First running prototype

author: Suren A. Chilingaryan <csa@suren.me> 2018-02-28 23:46:55 +0100
committer: Suren A. Chilingaryan <csa@suren.me> 2018-02-28 23:46:55 +0100
commit: 1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (patch)
tree: c75d04456ab3593442734bec3d84c90e4b973f27 /roles
parent: fe4622305efa55e6bec8221efe8fc4bdd5462136 (diff)
28 files changed, 202 insertions, 69 deletions
diff --git a/roles/ands_kaas/defaults/main.yml b/roles/ands_kaas/defaults/main.yml
index 3835453..b2bfaf5 100644
--- a/roles/ands_kaas/defaults/main.yml
+++ b/roles/ands_kaas/defaults/main.yml
@@ -4,8 +4,16 @@ kaas_projects: "{{ ands_openshift_projects.keys() }}"
 kaas_template_root: "{{ ands_paths.provision }}/kaas/"
 
 kaas_glusterfs_endpoints: gfs
-kaas_openshift_volumes: "{{ ands_openshift_volumes }}"
+kaas_openshift_volumes: "{{ ands_openshift_volumes | default({}) }}"
+kaas_openshift_files: "{{ ands_openshift_files | default([]) }}"
+
+kaas_openshift_uids: "{{ ands_openshift_uids | default({}) }}"
+kaas_openshift_gids: "{{ ands_openshift_gids | default({}) }}"
+kaas_openshift_gid_ranges: "{{ ands_openshift_gid_ranges | default({}) }}"
+
 
 kaas_default_volume_capacity: "1Ti"
 kaas_default_file_owner: root
 kaas_default_file_group: root
+
+kaas_pod_history_limit: 1
diff --git a/roles/ands_kaas/tasks/do_project.yml b/roles/ands_kaas/tasks/do_project.yml
index a876d94..4fac6c6 100644
--- a/roles/ands_kaas/tasks/do_project.yml
+++ b/roles/ands_kaas/tasks/do_project.yml
@@ -6,13 +6,15 @@
   include_tasks: volume.yml
   run_once: true
 #  delegate_to: "{{ groups.masters[0] }}"
-  with_dict: "{{ kaas_project_config.volumes | default(kaas_openshift_volumes) }}"
+  with_dict: "{{ kaas_project_volumes }}"
   loop_control:
     loop_var: osv
   vars:
     query: "[*].volumes.{{osv.value.volume}}.mount"
     mntpath: "{{ (ands_storage_domains | json_query(query)) }}"
-    path: "{{ mntpath[0] ~ (osv.value.path | default('')) }}"
+    osvpath: "{{ osv.value.path | default('') }}"
+    prefix: "{{ ( osvpath[:1] == '/' ) | ternary('', '/' ~ kaas_project ~ '/') }}"
+    path: "{{ mntpath[0] ~ prefix ~ osvpath }}"
     name: "{{osv.key}}"
     volume: "{{osv.value}}"
   when: ( mntpath | length ) > 0
@@ -29,19 +31,19 @@
   include_tasks: file.yml
   run_once: true
 #  delegate_to: "{{ groups.masters[0] }}"
-  with_items: "{{ kaas_project_config.files | default(ands_openshift_files) }}"
+  with_items: "{{ kaas_project_config.files | default(kaas_openshift_files) | default([]) }}"
   loop_control:
     loop_var: file
   vars:
     pvar: "kaas_{{ file.osv }}_path"
     path: "{{ hostvars[inventory_hostname][pvar] }}/{{ file.path }}"
-  when: file.osv in ( kaas_project_config.volumes | default(kaas_openshift_volumes) )
+  when: file.osv in kaas_project_volumes
 
 - name: Load OpenSSL keys
   include_tasks: keys.yml
 #  delegate_to: "{{ groups.masters[0] }}"
   run_once: true
-  with_dict: "{{ kaas_project_config.pods }}"
+  with_dict: "{{ kaas_project_config.pods | default({}) }}"
   loop_control:
     loop_var: pod
 
