project')) }}" kaas_template_path: "{{ kaas_template_root }}/{{ kaas_project }}" kaas_project_path: "{{playbook_dir}}/projects/{{ kaas_project }}" diff --git a/roles/ands_kaas/tasks/oc.yml b/roles/ands_kaas/tasks/oc.yml index d3504f8..9b17c3b 100644 --- a/roles/ands_kaas/tasks/oc.yml +++ b/roles/ands_kaas/tasks/oc.yml @@ -6,5 +6,5 @@ vars: resource: "{{ ocitem.resource | default('') }}" command: "{{ ocitem.oc }}" - project: "{{ kaas_project }}" + project: "{{ kaas_namespace | default(kaas_project) }}" recreate: "{{ ocitem.recreate | default(false) }}" diff --git a/roles/ands_kaas/tasks/template.yml b/roles/ands_kaas/tasks/template.yml index 841c80e..89c30e0 100644 --- a/roles/ands_kaas/tasks/template.yml +++ b/roles/ands_kaas/tasks/template.yml @@ -19,7 +19,7 @@ dest_name: "{{ (appname is defined) | ternary ( '90-' + (appname | default('')) + '.yml', default_name ) }}" template: "{{ dest_name }}" template_path: "{{ kaas_template_path }}" - project: "{{ kaas_project }}" + project: "{{ kaas_namespace | default(kaas_project) }}" recreate: "{{ result | changed | ternary (delete | default(true) | ternary(true, false), false) }}" replace: "{{ result | changed | ternary (delete | default(true) | ternary(false, true), false) }}" diff --git a/roles/ands_openshift/defaults/main.yml b/roles/ands_openshift/defaults/main.yml index d279345..feec093 100644 --- a/roles/ands_openshift/defaults/main.yml +++ b/roles/ands_openshift/defaults/main.yml @@ -1,4 +1,4 @@ -openshift_common_subroles: "{{ [ 'users', 'security', 'storage' ] }}" +openshift_common_subroles: "{{ [ 'projects', 'resources', 'users', 'security', 'storage' ] }}" openshift_heketi_subroles: "{{ [ 'ssh', 'heketi' ] }}" openshift_all_subroles: "{{ ands_configure_heketi | default(False) | ternary(openshift_common_subroles + openshift_heketi_subroles, openshift_common_subroles) }}" diff --git a/roles/ands_openshift/tasks/projects.yml b/roles/ands_openshift/tasks/projects.yml new file mode 100644 index 0000000..4f13136 --- /dev/null +++ b/roles/ands_openshift/tasks/projects.yml @@ -0,0 +1,4 @@ +--- +- include_tasks: projects_resources.yml + run_once: true + delegate_to: "{{ groups.masters[0] }}" diff --git a/roles/ands_openshift/tasks/projects_resources.yml b/roles/ands_openshift/tasks/projects_resources.yml new file mode 100644 index 0000000..2afe9e1 --- /dev/null +++ b/roles/ands_openshift/tasks/projects_resources.yml @@ -0,0 +1,20 @@ +- name: Get project list + command: "oc get projects -o json" + changed_when: false + register: results + +- name: Find missing projects + set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}" + when: (results | succeeded) + +- name: Create missing projects + command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}" + with_items: "{{ new_projects | default([]) }}" + +- name: Allow projects to pull images from KaaS imagestreams + command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas" + with_items: "{{ ands_openshift_projects.keys() }}" + when: + prj_item != "kaas" + loop_control: + loop_var: prj_item diff --git a/roles/ands_openshift/tasks/resources.yml b/roles/ands_openshift/tasks/resources.yml new file mode 100644 index 0000000..b691372 --- /dev/null +++ b/roles/ands_openshift/tasks/resources.yml @@ -0,0 +1,9 @@ +- name: Run configuration script and populate resources + include_role: name="ands_kaas" + vars: + kaas_openshift_volumes: "{{ ands_openshift_volumes }}" + kaas_projects: "{{ ands_openshift_projects.keys() }}" + kaas_single_project: "openshift" + kaas_namespace: "kaas" + kaas_subrole: "script" + delete: false diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml index 722e1eb..2a73cd0 100644 --- a/roles/ands_openshift/tasks/users_resources.yml +++ b/roles/ands_openshift/tasks/users_resources.yml @@ -6,27 +6,6 @@ vars: key_len: "{{ item.key.split('/') | length }}" -- name: Get project list - command: "oc get projects -o json" - changed_when: false - register: results - -- name: Find missing projects - set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}" - when: (results | succeeded) - -- name: Create missing projects - command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}" - with_items: "{{ new_projects | default([]) }}" - -- name: Allow projects to pull images from KaaS imagestreams - command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas" - with_items: "{{ ands_openshift_projects.keys() }}" - when: - prj_item != "kaas" - loop_control: - loop_var: prj_item - - name: Configure per project roles command: "oc adm policy add-role-to-user -n {{ item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}" with_dict: "{{ ands_openshift_roles }}" |