diff options
author | Suren A. Chilingaryan <csa@suren.me> | 2018-03-01 21:15:50 +0100 |
---|---|---|
committer | Suren A. Chilingaryan <csa@suren.me> | 2018-03-01 21:15:50 +0100 |
commit | 69adb23c59e991ddcabf5cfce415fd8b638dbc1a (patch) | |
tree | 8693e708f751923f6f7f9dd48004303bebb4e126 /setup/projects | |
parent | 1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (diff) | |
download | ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.gz ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.bz2 ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.xz ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.zip |
Improve handling of filesystem permissions and other fixes
Diffstat (limited to 'setup/projects')
-rw-r--r-- | setup/projects/adei/templates/60-adei.yml.j2 | 17 | ||||
-rw-r--r-- | setup/projects/adei/vars/globals.yml | 12 | ||||
-rw-r--r-- | setup/projects/adei/vars/pods.yml | 2 | ||||
-rw-r--r-- | setup/projects/adei/vars/volumes.yml | 18 | ||||
-rw-r--r-- | setup/projects/kaas/templates/40-kaas-manager.yml.j2 | 3 | ||||
-rw-r--r-- | setup/projects/kaas/vars/volumes.yml | 11 | ||||
-rw-r--r-- | setup/projects/katrin/vars/volumes.yml | 2 |
7 files changed, 33 insertions, 32 deletions
diff --git a/setup/projects/adei/templates/60-adei.yml.j2 b/setup/projects/adei/templates/60-adei.yml.j2 index 537368f..ca3c17a 100644 --- a/setup/projects/adei/templates/60-adei.yml.j2 +++ b/setup/projects/adei/templates/60-adei.yml.j2 @@ -95,6 +95,8 @@ objects: adei-type: "{{ pod_type }}" adei-name: "{{ name }}" adei-setup: "${setup}" + annotations: + kaas/replicas: "{{ cfg.replicas }}" spec: replicas: "{{ cfg.replicas }}" revisionHistoryLimit: "{{ adei_pod_history_limit }}" @@ -127,20 +129,15 @@ objects: {% if (cfg.groups is defined) or (cfg.run_as is defined) %} securityContext: {% if (cfg.run_as is defined) %} -{% if (kaas_project_config.uids | default(kaas_openshift_uids))[cfg.run_as] is defined %} - - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[cfg.run_as].id }} -{% else %} - - {{ cfg.run_as }} -{% endif %} + runAsUser: {{ (kaas_project_uids[cfg.run_as] is defined) | ternary(kaas_project_uids[cfg.run_as].id, cfg.run_as) }} {% endif %} {% if (cfg.groups is defined) %} +{% if (ands_openshift_gid_mode | default('')) == "RunAsAny" %} + fsGroup: {{ (kaas_project_gids[cfg.groups[0]] is defined) | ternary(kaas_project_gids[cfg.groups[0]].id, cfg.groups[0]) }} +{% endif %} supplementalGroups: {% for group in cfg.groups %} -{% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %} - - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} -{% else %} - - {{ group }} -{% endif %} + - {{ (kaas_project_gids[group] is defined) | ternary(kaas_project_gids[group].id, group) }} {% endfor %} {% endif %} {% endif %} diff --git a/setup/projects/adei/vars/globals.yml b/setup/projects/adei/vars/globals.yml index 21f4db1..f8d7816 100644 --- a/setup/projects/adei/vars/globals.yml +++ b/setup/projects/adei/vars/globals.yml @@ -182,7 +182,7 @@ adei_frontends: cacher: name: "adei-${setup}-cacher" replicas: "${cache_replicas}" - cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh" ] + cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/system/cacher.sh" ] env: "{{ adei_pod_env | union(adei_cache_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" @@ -191,7 +191,7 @@ adei_frontends: archive_cacher: name: "adei-${setup}-archive-cacher" replicas: "1" - cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh", "-m", "archive" ] + cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/system/cacher.sh", "-m", "archive" ] env: "{{ adei_pod_env | union(adei_arc_cache_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" @@ -200,7 +200,7 @@ adei_frontends: log_cacher: name: "adei-${setup}-log-cacher" replicas: "${enable_logs}" - cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh" ] + cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/system/cacher.sh" ] env: "{{ adei_pod_env | union(adei_log_cache_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" @@ -209,7 +209,7 @@ adei_frontends: update: name: "adei-${setup}-update" cron: "${update_schedule}" - cmd: [ "/bin/bash", "/adei/src/scripts/cron/adei.cron.sh" ] + cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/cron/adei.cron.sh" ] env: "{{ adei_pod_env | union(adei_cron_env) | union(adei_update_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" @@ -218,7 +218,7 @@ adei_frontends: maintain: name: "adei-${setup}-maintain" cron: "${maintain_schedule}" - cmd: [ "/bin/bash", "/adei/src/scripts/cron/adei_manager.cron.sh" ] + cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/cron/adei_manager.cron.sh" ] env: "{{ adei_pod_env | union(adei_cron_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" @@ -227,7 +227,7 @@ adei_frontends: clean: name: "adei-${setup}-clean" cron: "${clean_schedule}" - cmd: [ "/bin/bash", "/adei/src/scripts/cron/adei_clean.cron.sh" ] + cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/cron/adei_clean.cron.sh" ] env: "{{ adei_pod_env | union(adei_cron_env) }}" vols: "{{ adei_pod_vols }}" mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}" diff --git a/setup/projects/adei/vars/pods.yml b/setup/projects/adei/vars/pods.yml index 5278c44..182db9c 100644 --- a/setup/projects/adei/vars/pods.yml +++ b/setup/projects/adei/vars/pods.yml @@ -30,9 +30,9 @@ pods: env: - { name: "DB_SERVICE_HOST", value: "mysql.adei.svc.cluster.local" } - { name: "DB_SERVICE_PORT", value: "3306" } + - { name: "DB_EXTRA_HOSTS", value: "mysql.katrin.svc.cluster.local" } # - { name: "DB_SERVICE_CONTROL_USER", value: "pma" } # - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" } - - { name: "DB_EXTRA_HOSTS", value: "mysql.katrin.svc.cluster.local" } probes: - { port: 8080, path: '/' } diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml index cdeb4e7..768e27f 100644 --- a/setup/projects/adei/vars/volumes.yml +++ b/setup/projects/adei/vars/volumes.yml @@ -1,6 +1,6 @@ gids: - adei: { id: 6000 } - adei_db: { id: 6001 } + adei: { id: 6001 } + adei_db: { id: 6002 } volumes: adei_init: { volume: "openshift", path: "/adei/init"} # mysql @@ -13,10 +13,10 @@ volumes: adei_db: { volume: "databases", path: "/adei", write: true } # mysql files: - - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_cfg", path: "/prod", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_cfg", path: "/dbg", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" } + - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "02775" } + - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "02775" } + - { osv: "adei_src", path: "/prod", state: "directory", group: "adei", mode: "02775" } + - { osv: "adei_src", path: "/dbg", state: "directory", group: "adei", mode: "02775" } + - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "02775" } + - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "02775" } + - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "02775" } diff --git a/setup/projects/kaas/templates/40-kaas-manager.yml.j2 b/setup/projects/kaas/templates/40-kaas-manager.yml.j2 index e181737..b9cba4e 100644 --- a/setup/projects/kaas/templates/40-kaas-manager.yml.j2 +++ b/setup/projects/kaas/templates/40-kaas-manager.yml.j2 @@ -43,6 +43,9 @@ objects: {% for ofs in range(gid_range[1] | default(1) | int) %} - {{ (gid_range[0] | int) + ofs }} {% endfor %} +{% if (ands_openshift_gid_mode | default('')) == "RunAsAny" %} + fsGroup: {{ gid_range[0] }} +{% endif %} {% if (kaas_project_config.run_pods_as is defined) %} {% if ((kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as] is defined) %} runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as].id }} diff --git a/setup/projects/kaas/vars/volumes.yml b/setup/projects/kaas/vars/volumes.yml index 3554aa6..cf9c697 100644 --- a/setup/projects/kaas/vars/volumes.yml +++ b/setup/projects/kaas/vars/volumes.yml @@ -1,10 +1,11 @@ -gids: - kaas: { id: 4000 } +#defined globaly +#gids: +# kaas: { id: 4000 } files: - - { osv: "data", path: "/www", state: "directory", group: "kaas", mode: "0775" } - - { osv: "etc", path: "/apache2", state: "directory", group: "kaas", mode: "0775" } - - { osv: "tmp", path: "/apache2", state: "directory", group: "kaas", mode: "0775" } + - { osv: "data", path: "/www", state: "directory", group: "kaas", mode: "02775" } + - { osv: "etc", path: "/apache2", state: "directory", group: "kaas", mode: "02775" } + - { osv: "tmp", path: "/apache2", state: "directory", group: "kaas", mode: "02775" } #resync: true sync_set_gid: kaas diff --git a/setup/projects/katrin/vars/volumes.yml b/setup/projects/katrin/vars/volumes.yml index ca22a28..3b53bb3 100644 --- a/setup/projects/katrin/vars/volumes.yml +++ b/setup/projects/katrin/vars/volumes.yml @@ -5,7 +5,7 @@ extra_volumes: katrin: { volume: "katrin_data", path: "/", capacity: "40Ti", write: true } files: - - { osv: "katrin", path: "/", state: "directory", group: "katrin", mode: "0775" } + - { osv: "katrin", path: "/", state: "directory", group: "katrin", mode: "02775" } #resync: true #sync_set_gid: katrin |