summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-02-28 23:46:55 +0100
committerSuren A. Chilingaryan <csa@suren.me>2018-02-28 23:46:55 +0100
commit1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (patch)
treec75d04456ab3593442734bec3d84c90e4b973f27 /roles
parentfe4622305efa55e6bec8221efe8fc4bdd5462136 (diff)
downloadands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.gz
ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.bz2
ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.xz
ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.zip
First running prototype
Diffstat (limited to 'roles')
-rw-r--r--roles/ands_kaas/defaults/main.yml10
-rw-r--r--roles/ands_kaas/tasks/do_project.yml13
-rw-r--r--roles/ands_kaas/tasks/file.yml8
-rw-r--r--roles/ands_kaas/tasks/main.yml2
-rw-r--r--roles/ands_kaas/tasks/project.yml11
-rw-r--r--roles/ands_kaas/tasks/search.yml2
-rw-r--r--roles/ands_kaas/tasks/sync.yml22
-rw-r--r--roles/ands_kaas/tasks/template.yml4
-rw-r--r--roles/ands_kaas/tasks/templates.yml2
-rw-r--r--roles/ands_kaas/tasks/volume.yml34
-rw-r--r--roles/ands_kaas/templates/00-gfs-volumes.yml.j26
-rw-r--r--roles/ands_kaas/templates/50-kaas-pods.yml.j214
-rw-r--r--roles/ands_openshift/tasks/security_resources.yml36
-rw-r--r--roles/ands_openshift/tasks/storage_resources.yml7
-rw-r--r--roles/ands_openshift/tasks/users_resources.yml8
-rw-r--r--roles/common/tasks/main.yml9
-rw-r--r--roles/docker/defaults/main.yml5
-rw-r--r--roles/docker/handlers/main.yml3
-rw-r--r--roles/docker/tasks/main.yml11
l---------roles/glusterfs/tasks/data1
-rw-r--r--roles/glusterfs/tasks/data/vols2.yml13
-rw-r--r--roles/glusterfs/tasks/data/vols3.yml14
l---------roles/glusterfs/tasks/la/vols2.yml (renamed from roles/glusterfs/tasks/tmp/vols2.yml)0
-rw-r--r--roles/glusterfs/tasks/la/vols3.yml (renamed from roles/glusterfs/tasks/tmp/vols3.yml)0
l---------roles/glusterfs/tasks/tmp1
-rw-r--r--roles/openshift_resource/tasks/main.yml23
-rw-r--r--roles/openshift_resource/tasks/resource.yml6
-rw-r--r--roles/openshift_resource/tasks/template.yml6
28 files changed, 202 insertions, 69 deletions
diff --git a/roles/ands_kaas/defaults/main.yml b/roles/ands_kaas/defaults/main.yml
index 3835453..b2bfaf5 100644
--- a/roles/ands_kaas/defaults/main.yml
+++ b/roles/ands_kaas/defaults/main.yml
@@ -4,8 +4,16 @@ kaas_projects: "{{ ands_openshift_projects.keys() }}"
kaas_template_root: "{{ ands_paths.provision }}/kaas/"
kaas_glusterfs_endpoints: gfs
-kaas_openshift_volumes: "{{ ands_openshift_volumes }}"
+kaas_openshift_volumes: "{{ ands_openshift_volumes | default({}) }}"
+kaas_openshift_files: "{{ ands_openshift_files | default([]) }}"
+
+kaas_openshift_uids: "{{ ands_openshift_uids | default({}) }}"
+kaas_openshift_gids: "{{ ands_openshift_gids | default({}) }}"
+kaas_openshift_gid_ranges: "{{ ands_openshift_gid_ranges | default({}) }}"
+
kaas_default_volume_capacity: "1Ti"
kaas_default_file_owner: root
kaas_default_file_group: root
+
+kaas_pod_history_limit: 1
diff --git a/roles/ands_kaas/tasks/do_project.yml b/roles/ands_kaas/tasks/do_project.yml
index a876d94..4fac6c6 100644
--- a/roles/ands_kaas/tasks/do_project.yml
+++ b/roles/ands_kaas/tasks/do_project.yml
@@ -6,13 +6,15 @@
include_tasks: volume.yml
run_once: true
# delegate_to: "{{ groups.masters[0] }}"
- with_dict: "{{ kaas_project_config.volumes | default(kaas_openshift_volumes) }}"
+ with_dict: "{{ kaas_project_volumes }}"
