From 1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Wed, 28 Feb 2018 23:46:55 +0100 Subject: First running prototype --- roles/ands_kaas/defaults/main.yml | 10 ++++++- roles/ands_kaas/tasks/do_project.yml | 13 ++++---- roles/ands_kaas/tasks/file.yml | 8 ++--- roles/ands_kaas/tasks/main.yml | 2 +- roles/ands_kaas/tasks/project.yml | 11 +++++-- roles/ands_kaas/tasks/search.yml | 2 +- roles/ands_kaas/tasks/sync.yml | 22 ++++++++++++-- roles/ands_kaas/tasks/template.yml | 4 +-- roles/ands_kaas/tasks/templates.yml | 2 ++ roles/ands_kaas/tasks/volume.yml | 34 +++++++++++++++++++++ roles/ands_kaas/templates/00-gfs-volumes.yml.j2 | 6 ++-- roles/ands_kaas/templates/50-kaas-pods.yml.j2 | 14 ++++----- roles/ands_openshift/tasks/security_resources.yml | 36 +++++++++-------------- roles/ands_openshift/tasks/storage_resources.yml | 7 +++-- roles/ands_openshift/tasks/users_resources.yml | 8 +++++ roles/common/tasks/main.yml | 9 ++++++ roles/docker/defaults/main.yml | 5 +++- roles/docker/handlers/main.yml | 3 ++ roles/docker/tasks/main.yml | 11 ++++++- roles/glusterfs/tasks/data | 1 - roles/glusterfs/tasks/data/vols2.yml | 13 ++++++++ roles/glusterfs/tasks/data/vols3.yml | 14 +++++++++ roles/glusterfs/tasks/la/vols2.yml | 1 + roles/glusterfs/tasks/la/vols3.yml | 11 +++++++ roles/glusterfs/tasks/tmp | 1 + roles/glusterfs/tasks/tmp/vols2.yml | 1 - roles/glusterfs/tasks/tmp/vols3.yml | 11 ------- roles/openshift_resource/tasks/main.yml | 23 ++++++++++----- roles/openshift_resource/tasks/resource.yml | 6 ++-- roles/openshift_resource/tasks/template.yml | 6 ++-- 30 files changed, 214 insertions(+), 81 deletions(-) create mode 100644 roles/docker/handlers/main.yml delete mode 120000 roles/glusterfs/tasks/data create mode 100644 roles/glusterfs/tasks/data/vols2.yml create mode 100644 roles/glusterfs/tasks/data/vols3.yml create mode 120000 roles/glusterfs/tasks/la/vols2.yml create mode 100644 roles/glusterfs/tasks/la/vols3.yml create mode 120000 roles/glusterfs/tasks/tmp delete mode 120000 roles/glusterfs/tasks/tmp/vols2.yml delete mode 100644 roles/glusterfs/tasks/tmp/vols3.yml (limited to 'roles') diff --git a/roles/ands_kaas/defaults/main.yml b/roles/ands_kaas/defaults/main.yml index 3835453..b2bfaf5 100644 --- a/roles/ands_kaas/defaults/main.yml +++ b/roles/ands_kaas/defaults/main.yml @@ -4,8 +4,16 @@ kaas_projects: "{{ ands_openshift_projects.keys() }}" kaas_template_root: "{{ ands_paths.provision }}/kaas/" kaas_glusterfs_endpoints: gfs -kaas_openshift_volumes: "{{ ands_openshift_volumes }}" +kaas_openshift_volumes: "{{ ands_openshift_volumes | default({}) }}" +kaas_openshift_files: "{{ ands_openshift_files | default([]) }}" + +kaas_openshift_uids: "{{ ands_openshift_uids | default({}) }}" +kaas_openshift_gids: "{{ ands_openshift_gids | default({}) }}" +kaas_openshift_gid_ranges: "{{ ands_openshift_gid_ranges | default({}) }}" + kaas_default_volume_capacity: "1Ti" kaas_default_file_owner: root kaas_default_file_group: root + +kaas_pod_history_limit: 1 diff --git a/roles/ands_kaas/tasks/do_project.yml b/roles/ands_kaas/tasks/do_project.yml index a876d94..4fac6c6 100644 --- a/roles/ands_kaas/tasks/do_project.yml +++ b/roles/ands_kaas/tasks/do_project.yml @@ -6,13 +6,15 @@ include_tasks: volume.yml run_once: true # delegate_to: "{{ groups.masters[0] }}" - with_dict: "{{ kaas_project_config.volumes | default(kaas_openshift_volumes) }}" + with_dict: "{{ kaas_project_volumes }}" loop_control: loop_var: osv vars: query: "[*].volumes.