From 3b3c6a33f5cab37d4574182ffe7f756b24d1cbb6 Mon Sep 17 00:00:00 2001 From: "Jose A. Rivera" Date: Wed, 14 Jun 2017 11:27:56 -0500 Subject: GlusterFS: Allow configuration of heketi port Signed-off-by: Jose A. Rivera --- .../tasks/glusterfs_common.yml | 28 ++++++++++++++++------ 1 file changed, 21 insertions(+), 7 deletions(-) (limited to 'roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml') diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 829c1f51b..428f741ff 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -129,15 +129,9 @@ - glusterfs_heketi_deploy_is_missing - glusterfs_heketi_is_missing -- name: Set heketi URL - set_fact: - glusterfs_heketi_url: "localhost:8080" - when: - - glusterfs_heketi_is_native - - name: Set heketi-cli command set_fact: - glusterfs_heketi_client: "{% if glusterfs_heketi_is_native %}oc rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} {% endif %}heketi-cli -s http://{{ glusterfs_heketi_url }} --user admin --secret '{{ glusterfs_heketi_admin_key }}'" + glusterfs_heketi_client: "{% if glusterfs_heketi_is_native %}oc rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} {% endif %}heketi-cli -s http://{% if glusterfs_heketi_is_native %}localhost:8080{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %} --user admin --secret '{{ glusterfs_heketi_admin_key }}'" - name: Verify heketi service command: "{{ glusterfs_heketi_client }} cluster list" @@ -166,10 +160,30 @@ - path: key data: "{{ glusterfs_heketi_user_key }}" +- name: Get heketi route + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: route + state: list + name: "heketi-{{ glusterfs_name }}" + register: heketi_route + when: + - glusterfs_storageclass + - glusterfs_heketi_is_native + +- name: Determine StorageClass heketi URL + set_fact: + glusterfs_heketi_route: "{{ heketi_route.results.results[0]['spec']['host'] }}" + when: + - glusterfs_storageclass + - glusterfs_heketi_is_native + - name: Generate GlusterFS StorageClass file template: src: "{{ openshift.common.examples_content_version }}/glusterfs-storageclass.yml.j2" dest: "{{ mktemp.stdout }}/glusterfs-storageclass.yml" + when: + - glusterfs_storageclass - name: Create GlusterFS StorageClass oc_obj: -- cgit v1.2.3 From db2c93950bb9327afab3be70f087010751792977 Mon Sep 17 00:00:00 2001 From: "Jose A. Rivera" Date: Fri, 16 Jun 2017 14:17:45 -0500 Subject: GlusterFS: Use proper identity in heketi secret Signed-off-by: Jose A. Rivera --- roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml') diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 428f741ff..92accc170 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -149,16 +149,18 @@ - glusterfs_heketi_is_native - glusterfs_heketi_is_missing -- name: Create heketi user secret +- name: Create heketi secret oc_secret: namespace: "{{ glusterfs_namespace }}" state: present - name: "heketi-{{ glusterfs_name }}-user-secret" + name: "heketi-{{ glusterfs_name }}-secret" type: "kubernetes.io/glusterfs" force: True contents: - path: key - data: "{{ glusterfs_heketi_user_key }}" + data: "{{ glusterfs_heketi_admin_key }}" + when: + - glusterfs_storageclass - name: Get heketi route oc_obj: -- cgit v1.2.3 From b1c40b3dbbc7cfbf9ed0f6f657a68b4ea6a53136 Mon Sep 17 00:00:00 2001 From: "Jose A. Rivera" Date: Fri, 16 Jun 2017 18:02:18 -0500 Subject: GlusterFS: Generate better secret keys Signed-off-by: Jose A. Rivera --- .../tasks/glusterfs_common.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml') diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 92accc170..4406ef28b 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -123,6 +123,23 @@ when: - glusterfs_heketi_topology_load +- name: Generate heketi admin key + set_fact: + glusterfs_heketi_admin_key: "{{ 32 | oo_generate_secret }}" + when: + - glusterfs_heketi_is_native + - glusterfs_heketi_admin_key is undefined + +- name: Generate heketi user key + set_fact: + glusterfs_heketi_user_key: "{{ 32 | oo_generate_secret }}" + until: "glusterfs_heketi_user_key != glusterfs_heketi_admin_key" + delay: 1 + retries: 10 + when: + - glusterfs_heketi_is_native + - glusterfs_heketi_user_key is undefined + - include: heketi_deploy_part1.yml when: - glusterfs_heketi_is_native -- cgit v1.2.3