diff options
Diffstat (limited to 'roles/openshift_node/tasks/storage_plugins')
4 files changed, 116 insertions, 0 deletions
diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml new file mode 100644 index 000000000..037efe81a --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -0,0 +1,4 @@ +--- +- name: Install Ceph storage plugin dependencies + package: name=ceph-common state=present + when: not openshift.common.is_atomic | bool diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml new file mode 100644 index 000000000..1b8a7ad50 --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -0,0 +1,54 @@ +--- +- name: Install GlusterFS storage plugin dependencies + package: name=glusterfs-fuse state=present + when: not openshift.common.is_atomic | bool + +- name: Check for existence of fusefs sebooleans + command: getsebool {{ item }} + register: fusefs_getsebool_status + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + failed_when: false + changed_when: false + with_items: + - virt_use_fusefs + - virt_sandbox_use_fusefs + +- name: Set seboolean to allow gluster storage plugin access from containers + seboolean: + name: "{{ item.item }}" + state: yes + persistent: yes + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + - item.rc == 0 + # We need to detect whether or not the boolean is an alias, since `seboolean` + # will error if it is an alias. We do this by inspecting stdout for the boolean name, + # since getsebool prints the resolved name. (At some point Ansible's seboolean module + # should learn to deal with aliases) + - item.item in item.stdout # Boolean does not have an alias. + - ansible_python_version | version_compare('3', '<') + with_items: "{{ fusefs_getsebool_status.results }}" + +# Workaround for https://github.com/openshift/openshift-ansible/issues/4438 +# Use command module rather than seboolean module to set GlusterFS booleans. +# TODO: Remove this task and the ansible_python_version comparison in +# the previous task when the problem has been addressed in current +# ansible release. +- name: Set seboolean to allow gluster storage plugin access from containers (python 3) + command: > + setsebool -P {{ item.item }} on + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + - item.rc == 0 + # We need to detect whether or not the boolean is an alias, since `seboolean` + # will error if it is an alias. We do this by inspecting stdout for the boolean name, + # since getsebool prints the resolved name. (At some point Ansible's seboolean module + # should learn to deal with aliases) + - item.item in item.stdout # Boolean does not have an alias. + - ('--> off' in item.stdout) # Boolean is currently off. + - ansible_python_version | version_compare('3', '>=') + with_items: "{{ fusefs_getsebool_status.results }}" diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml new file mode 100644 index 000000000..1c5478c55 --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml @@ -0,0 +1,4 @@ +--- +- name: Install iSCSI storage plugin dependencies + package: name=iscsi-initiator-utils state=present + when: not openshift.common.is_atomic | bool diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml new file mode 100644 index 000000000..7e1035893 --- /dev/null +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -0,0 +1,54 @@ +--- +- name: Install NFS storage plugin dependencies + package: name=nfs-utils state=present + when: not openshift.common.is_atomic | bool + +- name: Check for existence of nfs sebooleans + command: getsebool {{ item }} + register: nfs_getsebool_status + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + failed_when: false + changed_when: false + with_items: + - virt_use_nfs + - virt_sandbox_use_nfs + +- name: Set seboolean to allow nfs storage plugin access from containers + seboolean: + name: "{{ item.item }}" + state: yes + persistent: yes + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + - item.rc == 0 + # We need to detect whether or not the boolean is an alias, since `seboolean` + # will error if it is an alias. We do this by inspecting stdout for the boolean name, + # since getsebool prints the resolved name. (At some point Ansible's seboolean module + # should learn to deal with aliases) + - item.item in item.stdout # Boolean does not have an alias. + - ansible_python_version | version_compare('3', '<') + with_items: "{{ nfs_getsebool_status.results }}" + +# Workaround for https://github.com/openshift/openshift-ansible/issues/4438 +# Use command module rather than seboolean module to set NFS booleans. +# TODO: Remove this task and the ansible_python_version comparison in +# the previous task when the problem has been addressed in current +# ansible release. +- name: Set seboolean to allow nfs storage plugin access from containers (python 3) + command: > + setsebool -P {{ item.item }} on + when: + - ansible_selinux + - ansible_selinux.status == "enabled" + - item.rc == 0 + # We need to detect whether or not the boolean is an alias, since `seboolean` + # will error if it is an alias. We do this by inspecting stdout for the boolean name, + # since getsebool prints the resolved name. (At some point Ansible's seboolean module + # should learn to deal with aliases) + - item.item in item.stdout # Boolean does not have an alias. + - ('--> off' in item.stdout) # Boolean is currently off. + - ansible_python_version | version_compare('3', '>=') + with_items: "{{ nfs_getsebool_status.results }}" |