@@ -57,5 +59,4 @@
   run_once: true
   when: 
   - kaas_project_config.oc is undefined
-  - kaas_project_config.pods != {}
   
diff --git a/roles/ands_kaas/tasks/file.yml b/roles/ands_kaas/tasks/file.yml
index e6b2e8d..a839473 100644
--- a/roles/ands_kaas/tasks/file.yml
+++ b/roles/ands_kaas/tasks/file.yml
@@ -3,15 +3,15 @@
   set_fact: group="{{ file.group | default(kaas_project_config.file_group | default(ands_default_file_group)) }}"
 
 - name : Resolve project groups
-  set_fact: group="{{ (kaas_project_config.gids | default(ands_openshift_gids))[group].id }}"
-  when: group in ( kaas_project_config.gids | default(ands_openshift_gids) )
+  set_fact: group="{{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}"
+  when: group in ( kaas_project_config.gids | default(kaas_openshift_gids) )
 
 - name: Set owner
   set_fact: owner="{{ file.owner | default(kaas_project_config.file_owner | default(ands_default_file_owner)) }}"
 
 - name : Resolve project uids
-  set_fact: owner="{{ (kaas_project_config.uids | default(ands_openshift_uids) )[owner].id }}"
-  when: owner in ( kaas_project_config.uids | default(ands_openshift_uids) )
+  set_fact: owner="{{ (kaas_project_config.uids | default(kaas_openshift_uids) )[owner].id }}"
+  when: owner in ( kaas_project_config.uids | default(kaas_openshift_uids) )
 
 - name: "Setting up files in {{ path }}"
   file: 
diff --git a/roles/ands_kaas/tasks/main.yml b/roles/ands_kaas/tasks/main.yml
index 0931f80..85110cb 100644
--- a/roles/ands_kaas/tasks/main.yml
+++ b/roles/ands_kaas/tasks/main.yml
@@ -4,7 +4,7 @@
   include_tasks: project.yml
   run_once: true
 #  delegate_to: "{{ groups.masters[0] }}"
-  with_items: "{{ kaas_projects }}"
+  with_items: "{{ (kaas_single_project is defined) | ternary([kaas_single_project], kaas_projects) }}"
   loop_control:
     loop_var: kaas_project
   vars:
diff --git a/roles/ands_kaas/tasks/project.yml b/roles/ands_kaas/tasks/project.yml
index 40b5180..f7eb1df 100644
--- a/roles/ands_kaas/tasks/project.yml
+++ b/roles/ands_kaas/tasks/project.yml
@@ -1,11 +1,15 @@
 ---
 - name: Load global variables
   include_vars: "{{kaas_project_path}}/vars/globals.yml" 
-  when: "'{{kaas_project_path}}/vars/globals.yml' | is_file"
+  when: path | is_file
+  vars:
+    path: "{{ kaas_project_path }}/vars/globals.yml"
 
 - name: Load variables
   include_vars: dir="{{kaas_project_path}}/vars" name="var_{{kaas_project}}_config"
-  when: "'{{kaas_project_path}}/vars' | is_dir"
+  when: path | is_dir
+  vars:
+    path: "{{ kaas_project_path }}/vars"
 