loop_control:
loop_var: osv
vars:
query: "[*].volumes.{{osv.value.volume}}.mount"
mntpath: "{{ (ands_storage_domains | json_query(query)) }}"
- path: "{{ mntpath[0] ~ (osv.value.path | default('')) }}"
+ osvpath: "{{ osv.value.path | default('') }}"
+ prefix: "{{ ( osvpath[:1] == '/' ) | ternary('', '/' ~ kaas_project ~ '/') }}"
+ path: "{{ mntpath[0] ~ prefix ~ osvpath }}"
name: "{{osv.key}}"
volume: "{{osv.value}}"
when: ( mntpath | length ) > 0
@@ -29,19 +31,19 @@
include_tasks: file.yml
run_once: true
# delegate_to: "{{ groups.masters[0] }}"
- with_items: "{{ kaas_project_config.files | default(ands_openshift_files) }}"
+ with_items: "{{ kaas_project_config.files | default(kaas_openshift_files) | default([]) }}"
loop_control:
loop_var: file
vars:
pvar: "kaas_{{ file.osv }}_path"
path: "{{ hostvars[inventory_hostname][pvar] }}/{{ file.path }}"
- when: file.osv in ( kaas_project_config.volumes | default(kaas_openshift_volumes) )
+ when: file.osv in kaas_project_volumes
- name: Load OpenSSL keys
include_tasks: keys.yml
# delegate_to: "{{ groups.masters[0] }}"
run_once: true
- with_dict: "{{ kaas_project_config.pods }}"
+ with_dict: "{{ kaas_project_config.pods | default({}) }}"
loop_control:
loop_var: pod
@@ -57,5 +59,4 @@
run_once: true
when:
- kaas_project_config.oc is undefined
- - kaas_project_config.pods != {}
diff --git a/roles/ands_kaas/tasks/file.yml b/roles/ands_kaas/tasks/file.yml
index e6b2e8d..a839473 100644
--- a/roles/ands_kaas/tasks/file.yml
+++ b/roles/ands_kaas/tasks/file.yml
@@ -3,15 +3,15 @@
set_fact: group="{{ file.group | default(kaas_project_config.file_group | default(ands_default_file_group)) }}"
- name : Resolve project groups
- set_fact: group="{{ (kaas_project_config.gids | default(ands_openshift_gids))[group].id }}"
- when: group in ( kaas_project_config.gids | default(ands_openshift_gids) )
+ set_fact: group="{{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}"
+ when: group in ( kaas_project_config.gids | default(kaas_openshift_gids) )
- name: Set owner
set_fact: owner="{{ file.owner | default(kaas_project_config.file_owner | default(ands_default_file_owner)) }}"
- name : Resolve project uids
- set_fact: owner="{{ (kaas_project_config.uids | default(ands_openshift_uids) )[owner].id }}"
- when: owner in ( kaas_project_config.uids | default(ands_openshift_uids) )
+ set_fact: owner="{{ (kaas_project_config.uids | default(kaas_openshift_uids) )[owner].id }}"
+ when: owner in ( kaas_project_config.uids | default(kaas_openshift_uids) )
- name: "Setting up files in {{ path }}"
file:
diff --git a/roles/ands_kaas/tasks/main.yml b/roles/ands_kaas/tasks/main.yml
index 0931f80..85110cb 100644
--- a/roles/ands_kaas/tasks/main.yml
+++ b/roles/ands_kaas/tasks/main.yml
@@ -4,7 +4,7 @@
include_tasks: project.yml
run_once: true
# delegate_to: "{{ groups.masters[0] }}"
- with_items: "{{ kaas_projects }}"
+ with_items: "{{ (kaas_single_project is defined) | ternary([kaas_single_project], kaas_projects) }}"
loop_control:
loop_var: kaas_project
vars:
diff --git a/roles/ands_kaas/tasks/project.yml b/roles/ands_kaas/tasks/project.yml
index 40b5180..f7eb1df 100644
--- a/roles/ands_kaas/tasks/project.yml
+++ b/roles/ands_kaas/tasks/project.yml
@@ -1,11 +1,15 @@
---
- name: Load global variables
include_vars: "{{kaas_project_path}}/vars/globals.yml"
- when: "'{{kaas_project_path}}/vars/globals.yml' | is_file"
+ when: path | is_file
