From c163108c0c0c7b7a4f05da411e98ac0f503e31e0 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Fri, 23 Mar 2018 06:51:23 +0100 Subject: Fix critical bug in docker provisioner, improve mysql performance, provision system users/groups to enable NFS group mapping, various minor fixes --- roles/ands_common/tasks/software.yml | 12 +++++---- roles/ands_kaas/tasks/do_storage.yml | 6 +++-- roles/ands_kaas/tasks/do_sysgroups.yml | 12 +++++++++ roles/ands_kaas/tasks/sysgroup.yml | 14 ++++++++++ roles/ands_kaas/tasks/sysuser.yml | 15 +++++++++++ roles/docker/defaults/main.yml | 2 ++ roles/docker/tasks/configure.yml | 30 ++++++++++++++++++---- roles/docker/tasks/storage.yml | 3 +++ roles/glusterfs/templates/export.openshift.conf.j2 | 1 + 9 files changed, 83 insertions(+), 12 deletions(-) create mode 100644 roles/ands_kaas/tasks/do_sysgroups.yml create mode 100644 roles/ands_kaas/tasks/sysgroup.yml create mode 100644 roles/ands_kaas/tasks/sysuser.yml (limited to 'roles') diff --git a/roles/ands_common/tasks/software.yml b/roles/ands_common/tasks/software.yml index ea37b51..4c0f491 100644 --- a/roles/ands_common/tasks/software.yml +++ b/roles/ands_common/tasks/software.yml @@ -6,11 +6,13 @@ - lsof - strace -# We also can install something conditionally -#- name: Install various administrative tools -# package: name={{item}} state=present -# when: 'ands_storage_servers' in group_names -# with_items: +- name: Install storage management tools + package: name={{item}} state=present + when: "'baremetal' in group_names" + with_items: + - storcli + + - name: Ensure all extra packages are installed diff --git a/roles/ands_kaas/tasks/do_storage.yml b/roles/ands_kaas/tasks/do_storage.yml index 8a6a880..d6f1cc5 100644 --- a/roles/ands_kaas/tasks/do_storage.yml +++ b/roles/ands_kaas/tasks/do_storage.yml @@ -5,7 +5,8 @@ loop_var: osv vars: vt_query: "[*].volumes.{{osv.value.volume}}.type" - voltype: "{{ (kaas_storage_domains | json_query(vt_query)) }}" + voltypes: "{{ (kaas_storage_domains | json_query(vt_query)) }}" + voltype: "{{ voltypes[0] | default(ands_none) }}" mp_query: "[*].volumes.{{osv.value.volume}}.mount" mntpath: "{{ (kaas_storage_domains | json_query(mp_query)) }}" rp_query: "[*].volumes.{{osv.value.volume}}.path" @@ -39,7 +40,8 @@ vars: osv: "{{ kaas_project_volumes[file.osv] }}" vt_query: "[*].volumes.{{osv.volume}}.type" - voltype: "{{ (kaas_storage_domains | json_query(vt_query)) }}" + voltypes: "{{ (kaas_storage_domains | json_query(vt_query)) }}" + voltype: "{{ voltypes[0] | default(ands_none) }}" mp_query: "[*].volumes.{{osv.volume}}.mount" mntpath: "{{ (kaas_storage_domains | json_query(mp_query)) }}" rp_query: "[*].volumes.{{osv.volume}}.path" diff --git a/roles/ands_kaas/tasks/do_sysgroups.yml b/roles/ands_kaas/tasks/do_sysgroups.yml new file mode 100644 index 0000000..3ed03b9 --- /dev/null +++ b/roles/ands_kaas/tasks/do_sysgroups.yml @@ -0,0 +1,12 @@ +- name: Populate system users and groups + include_tasks: sysgroup.yml + with_dict: "{{ kaas_project_gids }}" + loop_control: + loop_var: group + when: + - group.value.users is defined + - (gid | int) >= 2000 + vars: + gid: "{{ group.value.id }}" + users: "{{ group.value.users }}" + name: "{{ group.value.name | default('kaas_' ~ group.key) }}" diff --git a/roles/ands_kaas/tasks/sysgroup.yml b/roles/ands_kaas/tasks/sysgroup.yml new file mode 100644 index 0000000..18bd9a6 --- /dev/null +++ b/roles/ands_kaas/tasks/sysgroup.yml @@ -0,0 +1,14 @@ +- name: "Ensure system group {{ name }} with gid {{ gid }} is existing" + group: name="{{ name }}" gid="{{ gid }}" state="present" + +- name: "Process users registered for group {{ name }}" + include_tasks: sysuser.yml + with_list: "{{ users }}" + when: + - ands_openshift_users[user] is defined + - spec.name is defined + vars: + spec: "{{ ands_openshift_users[user] | default({}) }}" + new_group: "{{ name }}" + loop_control: + loop_var: user diff --git a/roles/ands_kaas/tasks/sysuser.yml b/roles/ands_kaas/tasks/sysuser.yml new file mode 100644 