 - set_fact: "var_{{kaas_project}}_config={{var_empty}}"
   vars:
@@ -24,4 +28,5 @@
 - include_tasks: do_project.yml 
   vars:
     var_name: "var_{{kaas_project}}_config"
-    kaas_project_config: "{{hostvars[inventory_hostname][var_name]}}"
+    kaas_project_config: "{{ hostvars[inventory_hostname][var_name] }}"
+    kaas_project_volumes: "{{ kaas_project_config.volumes | default(kaas_project_config.extra_volumes | default({}) | combine(kaas_openshift_volumes)) }}"
+\ No newline at end of file
diff --git a/roles/ands_kaas/tasks/search.yml b/roles/ands_kaas/tasks/search.yml
index 9844ee8..1cefb7d 100644
--- a/roles/ands_kaas/tasks/search.yml
+++ b/roles/ands_kaas/tasks/search.yml
@@ -12,5 +12,5 @@
     local_path: "{{ osv_path }}"
     remote_path: "{{ hostvars[inventory_hostname][pvar] }}"
   when:
-    - osv in (kaas_project_config.volumes | default(kaas_openshift_volumes))
+    - osv in kaas_project_volumes
     - hostvars[inventory_hostname][pvar] is defined
diff --git a/roles/ands_kaas/tasks/sync.yml b/roles/ands_kaas/tasks/sync.yml
index 07764ca..a4febe7 100644
--- a/roles/ands_kaas/tasks/sync.yml
+++ b/roles/ands_kaas/tasks/sync.yml
@@ -4,5 +4,23 @@
   register: result
 
 - name: "Sync '{{ item_name }}'"
-  local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes
-  when: (result.stat.exists == False) or (kaas_resync | default(false))
+  local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes delete=yes
+  register: sync
+  when: (result.stat.exists == False) or (kaas_resync | default(false)) or (kaas_project_config.resync | default(false))
+
+- name: "Ensure the data is writeable by project pods"
+  vars: 
+    grp: "{{ kaas_project_config.sync_set_gid }}"
+    gid: "{{ ((kaas_project_config.gids | default(kaas_openshift_gids))[grp] is defined) | ternary((kaas_project_config.gids | default(kaas_openshift_gids))[grp].id, grp) }}"
+  file: 
+    path: "{{ remote_path }}" 
+    state: "directory" 
+    recurse: "yes"
+    mode: "g+w"
+    owner: "{{ kaas_project_config.sync_set_uid | default('root') }}"
+    group: "{{ gid }}"
+  register: chmod
+  when:
+    - sync | changed
+    - kaas_openshift_gid_ranges[kaas_project] is defined
+    - kaas_project_config.sync_set_gid | default(false)
diff --git a/roles/ands_kaas/tasks/template.yml b/roles/ands_kaas/tasks/template.yml
index 6a81dd7..6c90b3d 100644
--- a/roles/ands_kaas/tasks/template.yml
+++ b/roles/ands_kaas/tasks/template.yml
@@ -1,4 +1,4 @@
-- name: Populate template
+- name: "Populate template {{ tmpl_name }}"
   template: src="{{ item }}" dest="{{ kaas_template_path }}/{{ item | basename | regex_replace('\.j2','') }}" owner=root group=root mode="0644"
   register: result
   with_first_found:
@@ -8,7 +8,7 @@
       files:
         - "{{ tmpl_name }}"
 
-- name: Configure KaaS resources
+- name: "Configure KaaS resources defined in {{ tmpl_name }}"
   include_role: name="openshift_resource"
   vars: 
     template: "{{ tmpl_name | basename | regex_replace('\\.j2','') }}"
diff --git a/roles/ands_kaas/tasks/templates.yml b/roles/ands_kaas/tasks/templates.yml
index e1612bc..2de4fad 100644
--- a/roles/ands_kaas/tasks/templates.yml
+++ b/roles/ands_kaas/tasks/templates.yml
@@ -4,10 +4,12 @@
   command: "echo {{ item | quote }}"
   register: results
   changed_when: false
+  when: (kaas_project_config.pods | default([]) | length > 0) or not (item | regex_search('kaas-pods')) 
   with_fileglob:
     - "{{ role_path }}/templates/{{ kaas_template_glob | default('*') }}.j2"
     - "{{ kaas_project_path }}/templates/{{ kaas_template_glob | default('*') }}.j2"
 
+
 #- debug: msg="{{ results }}"
 
