diff options
author | Suren A. Chilingaryan <csa@suren.me> | 2018-02-20 15:10:45 +0100 |
---|---|---|
committer | Suren A. Chilingaryan <csa@suren.me> | 2018-02-20 15:10:45 +0100 |
commit | e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe (patch) | |
tree | 3a8a420d8d26e616491f31b322a006dd2b3e0e1c /setup/configs | |
parent | 96ced00e05b50f276841a9212ae89e018de4d92d (diff) | |
download | ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.gz ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.bz2 ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.xz ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.zip |
Handling GlusterFS storage security in OpenShift containers
Diffstat (limited to 'setup/configs')
-rw-r--r-- | setup/configs/openshift.yml | 3 | ||||
-rw-r--r-- | setup/configs/security.yml | 21 | ||||
-rw-r--r-- | setup/configs/volumes.yml | 13 |
3 files changed, 32 insertions, 5 deletions
diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml index 6b9995c..e2a2d6d 100644 --- a/setup/configs/openshift.yml +++ b/setup/configs/openshift.yml @@ -2,7 +2,8 @@ ands_openshift_projects: katrin: KArlsruhe TRItium Neutrino adei: ADEI - + +# test: Tesing ands_openshift_users: pdv: IPE Administation Account diff --git a/setup/configs/security.yml b/setup/configs/security.yml new file mode 100644 index 0000000..413f57e --- /dev/null +++ b/setup/configs/security.yml @@ -0,0 +1,21 @@ +ands_openshift_gid_mode: +# adei: "RunAsAny" + ands_default: "MustRunAs" + +#ands_openshift_uid_mode: +# ands_default: "MustRunAsRange" + +#ands_openshift_uid_ranges: + +ands_openshift_gid_ranges: + katrin: "5000/10" + adei: "5010/10" + +ands_openshift_uids: + kaas: { id: 6000 } + +ands_openshift_gids: + kaas: { id: 6000 } + +ands_default_file_group: root +ands_default_file_owner: root diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml index d0ba063..d93f177 100644 --- a/setup/configs/volumes.yml +++ b/setup/configs/volumes.yml @@ -3,6 +3,8 @@ ands_paths: provision: /mnt/provision openshift: /mnt/openshift temporary: /mnt/temporary + databases: /mnt/databases + katrin_data: /mnt/katrin ands_heketi_domain: servers: "storage_nodes" @@ -14,11 +16,15 @@ ands_storage_domains: clients: "masters" volumes: provision: { type: "cfg", mount: "{{ ands_paths.provision }}" } - - servers: "storage_nodes" - clients: "nodes" - volumes: openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } + databases: { type: "db", mount: "{{ ands_paths.databases }}" } temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } + katrin_data: { type: "data", mount: "{{ ands_paths.katrin_data }}" } +# - servers: "storage_nodes" +# clients: "nodes" +# openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } +# temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } +# volumes: # - ovirt: # - pdv: @@ -31,7 +37,6 @@ ands_openshift_volumes: log: { volume: "temporary", path: "/log", write: true} tmp: { volume: "temporary", path: "/tmp", write: true} - # Global list, we only take things from the volume of project ands_openshift_files: - { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" } |