{{osv.value.volume}}.mount" mntpath: "{{ (ands_storage_domains | json_query(query)) }}" - path: "{{ mntpath[0] ~ (osv.value.path | default('')) }}" + osvpath: "{{ osv.value.path | default('') }}" + prefix: "{{ ( osvpath[:1] == '/' ) | ternary('', '/' ~ kaas_project ~ '/') }}" + path: "{{ mntpath[0] ~ prefix ~ osvpath }}" name: "{{osv.key}}" volume: "{{osv.value}}" when: ( mntpath | length ) > 0 @@ -29,19 +31,19 @@ include_tasks: file.yml run_once: true # delegate_to: "{{ groups.masters[0] }}" - with_items: "{{ kaas_project_config.files | default(ands_openshift_files) }}" + with_items: "{{ kaas_project_config.files | default(kaas_openshift_files) | default([]) }}" loop_control: loop_var: file vars: pvar: "kaas_{{ file.osv }}_path" path: "{{ hostvars[inventory_hostname][pvar] }}/{{ file.path }}" - when: file.osv in ( kaas_project_config.volumes | default(kaas_openshift_volumes) ) + when: file.osv in kaas_project_volumes - name: Load OpenSSL keys include_tasks: keys.yml # delegate_to: "{{ groups.masters[0] }}" run_once: true - with_dict: "{{ kaas_project_config.pods }}" + with_dict: "{{ kaas_project_config.pods | default({}) }}" loop_control: loop_var: pod @@ -57,5 +59,4 @@ run_once: true when: - kaas_project_config.oc is undefined - - kaas_project_config.pods != {} diff --git a/roles/ands_kaas/tasks/file.yml b/roles/ands_kaas/tasks/file.yml index e6b2e8d..a839473 100644 --- a/roles/ands_kaas/tasks/file.yml +++ b/roles/ands_kaas/tasks/file.yml @@ -3,15 +3,15 @@ set_fact: group="{{ file.group | default(kaas_project_config.file_group | default(ands_default_file_group)) }}" - name : Resolve project groups - set_fact: group="{{ (kaas_project_config.gids | default(ands_openshift_gids))[group].id }}" - when: group in ( kaas_project_config.gids | default(ands_openshift_gids) ) + set_fact: group="{{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}" + when: group in ( kaas_project_config.gids | default(kaas_openshift_gids) ) - name: Set owner set_fact: owner="{{ file.owner | default(kaas_project_config.file_owner | default(ands_default_file_owner)) }}" - name : Resolve project uids - set_fact: owner="{{ (kaas_project_config.uids | default(ands_openshift_uids) )[owner].id }}" - when: owner in ( kaas_project_config.uids | default(ands_openshift_uids) ) + set_fact: owner="{{ (kaas_project_config.uids | default(kaas_openshift_uids) )[owner].id }}" + when: owner in ( kaas_project_config.uids | default(kaas_openshift_uids) ) - name: "Setting up files in {{ path }}" file: diff --git a/roles/ands_kaas/tasks/main.yml b/roles/ands_kaas/tasks/main.yml index 0931f80..85110cb 100644 --- a/roles/ands_kaas/tasks/main.yml +++ b/roles/ands_kaas/tasks/main.yml @@ -4,7 +4,7 @@ include_tasks: project.yml run_once: true # delegate_to: "{{ groups.masters[0] }}" - with_items: "{{ kaas_projects }}" + with_items: "{{ (kaas_single_project is defined) | ternary([kaas_single_project], kaas_projects) }}" loop_control: loop_var: kaas_project vars: diff --git a/roles/ands_kaas/tasks/project.yml b/roles/ands_kaas/tasks/project.yml index 40b5180..f7eb1df 100644 --- a/roles/ands_kaas/tasks/project.yml +++ b/roles/ands_kaas/tasks/project.yml @@ -1,11 +1,15 @@ --- - name: Load global variables include_vars: "{{kaas_project_path}}/vars/globals.yml" - when: "'{{kaas_project_path}}/vars/globals.yml' | is_file" + when: path | is_file + vars: + path: "{{ kaas_project_path }}/vars/globals.yml" - name: Load variables include_vars: dir="{{kaas_project_path}}/vars" name="var_{{kaas_project}}_config" - when: "'{{kaas_project_path}}/vars' | is_dir" + when: path | is_dir + vars: + path: "{{ kaas_project_path }}/vars" - set_fact: "var_{{kaas_project}}_config={{var_empty}}" vars: @@ -24,4 +28,5 @@ - include_tasks: do_project.yml vars: var_name: "var_{{kaas_project}}_config" - kaas_project_config: "{{hostvars[inventory_hostname][var_name]}}" + kaas_project_config: "{{ hostvars[inventory_hostname][var_name] }}" + kaas_project_volumes: "{{ kaas_project_config.volumes | default(kaas_project_config.extra_volumes | default({}) | combine(kaas_openshift_volumes)) }}" \ No newline at end of file diff --git a/roles/ands_kaas/tasks/search.yml b/roles/ands_kaas/tasks/search.yml index 9844ee8..1cefb7d 100644 --- a/roles/ands_kaas/tasks/search.yml +++ b/roles/ands_kaas/tasks/search.yml @@ -12,5 +12,5 @@ local_path: "{{ osv_path }}" remote_path: "{{ hostvars[inventory_hostname][pvar] }}" when: - - osv in (kaas_project_config.volumes | default(kaas_openshift_volumes)) + - osv in kaas_project_volumes - hostvars[inventory_hostname][pvar] is defined diff --git a/roles/ands_kaas/tasks/sync.yml b/roles/ands_kaas/tasks/sync.yml index 07764ca..a4febe7 100644 --- a/roles/ands_kaas/tasks/sync.yml +++ b/roles/ands_kaas/tasks/sync.yml @@ -4,5 +4,23 @@ register: result - name: "Sync '{{ item_name }}'" - local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes - when: (result.stat.exists == False) or (kaas_resync | default(false)) + local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes delete=yes + register: sync + when: (result.stat.exists == False) or (kaas_resync | default(false)) or (kaas_project_config.resync | default(false)) + +- name: "Ensure the data is writeable by project pods" + vars: + grp: "{{ kaas_project_config.sync_set_gid }}" + gid: "{{ ((kaas_project_config.gids | default(kaas_openshift_gids))[grp] is defined) | ternary((kaas_project_config.gids | default(kaas_openshift_gids))[grp].id, grp) }}" + file: + path: "{{ remote_path }}" + state: "directory" + recurse: "yes" + mode: "g+w" + owner: "{{ kaas_project_config.sync_set_uid | default('root') }}" + group: "{{ gid }}" + register: chmod + when: + - sync | changed + - kaas_openshift_gid_ranges[kaas_project] is defined + - kaas_project_config.sync_set_gid | default(false) diff --git a/roles/ands_kaas/tasks/template.yml b/roles/ands_kaas/tasks/template.yml index 6a81dd7..6c90b3d 100644 --- a/roles/ands_kaas/tasks/template.yml +++ b/roles/ands_kaas/tasks/template.yml @@ -1,4 +1,4 @@ -- name: Populate template +- name: "Populate template {{ tmpl_name }}" template: src="{{ item }}" dest="{{ kaas_template_path }}/{{ item | basename | regex_replace('\.j2','') }}" owner=root group=root mode="0644" register: result with_first_found: @@ -8,7 +8,7 @@ files: - "{{ tmpl_name }}" -- name: Configure KaaS resources +- name: "Configure KaaS resources defined in {{ tmpl_name }}" include_role: name="openshift_resource" vars: template: "{{ tmpl_name | basename | regex_replace('\\.j2','') }}" diff --git a/roles/ands_kaas/tasks/templates.yml b/roles/ands_kaas/tasks/templates.yml index e1612bc..2de4fad 100644 --- a/roles/ands_kaas/tasks/templates.yml +++ b/roles/ands_kaas/tasks/templates.yml @@ -4,10 +4,12 @@ command: "echo {{ item | quote }}" register: results changed_when: false + when: (kaas_project_config.pods | default([]) | length > 0) or not (item | regex_search('kaas-pods')) with_fileglob: - "{{ role_path }}/templates/{{ kaas_template_glob | default('*') }}.j2" - "{{ kaas_project_path }}/templates/{{ kaas_template_glob | default('*') }}.j2" + #- debug: msg="{{ results }}" - name: "Sort and execute KaaS templates" diff --git a/roles/ands_kaas/tasks/volume.yml b/roles/ands_kaas/tasks/volume.yml index b82e55f..ff51fb0 100644 --- a/roles/ands_kaas/tasks/volume.yml +++ b/roles/ands_kaas/tasks/volume.yml @@ -6,6 +6,40 @@ file: path: "{{ path }}" state: "directory" + recurse: "no" + register: mkdir + +- name: "Ensure the {{ path }} is writeable by project pods" + vars: + default_group: "{{ kaas_openshift_gid_ranges[kaas_project] | default('') | regex_replace('^([0-9]+)[^0-9]*.