 - name: "Sort and execute KaaS templates"
diff --git a/roles/ands_kaas/tasks/volume.yml b/roles/ands_kaas/tasks/volume.yml
index b82e55f..ff51fb0 100644
--- a/roles/ands_kaas/tasks/volume.yml
+++ b/roles/ands_kaas/tasks/volume.yml
@@ -6,6 +6,40 @@
   file: 
     path: "{{ path }}" 
     state: "directory" 
+    recurse: "no"
+  register: mkdir
+  
+- name: "Ensure the {{ path }} is writeable by project pods"
+  vars: 
+    default_group: "{{ kaas_openshift_gid_ranges[kaas_project] | default('') | regex_replace('^([0-9]+)[^0-9]*.*$', '\\1') }}"
+  file: 
+    path: "{{ path }}" 
+    state: "directory" 
+    recurse: "no"
+    mode: "{{ volume.mode | default(0775) }}" 
+    owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}" 
+    group: "{{ volume.group | default(kaas_project_config.file_group) | default(default_group) }}"
+  register: chmod
+  when:
+    - mkdir | changed
+    - kaas_openshift_gid_ranges[kaas_project] is defined
+    - osvpath[:1] != "/"
+
+# There is no other way to write for users. There will be just two osv's one writeable and one not. 
+# We may create a dir with the wrong one and have permissions not set
+#    - volume.write | default(false)
+
+- name: "Setting default permissions for non standard locations"
+  file: 
+    path: "{{ path }}" 
+    state: "directory" 
+    recurse: "no"
     mode: "{{ volume.mode | default(0755) }}" 
     owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}" 
     group: "{{ volume.group | default(kaas_project_config.file_group) | default(kaas_default_file_group) }}"
+  when: 
+    - mkdir | changed
+    - chmod | skipped
+    
+
+
diff --git a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
index c90c610..c9341ed 100644
--- a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
+++ b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
@@ -6,8 +6,10 @@ metadata:
   annotations:
     descriptions: "KATRIN Volumes"
 objects:
-{% for name, vol in (kaas_project_config.volumes | default(kaas_openshift_volumes)).iteritems() %}
+{% for name, vol in kaas_project_volumes.iteritems() %}
 {% set oc_name = vol.name | default(name) | regex_replace('_','-') %}
+{% set cfgpath = vol.path | default("") %}
+{% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %}
   - apiVersion: v1
     kind: PersistentVolume
     metadata:
@@ -16,7 +18,7 @@ objects:
       persistentVolumeReclaimPolicy: Retain 
       glusterfs: 
         endpoints: {{ kaas_glusterfs_endpoints }}
-        path: "{{ vol.volume }}{{vol.path}}"
+        path: "{{ vol.volume }}{{path}}"
         readOnly: {{ not (vol.write | default(false)) }}
       accessModes:
         - {{ vol.access | default(vol.write | default(false) | ternary('ReadWriteMany', 'ReadOnlyMany')) }}
diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
index 9782f75..2ed7462 100644
--- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2
+++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
@@ -7,7 +7,7 @@ metadata:
   annotations:
     descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }}
 objects:
-{% for name, pod in (kaas_project_config.pods | default(kaas_openshift_volumes)).iteritems() %}
+{% for name, pod in (kaas_project_config.pods | default({})).iteritems() %}
   {% set pubkey = "kaas_" ~ name ~ "_pubkey" %}
   {% set privkey = "kaas_" ~ name ~ "_privkey" %}
   {% set cakey = "kaas_" ~ name ~ "_ca" %}
@@ -68,10 +68,10 @@ objects:
     metadata:
       name: {{ pod.name | default(name) }}
     spec:
-      replicas: {{ pod.sched.replicas | default(1) }}
+      replicas: {{ ( pod.sched | default({})).replicas | default(1) }}
       revisionHistoryLimit: 2 
       strategy:
-        type: {{ pod.sched.strategy | default('Rolling') }}
+        type: {{ (pod.sched | default({})).strategy | default('Rolling') }}
       triggers:
       - type: ConfigChange
       selector:
@@ -105,18 +105,18 @@ objects:
           securityContext:
         {% if (pod.run_as is defined) %}
                 {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %}
-                - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }}
+            runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }}
                 {% else %}
-                - {{ pod.run_as }}
+            runAsUser: {{ pod.run_as }}
                 {% endif %}
         {% endif %}
         {% if (pod.groups is defined) %}
             supplementalGroups:
             {% for group in pod.groups %}
                 {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %}
-                - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}
+              - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}
                 {% else %}
-                - {{ group }}
+              - {{ group }}
                 {% endif %}
             {% endfor %}
         {% endif %}
diff --git a/roles/ands_openshift/tasks/security_resources.yml b/roles/ands_openshift/tasks/security_resources.yml
index 5644723..5b80f1e 100644
--- a/roles/ands_openshift/tasks/security_resources.yml
+++ b/roles/ands_openshift/tasks/security_resources.yml
@@ -6,49 +6,41 @@
 - name: Patch group range in project configuration
   include_role: name="openshift_resource" tasks_from="patch.yml" 
   vars:
-    project: "{{ prj_item }}" 
-    resource: "ns/{{ prj_item }}"
-    patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ands_openshift_gid_ranges[prj_item]}}"}}}'
+    project: "{{ item.key }}" 
+    resource: "ns/{{ item.key }}"
+    patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ item.value }}"}}}'
     patch_path: "{{ ands_openshift_patch_path }}"
-  with_items: "{{ (ands_openshift_gid_ranges | default({})).keys() }}"
-  loop_control: 
-    loop_var: prj_item
+  with_dict: "{{ ands_openshift_gid_ranges | default({}) }}"
 
