summaryrefslogtreecommitdiffstats
path: root/setup/projects
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-03-01 21:15:50 +0100
committerSuren A. Chilingaryan <csa@suren.me>2018-03-01 21:15:50 +0100
commit69adb23c59e991ddcabf5cfce415fd8b638dbc1a (patch)
tree8693e708f751923f6f7f9dd48004303bebb4e126 /setup/projects
parent1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (diff)
downloadands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.gz
ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.bz2
ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.tar.xz
ands-69adb23c59e991ddcabf5cfce415fd8b638dbc1a.zip
Improve handling of filesystem permissions and other fixes
Diffstat (limited to 'setup/projects')
-rw-r--r--setup/projects/adei/templates/60-adei.yml.j217
-rw-r--r--setup/projects/adei/vars/globals.yml12
-rw-r--r--setup/projects/adei/vars/pods.yml2
-rw-r--r--setup/projects/adei/vars/volumes.yml18
-rw-r--r--setup/projects/kaas/templates/40-kaas-manager.yml.j23
-rw-r--r--setup/projects/kaas/vars/volumes.yml11
-rw-r--r--setup/projects/katrin/vars/volumes.yml2
7 files changed, 33 insertions, 32 deletions
diff --git a/setup/projects/adei/templates/60-adei.yml.j2 b/setup/projects/adei/templates/60-adei.yml.j2
index 537368f..ca3c17a 100644
--- a/setup/projects/adei/templates/60-adei.yml.j2
+++ b/setup/projects/adei/templates/60-adei.yml.j2
@@ -95,6 +95,8 @@ objects:
adei-type: "{{ pod_type }}"
adei-name: "{{ name }}"
adei-setup: "${setup}"
+ annotations:
+ kaas/replicas: "{{ cfg.replicas }}"
spec:
replicas: "{{ cfg.replicas }}"
revisionHistoryLimit: "{{ adei_pod_history_limit }}"
@@ -127,20 +129,15 @@ objects:
{% if (cfg.groups is defined) or (cfg.run_as is defined) %}
securityContext:
{% if (cfg.run_as is defined) %}
-{% if (kaas_project_config.uids | default(kaas_openshift_uids))[cfg.run_as] is defined %}
- - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[cfg.run_as].id }}
-{% else %}
- - {{ cfg.run_as }}
-{% endif %}
+ runAsUser: {{ (kaas_project_uids[cfg.run_as] is defined) | ternary(kaas_project_uids[cfg.run_as].id, cfg.run_as) }}
{% endif %}
{% if (cfg.groups is defined) %}
+{% if (ands_openshift_gid_mode | default('')) == "RunAsAny" %}
+ fsGroup: {{ (kaas_project_gids[cfg.groups[0]] is defined) | ternary(kaas_project_gids[cfg.groups[0]].id, cfg.groups[0]) }}
+{% endif %}
supplementalGroups:
{% for group in cfg.groups %}
-{% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %}
- - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}
-{% else %}
- - {{ group }}
-{% endif %}
+ - {{ (kaas_project_gids[group] is defined) | ternary(kaas_project_gids[group].id, group) }}
{% endfor %}
{% endif %}
{% endif %}
diff --git a/setup/projects/adei/vars/globals.yml b/setup/projects/adei/vars/globals.yml
index 21f4db1..f8d7816 100644
--- a/setup/projects/adei/vars/globals.yml
+++ b/setup/projects/adei/vars/globals.yml
@@ -182,7 +182,7 @@ adei_frontends:
cacher:
name: "adei-${setup}-cacher"
replicas: "${cache_replicas}"
- cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh" ]
+ cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/system/cacher.sh" ]
env: "{{ adei_pod_env | union(adei_cache_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
@@ -191,7 +191,7 @@ adei_frontends:
archive_cacher:
name: "adei-${setup}-archive-cacher"
replicas: "1"
- cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh", "-m", "archive" ]
+ cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/system/cacher.sh", "-m", "archive" ]
env: "{{ adei_pod_env | union(adei_arc_cache_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
@@ -200,7 +200,7 @@ adei_frontends:
log_cacher:
name: "adei-${setup}-log-cacher"
replicas: "${enable_logs}"
- cmd: [ "/bin/bash", "/adei/src/scripts/system/cacher.sh" ]
+ cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/system/cacher.sh" ]
env: "{{ adei_pod_env | union(adei_log_cache_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
@@ -209,7 +209,7 @@ adei_frontends:
update:
name: "adei-${setup}-update"
cron: "${update_schedule}"
- cmd: [ "/bin/bash", "/adei/src/scripts/cron/adei.cron.sh" ]
+ cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/cron/adei.cron.sh" ]
env: "{{ adei_pod_env | union(adei_cron_env) | union(adei_update_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
@@ -218,7 +218,7 @@ adei_frontends:
maintain:
name: "adei-${setup}-maintain"
cron: "${maintain_schedule}"
- cmd: [ "/bin/bash", "/adei/src/scripts/cron/adei_manager.cron.sh" ]
+ cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/cron/adei_manager.cron.sh" ]
env: "{{ adei_pod_env | union(adei_cron_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
@@ -227,7 +227,7 @@ adei_frontends:
clean:
name: "adei-${setup}-clean"
cron: "${clean_schedule}"
- cmd: [ "/bin/bash", "/adei/src/scripts/cron/adei_clean.cron.sh" ]
+ cmd: [ "/openshift-entrypoint.sh", "/adei/src/scripts/cron/adei_clean.cron.sh" ]
env: "{{ adei_pod_env | union(adei_cron_env) }}"
vols: "{{ adei_pod_vols }}"
mounts: "{{ adei_prod_mounts | union(adei_pod_mounts) }}"
diff --git a/setup/projects/adei/vars/pods.yml b/setup/projects/adei/vars/pods.yml
index 5278c44..182db9c 100644
--- a/setup/projects/adei/vars/pods.yml
+++ b/setup/projects/adei/vars/pods.yml
@@ -30,9 +30,9 @@ pods:
env:
- { name: "DB_SERVICE_HOST", value: "mysql.adei.svc.cluster.local" }
- { name: "DB_SERVICE_PORT", value: "3306" }
+ - { name: "DB_EXTRA_HOSTS", value: "mysql.katrin.svc.cluster.local" }
# - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
# - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" }
- - { name: "DB_EXTRA_HOSTS", value: "mysql.katrin.svc.cluster.local" }
probes:
- { port: 8080, path: '/' }
diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml
index cdeb4e7..768e27f 100644
--- a/setup/projects/adei/vars/volumes.yml
+++ b/setup/projects/adei/vars/volumes.yml
@@ -1,6 +1,6 @@
gids:
- adei: { id: 6000 }
- adei_db: { id: 6001 }
+ adei: { id: 6001 }
+ adei_db: { id: 6002 }
volumes:
adei_init: { volume: "openshift", path: "/adei/init"} # mysql
@@ -13,10 +13,10 @@ volumes:
adei_db: { volume: "databases", path: "/adei", write: true } # mysql
files:
- - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_cfg", path: "/prod", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_cfg", path: "/dbg", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" }
+ - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "02775" }
+ - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "02775" }
+ - { osv: "adei_src", path: "/prod", state: "directory", group: "adei", mode: "02775" }
+ - { osv: "adei_src", path: "/dbg", state: "directory", group: "adei", mode: "02775" }
+ - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "02775" }
+ - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "02775" }
+ - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "02775" }
diff --git a/setup/projects/kaas/templates/40-kaas-manager.yml.j2 b/setup/projects/kaas/templates/40-kaas-manager.yml.j2
index e181737..b9cba4e 100644
--- a/setup/projects/kaas/templates/40-kaas-manager.yml.j2
+++ b/setup/projects/kaas/templates/40-kaas-manager.yml.j2
@@ -43,6 +43,9 @@ objects:
{% for ofs in range(gid_range[1] | default(1) | int) %}
- {{ (gid_range[0] | int) + ofs }}
{% endfor %}
+{% if (ands_openshift_gid_mode | default('')) == "RunAsAny" %}
+ fsGroup: {{ gid_range[0] }}
+{% endif %}
{% if (kaas_project_config.run_pods_as is defined) %}
{% if ((kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as] is defined) %}
runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as].id }}
diff --git a/setup/projects/kaas/vars/volumes.yml b/setup/projects/kaas/vars/volumes.yml
index 3554aa6..cf9c697 100644
--- a/setup/projects/kaas/vars/volumes.yml
+++ b/setup/projects/kaas/vars/volumes.yml
@@ -1,10 +1,11 @@
-gids:
- kaas: { id: 4000 }
+#defined globaly
+#gids:
+# kaas: { id: 4000 }
files:
- - { osv: "data", path: "/www", state: "directory", group: "kaas", mode: "0775" }
- - { osv: "etc", path: "/apache2", state: "directory", group: "kaas", mode: "0775" }
- - { osv: "tmp", path: "/apache2", state: "directory", group: "kaas", mode: "0775" }
+ - { osv: "data", path: "/www", state: "directory", group: "kaas", mode: "02775" }
+ - { osv: "etc", path: "/apache2", state: "directory", group: "kaas", mode: "02775" }
+ - { osv: "tmp", path: "/apache2", state: "directory", group: "kaas", mode: "02775" }
#resync: true
sync_set_gid: kaas
diff --git a/setup/projects/katrin/vars/volumes.yml b/setup/projects/katrin/vars/volumes.yml
index ca22a28..3b53bb3 100644
--- a/setup/projects/katrin/vars/volumes.yml
+++ b/setup/projects/katrin/vars/volumes.yml
@@ -5,7 +5,7 @@ extra_volumes:
katrin: { volume: "katrin_data", path: "/", capacity: "40Ti", write: true }
files:
- - { osv: "katrin", path: "/", state: "directory", group: "katrin", mode: "0775" }
+ - { osv: "katrin", path: "/", state: "directory", group: "katrin", mode: "02775" }
#resync: true
#sync_set_gid: katrin