*$', '\\1') }}" + file: + path: "{{ path }}" + state: "directory" + recurse: "no" + mode: "{{ volume.mode | default(0775) }}" + owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}" + group: "{{ volume.group | default(kaas_project_config.file_group) | default(default_group) }}" + register: chmod + when: + - mkdir | changed + - kaas_openshift_gid_ranges[kaas_project] is defined + - osvpath[:1] != "/" + +# There is no other way to write for users. There will be just two osv's one writeable and one not. +# We may create a dir with the wrong one and have permissions not set +# - volume.write | default(false) + +- name: "Setting default permissions for non standard locations" + file: + path: "{{ path }}" + state: "directory" + recurse: "no" mode: "{{ volume.mode | default(0755) }}" owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}" group: "{{ volume.group | default(kaas_project_config.file_group) | default(kaas_default_file_group) }}" + when: + - mkdir | changed + - chmod | skipped + + + diff --git a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 index c90c610..c9341ed 100644 --- a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 +++ b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 @@ -6,8 +6,10 @@ metadata: annotations: descriptions: "KATRIN Volumes" objects: -{% for name, vol in (kaas_project_config.volumes | default(kaas_openshift_volumes)).iteritems() %} +{% for name, vol in kaas_project_volumes.iteritems() %} {% set oc_name = vol.name | default(name) | regex_replace('_','-') %} +{% set cfgpath = vol.path | default("") %} +{% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %} - apiVersion: v1 kind: PersistentVolume metadata: @@ -16,7 +18,7 @@ objects: persistentVolumeReclaimPolicy: Retain glusterfs: endpoints: {{ kaas_glusterfs_endpoints }} - path: "{{ vol.volume }}{{vol.path}}" + path: "{{ vol.volume }}{{path}}" readOnly: {{ not (vol.write | default(false)) }} accessModes: - {{ vol.access | default(vol.write | default(false) | ternary('ReadWriteMany', 'ReadOnlyMany')) }} diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 index 9782f75..2ed7462 100644 --- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 +++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 @@ -7,7 +7,7 @@ metadata: annotations: descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }} objects: -{% for name, pod in (kaas_project_config.pods | default(kaas_openshift_volumes)).iteritems() %} +{% for name, pod in (kaas_project_config.pods | default({})).iteritems() %} {% set pubkey = "kaas_" ~ name ~ "_pubkey" %} {% set privkey = "kaas_" ~ name ~ "_privkey" %} {% set cakey = "kaas_" ~ name ~ "_ca" %} @@ -68,10 +68,10 @@ objects: metadata: name: {{ pod.name | default(name) }} spec: - replicas: {{ pod.sched.replicas | default(1) }} + replicas: {{ ( pod.sched | default({})).replicas | default(1) }} revisionHistoryLimit: 2 strategy: - type: {{ pod.sched.strategy | default('Rolling') }} + type: {{ (pod.sched | default({})).strategy | default('Rolling') }} triggers: - type: ConfigChange selector: @@ -105,18 +105,18 @@ objects: securityContext: {% if (pod.run_as is