summaryrefslogtreecommitdiffstats
path: root/roles/ands_kaas
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-02-28 23:46:55 +0100
committerSuren A. Chilingaryan <csa@suren.me>2018-02-28 23:46:55 +0100
commit1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (patch)
treec75d04456ab3593442734bec3d84c90e4b973f27 /roles/ands_kaas
parentfe4622305efa55e6bec8221efe8fc4bdd5462136 (diff)
downloadands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.gz
ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.bz2
ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.xz
ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.zip
First running prototype
Diffstat (limited to 'roles/ands_kaas')
-rw-r--r--roles/ands_kaas/defaults/main.yml10
-rw-r--r--roles/ands_kaas/tasks/do_project.yml13
-rw-r--r--roles/ands_kaas/tasks/file.yml8
-rw-r--r--roles/ands_kaas/tasks/main.yml2
-rw-r--r--roles/ands_kaas/tasks/project.yml11
-rw-r--r--roles/ands_kaas/tasks/search.yml2
-rw-r--r--roles/ands_kaas/tasks/sync.yml22
-rw-r--r--roles/ands_kaas/tasks/template.yml4
-rw-r--r--roles/ands_kaas/tasks/templates.yml2
-rw-r--r--roles/ands_kaas/tasks/volume.yml34
-rw-r--r--roles/ands_kaas/templates/00-gfs-volumes.yml.j26
-rw-r--r--roles/ands_kaas/templates/50-kaas-pods.yml.j214
12 files changed, 99 insertions, 29 deletions
diff --git a/roles/ands_kaas/defaults/main.yml b/roles/ands_kaas/defaults/main.yml
index 3835453..b2bfaf5 100644
--- a/roles/ands_kaas/defaults/main.yml
+++ b/roles/ands_kaas/defaults/main.yml
@@ -4,8 +4,16 @@ kaas_projects: "{{ ands_openshift_projects.keys() }}"
kaas_template_root: "{{ ands_paths.provision }}/kaas/"
kaas_glusterfs_endpoints: gfs
-kaas_openshift_volumes: "{{ ands_openshift_volumes }}"
+kaas_openshift_volumes: "{{ ands_openshift_volumes | default({}) }}"
+kaas_openshift_files: "{{ ands_openshift_files | default([]) }}"
+
+kaas_openshift_uids: "{{ ands_openshift_uids | default({}) }}"
+kaas_openshift_gids: "{{ ands_openshift_gids | default({}) }}"
+kaas_openshift_gid_ranges: "{{ ands_openshift_gid_ranges | default({}) }}"
+
kaas_default_volume_capacity: "1Ti"
kaas_default_file_owner: root
kaas_default_file_group: root
+
+kaas_pod_history_limit: 1
diff --git a/roles/ands_kaas/tasks/do_project.yml b/roles/ands_kaas/tasks/do_project.yml
index a876d94..4fac6c6 100644
--- a/roles/ands_kaas/tasks/do_project.yml
+++ b/roles/ands_kaas/tasks/do_project.yml
@@ -6,13 +6,15 @@
include_tasks: volume.yml
run_once: true
# delegate_to: "{{ groups.masters[0] }}"
- with_dict: "{{ kaas_project_config.volumes | default(kaas_openshift_volumes) }}"
+ with_dict: "{{ kaas_project_volumes }}"
loop_control:
loop_var: osv
vars:
query: "[*].volumes.{{osv.value.volume}}.mount"
mntpath: "{{ (ands_storage_domains | json_query(query)) }}"
- path: "{{ mntpath[0] ~ (osv.value.path | default('')) }}"
+ osvpath: "{{ osv.value.path | default('') }}"
+ prefix: "{{ ( osvpath[:1] == '/' ) | ternary('', '/' ~ kaas_project ~ '/') }}"
+ path: "{{ mntpath[0] ~ prefix ~ osvpath }}"
name: "{{osv.key}}"
volume: "{{osv.value}}"
when: ( mntpath | length ) > 0
@@ -29,19 +31,19 @@
include_tasks: file.yml
run_once: true
# delegate_to: "{{ groups.masters[0] }}"
- with_items: "{{ kaas_project_config.files | default(ands_openshift_files) }}"
+ with_items: "{{ kaas_project_config.files | default(kaas_openshift_files) | default([]) }}"
loop_control:
loop_var: file
vars:
pvar: "kaas_{{ file.osv }}_path"
path: "{{ hostvars[inventory_hostname][pvar] }}/{{ file.path }}"
- when: file.osv in ( kaas_project_config.volumes | default(kaas_openshift_volumes) )
+ when: file.osv in kaas_project_volumes
