summaryrefslogtreecommitdiffstats
path: root/setup/configs
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-02-20 15:10:45 +0100
committerSuren A. Chilingaryan <csa@suren.me>2018-02-20 15:10:45 +0100
commite4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe (patch)
tree3a8a420d8d26e616491f31b322a006dd2b3e0e1c /setup/configs
parent96ced00e05b50f276841a9212ae89e018de4d92d (diff)
downloadands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.gz
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.bz2
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.xz
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.zip
Handling GlusterFS storage security in OpenShift containers
Diffstat (limited to 'setup/configs')
-rw-r--r--setup/configs/openshift.yml3
-rw-r--r--setup/configs/security.yml21
-rw-r--r--setup/configs/volumes.yml13
3 files changed, 32 insertions, 5 deletions
diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml
index 6b9995c..e2a2d6d 100644
--- a/setup/configs/openshift.yml
+++ b/setup/configs/openshift.yml
@@ -2,7 +2,8 @@
ands_openshift_projects:
katrin: KArlsruhe TRItium Neutrino
adei: ADEI
-
+
+# test: Tesing
ands_openshift_users:
pdv: IPE Administation Account
diff --git a/setup/configs/security.yml b/setup/configs/security.yml
new file mode 100644
index 0000000..413f57e
--- /dev/null
+++ b/setup/configs/security.yml
@@ -0,0 +1,21 @@
+ands_openshift_gid_mode:
+# adei: "RunAsAny"
+ ands_default: "MustRunAs"
+
+#ands_openshift_uid_mode:
+# ands_default: "MustRunAsRange"
+
+#ands_openshift_uid_ranges:
+
+ands_openshift_gid_ranges:
+ katrin: "5000/10"
+ adei: "5010/10"
+
+ands_openshift_uids:
+ kaas: { id: 6000 }
+
+ands_openshift_gids:
+ kaas: { id: 6000 }
+
+ands_default_file_group: root
+ands_default_file_owner: root
diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml
index d0ba063..d93f177 100644
--- a/setup/configs/volumes.yml
+++ b/setup/configs/volumes.yml
@@ -3,6 +3,8 @@ ands_paths:
provision: /mnt/provision
openshift: /mnt/openshift
temporary: /mnt/temporary
+ databases: /mnt/databases
+ katrin_data: /mnt/katrin
ands_heketi_domain:
servers: "storage_nodes"
@@ -14,11 +16,15 @@ ands_storage_domains:
clients: "masters"
volumes:
provision: { type: "cfg", mount: "{{ ands_paths.provision }}" }
- - servers: "storage_nodes"
- clients: "nodes"
- volumes:
openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" }
+ databases: { type: "db", mount: "{{ ands_paths.databases }}" }
temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" }
+ katrin_data: { type: "data", mount: "{{ ands_paths.katrin_data }}" }
+# - servers: "storage_nodes"
+# clients: "nodes"
+# openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" }
+# temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" }
+# volumes:
# - ovirt:
# - pdv:
@@ -31,7 +37,6 @@ ands_openshift_volumes:
log: { volume: "temporary", path: "/log", write: true}
tmp: { volume: "temporary", path: "/tmp", write: true}
-
# Global list, we only take things from the volume of project
ands_openshift_files:
- { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" }