From f97e06c970688324356ae4ebf3137de0c1097c4f Mon Sep 17 00:00:00 2001 From: "Jose A. Rivera" Date: Wed, 21 Jun 2017 14:27:37 -0500 Subject: GlusterFS: Fix heketi secret name Signed-off-by: Jose A. Rivera --- roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml | 4 ++-- .../templates/v3.6/glusterfs-storageclass.yml.j2 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'roles') diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 4406ef28b..57eeb2acb 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -26,7 +26,7 @@ - kind: "sa" name: "heketi-{{ glusterfs_name }}-service-account" - kind: "secret" - name: "heketi-{{ glusterfs_name }}-user-secret" + name: "heketi-{{ glusterfs_name }}-admin-secret" failed_when: False when: glusterfs_heketi_wipe @@ -170,7 +170,7 @@ oc_secret: namespace: "{{ glusterfs_namespace }}" state: present - name: "heketi-{{ glusterfs_name }}-secret" + name: "heketi-{{ glusterfs_name }}-admin-secret" type: "kubernetes.io/glusterfs" force: True contents: diff --git a/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-storageclass.yml.j2 b/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-storageclass.yml.j2 index 5ea801e60..2ec9a9e9a 100644 --- a/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-storageclass.yml.j2 +++ b/roles/openshift_storage_glusterfs/templates/v3.6/glusterfs-storageclass.yml.j2 @@ -8,4 +8,4 @@ parameters: resturl: "http://{% if glusterfs_heketi_is_native %}{{ glusterfs_heketi_route }}{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %}" restuser: "admin" secretNamespace: "{{ glusterfs_namespace }}" - secretName: "heketi-{{ glusterfs_name }}-secret" + secretName: "heketi-{{ glusterfs_name }}-admin-secret" -- cgit v1.2.3 From b03393a55e325a813444cce9cb4e2ec6dc99579e Mon Sep 17 00:00:00 2001 From: "Jose A. Rivera" Date: Wed, 21 Jun 2017 14:27:54 -0500 Subject: GlusterFS: Use proper namespace for heketi command and service account Signed-off-by: Jose A. Rivera --- roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml | 4 +++- roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'roles') diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 57eeb2acb..af901103e 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -66,6 +66,7 @@ - name: Add heketi service account to privileged SCC oc_adm_policy_user: + namespace: "{{ glusterfs_namespace }}" user: "system:serviceaccount:{{ glusterfs_namespace }}:heketi-{{ glusterfs_name }}-service-account" resource_kind: scc resource_name: privileged @@ -74,6 +75,7 @@ - name: Allow heketi service account to view/edit pods oc_adm_policy_user: + namespace: "{{ glusterfs_namespace }}" user: "system:serviceaccount:{{ glusterfs_namespace }}:heketi-{{ glusterfs_name }}-service-account" resource_kind: role resource_name: edit @@ -148,7 +150,7 @@ - name: Set heketi-cli command set_fact: - glusterfs_heketi_client: "{% if glusterfs_heketi_is_native %}oc rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} {% endif %}heketi-cli -s http://{% if glusterfs_heketi_is_native %}localhost:8080{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %} --user admin --secret '{{ glusterfs_heketi_admin_key }}'" + glusterfs_heketi_client: "{% if glusterfs_heketi_is_native %}{{ openshift.common.client_binary }} rsh --namespace={{ glusterfs_namespace }} {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} {% endif %}heketi-cli -s http://{% if glusterfs_heketi_is_native %}localhost:8080{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %} --user admin --secret '{{ glusterfs_heketi_admin_key }}'" - name: Verify heketi service command: "{{ glusterfs_heketi_client }} cluster list" diff --git a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml index 26343b909..63009c539 100644 --- a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml +++ b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml @@ -4,7 +4,7 @@ register: setup_storage - name: Copy heketi-storage list - shell: "{{ openshift.common.client_binary }} rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} cat /tmp/heketi-storage.json > {{ mktemp.stdout }}/heketi-storage.json" + shell: "{{ openshift.common.client_binary }} rsh --namespace={{ glusterfs_namespace }} {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} cat /tmp/heketi-storage.json > {{ mktemp.stdout }}/heketi-storage.json" # This is used in the subsequent task - name: Copy the admin client config @@ -125,7 +125,7 @@ - name: Set heketi-cli command set_fact: - glusterfs_heketi_client: "oc rsh {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} heketi-cli -s http://localhost:8080 --user admin --secret '{{ glusterfs_heketi_admin_key }}'" + glusterfs_heketi_client: "{{ openshift.common.client_binary }} rsh --namespace={{ glusterfs_namespace }} {{ heketi_pod.results.results[0]['items'][0]['metadata']['name'] }} heketi-cli -s http://localhost:8080 --user admin --secret '{{ glusterfs_heketi_admin_key }}'" - name: Verify heketi service command: "{{ glusterfs_heketi_client }} cluster list" -- cgit v1.2.3