 - name: Patch uid range in project configuration
   include_role: name="openshift_resource" tasks_from="patch.yml" 
   vars:
-    project: "{{ prj_item }}" 
-    resource: "ns/{{ prj_item }}"
-    patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ands_openshift_uid_ranges[prj_item]}}"}}}'
+    project: "{{ item.key }}" 
+    resource: "ns/{{ item.key }}"
+    patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ item.value }}"}}}'
     patch_path: "{{ ands_openshift_patch_path }}"
-  with_items: "{{ (ands_openshift_uid_ranges | default({})).keys() }}"
-  loop_control: 
-    loop_var: prj_item
+  with_dict: "{{ ands_openshift_uid_ranges | default({}) }}"
 
 - name: Restrict supplementalGroups
   include_role: name="openshift_resource" tasks_from="patch.yml" 
   vars:
-    project: "{{ prj_item }}" 
+    project: "{{ item.key }}" 
     resource: "scc/restricted"
     modes: "{{ ands_openshift_gid_mode | default({}) }}"
-    mode: "{{ (modes[prj_item] is defined) | ternary(modes[prj_item], modes['ands_default'] | default(false)) }}"
+    mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}"
     patch: '{"supplementalGroups":{"type":"{{mode}}"}}'
     patch_path: "{{ ands_openshift_patch_path }}"
   when: mode != false
-  with_items: "{{ (ands_openshift_projects | default({})).keys() }}"
-  loop_control: 
-    loop_var: prj_item
+  with_dict: "{{ ands_openshift_projects | default({}) }}"
 