+ vars:
+ path: "{{ kaas_project_path }}/vars/globals.yml"
- name: Load variables
include_vars: dir="{{kaas_project_path}}/vars" name="var_{{kaas_project}}_config"
- when: "'{{kaas_project_path}}/vars' | is_dir"
+ when: path | is_dir
+ vars:
+ path: "{{ kaas_project_path }}/vars"
- set_fact: "var_{{kaas_project}}_config={{var_empty}}"
vars:
@@ -24,4 +28,5 @@
- include_tasks: do_project.yml
vars:
var_name: "var_{{kaas_project}}_config"
- kaas_project_config: "{{hostvars[inventory_hostname][var_name]}}"
+ kaas_project_config: "{{ hostvars[inventory_hostname][var_name] }}"
+ kaas_project_volumes: "{{ kaas_project_config.volumes | default(kaas_project_config.extra_volumes | default({}) | combine(kaas_openshift_volumes)) }}" \ No newline at end of file
diff --git a/roles/ands_kaas/tasks/search.yml b/roles/ands_kaas/tasks/search.yml
index 9844ee8..1cefb7d 100644
--- a/roles/ands_kaas/tasks/search.yml
+++ b/roles/ands_kaas/tasks/search.yml
@@ -12,5 +12,5 @@
local_path: "{{ osv_path }}"
remote_path: "{{ hostvars[inventory_hostname][pvar] }}"
when:
- - osv in (kaas_project_config.volumes | default(kaas_openshift_volumes))
+ - osv in kaas_project_volumes
- hostvars[inventory_hostname][pvar] is defined
diff --git a/roles/ands_kaas/tasks/sync.yml b/roles/ands_kaas/tasks/sync.yml
index 07764ca..a4febe7 100644
--- a/roles/ands_kaas/tasks/sync.yml
+++ b/roles/ands_kaas/tasks/sync.yml
@@ -4,5 +4,23 @@
register: result
- name: "Sync '{{ item_name }}'"
- local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes
- when: (result.stat.exists == False) or (kaas_resync | default(false))
+ local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes delete=yes
+ register: sync
+ when: (result.stat.exists == False) or (kaas_resync | default(false)) or (kaas_project_config.resync | default(false))
+
+- name: "Ensure the data is writeable by project pods"
+ vars:
+ grp: "{{ kaas_project_config.sync_set_gid }}"
+ gid: "{{ ((kaas_project_config.gids | default(kaas_openshift_gids))[grp] is defined) | ternary((kaas_project_config.gids | default(kaas_openshift_gids))[grp].id, grp) }}"
+ file:
+ path: "{{ remote_path }}"
+ state: "directory"
+ recurse: "yes"
+ mode: "g+w"
+ owner: "{{ kaas_project_config.sync_set_uid | default('root') }}"
+ group: "{{ gid }}"
+ register: chmod
+ when:
+ - sync | changed
+ - kaas_openshift_gid_ranges[kaas_project] is defined
+ - kaas_project_config.sync_set_gid | default(false)
diff --git a/roles/ands_kaas/tasks/template.yml b/roles/ands_kaas/tasks/template.yml
index 6a81dd7..6c90b3d 100644
--- a/roles/ands_kaas/tasks/template.yml
+++ b/roles/ands_kaas/tasks/template.yml
@@ -1,4 +1,4 @@
-- name: Populate template
+- name: "Populate template {{ tmpl_name }}"
template: src="{{ item }}" dest="{{ kaas_template_path }}/{{ item | basename | regex_replace('\.j2','') }}" owner=root group=root mode="0644"
register: result
with_first_found:
@@ -8,7 +8,7 @@
files:
- "{{ tmpl_name }}"
-- name: Configure KaaS resources
+- name: "Configure KaaS resources defined in {{ tmpl_name }}"
include_role: name="openshift_resource"
vars:
template: "{{ tmpl_name | basename | regex_replace('\\.j2','') }}"
diff --git a/roles/ands_kaas/tasks/templates.yml b/roles/ands_kaas/tasks/templates.yml
index e1612bc..2de4fad 100644
--- a/roles/ands_kaas/tasks/templates.yml
+++ b/roles/ands_kaas/tasks/templates.yml
@@ -4,10 +4,12 @@
command: "echo {{ item | quote }}"
