summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-03-23 06:51:23 +0100
committerSuren A. Chilingaryan <csa@suren.me>2018-03-23 06:51:23 +0100
commitc163108c0c0c7b7a4f05da411e98ac0f503e31e0 (patch)
tree4934d1b2e98b0e8a94816848e44496e009e6755f /roles
parentcba41110aa086553192ed5a309a6b8031812c221 (diff)
downloadands-c163108c0c0c7b7a4f05da411e98ac0f503e31e0.tar.gz
ands-c163108c0c0c7b7a4f05da411e98ac0f503e31e0.tar.bz2
ands-c163108c0c0c7b7a4f05da411e98ac0f503e31e0.tar.xz
ands-c163108c0c0c7b7a4f05da411e98ac0f503e31e0.zip
Fix critical bug in docker provisioner, improve mysql performance, provision system users/groups to enable NFS group mapping, various minor fixes
Diffstat (limited to 'roles')
-rw-r--r--roles/ands_common/tasks/software.yml12
-rw-r--r--roles/ands_kaas/tasks/do_storage.yml6
-rw-r--r--roles/ands_kaas/tasks/do_sysgroups.yml12
-rw-r--r--roles/ands_kaas/tasks/sysgroup.yml14
-rw-r--r--roles/ands_kaas/tasks/sysuser.yml15
-rw-r--r--roles/docker/defaults/main.yml2
-rw-r--r--roles/docker/tasks/configure.yml30
-rw-r--r--roles/docker/tasks/storage.yml3
-rw-r--r--roles/glusterfs/templates/export.openshift.conf.j21
9 files changed, 83 insertions, 12 deletions
diff --git a/roles/ands_common/tasks/software.yml b/roles/ands_common/tasks/software.yml
index ea37b51..4c0f491 100644
--- a/roles/ands_common/tasks/software.yml
+++ b/roles/ands_common/tasks/software.yml
@@ -6,11 +6,13 @@
- lsof
- strace
-# We also can install something conditionally
-#- name: Install various administrative tools
-# package: name={{item}} state=present
-# when: 'ands_storage_servers' in group_names
-# with_items:
+- name: Install storage management tools
+ package: name={{item}} state=present
+ when: "'baremetal' in group_names"
+ with_items:
+ - storcli
+
+
- name: Ensure all extra packages are installed
diff --git a/roles/ands_kaas/tasks/do_storage.yml b/roles/ands_kaas/tasks/do_storage.yml
index 8a6a880..d6f1cc5 100644
--- a/roles/ands_kaas/tasks/do_storage.yml
+++ b/roles/ands_kaas/tasks/do_storage.yml
@@ -5,7 +5,8 @@
loop_var: osv
vars:
vt_query: "[*].volumes.{{osv.value.volume}}.type"
- voltype: "{{ (kaas_storage_domains | json_query(vt_query)) }}"
+ voltypes: "{{ (kaas_storage_domains | json_query(vt_query)) }}"
+ voltype: "{{ voltypes[0] | default(ands_none) }}"
mp_query: "[*].volumes.{{osv.value.volume}}.mount"
mntpath: "{{ (kaas_storage_domains | json_query(mp_query)) }}"
rp_query: "[*].volumes.{{osv.value.volume}}.path"
@@ -39,7 +40,8 @@
vars:
osv: "{{ kaas_project_volumes[file.osv] }}"
vt_query: "[*].volumes.{{osv.volume}}.type"
- voltype: "{{ (kaas_storage_domains | json_query(vt_query)) }}"
+ voltypes: "{{ (kaas_storage_domains | json_query(vt_query)) }}"
+ voltype: "{{ voltypes[0] | default(ands_none) }}"
mp_query: "[*].volumes.{{osv.volume}}.mount"
mntpath: "{{ (kaas_storage_domains | json_query(mp_query)) }}"
rp_query: "[*].volumes.{{osv.volume}}.path"
diff --git a/roles/ands_kaas/tasks/do_sysgroups.yml b/roles/ands_kaas/tasks/do_sysgroups.yml
new file mode 100644
index 0000000..3ed03b9
--- /dev/null
+++ b/roles/ands_kaas/tasks/do_sysgroups.yml
@@ -0,0 +1,12 @@
+- name: Populate system users and groups
+ include_tasks: sysgroup.yml
+ with_dict: "{{ kaas_project_gids }}"
+ loop_control:
+ loop_var: group
+ when:
+ - group.value.users is defined
+ - (gid | int) >= 2000
+ vars:
+ gid: "{{ group.value.id }}"
+ users: "{{ group.value.users }}"
+ name: "{{ group.value.name | default('kaas_' ~ group.key) }}"
diff --git a/roles/ands_kaas/tasks/sysgroup.yml b/roles/ands_kaas/tasks/sysgroup.yml
new file mode 100644
index 0000000..18bd9a6
--- /dev/null
+++ b/roles/ands_kaas/tasks/sysgroup.yml
@@ -0,0 +1,14 @@
+- name: "Ensure system group {{ name }} with gid {{ gid }} is existing"
+ group: name="{{ name }}" gid="{{ gid }}" state="present"
+
+- name: "Process users registered for group {{ name }}"
+ include_tasks: sysuser.yml
+ with_list: "{{ users }}"
+ when:
+ - ands_openshift_users[user] is defined
+ - spec.name is defined
+ vars:
+ spec: "{{ ands_openshift_users[user] | default({}) }}"
+ new_group: "{{ name }}"
+ loop_control:
+ loop_var: user