 - name: Configure runAsUser
   include_role: name="openshift_resource" tasks_from="patch.yml" 
   vars:
-    project: "{{ prj_item }}" 
+    project: "{{ item.key }}" 
     resource: "scc/restricted"
     modes: "{{ ands_openshift_uid_mode | default({}) }}"
-    mode: "{{ (modes[prj_item] is defined) | ternary(modes[prj_item], modes['ands_default'] | default(false)) }}"
+    mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}"
     patch: '{"runAsUser":{"type":"{{mode}}"}}'
     patch_path: "{{ ands_openshift_patch_path }}"
   when: mode != false
-  with_items: "{{ (ands_openshift_projects | default({})).keys() }}"
-  loop_control: 
-    loop_var: prj_item
+  with_dict: "{{ ands_openshift_projects | default({}) }}"
diff --git a/roles/ands_openshift/tasks/storage_resources.yml b/roles/ands_openshift/tasks/storage_resources.yml
index 5adf69e..c83c677 100644
--- a/roles/ands_openshift/tasks/storage_resources.yml
+++ b/roles/ands_openshift/tasks/storage_resources.yml
@@ -13,7 +13,7 @@
     template_path: "{{ storage_template_path }}"
     project: "{{ prj_item }}" 
     recreate: "{{ result | changed | ternary (true, false) }}"
-  with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}"
+  with_items: "{{ ands_openshift_projects.keys() }}"
   loop_control: 
     loop_var: prj_item
 
@@ -28,6 +28,9 @@
     template_path: "{{ storage_template_path }}"
     project: "{{ prj_item }}"
     recreate: "{{ result | changed | ternary (true, false) }}"
-  with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}"
+  with_items: "{{ ands_openshift_projects.keys() }}"
   loop_control: 
     loop_var: prj_item
+
+
+  
+\ No newline at end of file
diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml
index 5bc748c..722e1eb 100644
--- a/roles/ands_openshift/tasks/users_resources.yml
+++ b/roles/ands_openshift/tasks/users_resources.yml
@@ -19,6 +19,14 @@
   command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}"
   with_items: "{{ new_projects | default([]) }}"
 
+- name: Allow projects to pull images from KaaS imagestreams
+  command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas"
+  with_items: "{{ ands_openshift_projects.keys() }}"
+  when:
+    prj_item != "kaas"
+  loop_control: 
+    loop_var: prj_item
+
 - name: Configure per project roles
   command: "oc adm policy add-role-to-user -n {{  item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}"
   with_dict: "{{ ands_openshift_roles }}"
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 7f6922b..9bd820a 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -4,6 +4,10 @@
     - epel-release
     - centos-release-openshift-origin
 
+- name: Add our repository with updates and overrides
+  yum_repository: name="{{ item.name }}" description= "{{ item.description | default('Ands repository') }}" baseurl="{{ item.url }}" enabled="yes" gpgcheck="no" cost="{{ item.cost | default(1) }}"
+  with_items: "{{ ands_repositories | default([]) }}"
+
 - name: Ensure GlusterFS repositories are present
   yum: name="centos-release-gluster{{ glusterfs_version }}" state=present
 
@@ -25,6 +29,11 @@
     - python-rhsm-certificates
     - glusterfs-fuse
 
+#- name: Add NodeJS required by a few used Ansible extensions
+#  package: name={{item}} state=present
+#  with_items:
+#    - nodejs
+
 - name: Ensure all extra packages are installed
   package: name={{item}} state=present
   with_items: "{{ extra_packages | default([]) }}"
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 6542789..f7b96f5 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -1,3 +1,6 @@
-docker_min_size: 100
 docker_exclude_vgs: "{{ ands_data_vg is defined | ternary( [ ands_data_vg ], [] ) }}"
 docker_lv: "docker-pool"
+
+docker_min_size: 100
+docker_max_log_size: "2m"
+docker_max_log_files: "3"
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
new file mode 100644
index 0000000..43016e0
--- /dev/null
+++ b/roles/docker/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart docker
+  service: name=docker state=restarted
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index e424e01..a7bd700 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -27,6 +27,15 @@
   lvol: vg="{{ ansible_lvm['lvs'][docker_lv]['vg'] }}" lv="docker_lv" size="{{ docker_volume_size }}"
   when: docker_volume_size is defined
 