- name: Load OpenSSL keys
include_tasks: keys.yml
# delegate_to: "{{ groups.masters[0] }}"
run_once: true
- with_dict: "{{ kaas_project_config.pods }}"
+ with_dict: "{{ kaas_project_config.pods | default({}) }}"
loop_control:
loop_var: pod
@@ -57,5 +59,4 @@
run_once: true
when:
- kaas_project_config.oc is undefined
- - kaas_project_config.pods != {}
diff --git a/roles/ands_kaas/tasks/file.yml b/roles/ands_kaas/tasks/file.yml
index e6b2e8d..a839473 100644
--- a/roles/ands_kaas/tasks/file.yml
+++ b/roles/ands_kaas/tasks/file.yml
@@ -3,15 +3,15 @@
set_fact: group="{{ file.group | default(kaas_project_config.file_group | default(ands_default_file_group)) }}"
- name : Resolve project groups
- set_fact: group="{{ (kaas_project_config.gids | default(ands_openshift_gids))[group].id }}"
- when: group in ( kaas_project_config.gids | default(ands_openshift_gids) )
+ set_fact: group="{{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}"
+ when: group in ( kaas_project_config.gids | default(kaas_openshift_gids) )
- name: Set owner
set_fact: owner="{{ file.owner | default(kaas_project_config.file_owner | default(ands_default_file_owner)) }}"
- name : Resolve project uids
- set_fact: owner="{{ (kaas_project_config.uids | default(ands_openshift_uids) )[owner].id }}"
- when: owner in ( kaas_project_config.uids | default(ands_openshift_uids) )
+ set_fact: owner="{{ (kaas_project_config.uids | default(kaas_openshift_uids) )[owner].id }}"
+ when: owner in ( kaas_project_config.uids | default(kaas_openshift_uids) )
- name: "Setting up files in {{ path }}"
file:
diff --git a/roles/ands_kaas/tasks/main.yml b/roles/ands_kaas/tasks/main.yml
index 0931f80..85110cb 100644
--- a/roles/ands_kaas/tasks/main.yml
+++ b/roles/ands_kaas/tasks/main.yml
@@ -4,7 +4,7 @@
include_tasks: project.yml
run_once: true
# delegate_to: "{{ groups.masters[0] }}"
- with_items: "{{ kaas_projects }}"
+ with_items: "{{ (kaas_single_project is defined) | ternary([kaas_single_project], kaas_projects) }}"
loop_control:
loop_var: kaas_project
vars:
diff --git a/roles/ands_kaas/tasks/project.yml b/roles/ands_kaas/tasks/project.yml
index 40b5180..f7eb1df 100644
--- a/roles/ands_kaas/tasks/project.yml
+++ b/roles/ands_kaas/tasks/project.yml
@@ -1,11 +1,15 @@
---
- name: Load global variables
include_vars: "{{kaas_project_path}}/vars/globals.yml"
- when: "'{{kaas_project_path}}/vars/globals.yml' | is_file"
+ when: path | is_file
+ vars:
+ path: "{{ kaas_project_path }}/vars/globals.yml"
- name: Load variables
include_vars: dir="{{kaas_project_path}}/vars" name="var_{{kaas_project}}_config"
- when: "'{{kaas_project_path}}/vars' | is_dir"
+ when: path | is_dir
+ vars:
+ path: "{{ kaas_project_path }}/vars"
- set_fact: "var_{{kaas_project}}_config={{var_empty}}"
vars:
@@ -24,4 +28,5 @@
- include_tasks: do_project.yml
vars:
var_name: "var_{{kaas_project}}_config"
- kaas_project_config: "{{hostvars[inventory_hostname][var_name]}}"
+ kaas_project_config: "{{ hostvars[inventory_hostname][var_name] }}"
+ kaas_project_volumes: "{{ kaas_project_config.volumes | default(kaas_project_config.extra_volumes | default({}) | combine(kaas_openshift_volumes)) }}" \ No newline at end of file
diff --git a/roles/ands_kaas/tasks/search.yml b/roles/ands_kaas/tasks/search.yml
index 9844ee8..1cefb7d 100644
--- a/roles/ands_kaas/tasks/search.yml
+++ b/roles/ands_kaas/tasks/search.yml
@@ -12,5 +12,5 @@
local_path: "{{ osv_path }}"
remote_path: "{{ hostvars[inventory_hostname][pvar] }}"
when:
- - osv in (kaas_project_config.volumes | default(kaas_openshift_volumes))
+ - osv in kaas_project_volumes