index 0000000..4e213fe --- /dev/null +++ b/roles/ands_kaas/tasks/sysuser.yml @@ -0,0 +1,15 @@ +- name: Ensure user is existing on the system + user: + name: "{{ user }}" + uid: "{{ spec.uid | default(omit) }}" + group: "{{ spec.group | default(omit) }}" + comment: "{{ spec.name | default(omit) }}" + password: "{{ spec.password | default(omit) }}" + shell: "{{ spec.shell | default('/bin/false') }}" + home: "{{ spec.home | default(omit) }}" + state: present + +# Configure ssh keys if specified + +- name: Add group + user: name="{{ user }}" groups="{{ new_group }}" append="yes" diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index def846d..5189a8e 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -2,6 +2,8 @@ docker_exclude_vgs: "{{ ands_data_vg is defined | ternary( [ ands_data_vg ], [] docker_lv: "docker-pool" docker_root_lv: "docker-root-lv" docker_setup_root: "{{ docker_root_volume_size is defined }}" +docker_reconfigure: false + docker_min_size: 100 docker_max_log_size: "2m" diff --git a/roles/docker/tasks/configure.yml b/roles/docker/tasks/configure.yml index 5d29291..fa31b1d 100644 --- a/roles/docker/tasks/configure.yml +++ b/roles/docker/tasks/configure.yml @@ -4,10 +4,13 @@ # with_items: [ docker, docker-client, docker-common ] - name: install docker + register: docker_install_result include_tasks: install.yml - name: start docker + register: docker_start_result service: name="docker" state="started" + when: not docker_reconfigure - name: Configure bridge-nf-call-iptables with sysctl sysctl: name="net.bridge.bridge-nf-call-iptables" value=1 state=present sysctl_set=yes @@ -20,17 +23,34 @@ register: loop_device_check failed_when: false changed_when: loop_device_check.rc == 0 + when: not docker_reconfigure -- set_fact: docker_reinit="{{ (loop_device_check.rc == 0) or (vg == '') or (docker_setup_root and ((root_vg == '') or (vg != root_vg))) or (docker_storage_vg is defined and (docker_storage_vg != vg)) }}" +- set_fact: docker_reinit=false + +- set_fact: docker_reinit=true vars: + check: "{{ loop_device_check | default({}) }}" + lv: "{{ ansible_lvm['lvs'][docker_lv] | default({}) }}" + vg: "{{ lv['vg'] | default('') }}" + when: + - docker_install_result | changed + - docker_start_result | changed + - ansible_lvm['lvs'][docker_lv] is not defined + +# Pass option docker_reconfigure to run this... +- set_fact: docker_reinit="{{ loop_back or wrong_root_vg or wrong_docker_vg }}" + vars: + check: "{{ loop_device_check | default({}) }}" lv: "{{ ansible_lvm['lvs'][docker_lv] | default({}) }}" vg: "{{ lv['vg'] | default('') }}" root_lv: "{{ ansible_lvm['lvs'][docker_root_lv] | default({}) }}" root_vg: "{{ root_lv['vg'] | default('') }}" - -- debug: msg="Re-initializing - {{ docker_reinit }}, Loopback check - {{ loop_device_check.stderr }}" - when: loop_device_check.stderr - + loop_back: "{{ check.rc | default(9) == 0 }}" + wrong_root_vg: "{{ docker_setup_root and ((root_vg == '') or (vg != root_vg)) }}" + wrong_docker_vg: "{{ docker_storage_vg is defined and (docker_storage_vg != vg) }}" + when: + - docker_reconfigure | default(false) + - import_tasks: storage.yml when: docker_reinit diff --git a/roles/docker/tasks/storage.yml b/roles/docker/tasks/storage.yml index e431030..d6d531a 100644 --- a/roles/docker/tasks/storage.yml +++ b/roles/docker/tasks/storage.yml @@ -29,6 +29,9 @@ - name: stop docker service: name="docker" state="stopped" +- name: unmount /var/lib/docker + mount: path="/var/lib/docker" state="unmounted" + - name: delete /var/lib/docker file: path="/var/lib/docker" state=absent diff --git a/roles/glusterfs/templates/export.openshift.conf.j2 b/roles/glusterfs/templates/export.openshift.conf.j2 index b2c547f..85132cb 100644 --- a/roles/glusterfs/templates/export.openshift.conf.j2 +++ b/roles/glusterfs/templates/export.openshift.conf.j2 @@ -19,6 +19,7 @@ EXPORT { Protocols = "3", "4" ; Transports = "UDP","TCP"; SecType = "sys"; + Manage_gids = true; {% if nfs.rw is defined %} {% for net in nfs.rw %} -- cgit v1.2.1