From 110ae6da8d80b63a068f4537383e775d958cf9a9 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 14 Apr 2018 02:09:54 +0200
Subject: Provide support for global OpenShift resources (ClusterRoles, etc.)
---
roles/ands_kaas/00-local-volumes.yml.j2 | 67 -----------------------
roles/ands_kaas/tasks/main.yml | 2 +-
roles/ands_kaas/tasks/oc.yml | 2 +-
roles/ands_kaas/tasks/template.yml | 2 +-
roles/ands_openshift/defaults/main.yml | 2 +-
roles/ands_openshift/tasks/projects.yml | 4 ++
roles/ands_openshift/tasks/projects_resources.yml | 20 +++++++
roles/ands_openshift/tasks/resources.yml | 9 +++
roles/ands_openshift/tasks/users_resources.yml | 21 -------
9 files changed, 37 insertions(+), 92 deletions(-)
delete mode 100644 roles/ands_kaas/00-local-volumes.yml.j2
create mode 100644 roles/ands_openshift/tasks/projects.yml
create mode 100644 roles/ands_openshift/tasks/projects_resources.yml
create mode 100644 roles/ands_openshift/tasks/resources.yml
(limited to 'roles')
diff --git a/roles/ands_kaas/00-local-volumes.yml.j2 b/roles/ands_kaas/00-local-volumes.yml.j2
deleted file mode 100644
index 8d1a1c8..0000000
--- a/roles/ands_kaas/00-local-volumes.yml.j2
+++ /dev/null
@@ -1,67 +0,0 @@
----
-apiVersion: v1
-kind: Template
-metadata:
- name: {{ kaas_project }}-local-volumes
- annotations:
- descriptions: "{{ kaas_project }} local volumes"
-objects:
-{% for name, vol in kaas_project_local_volumes.iteritems() %}
-{% set voltypes = kaas_storage_domains | json_query("[*].volumes." + vol.volume + ".type") %}
-{% set voltype = voltypes[0] | default('host') %}
-{% set mntpaths = kaas_storage_domains | json_query("[*].volumes." + vol.volume + ".mount") %}
-{% set mntpath = mntpaths[0] | default('') %}
-{% set oc_name = vol.name | default(name) | regex_replace('_','-') %}
-{% set cfgpath = vol.path | default("") %}
-{% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %}
-{% if oc_name | regex_search("^" + kaas_project) %}
-{% set pvprefix = oc_name %}
-{% else %}
-{% set pvprefix = (kaas_project + "-" + oc_name) | regex_replace('_','-') %}
-{% endif %}
-{% set i = 0 %}
-{% for id in vol.nodes | default(hostvars[inventory_hostname]['ands_volume_' + vol.volume + '_server_ids']) %}
-{% set srvid = (id | string) %}
-{% set server_name = hostvars[inventory_hostname]['ands_host_' + srvid + '_public_hostname'] %}
-{% set openshift_name = hostvars[inventory_hostname]['ands_host_' + srvid + '_openshift_fqdn'] %}
-{% set pvname = pvprefix + '-' + server_name %}
-{% set pvcname = oc_name + '-' + (i|string) %}
- - apiVersion: v1
- kind: PersistentVolume
- metadata:
- name: {{ pvname }}
- annotations:
- "volume.alpha.kubernetes.io/node-affinity": '{
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [
- { "matchExpressions": [ { "key": "kubernetes.io/hostname", "operator": "In", "values": ["{{ openshift_name }}"] } ]}
- ]
- }
- }'
- spec:
- storageClassName: kaas-local-storage
- persistentVolumeReclaimPolicy: Retain
- local:
- path: "{{ mntpath }}{{ path }}"
- readOnly: {{ not (vol.write | default(false)) }}
- accessModes:
- - ReadWriteOnce
- capacity:
- storage: {{ vol.capacity | default(kaas_default_volume_capacity) }}
- claimRef:
- name: {{ pvcname }}
- namespace: {{ kaas_project }}
- - apiVersion: v1
- kind: PersistentVolumeClaim
- metadata:
- name: {{ pvcname }}
- spec:
- volumeName: {{ pvname }}
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: {{ vol.capacity | default(kaas_default_volume_capacity) }}
-{% set i = i + 1 %}
-{% endfor %}
-{% endfor %}
diff --git a/roles/ands_kaas/tasks/main.yml b/roles/ands_kaas/tasks/main.yml
index f1cff02..fed0525 100644
--- a/roles/ands_kaas/tasks/main.yml
+++ b/roles/ands_kaas/tasks/main.yml
@@ -7,6 +7,6 @@
loop_control:
loop_var: kaas_project
vars:
- do_subrole: "{{ subrole | default('project') }}"
+ do_subrole: "{{ kaas_subrole | default(subrole | default('project')) }}"
kaas_template_path: "{{ kaas_template_root }}/{{ kaas_project }}"
kaas_project_path: "{{playbook_dir}}/projects/{{ kaas_project }}"
diff --git a/roles/ands_kaas/tasks/oc.yml b/roles/ands_kaas/tasks/oc.yml
index d3504f8..9b17c3b 100644
--- a/roles/ands_kaas/tasks/oc.yml
+++ b/roles/ands_kaas/tasks/oc.yml
@@ -6,5 +6,5 @@
vars:
resource: "{{ ocitem.resource | default('') }}"
command: "{{ ocitem.oc }}"