-- name: stop docker
+- name: Limit size of container log files
+  ghetto_json:
+    path: "/etc/docker/daemon.json"
+    log-driver: "json-file"
+    log-opts.max-size: "{{ docker_max_log_size }}" 
+    log-opts.max-file: "{{ docker_max_log_files }}"
+  notify:
+    - restart docker
+
+- name: start docker
   service: name="docker" enabled=yes state=started
   
 \ No newline at end of file
diff --git a/roles/glusterfs/tasks/data b/roles/glusterfs/tasks/data
deleted file mode 120000
index 31bb52e..0000000
--- a/roles/glusterfs/tasks/data
+++ /dev/null
@@ -1 +0,0 @@
-cfg
-\ No newline at end of file
diff --git a/roles/glusterfs/tasks/data/vols2.yml b/roles/glusterfs/tasks/data/vols2.yml
new file mode 100644
index 0000000..d094797
--- /dev/null
+++ b/roles/glusterfs/tasks/data/vols2.yml
@@ -0,0 +1,13 @@
+---
+- name: "Create {{ name }} volume"
+  gluster_volume: 
+    state: present
+    name: "{{ name }}"
+    cluster: "{{ domain_servers | join(',') }}"
+    replicas: "{{ domain_servers | length }}"
+    bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}"
+    transport: "{{ glusterfs_transport }}"
+
+
+- name: "Start {{ name }} volume"
+  gluster_volume: state="started" name="{{ name }}"
diff --git a/roles/glusterfs/tasks/data/vols3.yml b/roles/glusterfs/tasks/data/vols3.yml
new file mode 100644
index 0000000..866480c
--- /dev/null
+++ b/roles/glusterfs/tasks/data/vols3.yml
@@ -0,0 +1,14 @@
+---
+- name: "Create {{ name }} volume"
+  gluster_volume: 
+    state: present
+    name: "{{ name }}"
+    cluster: "{{ domain_servers | join(',') }}"
+    replicas: 3
+    arbiters: 1
+    bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}"
+    transport: "{{ glusterfs_transport }}"
+
+
+- name: "Start {{ name }} volume"
+  gluster_volume: state="started" name="{{ name }}"
diff --git a/roles/glusterfs/tasks/tmp/vols2.yml b/roles/glusterfs/tasks/la/vols2.yml
index b6a3e8f..b6a3e8f 120000
--- a/roles/glusterfs/tasks/tmp/vols2.yml
+++ b/roles/glusterfs/tasks/la/vols2.yml
diff --git a/roles/glusterfs/tasks/tmp/vols3.yml b/roles/glusterfs/tasks/la/vols3.yml
index 9565bb3..9565bb3 100644
--- a/roles/glusterfs/tasks/tmp/vols3.yml
+++ b/roles/glusterfs/tasks/la/vols3.yml
diff --git a/roles/glusterfs/tasks/tmp b/roles/glusterfs/tasks/tmp
new file mode 120000
index 0000000..6320cd2
--- /dev/null
+++ b/roles/glusterfs/tasks/tmp
@@ -0,0 +1 @@
+data
+\ No newline at end of file
diff --git a/roles/openshift_resource/tasks/main.yml b/roles/openshift_resource/tasks/main.yml
index af071f9..8606aa3 100644
--- a/roles/openshift_resource/tasks/main.yml
+++ b/roles/openshift_resource/tasks/main.yml
@@ -5,18 +5,27 @@
     changed_when: false
     register: results
 
-  - name: Parse JSON templates
+  - name: "Parse JSON templates {{ template }}"
     set_fact: tmpl="{{ results.stdout | from_json }}"
     when: template.find(".json") != -1
 
-  - name: Parse YaML templates
+  - name: "Parse YaML templates {{ template }}"
     set_fact: tmpl="{{ results.stdout | from_yaml }}"
     when: template.find(".json") == -1
 