register: results
changed_when: false
+ when: (kaas_project_config.pods | default([]) | length > 0) or not (item | regex_search('kaas-pods'))
with_fileglob:
- "{{ role_path }}/templates/{{ kaas_template_glob | default('*') }}.j2"
- "{{ kaas_project_path }}/templates/{{ kaas_template_glob | default('*') }}.j2"
+
#- debug: msg="{{ results }}"
- name: "Sort and execute KaaS templates"
diff --git a/roles/ands_kaas/tasks/volume.yml b/roles/ands_kaas/tasks/volume.yml
index b82e55f..ff51fb0 100644
--- a/roles/ands_kaas/tasks/volume.yml
+++ b/roles/ands_kaas/tasks/volume.yml
@@ -6,6 +6,40 @@
file:
path: "{{ path }}"
state: "directory"
+ recurse: "no"
+ register: mkdir
+
+- name: "Ensure the {{ path }} is writeable by project pods"
+ vars:
+ default_group: "{{ kaas_openshift_gid_ranges[kaas_project] | default('') | regex_replace('^([0-9]+)[^0-9]*.*$', '\\1') }}"
+ file:
+ path: "{{ path }}"
+ state: "directory"
+ recurse: "no"
+ mode: "{{ volume.mode | default(0775) }}"
+ owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}"
+ group: "{{ volume.group | default(kaas_project_config.file_group) | default(default_group) }}"
+ register: chmod
+ when:
+ - mkdir | changed
+ - kaas_openshift_gid_ranges[kaas_project] is defined
+ - osvpath[:1] != "/"
+
+# There is no other way to write for users. There will be just two osv's one writeable and one not.
+# We may create a dir with the wrong one and have permissions not set
+# - volume.write | default(false)
+
+- name: "Setting default permissions for non standard locations"
+ file:
+ path: "{{ path }}"
+ state: "directory"
+ recurse: "no"
mode: "{{ volume.mode | default(0755) }}"
owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}"
group: "{{ volume.group | default(kaas_project_config.file_group) | default(kaas_default_file_group) }}"
+ when:
+ - mkdir | changed
+ - chmod | skipped
+
+
+
diff --git a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
index c90c610..c9341ed 100644
--- a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
+++ b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
@@ -6,8 +6,10 @@ metadata:
annotations:
descriptions: "KATRIN Volumes"
objects:
-{% for name, vol in (kaas_project_config.volumes | default(kaas_openshift_volumes)).iteritems() %}
+{% for name, vol in kaas_project_volumes.iteritems() %}
{% set oc_name = vol.name | default(name) | regex_replace('_','-') %}
+{% set cfgpath = vol.path | default("") %}
+{% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %}
- apiVersion: v1
kind: PersistentVolume
metadata:
@@ -16,7 +18,7 @@ objects:
persistentVolumeReclaimPolicy: Retain
glusterfs:
endpoints: {{ kaas_glusterfs_endpoints }}
- path: "{{ vol.volume }}{{vol.path}}"
+ path: "{{ vol.volume }}{{path}}"
readOnly: {{ not (vol.write | default(false)) }}
accessModes:
- {{ vol.access | default(vol.write | default(false) | ternary('ReadWriteMany', 'ReadOnlyMany')) }}
diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
index 9782f75..2ed7462 100644
--- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2
+++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
@@ -7,7 +7,7 @@ metadata:
annotations:
descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }}
objects:
-{% for name, pod in (kaas_project_config.pods | default(kaas_openshift_volumes)).iteritems() %}
+{% for name, pod in (kaas_project_config.pods | default({})).iteritems() %}
{% set pubkey = "kaas_" ~ name ~ "_pubkey" %}