- hostvars[inventory_hostname][pvar] is defined
diff --git a/roles/ands_kaas/tasks/sync.yml b/roles/ands_kaas/tasks/sync.yml
index 07764ca..a4febe7 100644
--- a/roles/ands_kaas/tasks/sync.yml
+++ b/roles/ands_kaas/tasks/sync.yml
@@ -4,5 +4,23 @@
register: result
- name: "Sync '{{ item_name }}'"
- local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes
- when: (result.stat.exists == False) or (kaas_resync | default(false))
+ local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes delete=yes
+ register: sync
+ when: (result.stat.exists == False) or (kaas_resync | default(false)) or (kaas_project_config.resync | default(false))
+
+- name: "Ensure the data is writeable by project pods"
+ vars:
+ grp: "{{ kaas_project_config.sync_set_gid }}"
+ gid: "{{ ((kaas_project_config.gids | default(kaas_openshift_gids))[grp] is defined) | ternary((kaas_project_config.gids | default(kaas_openshift_gids))[grp].id, grp) }}"
+ file:
+ path: "{{ remote_path }}"
+ state: "directory"
+ recurse: "yes"
+ mode: "g+w"
+ owner: "{{ kaas_project_config.sync_set_uid | default('root') }}"
+ group: "{{ gid }}"
+ register: chmod
+ when:
+ - sync | changed
+ - kaas_openshift_gid_ranges[kaas_project] is defined
+ - kaas_project_config.sync_set_gid | default(false)
diff --git a/roles/ands_kaas/tasks/template.yml b/roles/ands_kaas/tasks/template.yml
index 6a81dd7..6c90b3d 100644
--- a/roles/ands_kaas/tasks/template.yml
+++ b/roles/ands_kaas/tasks/template.yml
@@ -1,4 +1,4 @@
-- name: Populate template
+- name: "Populate template {{ tmpl_name }}"
template: src="{{ item }}" dest="{{ kaas_template_path }}/{{ item | basename | regex_replace('\.j2','') }}" owner=root group=root mode="0644"
register: result
with_first_found:
@@ -8,7 +8,7 @@
files:
- "{{ tmpl_name }}"
-- name: Configure KaaS resources
+- name: "Configure KaaS resources defined in {{ tmpl_name }}"
include_role: name="openshift_resource"
vars:
template: "{{ tmpl_name | basename | regex_replace('\\.j2','') }}"
diff --git a/roles/ands_kaas/tasks/templates.yml b/roles/ands_kaas/tasks/templates.yml
index e1612bc..2de4fad 100644
--- a/roles/ands_kaas/tasks/templates.yml
+++ b/roles/ands_kaas/tasks/templates.yml
@@ -4,10 +4,12 @@
command: "echo {{ item | quote }}"
register: results
changed_when: false
+ when: (kaas_project_config.pods | default([]) | length > 0) or not (item | regex_search('kaas-pods'))
with_fileglob:
- "{{ role_path }}/templates/{{ kaas_template_glob | default('*') }}.j2"
- "{{ kaas_project_path }}/templates/{{ kaas_template_glob | default('*') }}.j2"
+
#- debug: msg="{{ results }}"
- name: "Sort and execute KaaS templates"
diff --git a/roles/ands_kaas/tasks/volume.yml b/roles/ands_kaas/tasks/volume.yml
index b82e55f..ff51fb0 100644
--- a/roles/ands_kaas/tasks/volume.yml
+++ b/roles/ands_kaas/tasks/volume.yml
@@ -6,6 +6,40 @@
file:
path: "{{ path }}"
state: "directory"
+ recurse: "no"
+ register: mkdir
+
+- name: "Ensure the {{ path }} is writeable by project pods"
+ vars:
+ default_group: "{{ kaas_openshift_gid_ranges[kaas_project] | default('') | regex_replace('^([0-9]+)[^0-9]*.*$', '\\1') }}"
+ file:
+ path: "{{ path }}"
+ state: "directory"
+ recurse: "no"
+ mode: "{{ volume.mode | default(0775) }}"
+ owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}"
+ group: "{{ volume.group | default(kaas_project_config.file_group) | default(default_group) }}"
+ register: chmod
+ when:
+ - mkdir | changed
+ - kaas_openshift_gid_ranges[kaas_project] is defined
+ - osvpath[:1] != "/"
+
+# There is no other way to write for users. There will be just two osv's one writeable and one not.