- project: "{{ kaas_project }}"
+ project: "{{ kaas_namespace | default(kaas_project) }}"
recreate: "{{ ocitem.recreate | default(false) }}"
diff --git a/roles/ands_kaas/tasks/template.yml b/roles/ands_kaas/tasks/template.yml
index 841c80e..89c30e0 100644
--- a/roles/ands_kaas/tasks/template.yml
+++ b/roles/ands_kaas/tasks/template.yml
@@ -19,7 +19,7 @@
dest_name: "{{ (appname is defined) | ternary ( '90-' + (appname | default('')) + '.yml', default_name ) }}"
template: "{{ dest_name }}"
template_path: "{{ kaas_template_path }}"
- project: "{{ kaas_project }}"
+ project: "{{ kaas_namespace | default(kaas_project) }}"
recreate: "{{ result | changed | ternary (delete | default(true) | ternary(true, false), false) }}"
replace: "{{ result | changed | ternary (delete | default(true) | ternary(false, true), false) }}"
diff --git a/roles/ands_openshift/defaults/main.yml b/roles/ands_openshift/defaults/main.yml
index d279345..feec093 100644
--- a/roles/ands_openshift/defaults/main.yml
+++ b/roles/ands_openshift/defaults/main.yml
@@ -1,4 +1,4 @@
-openshift_common_subroles: "{{ [ 'users', 'security', 'storage' ] }}"
+openshift_common_subroles: "{{ [ 'projects', 'resources', 'users', 'security', 'storage' ] }}"
openshift_heketi_subroles: "{{ [ 'ssh', 'heketi' ] }}"
openshift_all_subroles: "{{ ands_configure_heketi | default(False) | ternary(openshift_common_subroles + openshift_heketi_subroles, openshift_common_subroles) }}"
diff --git a/roles/ands_openshift/tasks/projects.yml b/roles/ands_openshift/tasks/projects.yml
new file mode 100644
index 0000000..4f13136
--- /dev/null
+++ b/roles/ands_openshift/tasks/projects.yml
@@ -0,0 +1,4 @@
+---
+- include_tasks: projects_resources.yml
+ run_once: true
+ delegate_to: "{{ groups.masters[0] }}"
diff --git a/roles/ands_openshift/tasks/projects_resources.yml b/roles/ands_openshift/tasks/projects_resources.yml
new file mode 100644
index 0000000..2afe9e1
--- /dev/null
+++ b/roles/ands_openshift/tasks/projects_resources.yml
@@ -0,0 +1,20 @@
+- name: Get project list
+ command: "oc get projects -o json"
+ changed_when: false
+ register: results
+
+- name: Find missing projects
+ set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}"
+ when: (results | succeeded)
+
+- name: Create missing projects
+ command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}"
+ with_items: "{{ new_projects | default([]) }}"
+
+- name: Allow projects to pull images from KaaS imagestreams
+ command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas"
+ with_items: "{{ ands_openshift_projects.keys() }}"
+ when:
+ prj_item != "kaas"
+ loop_control:
+ loop_var: prj_item
diff --git a/roles/ands_openshift/tasks/resources.yml b/roles/ands_openshift/tasks/resources.yml
new file mode 100644
index 0000000..b691372
--- /dev/null
+++ b/roles/ands_openshift/tasks/resources.yml
@@ -0,0 +1,9 @@
+- name: Run configuration script and populate resources
+ include_role: name="ands_kaas"
+ vars:
+ kaas_openshift_volumes: "{{ ands_openshift_volumes }}"
+ kaas_projects: "{{ ands_openshift_projects.keys() }}"
+ kaas_single_project: "openshift"
+ kaas_namespace: "kaas"
+ kaas_subrole: "script"
+ delete: false
diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml
index 722e1eb..2a73cd0 100644
--- a/roles/ands_openshift/tasks/users_resources.yml
+++ b/roles/ands_openshift/tasks/users_resources.yml
@@ -6,27 +6,6 @@
vars:
key_len: "{{ item.key.split('/') | length }}"
-- name: Get project list
- command: "oc get projects -o json"
- changed_when: false
- register: results
-
-- name: Find missing projects
- set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}"
- when: (results | succeeded)
-
-- name: Create missing projects
- command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}"
- with_items: "{{ new_projects | default([]) }}"
-
-- name: Allow projects to pull images from KaaS imagestreams
- command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas"
- with_items: "{{ ands_openshift_projects.keys() }}"
- when:
- prj_item != "kaas"
- loop_control:
- loop_var: prj_item
-
- name: Configure per project roles
command: "oc adm policy add-role-to-user -n {{ item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}"
with_dict: "{{ ands_openshift_roles }}"
--
cgit v1.2.3