{% set privkey = "kaas_" ~ name ~ "_privkey" %}
{% set cakey = "kaas_" ~ name ~ "_ca" %}
@@ -68,10 +68,10 @@ objects:
metadata:
name: {{ pod.name | default(name) }}
spec:
- replicas: {{ pod.sched.replicas | default(1) }}
+ replicas: {{ ( pod.sched | default({})).replicas | default(1) }}
revisionHistoryLimit: 2
strategy:
- type: {{ pod.sched.strategy | default('Rolling') }}
+ type: {{ (pod.sched | default({})).strategy | default('Rolling') }}
triggers:
- type: ConfigChange
selector:
@@ -105,18 +105,18 @@ objects:
securityContext:
{% if (pod.run_as is defined) %}
{% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %}
- - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }}
+ runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }}
{% else %}
- - {{ pod.run_as }}
+ runAsUser: {{ pod.run_as }}
{% endif %}
{% endif %}
{% if (pod.groups is defined) %}
supplementalGroups:
{% for group in pod.groups %}
{% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %}
- - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}
+ - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}
{% else %}
- - {{ group }}
+ - {{ group }}
{% endif %}
{% endfor %}
{% endif %}
diff --git a/roles/ands_openshift/tasks/security_resources.yml b/roles/ands_openshift/tasks/security_resources.yml
index 5644723..5b80f1e 100644
--- a/roles/ands_openshift/tasks/security_resources.yml
+++ b/roles/ands_openshift/tasks/security_resources.yml
@@ -6,49 +6,41 @@
- name: Patch group range in project configuration
include_role: name="openshift_resource" tasks_from="patch.yml"
vars:
- project: "{{ prj_item }}"
- resource: "ns/{{ prj_item }}"
- patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ands_openshift_gid_ranges[prj_item]}}"}}}'
+ project: "{{ item.key }}"
+ resource: "ns/{{ item.key }}"
+ patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ item.value }}"}}}'
patch_path: "{{ ands_openshift_patch_path }}"
- with_items: "{{ (ands_openshift_gid_ranges | default({})).keys() }}"
- loop_control:
- loop_var: prj_item
+ with_dict: "{{ ands_openshift_gid_ranges | default({}) }}"
- name: Patch uid range in project configuration
include_role: name="openshift_resource" tasks_from="patch.yml"
vars:
- project: "{{ prj_item }}"
- resource: "ns/{{ prj_item }}"
- patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ands_openshift_uid_ranges[prj_item]}}"}}}'
+ project: "{{ item.key }}"
+ resource: "ns/{{ item.key }}"
+ patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ item.value }}"}}}'
patch_path: "{{ ands_openshift_patch_path }}"
- with_items: "{{ (ands_openshift_uid_ranges | default({})).keys() }}"
- loop_control:
- loop_var: prj_item
+ with_dict: "{{ ands_openshift_uid_ranges | default({}) }}"
- name: Restrict supplementalGroups
include_role: name="openshift_resource" tasks_from="patch.yml"
vars:
- project: "{{ prj_item }}"
+ project: "{{ item.key }}"
resource: "scc/restricted"
modes: "{{ ands_openshift_gid_mode | default({}) }}"
- mode: "{{ (modes[prj_item] is defined) | ternary(modes[prj_item], modes['ands_default'] | default(false)) }}"
+ mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}"
patch: '{"supplementalGroups":{"type":"{{mode}}"}}'
patch_path: "{{ ands_openshift_patch_path }}"
when: mode != false
- with_items: "{{ (ands_openshift_projects | default({})).keys() }}"
- loop_control:
- loop_var: prj_item
+ with_dict: "{{ ands_openshift_projects | default({}) }}"
