Minor tunning

author: Suren A. Chilingaryan <csa@suren.me> 2018-03-24 03:05:47 +0100
committer: Suren A. Chilingaryan <csa@suren.me> 2018-03-24 03:05:47 +0100
commit: 5a15f65db3dfb245919bdd534e93bd711db2eb60 (patch)
tree: 431e6cc7476a0c2e135983a937a9d2e6f184fe5e /roles
parent: c163108c0c0c7b7a4f05da411e98ac0f503e31e0 (diff)
download: ands-5a15f65db3dfb245919bdd534e93bd711db2eb60.tar.gz
ands-5a15f65db3dfb245919bdd534e93bd711db2eb60.tar.bz2
ands-5a15f65db3dfb245919bdd534e93bd711db2eb60.tar.xz
ands-5a15f65db3dfb245919bdd534e93bd711db2eb60.zip
7 files changed, 26 insertions, 7 deletions
diff --git a/roles/ands_backup/templates/backup.sh.j2 b/roles/ands_backup/templates/backup.sh.j2
index c362957..b9884ea 100755
--- a/roles/ands_backup/templates/backup.sh.j2
+++ b/roles/ands_backup/templates/backup.sh.j2
@@ -37,13 +37,20 @@ etcdctl3 --endpoints="192.168.213.1:2379" snapshot save "$backup_path/etcd/snaps
 mkdir -p "$backup_path/heketi" || { echo "Can't create ${backup_path}/heketi" ; exit 1 ; }
 heketi-cli -s  http://heketi-storage.glusterfs.svc.cluster.local:8080 --user admin --secret "$(oc get secret heketi-storage-admin-secret -n glusterfs -o jsonpath='{.data.key}' | base64 -d)" topology info > "$backup_path/heketi/heketi_topology.json"
 heketi-cli -s  http://heketi-storage.glusterfs.svc.cluster.local:8080 --user admin --secret "$(oc get secret heketi-storage-admin-secret -n glusterfs -o jsonpath='{.data.key}' | base64 -d)" db dump > "$backup_path/heketi/heketi_db.json"
-lvs > "$backup_path/heketi/lvs.txt" 2>/dev/null
-lvm fullreport --reportformat json > "$backup_path/heketi/lvm.json" 2>/dev/null
 gluster --xml volume info > "$backup_path/heketi/gluster-info.xml"
 gluster --xml volume status > "$backup_path/heketi/gluster-status.xml"
 gluster volume status > "$backup_path/heketi/gluster.txt"
 {% endif %}
 
+mkdir -p "$backup_path/lvm" || { echo "Can't create ${backup_path}/lvm" ; exit 1 ; }
+lvs > "$backup_path/lvm/lvs.txt" 2>/dev/null
+lvm fullreport --reportformat json > "$backup_path/lvm/lvm.json" 2>/dev/null
+dmsetup ls --tree > "$backup_path/lvm/dmesetup.txt" 2>/dev/null
+vglist=$(vgdisplay | grep -oP "VG Name\s+\K.*")
+for vg in $vglist; do
+    vgcfgbackup -f "$backup_path/lvm/vg-$vg.backup" "$vg" &>/dev/null
+done
+
 
 {% if 'ands_storage_servers' in group_names %}
 # Gluster
diff --git a/roles/ands_network/defaults/main.yml b/roles/ands_network/defaults/main.yml
index 0170370..c2538f9 100644
--- a/roles/ands_network/defaults/main.yml
+++ b/roles/ands_network/defaults/main.yml
@@ -1,3 +1,3 @@
 configure_network: "{{ ands_configure_network | default(false) }}"
 firewall_template_path: "{{ ands_paths.provision }}/firewall/{{ ansible_hostname }}"
-firewall_services: [ 'galera', 'netpipe' ]
-\ No newline at end of file
+firewall_enabled_services: "{{ ands_firewall_enabled_services }}"
diff --git a/roles/ands_network/files/galera.xml b/roles/ands_network/files/firewalld/galera.xml
index 15f908b..15f908b 100644
--- a/roles/ands_network/files/galera.xml
+++ b/roles/ands_network/files/firewalld/galera.xml
diff --git a/roles/ands_network/files/firewalld/haproxy-stats.xml b/roles/ands_network/files/firewalld/haproxy-stats.xml
new file mode 100644
index 0000000..b574be7
--- /dev/null
+++ b/roles/ands_network/files/firewalld/haproxy-stats.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>haproxy-stats</short>
+  <description>OpenShift HAProxy router statistics</description>
+  <port protocol="tcp" port="1936"/>
+</service>
diff --git a/roles/ands_network/files/netpipe.xml b/roles/ands_network/files/firewalld/netpipe.xml
index 0e7f355..0e7f355 100644
--- a/roles/ands_network/files/netpipe.xml
+++ b/roles/ands_network/files/firewalld/netpipe.xml
diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml
index d5ba5f3..280a172 100644
--- a/roles/ands_network/tasks/firewall.yml
+++ b/roles/ands_network/tasks/firewall.yml
@@ -12,15 +12,21 @@
 
 - name: Configure missing firewalld services
   include_tasks: firewall_service.yml
-  with_items: "{{ firewall_services }}"
+  with_items: "{{ lookup('pipe', filesearch).split('\n') }}"
   vars:
+    filesearch: "find {{ role_path }}/files/firewalld -name *.xml -mindepth 1 -maxdepth 1"
+    service:  "{{ item | basename | regex_replace('\\.xml','') }}"
     servicelist: "{{ services.stdout_lines }}"
-  loop_control:
-    loop_var: service
 
 - name: Reload firewalld rules
   shell: firewall-cmd --reload
 
+- name: Enable requested services
+  firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
+  when: ands_hostnet_db | default(false)
+  with_items: "{{ firewall_enabled_services }}"
+ 
+
 - name: Enable MySQL and Galera services if ands_hostnet_db is enabled
   firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
   when: ands_hostnet_db | default(false)
diff --git a/roles/ands_network/tasks/firewall_service.yml b/roles/ands_network/tasks/firewall_service.yml
index 98bc866..d3c6e9b 100644
--- a/roles/ands_network/tasks/firewall_service.yml
+++ b/roles/ands_network/tasks/firewall_service.yml
@@ -1,5 +1,5 @@
 - name: "Copy firewalld service '{{ service }}'"
-  copy: src="{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
+  copy: src="firewalld/{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
   register: result
 
 - name: "Delete old version of firewalld service '{{ service }}'"
author	Suren A. Chilingaryan <csa@suren.me>	2018-03-24 03:05:47 +0100
committer	Suren A. Chilingaryan <csa@suren.me>	2018-03-24 03:05:47 +0100
commit	5a15f65db3dfb245919bdd534e93bd711db2eb60 (patch)
tree	431e6cc7476a0c2e135983a937a9d2e6f184fe5e /roles
parent	c163108c0c0c7b7a4f05da411e98ac0f503e31e0 (diff)
download	ands-5a15f65db3dfb245919bdd534e93bd711db2eb60.tar.gz ands-5a15f65db3dfb245919bdd534e93bd711db2eb60.tar.bz2 ands-5a15f65db3dfb245919bdd534e93bd711db2eb60.tar.xz ands-5a15f65db3dfb245919bdd534e93bd711db2eb60.zip