-  - include_tasks: template.yml
-    when: (tmpl.kind == "Template") and (tmpl.parameters is not defined)
-
-  - include_tasks: resource.yml
-    when: (tmpl.parameters is defined) or (tmpl.kind != "Template")
+  - name: "Populating resources defined in {{ template }} template"
+    include_tasks: template.yml
+    register: results
+    vars:
+      metadata:    "{{ tmpl.metadata | default({}) }}"
+      annotations: "{{ metadata.annotations | default({}) }}"
+      strategy:    "{{ annotations['kaas/strategy'] | default('auto') }}"
+    when: 
+      - tmpl.kind == "Template"
+      - strategy == "auto"
+    
+  - name: "Creating template/resources defined in {{ template }}"
+    include_tasks: resource.yml
+    when: results | skipped
  
   run_once: true
diff --git a/roles/openshift_resource/tasks/resource.yml b/roles/openshift_resource/tasks/resource.yml
index 769a89c..4e6e7ac 100644
--- a/roles/openshift_resource/tasks/resource.yml
+++ b/roles/openshift_resource/tasks/resource.yml
@@ -3,20 +3,20 @@
   - name: Find out which resources we are going to configure
     set_fact: rkind="{{ tmpl.kind }}" rname="{{ tmpl.metadata.name }}"
 
-  - name: Lookup the specified resource
+  - name: "Lookup the specified resource {{rkind}}/{{rname}}"
     command: "oc get -n {{project}} {{rkind}}/{{rname}}"
     register: find_result
     changed_when: false
     failed_when: false
 
-  - name: Detroy existing resources
+  - name: "Detroy existing resources {{rkind}}/{{rname}}"
     command: "oc delete -n {{project}} {{rkind}}/{{rname}}"
     register: rm_result
     failed_when: false
     changed_when: (rm_result | succeeded)
     when: (recreate|default(false)) 
 
-  - name: Create resources defined in template
+  - name: "Create resources defined in {{ template }}"
     command: "oc create -n {{project}} -f '{{ template_path }}/{{ template }}' {{ create_args | default('') }}"
     when: (recreate|default(false)) or (find_result.rc != 0)
   run_once: true
diff --git a/roles/openshift_resource/tasks/template.yml b/roles/openshift_resource/tasks/template.yml
index c93dec5..6c9340b 100644
--- a/roles/openshift_resource/tasks/template.yml
+++ b/roles/openshift_resource/tasks/template.yml
@@ -5,7 +5,7 @@
     vars:
       query: "objects[*].{kind: kind, name: metadata.name}"
       
-  - name: Lookup the specified resource
+  - name: "{{ template }}: Lookup the specified resource"
     command: "oc get -n {{project}} {{item.kind}}/{{item.name}}"
     register: results
     failed_when: false
@@ -13,13 +13,13 @@
     with_items: "{{ resources | default([]) }}"
 #    when: not (recreate|default(false)) 
 
-  - name: Detroy existing resources
+  - name: "{{ template }}: Detroy existing resources"
     command: "oc delete -n {{project}} {{resources[item|int].kind}}/{{resources[item|int].name}}"
     failed_when: false
     with_sequence: start=0 count="{{resources | default([]) | length}}"
     when: ((recreate|default(false)) or (results | changed)) and (results.results[item|int].rc == 0)
 
-  - name: Create resources defined in template
+  - name: "{{ template }}: Create resources defined"
     shell: "oc process -f '{{ template_path }}/{{template}}' {{ template_args | default('') }} | oc create -n {{project}} -f - {{ create_args | default('') }}"
     when: (recreate|default(false)) or (results | changed)
   run_once: true
author	Suren A. Chilingaryan <csa@suren.me>	2018-02-28 23:46:55 +0100
committer	Suren A. Chilingaryan <csa@suren.me>	2018-02-28 23:46:55 +0100
commit	1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (patch)
tree	c75d04456ab3593442734bec3d84c90e4b973f27 /roles
parent	fe4622305efa55e6bec8221efe8fc4bdd5462136 (diff)