- name: Configure runAsUser
include_role: name="openshift_resource" tasks_from="patch.yml"
vars:
- project: "{{ prj_item }}"
+ project: "{{ item.key }}"
resource: "scc/restricted"
modes: "{{ ands_openshift_uid_mode | default({}) }}"
- mode: "{{ (modes[prj_item] is defined) | ternary(modes[prj_item], modes['ands_default'] | default(false)) }}"
+ mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}"
patch: '{"runAsUser":{"type":"{{mode}}"}}'
patch_path: "{{ ands_openshift_patch_path }}"
when: mode != false
- with_items: "{{ (ands_openshift_projects | default({})).keys() }}"
- loop_control:
- loop_var: prj_item
+ with_dict: "{{ ands_openshift_projects | default({}) }}"
diff --git a/roles/ands_openshift/tasks/storage_resources.yml b/roles/ands_openshift/tasks/storage_resources.yml
index 5adf69e..c83c677 100644
--- a/roles/ands_openshift/tasks/storage_resources.yml
+++ b/roles/ands_openshift/tasks/storage_resources.yml
@@ -13,7 +13,7 @@
template_path: "{{ storage_template_path }}"
project: "{{ prj_item }}"
recreate: "{{ result | changed | ternary (true, false) }}"
- with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}"
+ with_items: "{{ ands_openshift_projects.keys() }}"
loop_control:
loop_var: prj_item
@@ -28,6 +28,9 @@
template_path: "{{ storage_template_path }}"
project: "{{ prj_item }}"
recreate: "{{ result | changed | ternary (true, false) }}"
- with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}"
+ with_items: "{{ ands_openshift_projects.keys() }}"
loop_control:
loop_var: prj_item
+
+
+ \ No newline at end of file
diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml
index 5bc748c..722e1eb 100644
--- a/roles/ands_openshift/tasks/users_resources.yml
+++ b/roles/ands_openshift/tasks/users_resources.yml
@@ -19,6 +19,14 @@
command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}"
with_items: "{{ new_projects | default([]) }}"
+- name: Allow projects to pull images from KaaS imagestreams
+ command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas"
+ with_items: "{{ ands_openshift_projects.keys() }}"
+ when:
+ prj_item != "kaas"
+ loop_control:
+ loop_var: prj_item
+
- name: Configure per project roles
command: "oc adm policy add-role-to-user -n {{ item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}"
with_dict: "{{ ands_openshift_roles }}"
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 7f6922b..9bd820a 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -4,6 +4,10 @@
- epel-release
- centos-release-openshift-origin
+- name: Add our repository with updates and overrides
+ yum_repository: name="{{ item.name }}" description= "{{ item.description | default('Ands repository') }}" baseurl="{{ item.url }}" enabled="yes" gpgcheck="no" cost="{{ item.cost | default(1) }}"
+ with_items: "{{ ands_repositories | default([]) }}"
+
- name: Ensure GlusterFS repositories are present
yum: name="centos-release-gluster{{ glusterfs_version }}" state=present
@@ -25,6 +29,11 @@
- python-rhsm-certificates
- glusterfs-fuse
+#- name: Add NodeJS required by a few used Ansible extensions
+# package: name={{item}} state=present
+# with_items:
+# - nodejs
+
- name: Ensure all extra packages are installed
package: name={{item}} state=present
with_items: "{{ extra_packages | default([]) }}"
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 6542789..f7b96f5 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -1,3 +1,6 @@