diff --git a/roles/ands_kaas/tasks/sysuser.yml b/roles/ands_kaas/tasks/sysuser.yml
new file mode 100644
index 0000000..4e213fe
--- /dev/null
+++ b/roles/ands_kaas/tasks/sysuser.yml
@@ -0,0 +1,15 @@
+- name: Ensure user is existing on the system
+ user:
+ name: "{{ user }}"
+ uid: "{{ spec.uid | default(omit) }}"
+ group: "{{ spec.group | default(omit) }}"
+ comment: "{{ spec.name | default(omit) }}"
+ password: "{{ spec.password | default(omit) }}"
+ shell: "{{ spec.shell | default('/bin/false') }}"
+ home: "{{ spec.home | default(omit) }}"
+ state: present
+
+# Configure ssh keys if specified
+
+- name: Add group
+ user: name="{{ user }}" groups="{{ new_group }}" append="yes"
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index def846d..5189a8e 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -2,6 +2,8 @@ docker_exclude_vgs: "{{ ands_data_vg is defined | ternary( [ ands_data_vg ], []
docker_lv: "docker-pool"
docker_root_lv: "docker-root-lv"
docker_setup_root: "{{ docker_root_volume_size is defined }}"
+docker_reconfigure: false
+
docker_min_size: 100
docker_max_log_size: "2m"
diff --git a/roles/docker/tasks/configure.yml b/roles/docker/tasks/configure.yml
index 5d29291..fa31b1d 100644
--- a/roles/docker/tasks/configure.yml
+++ b/roles/docker/tasks/configure.yml
@@ -4,10 +4,13 @@
# with_items: [ docker, docker-client, docker-common ]
- name: install docker
+ register: docker_install_result
include_tasks: install.yml
- name: start docker
+ register: docker_start_result
service: name="docker" state="started"
+ when: not docker_reconfigure
- name: Configure bridge-nf-call-iptables with sysctl
sysctl: name="net.bridge.bridge-nf-call-iptables" value=1 state=present sysctl_set=yes
@@ -20,17 +23,34 @@
register: loop_device_check
failed_when: false
changed_when: loop_device_check.rc == 0
+ when: not docker_reconfigure
-- set_fact: docker_reinit="{{ (loop_device_check.rc == 0) or (vg == '') or (docker_setup_root and ((root_vg == '') or (vg != root_vg))) or (docker_storage_vg is defined and (docker_storage_vg != vg)) }}"
+- set_fact: docker_reinit=false
+
+- set_fact: docker_reinit=true
vars:
+ check: "{{ loop_device_check | default({}) }}"
+ lv: "{{ ansible_lvm['lvs'][docker_lv] | default({}) }}"
+ vg: "{{ lv['vg'] | default('') }}"
+ when:
+ - docker_install_result | changed
+ - docker_start_result | changed
+ - ansible_lvm['lvs'][docker_lv] is not defined
+
+# Pass option docker_reconfigure to run this...
+- set_fact: docker_reinit="{{ loop_back or wrong_root_vg or wrong_docker_vg }}"
+ vars:
+ check: "{{ loop_device_check | default({}) }}"
lv: "{{ ansible_lvm['lvs'][docker_lv] | default({}) }}"
vg: "{{ lv['vg'] | default('') }}"
root_lv: "{{ ansible_lvm['lvs'][docker_root_lv] | default({}) }}"
root_vg: "{{ root_lv['vg'] | default('') }}"
-
-- debug: msg="Re-initializing - {{ docker_reinit }}, Loopback check - {{ loop_device_check.stderr }}"
- when: loop_device_check.stderr
-
+ loop_back: "{{ check.rc | default(9) == 0 }}"
+ wrong_root_vg: "{{ docker_setup_root and ((root_vg == '') or (vg != root_vg)) }}"
+ wrong_docker_vg: "{{ docker_storage_vg is defined and (docker_storage_vg != vg) }}"
+ when:
+ - docker_reconfigure | default(false)
+
- import_tasks: storage.yml
when: docker_reinit
diff --git a/roles/docker/tasks/storage.yml b/roles/docker/tasks/storage.yml
index e431030..d6d531a 100644
--- a/roles/docker/tasks/storage.yml
+++ b/roles/docker/tasks/storage.yml
@@ -29,6 +29,9 @@
- name: stop docker
service: name="docker" state="stopped"
+- name: unmount /var/lib/docker
+ mount: path="/var/lib/docker" state="unmounted"
+
- name: delete /var/lib/docker
file: path="/var/lib/docker" state=absent
diff --git a/roles/glusterfs/templates/export.openshift.conf.j2 b/roles/glusterfs/templates/export.openshift.conf.j2
index b2c547f..85132cb 100644
--- a/roles/glusterfs/templates/export.openshift.conf.j2
+++ b/roles/glusterfs/templates/export.openshift.conf.j2
@@ -19,6 +19,7 @@ EXPORT {
Protocols = "3", "4" ;
Transports = "UDP","TCP";
SecType = "sys";
+ Manage_gids = true;
{% if nfs.rw is defined %}
{% for net in nfs.rw %}