defined) %} {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %} - - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} + runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} {% else %} - - {{ pod.run_as }} + runAsUser: {{ pod.run_as }} {% endif %} {% endif %} {% if (pod.groups is defined) %} supplementalGroups: {% for group in pod.groups %} {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %} - - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} + - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} {% else %} - - {{ group }} + - {{ group }} {% endif %} {% endfor %} {% endif %} diff --git a/roles/ands_openshift/tasks/security_resources.yml b/roles/ands_openshift/tasks/security_resources.yml index 5644723..5b80f1e 100644 --- a/roles/ands_openshift/tasks/security_resources.yml +++ b/roles/ands_openshift/tasks/security_resources.yml @@ -6,49 +6,41 @@ - name: Patch group range in project configuration include_role: name="openshift_resource" tasks_from="patch.yml" vars: - project: "{{ prj_item }}" - resource: "ns/{{ prj_item }}" - patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ands_openshift_gid_ranges[prj_item]}}"}}}' + project: "{{ item.key }}" + resource: "ns/{{ item.key }}" + patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ item.value }}"}}}' patch_path: "{{ ands_openshift_patch_path }}" - with_items: "{{ (ands_openshift_gid_ranges | default({})).keys() }}" - loop_control: - loop_var: prj_item + with_dict: "{{ ands_openshift_gid_ranges | default({}) }}" - name: Patch uid range in project configuration include_role: name="openshift_resource" tasks_from="patch.yml" vars: - project: "{{ prj_item }}" - resource: "ns/{{ prj_item }}" - patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ands_openshift_uid_ranges[prj_item]}}"}}}' + project: "{{ item.key }}" + resource: "ns/{{ item.key }}" + patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ item.value }}"}}}' patch_path: "{{ ands_openshift_patch_path }}" - with_items: "{{ (ands_openshift_uid_ranges | default({})).keys() }}" - loop_control: - loop_var: prj_item + with_dict: "{{ ands_openshift_uid_ranges | default({}) }}" - name: Restrict supplementalGroups include_role: name="openshift_resource" tasks_from="patch.yml" vars: - project: "{{ prj_item }}" + project: "{{ item.key }}" resource: "scc/restricted" modes: "{{ ands_openshift_gid_mode | default({}) }}" - mode: "{{ (modes[prj_item] is defined) | ternary(modes[prj_item], modes['ands_default'] | default(false)) }}" + mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}" patch: '{"supplementalGroups":{"type":"{{mode}}"}}' patch_path: "{{ ands_openshift_patch_path }}" when: mode != false - with_items: "{{ (ands_openshift_projects | default({})).keys() }}" - loop_control: - loop_var: prj_item + with_dict: "{{ ands_openshift_projects | default({}) }}" - name: Configure runAsUser include_role: name="openshift_resource" tasks_from="patch.yml" vars: - project: "{{ prj_item }}" + project: "{{ item.key }}" resource: "scc/restricted" modes: "{{ ands_openshift_uid_mode | default({}) }}" - mode: "{{ (modes[prj_item] is defined) | ternary(modes[prj_item], modes['ands_default'] | default(false)) }}" + mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}" patch: '{"runAsUser":{"type":"{{mode}}"}}' patch_path: "{{ ands_openshift_patch_path }}" when: mode != false - with_items: "{{ (ands_openshift_projects | default({})).keys() }}" - loop_control: - loop_var: prj_item + with_dict: "{{ ands_openshift_projects | default({}) }}" diff --git a/roles/ands_openshift/tasks/storage_resources.yml