-docker_min_size: 100
docker_exclude_vgs: "{{ ands_data_vg is defined | ternary( [ ands_data_vg ], [] ) }}"
docker_lv: "docker-pool"
+
+docker_min_size: 100
+docker_max_log_size: "2m"
+docker_max_log_files: "3"
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
new file mode 100644
index 0000000..43016e0
--- /dev/null
+++ b/roles/docker/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart docker
+ service: name=docker state=restarted
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index e424e01..a7bd700 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -27,6 +27,15 @@
lvol: vg="{{ ansible_lvm['lvs'][docker_lv]['vg'] }}" lv="docker_lv" size="{{ docker_volume_size }}"
when: docker_volume_size is defined
-- name: stop docker
+- name: Limit size of container log files
+ ghetto_json:
+ path: "/etc/docker/daemon.json"
+ log-driver: "json-file"
+ log-opts.max-size: "{{ docker_max_log_size }}"
+ log-opts.max-file: "{{ docker_max_log_files }}"
+ notify:
+ - restart docker
+
+- name: start docker
service: name="docker" enabled=yes state=started
\ No newline at end of file
diff --git a/roles/glusterfs/tasks/data b/roles/glusterfs/tasks/data
deleted file mode 120000
index 31bb52e..0000000
--- a/roles/glusterfs/tasks/data
+++ /dev/null
@@ -1 +0,0 @@
-cfg \ No newline at end of file
diff --git a/roles/glusterfs/tasks/data/vols2.yml b/roles/glusterfs/tasks/data/vols2.yml
new file mode 100644
index 0000000..d094797
--- /dev/null
+++ b/roles/glusterfs/tasks/data/vols2.yml
@@ -0,0 +1,13 @@
+---
+- name: "Create {{ name }} volume"
+ gluster_volume:
+ state: present
+ name: "{{ name }}"
+ cluster: "{{ domain_servers | join(',') }}"
+ replicas: "{{ domain_servers | length }}"
+ bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}"
+ transport: "{{ glusterfs_transport }}"
+
+
+- name: "Start {{ name }} volume"
+ gluster_volume: state="started" name="{{ name }}"
diff --git a/roles/glusterfs/tasks/data/vols3.yml b/roles/glusterfs/tasks/data/vols3.yml
new file mode 100644
index 0000000..866480c
--- /dev/null
+++ b/roles/glusterfs/tasks/data/vols3.yml
@@ -0,0 +1,14 @@
+---
+- name: "Create {{ name }} volume"
+ gluster_volume:
+ state: present
+ name: "{{ name }}"
+ cluster: "{{ domain_servers | join(',') }}"
+ replicas: 3
+ arbiters: 1
+ bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}"
+ transport: "{{ glusterfs_transport }}"
+
+
+- name: "Start {{ name }} volume"
+ gluster_volume: state="started" name="{{ name }}"
diff --git a/roles/glusterfs/tasks/tmp/vols2.yml b/roles/glusterfs/tasks/la/vols2.yml
index b6a3e8f..b6a3e8f 120000
--- a/roles/glusterfs/tasks/tmp/vols2.yml
+++ b/roles/glusterfs/tasks/la/vols2.yml
diff --git a/roles/glusterfs/tasks/tmp/vols3.yml b/roles/glusterfs/tasks/la/vols3.yml
index 9565bb3..9565bb3 100644
--- a/roles/glusterfs/tasks/tmp/vols3.yml
+++ b/roles/glusterfs/tasks/la/vols3.yml
diff --git a/roles/glusterfs/tasks/tmp b/roles/glusterfs/tasks/tmp
new file mode 120000
index 0000000..6320cd2
--- /dev/null
+++ b/roles/glusterfs/tasks/tmp
@@ -0,0 +1 @@
+data \ No newline at end of file
diff --git a/roles/openshift_resource/tasks/main.yml b/roles/openshift_resource/tasks/main.yml
index af071f9..8606aa3 100644
--- a/roles/openshift_resource/tasks/main.yml
+++ b/roles/openshift_resource/tasks/main.yml
@@ -5,18 +5,27 @@
changed_when: false
register: results
- - name: Parse JSON templates
+ - name: "Parse JSON templates {{ template }}"
