summaryrefslogtreecommitdiffstats
path: root/setup
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-02-20 15:10:45 +0100
committerSuren A. Chilingaryan <csa@suren.me>2018-02-20 15:10:45 +0100
commite4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe (patch)
tree3a8a420d8d26e616491f31b322a006dd2b3e0e1c /setup
parent96ced00e05b50f276841a9212ae89e018de4d92d (diff)
downloadands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.gz
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.bz2
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.tar.xz
ands-e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe.zip
Handling GlusterFS storage security in OpenShift containers
Diffstat (limited to 'setup')
-rw-r--r--setup/configs/openshift.yml3
-rw-r--r--setup/configs/security.yml21
-rw-r--r--setup/configs/volumes.yml13
-rw-r--r--setup/projects/adei/vars/pods.yml52
4 files changed, 84 insertions, 5 deletions
diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml
index 6b9995c..e2a2d6d 100644
--- a/setup/configs/openshift.yml
+++ b/setup/configs/openshift.yml
@@ -2,7 +2,8 @@
ands_openshift_projects:
katrin: KArlsruhe TRItium Neutrino
adei: ADEI
-
+
+# test: Tesing
ands_openshift_users:
pdv: IPE Administation Account
diff --git a/setup/configs/security.yml b/setup/configs/security.yml
new file mode 100644
index 0000000..413f57e
--- /dev/null
+++ b/setup/configs/security.yml
@@ -0,0 +1,21 @@
+ands_openshift_gid_mode:
+# adei: "RunAsAny"
+ ands_default: "MustRunAs"
+
+#ands_openshift_uid_mode:
+# ands_default: "MustRunAsRange"
+
+#ands_openshift_uid_ranges:
+
+ands_openshift_gid_ranges:
+ katrin: "5000/10"
+ adei: "5010/10"
+
+ands_openshift_uids:
+ kaas: { id: 6000 }
+
+ands_openshift_gids:
+ kaas: { id: 6000 }
+
+ands_default_file_group: root
+ands_default_file_owner: root
diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml
index d0ba063..d93f177 100644
--- a/setup/configs/volumes.yml
+++ b/setup/configs/volumes.yml
@@ -3,6 +3,8 @@ ands_paths:
provision: /mnt/provision
openshift: /mnt/openshift
temporary: /mnt/temporary
+ databases: /mnt/databases
+ katrin_data: /mnt/katrin
ands_heketi_domain:
servers: "storage_nodes"
@@ -14,11 +16,15 @@ ands_storage_domains:
clients: "masters"
volumes:
provision: { type: "cfg", mount: "{{ ands_paths.provision }}" }
- - servers: "storage_nodes"
- clients: "nodes"
- volumes:
openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" }
+ databases: { type: "db", mount: "{{ ands_paths.databases }}" }
temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" }
+ katrin_data: { type: "data", mount: "{{ ands_paths.katrin_data }}" }
+# - servers: "storage_nodes"
+# clients: "nodes"
+# openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" }
+# temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" }
+# volumes:
# - ovirt:
# - pdv:
@@ -31,7 +37,6 @@ ands_openshift_volumes:
log: { volume: "temporary", path: "/log", write: true}
tmp: { volume: "temporary", path: "/tmp", write: true}
-
# Global list, we only take things from the volume of project
ands_openshift_files:
- { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" }
diff --git a/setup/projects/adei/vars/pods.yml b/setup/projects/adei/vars/pods.yml
new file mode 100644
index 0000000..3b104ea
--- /dev/null
+++ b/setup/projects/adei/vars/pods.yml
@@ -0,0 +1,52 @@
+volumes:
+ adei_etc: { volume: "openshift", path: "/adei/etc" }
+ adei_db: { volume: "databases", path: "/adei", write: true}
+
+gids:
+ adei: { id: 5010 }
+ adei_db: { id: 5011 }
+
+files:
+ - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" }
+
+
+pods:
+ mysql:
+ service: { ports: [ 3306 ] }
+ sched: { replicas: 1, selector: { master: 1 } }
+ selector: { master: 1 }
+ groups: [ "adei_db" ]
+ images:
+ - image: "openshift/mysql-56-centos7"
+ env:
+ - { name: "MYSQL_USER", value: "adei" }
+ - { name: "MYSQL_PASSWORD", value: "adei" }
+ - { name: "MYSQL_DATABASE", value: "adei" }
+ mappings:
+ - { name: "adei_etc", path: "mysql", mount: "/etc/mysql" }
+ - { name: "adei_db", path: "mysql", mount: "/var/lib/mysql/data" }
+ probes:
+ - { port: 3306 }
+ phpmyadmin:
+ service: { host: "phpmyadmin.{{ openshift_master_default_subdomain }}", ports: [ 80/8080 ] }
+ sched: { replicas: 1 }
+ images:
+ - image: "chsa/phpmyadmin-centos:4"
+ env:
+ - { name: "DB_SERVICE_HOST", value: "mysql.adei.svc.cluster.local" }
+ - { name: "DB_SERVICE_PORT", value: "3306" }
+ - { name: "DB_SERVICE_CONTROL_USER", value: "pma" }
+ - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "adei" }
+ - { name: "DB_EXTRA_HOSTS", value: "mysql.katrin.svc.cluster.local" }
+ probes:
+ - { port: 8080, path: '/' }
+
+
+
+#oc:
+# - template: "[0-3]*"
+# - template: "[4-6]*"
+# - resource: "route/apache"
+# oc: "expose svc/kaas --name apache --hostname=apache.{{ openshift_master_default_subdomain }}"
+# - template: "*"
+ \ No newline at end of file