diff options
author | Suren A. Chilingaryan <csa@suren.me> | 2018-02-20 15:10:45 +0100 |
---|---|---|
committer | Suren A. Chilingaryan <csa@suren.me> | 2018-02-20 15:10:45 +0100 |
commit | e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe (patch) | |
tree | 3a8a420d8d26e616491f31b322a006dd2b3e0e1c /roles/openshift_resource | |
parent | 96ced00e05b50f276841a9212ae89e018de4d92d (diff) | |
download | ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.gz ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.bz2 ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.xz ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.zip |
Handling GlusterFS storage security in OpenShift containers
Diffstat (limited to 'roles/openshift_resource')
-rw-r--r-- | roles/openshift_resource/defaults/main.yml | 3 | ||||
-rw-r--r-- | roles/openshift_resource/tasks/patch.yml | 41 |
2 files changed, 43 insertions, 1 deletions
diff --git a/roles/openshift_resource/defaults/main.yml b/roles/openshift_resource/defaults/main.yml index ec44c4f..7994827 100644 --- a/roles/openshift_resource/defaults/main.yml +++ b/roles/openshift_resource/defaults/main.yml @@ -1 +1,2 @@ -template_path: "/mnt/provision/templates" +template_path: "{{ ands_paths.provision }}/templates" +patch_path: "{{ ands_paths.provision }}/patches"
\ No newline at end of file diff --git a/roles/openshift_resource/tasks/patch.yml b/roles/openshift_resource/tasks/patch.yml new file mode 100644 index 0000000..e2bbcfa --- /dev/null +++ b/roles/openshift_resource/tasks/patch.yml @@ -0,0 +1,41 @@ +--- +- name: Lookup the specified resource + command: "oc get -n '{{project}}' '{{resource}}' -o json" + register: orig_result + changed_when: 0 + +- name: Lookup API version of the specified resource + command: "oc get -n '{{project}}' '{{resource}}' --template {{'{{' + '.apiVersion' + '}}'}}" + register: api_version + changed_when: 0 + +# Fucking ansible is making mess of escaping. Main problem it parses to objects strings starting with '{ ... }', but not with ' { ... }' +- name: Escaping patch + set_fact: xpatch='{{patch | to_json | regex_replace(" ","") | regex_replace("^", " ")}}' + +- name: Generate dummy patch {{resource}} in {{project}} + command: "oc patch -n '{{project}}' --patch ' {\"apiVersion\": \"{{api_version.stdout}}\"}' --local=true -f - -o json" + args: + stdin: " {{ orig_result.stdout_lines | join('') }}" + register: dummy_result + changed_when: 0 + +- name: Generate test patch {{resource}} in {{project}} + command: "oc patch -n '{{project}}' --patch '{{xpatch}}' --local=true -f - -o json" + args: + stdin: " {{ orig_result.stdout_lines | join('') }}" + register: patch_result + changed_when: 0 + +#- debug: msg="{{ dummy_result.stdout }}" +# when: dummy_result.stdout != patch_result.stdout + +#- debug: msg="{{ patch_result.stdout }}" +# when: dummy_result.stdout != patch_result.stdout + +- name: Patch {{resource}} in {{project}} + command: "oc patch -n '{{project}}' '{{resource}}' --patch '{{xpatch}}'" + register: result + changed_when: (result | succeeded) + when: dummy_result.stdout != patch_result.stdout +
\ No newline at end of file |