set_fact: tmpl="{{ results.stdout | from_json }}"
when: template.find(".json") != -1
- - name: Parse YaML templates
+ - name: "Parse YaML templates {{ template }}"
set_fact: tmpl="{{ results.stdout | from_yaml }}"
when: template.find(".json") == -1
- - include_tasks: template.yml
- when: (tmpl.kind == "Template") and (tmpl.parameters is not defined)
-
- - include_tasks: resource.yml
- when: (tmpl.parameters is defined) or (tmpl.kind != "Template")
+ - name: "Populating resources defined in {{ template }} template"
+ include_tasks: template.yml
+ register: results
+ vars:
+ metadata: "{{ tmpl.metadata | default({}) }}"
+ annotations: "{{ metadata.annotations | default({}) }}"
+ strategy: "{{ annotations['kaas/strategy'] | default('auto') }}"
+ when:
+ - tmpl.kind == "Template"
+ - strategy == "auto"
+
+ - name: "Creating template/resources defined in {{ template }}"
+ include_tasks: resource.yml
+ when: results | skipped
run_once: true
diff --git a/roles/openshift_resource/tasks/resource.yml b/roles/openshift_resource/tasks/resource.yml
index 769a89c..4e6e7ac 100644
--- a/roles/openshift_resource/tasks/resource.yml
+++ b/roles/openshift_resource/tasks/resource.yml
@@ -3,20 +3,20 @@
- name: Find out which resources we are going to configure
set_fact: rkind="{{ tmpl.kind }}" rname="{{ tmpl.metadata.name }}"
- - name: Lookup the specified resource
+ - name: "Lookup the specified resource {{rkind}}/{{rname}}"
command: "oc get -n {{project}} {{rkind}}/{{rname}}"
register: find_result
changed_when: false
failed_when: false
- - name: Detroy existing resources
+ - name: "Detroy existing resources {{rkind}}/{{rname}}"
command: "oc delete -n {{project}} {{rkind}}/{{rname}}"
register: rm_result
failed_when: false
changed_when: (rm_result | succeeded)
when: (recreate|default(false))
- - name: Create resources defined in template
+ - name: "Create resources defined in {{ template }}"
command: "oc create -n {{project}} -f '{{ template_path }}/{{ template }}' {{ create_args | default('') }}"
when: (recreate|default(false)) or (find_result.rc != 0)
run_once: true
diff --git a/roles/openshift_resource/tasks/template.yml b/roles/openshift_resource/tasks/template.yml
index c93dec5..6c9340b 100644
--- a/roles/openshift_resource/tasks/template.yml
+++ b/roles/openshift_resource/tasks/template.yml
@@ -5,7 +5,7 @@
vars:
query: "objects[*].{kind: kind, name: metadata.name}"
- - name: Lookup the specified resource
+ - name: "{{ template }}: Lookup the specified resource"
command: "oc get -n {{project}} {{item.kind}}/{{item.name}}"
register: results
failed_when: false
@@ -13,13 +13,13 @@
with_items: "{{ resources | default([]) }}"
# when: not (recreate|default(false))
- - name: Detroy existing resources
+ - name: "{{ template }}: Detroy existing resources"
command: "oc delete -n {{project}} {{resources[item|int].kind}}/{{resources[item|int].name}}"
failed_when: false
with_sequence: start=0 count="{{resources | default([]) | length}}"
when: ((recreate|default(false)) or (results | changed)) and (results.results[item|int].rc == 0)
- - name: Create resources defined in template
+ - name: "{{ template }}: Create resources defined"
shell: "oc process -f '{{ template_path }}/{{template}}' {{ template_args | default('') }} | oc create -n {{project}} -f - {{ create_args | default('') }}"
when: (recreate|default(false)) or (results | changed)
run_once: true