+# We may create a dir with the wrong one and have permissions not set
+# - volume.write | default(false)
+
+- name: "Setting default permissions for non standard locations"
+ file:
+ path: "{{ path }}"
+ state: "directory"
+ recurse: "no"
mode: "{{ volume.mode | default(0755) }}"
owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}"
group: "{{ volume.group | default(kaas_project_config.file_group) | default(kaas_default_file_group) }}"
+ when:
+ - mkdir | changed
+ - chmod | skipped
+
+
+
diff --git a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
index c90c610..c9341ed 100644
--- a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
+++ b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
@@ -6,8 +6,10 @@ metadata:
annotations:
descriptions: "KATRIN Volumes"
objects:
-{% for name, vol in (kaas_project_config.volumes | default(kaas_openshift_volumes)).iteritems() %}
+{% for name, vol in kaas_project_volumes.iteritems() %}
{% set oc_name = vol.name | default(name) | regex_replace('_','-') %}
+{% set cfgpath = vol.path | default("") %}
+{% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %}
- apiVersion: v1
kind: PersistentVolume
metadata:
@@ -16,7 +18,7 @@ objects:
persistentVolumeReclaimPolicy: Retain
glusterfs:
endpoints: {{ kaas_glusterfs_endpoints }}
- path: "{{ vol.volume }}{{vol.path}}"
+ path: "{{ vol.volume }}{{path}}"
readOnly: {{ not (vol.write | default(false)) }}
accessModes:
- {{ vol.access | default(vol.write | default(false) | ternary('ReadWriteMany', 'ReadOnlyMany')) }}
diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
index 9782f75..2ed7462 100644
--- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2
+++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
@@ -7,7 +7,7 @@ metadata:
annotations:
descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }}
objects:
-{% for name, pod in (kaas_project_config.pods | default(kaas_openshift_volumes)).iteritems() %}
+{% for name, pod in (kaas_project_config.pods | default({})).iteritems() %}
{% set pubkey = "kaas_" ~ name ~ "_pubkey" %}
{% set privkey = "kaas_" ~ name ~ "_privkey" %}
{% set cakey = "kaas_" ~ name ~ "_ca" %}
@@ -68,10 +68,10 @@ objects:
metadata:
name: {{ pod.name | default(name) }}
spec:
- replicas: {{ pod.sched.replicas | default(1) }}
+ replicas: {{ ( pod.sched | default({})).replicas | default(1) }}
revisionHistoryLimit: 2
strategy:
- type: {{ pod.sched.strategy | default('Rolling') }}
+ type: {{ (pod.sched | default({})).strategy | default('Rolling') }}
triggers:
- type: ConfigChange
selector:
@@ -105,18 +105,18 @@ objects:
securityContext:
{% if (pod.run_as is defined) %}
{% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %}
- - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }}
+ runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }}
{% else %}
- - {{ pod.run_as }}
+ runAsUser: {{ pod.run_as }}
{% endif %}
{% endif %}
{% if (pod.groups is defined) %}
supplementalGroups:
{% for group in pod.groups %}
{% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %}
- - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}
+ - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}
{% else %}
- - {{ group }}
+ - {{ group }}
{% endif %}
{% endfor %}
{% endif %}