b/roles/ands_openshift/tasks/storage_resources.yml index 5adf69e..c83c677 100644 --- a/roles/ands_openshift/tasks/storage_resources.yml +++ b/roles/ands_openshift/tasks/storage_resources.yml @@ -13,7 +13,7 @@ template_path: "{{ storage_template_path }}" project: "{{ prj_item }}" recreate: "{{ result | changed | ternary (true, false) }}" - with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}" + with_items: "{{ ands_openshift_projects.keys() }}" loop_control: loop_var: prj_item @@ -28,6 +28,9 @@ template_path: "{{ storage_template_path }}" project: "{{ prj_item }}" recreate: "{{ result | changed | ternary (true, false) }}" - with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}" + with_items: "{{ ands_openshift_projects.keys() }}" loop_control: loop_var: prj_item + + + \ No newline at end of file diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml index 5bc748c..722e1eb 100644 --- a/roles/ands_openshift/tasks/users_resources.yml +++ b/roles/ands_openshift/tasks/users_resources.yml @@ -19,6 +19,14 @@ command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}" with_items: "{{ new_projects | default([]) }}" +- name: Allow projects to pull images from KaaS imagestreams + command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas" + with_items: "{{ ands_openshift_projects.keys() }}" + when: + prj_item != "kaas" + loop_control: + loop_var: prj_item + - name: Configure per project roles command: "oc adm policy add-role-to-user -n {{ item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}" with_dict: "{{ ands_openshift_roles }}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 7f6922b..9bd820a 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -4,6 +4,10 @@ - epel-release - centos-release-openshift-origin +- name: Add our repository with updates and overrides + yum_repository: name="{{ item.name }}" description= "{{ item.description | default('Ands repository') }}" baseurl="{{ item.url }}" enabled="yes" gpgcheck="no" cost="{{ item.cost | default(1) }}" + with_items: "{{ ands_repositories | default([]) }}" + - name: Ensure GlusterFS repositories are present yum: name="centos-release-gluster{{ glusterfs_version }}" state=present @@ -25,6 +29,11 @@ - python-rhsm-certificates - glusterfs-fuse +#- name: Add NodeJS required by a few used Ansible extensions +# package: name={{item}} state=present +# with_items: +# - nodejs + - name: Ensure all extra packages are installed package: name={{item}} state=present with_items: "{{ extra_packages | default([]) }}" diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 6542789..f7b96f5 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1,3 +1,6 @@ -docker_min_size: 100 docker_exclude_vgs: "{{ ands_data_vg is defined | ternary( [ ands_data_vg ], [] ) }}" docker_lv: "docker-pool" + +docker_min_size: 100 +docker_max_log_size: "2m" +docker_max_log_files: "3" diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml new file mode 100644 index 0000000..43016e0 --- /dev/null +++ b/roles/docker/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart docker + service: name=docker state=restarted diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e424e01..a7bd700 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -27,6 +27,15 @@ lvol: vg="{{ ansible_lvm['lvs'][docker_lv]['vg'] }}" lv="docker_lv" size="{{ docker_volume_size }}" when: docker_volume_size is defined -- name: stop docker +- name: Limit size of container log files + ghetto_json: + path: "/etc/docker/daemon.json" + log-driver: "json-file" + log-opts.max-size: "{{ docker_max_log_size }}" + log-opts.max-file: "{{ docker_max_log_files }}" + notify: + - restart docker + +- name: start docker service: name="docker" enabled=yes state=started \ No newline at end of file diff --git a/roles/glusterfs/tasks/data b/roles/glusterfs/tasks/data deleted file mode 120000 index 31bb52e..0000000 --- a/roles/glusterfs/tasks/data +++ /dev/null @@ -1 +0,0 @@ -cfg \ No newline at end of file diff --git a/roles/glusterfs/tasks/data/vols2.yml b/roles/glusterfs/tasks/data/vols2.yml new file mode 100644 index 0000000..d094797 --- /dev/null +++ b/roles/glusterfs/tasks/data/vols2.yml @@ -0,0 +1,13 @@ +--- +- name: "Create {{ name }} volume" + gluster_volume: + state: present + name: "{{ name }}" + cluster: "{{ domain_servers | join(',') }}" + replicas: "{{ domain_servers | length }}" + bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}" + transport: "{{ glusterfs_transport }}" + + +- name: "Start {{ name }} volume" + gluster_volume: state="started" name="{{ name }}" diff --git a/roles/glusterfs/tasks/data/vols3.yml b/roles/glusterfs/tasks/data/vols3.yml new file mode 100644 index 0000000..866480c --- /dev/null +++ b/roles/glusterfs/tasks/data/vols3.yml @@ -0,0 +1,14 @@ +--- +- name: "Create {{ name }} volume" + gluster_volume: + state: present + name: "{{ name }}" + cluster: "{{ domain_servers | join(',') }}" + replicas: 3 + arbiters: 1 + bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}" + transport: "{{ glusterfs_transport }}" + + +- name: "Start {{ name }} volume" + gluster_volume: state="started" name="{{ name }}" diff --git a/roles/glusterfs/tasks/la/vols2.yml b/roles/glusterfs/tasks/la/vols2.yml new file mode 120000 index 0000000..b6a3e8f --- /dev/null +++ b/roles/glusterfs/tasks/la/vols2.yml @@ -0,0 +1 @@ +vols3.yml \ No newline at end of file diff --git a/roles/glusterfs/tasks/la/vols3.yml b/roles/glusterfs/tasks/la/vols3.yml new file mode 100644 index 0000000..9565bb3 --- /dev/null +++ b/roles/glusterfs/tasks/la/vols3.yml @@ -0,0 +1,11 @@ +--- +- name: "Create {{ name }} volume" + gluster_volume: + state: present + name: "{{ name }}" + cluster: "{{ domain_servers | join(',') }}" + bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}" + transport: "{{ glusterfs_transport }}" + +- name: "Start {{ name }} volume" + gluster_volume: state="started" name="{{ name }}" diff --git a/roles/glusterfs/tasks/tmp b/roles/glusterfs/tasks/tmp new file mode 120000 index 0000000..6320cd2 --- /dev/null +++ b/roles/glusterfs/tasks/tmp @@ -0,0 +1 @@ +data \ No newline at end of file diff --git a/roles/glusterfs/tasks/tmp/vols2.yml b/roles/glusterfs/tasks/tmp/vols2.yml deleted file mode 120000 index b6a3e8f..0000000 --- a/roles/glusterfs/tasks/tmp/vols2.yml +++ /dev/null @@ -1 +0,0 @@ -vols3.yml \ No newline at end of file diff --git a/roles/glusterfs/tasks/tmp/vols3.yml b/roles/glusterfs/tasks/tmp/vols3.yml deleted file mode 100644 index 9565bb3..0000000 --- a/roles/glusterfs/tasks/tmp/vols3.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: "Create {{ name }} volume" - gluster_volume: - state: present - name: "{{ name }}" - cluster: "{{ domain_servers | join(',') }}" - bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}" - transport: "{{ glusterfs_transport }}" - -- name: "Start {{ name }} volume" - gluster_volume: state="started" name="{{ name }}" diff --git a/roles/openshift_resource/tasks/main.yml b/roles/openshift_resource/tasks/main.yml index af071f9..8606aa3 100644 --- a/roles/openshift_resource/tasks/main.yml +++ b/roles/openshift_resource/tasks/main.yml @@ -5,18 +5,27 @@ changed_when: false register: results - - name: Parse JSON templates + - name: "Parse JSON templates {{ template }}" set_fact: tmpl="{{ results.stdout | from_json }}" when: template.find(".json") != -1 - - name: Parse YaML templates + - name: "Parse YaML templates {{ template }}" set_fact: tmpl="{{ results.stdout | from_yaml }}" when: template.find(".json") == -1 - - include_tasks: template.yml - when: (tmpl.kind == "Template") and (tmpl.parameters is not defined) - - - include_tasks: resource.yml - when: (tmpl.parameters is defined) or (tmpl.kind != "Template") + - name: "Populating resources defined in {{ template }} template" + include_tasks: template.yml + register: results + vars: + metadata: "{{ tmpl.metadata | default({}) }}" + annotations: "{{ metadata.annotations | default({}) }}" + strategy: "{{ annotations['kaas/strategy'] | default('auto') }}" + when: + - tmpl.kind == "Template" + - strategy == "auto" + + - name: "Creating template/resources defined in {{ template }}" + include_tasks: resource.yml + when: results | skipped run_once: true diff --git a/roles/openshift_resource/tasks/resource.yml b/roles/openshift_resource/tasks/resource.yml index 769a89c..4e6e7ac 100644 --- a/roles/openshift_resource/tasks/resource.yml +++ b/roles/openshift_resource/tasks/resource.yml @@ -3,20 +3,20 @@ - name: Find out which resources we are going to configure set_fact: rkind="{{ tmpl.kind }}" rname="{{ tmpl.metadata.name }}" - - name: Lookup the specified resource + - name: "Lookup the specified resource {{rkind}}/{{rname}}" command: "oc get -n {{project}} {{rkind}}/{{rname}}" register: find_result changed_when: false failed_when: false - - name: Detroy existing resources + - name: "Detroy existing resources {{rkind}}/{{rname}}" command: "oc delete -n {{project}} {{rkind}}/{{rname}}" register: rm_result failed_when: false changed_when: (rm_result | succeeded) when: (recreate|default(false)) - - name: Create resources defined in template + - name: "Create resources defined in {{ template }}" command: "oc create -n {{project}} -f '{{ template_path }}/{{ template }}' {{ create_args | default('') }}" when: (recreate|default(false)) or (find_result.rc != 0) run_once: true diff --git a/roles/openshift_resource/tasks/template.yml b/roles/openshift_resource/tasks/template.yml index c93dec5..6c9340b 100644 --- a/roles/openshift_resource/tasks/template.yml +++ b/roles/openshift_resource/tasks/template.yml @@ -5,7 +5,7 @@ vars: query: "objects[*].{kind: kind, name: metadata.name}" - - name: Lookup the specified resource + - name: "{{ template }}: Lookup the specified resource" command: "oc get -n {{project}} {{item.kind}}/{{item.name}}" register: results failed_when: false @@ -13,13 +13,13 @@ with_items: "{{ resources | default([]) }}" # when: not (recreate|default(false)) - - name: Detroy existing resources + - name: "{{ template }}: Detroy existing resources" command: "oc delete -n {{project}} {{resources[item|int].kind}}/{{resources[item|int].name}}" failed_when: false with_sequence: start=0 count="{{resources | default([]) | length}}" when: ((recreate|default(false)) or (results | changed)) and (results.results[item|int].rc == 0) - - name: Create resources defined in template + - name: "{{ template }}: Create resources defined" shell: "oc process -f '{{ template_path }}/{{template}}' {{ template_args | default('') }} | oc create -n {{project}} -f - {{ create_args | default('') }}" when: (recreate|default(false)) or (results | changed) run_once: true -- cgit v1.2.1