diff options
Diffstat (limited to 'roles/openshift_node/tasks/storage_plugins/glusterfs.yml')
| -rw-r--r-- | roles/openshift_node/tasks/storage_plugins/glusterfs.yml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml new file mode 100644 index 000000000..1b8a7ad50 --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -0,0 +1,54 @@ +--- +- name: Install GlusterFS storage plugin dependencies + package: name=glusterfs-fuse state=present + when: not openshift.common.is_atomic | bool + +- name: Check for existence of fusefs sebooleans + command: getsebool {{ item }} + register: fusefs_getsebool_status + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + failed_when: false + changed_when: false + with_items: + - virt_use_fusefs + - virt_sandbox_use_fusefs + +- name: Set seboolean to allow gluster storage plugin access from containers + seboolean: + name: "{{ item.item }}" + state: yes + persistent: yes + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + - item.rc == 0 + # We need to detect whether or not the boolean is an alias, since `seboolean` + # will error if it is an alias. We do this by inspecting stdout for the boolean name, + # since getsebool prints the resolved name. (At some point Ansible's seboolean module + # should learn to deal with aliases) + - item.item in item.stdout # Boolean does not have an alias. + - ansible_python_version | version_compare('3', '<') + with_items: "{{ fusefs_getsebool_status.results }}" + +# Workaround for https://github.com/openshift/openshift-ansible/issues/4438 +# Use command module rather than seboolean module to set GlusterFS booleans. +# TODO: Remove this task and the ansible_python_version comparison in +# the previous task when the problem has been addressed in current +# ansible release. +- name: Set seboolean to allow gluster storage plugin access from containers (python 3) + command: > + setsebool -P {{ item.item }} on + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + - item.rc == 0 + # We need to detect whether or not the boolean is an alias, since `seboolean` + # will error if it is an alias. We do this by inspecting stdout for the boolean name, + # since getsebool prints the resolved name. (At some point Ansible's seboolean module + # should learn to deal with aliases) + - item.item in item.stdout # Boolean does not have an alias. + - ('--> off' in item.stdout) # Boolean is currently off. + - ansible_python_version | version_compare('3', '>=') + with_items: "{{ fusefs_getsebool_status.results }}" |