Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
shixiong
/
okd
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Tree: 717c36fde2
Branches Tags
okd
/
roles
/
openshift_provisioners
/
tasks
/
install_efs.yaml

install_efs.yaml 2.4 KB
Lịch sử Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. ---
    2. 

  2. - name: Check efs current replica count
    3. 

  3.   command: >
    4. 

  4.     {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc provisioners-efs
    5. 

  5.     -o jsonpath='{.spec.replicas}' -n {{openshift_provisioners_project}}
    6. 

  6.   register: efs_replica_count
    7. 

  7.   when: not ansible_check_mode
    8. 

  8.   ignore_errors: yes
    9. 

  9.   changed_when: no
    10. 

  10. 

  11. - name: Generate efs PersistentVolumeClaim
    12. 

  12.   template: src=pvc.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-pvc.yaml
    13. 

  13.   vars:
    14. 

  14.     obj_name: "provisioners-efs"
    15. 

  15.     size: "1Mi"
    16. 

  16.     access_modes:
    17. 

  17.       - "ReadWriteMany"
    18. 

  18.     pv_selector:
    19. 

  19.       provisioners-efs: efs
    20. 

  20.   check_mode: no
    21. 

  21.   changed_when: no
    22. 

  22. 

  23. - name: Generate efs PersistentVolume
    24. 

  24.   template: src=pv.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-pv.yaml
    25. 

  25.   vars:
    26. 

  26.     obj_name: "provisioners-efs"
    27. 

  27.     size: "1Mi"
    28. 

  28.     access_modes:
    29. 

  29.       - "ReadWriteMany"
    30. 

  30.     labels:
    31. 

  31.       provisioners-efs: efs
    32. 

  32.     volume_plugin: "nfs"
    33. 

  33.     volume_source:
    34. 

  34.       - {key: "server", value: "{{openshift_provisioners_efs_fsid}}.efs.{{openshift_provisioners_efs_region}}.amazonaws.com"}
    35. 

  35.       - {key: "path", value: "{{openshift_provisioners_efs_path}}"}
    36. 

  36.     claim_name: "provisioners-efs"
    37. 

  37.   check_mode: no
    38. 

  38.   changed_when: no
    39. 

  39. 

  40. - name: Generate efs DeploymentConfig
    41. 

  41.   template:
    42. 

  42.     src: efs.j2
    43. 

  43.     dest: "{{ mktemp.stdout }}/templates/{{deploy_name}}-dc.yaml"
    44. 

  44.   vars:
    45. 

  45.     name: efs
    46. 

  46.     deploy_name: "provisioners-efs"
    47. 

  47.     deploy_serviceAccount: "provisioners-efs"
    48. 

  48.     replica_count: "{{efs_replica_count.stdout | default(0)}}"
    49. 

  49.     node_selector: "{{openshift_provisioners_efs_nodeselector | default('') }}"
    50. 

  50.     claim_name: "provisioners-efs"
    51. 

  51.   check_mode: no
    52. 

  52.   changed_when: false
    53. 

  53. 

  54. # anyuid in order to run as root & chgrp shares with allocated gids
    55. 

  55. - name: "Check efs anyuid permissions"
    56. 

  56.   command: >
    57. 

  57.     {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
    58. 

  58.     get scc/anyuid -o jsonpath='{.users}'
    59. 

  59.   register: efs_anyuid
    60. 

  60.   check_mode: no
    61. 

  61.   changed_when: no
    62. 

  62. 

  63. - name: "Set anyuid permissions for efs"
    64. 

  64.   command: >
    65. 

  65.     {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
    66. 

  66.     add-scc-to-user anyuid system:serviceaccount:{{openshift_provisioners_project}}:provisioners-efs
    67. 

  67.   register: efs_output
    68. 

  68.   failed_when: efs_output.rc == 1 and 'exists' not in efs_output.stderr
    69. 

  69.   check_mode: no
    70. 

  70.   when: efs_anyuid.stdout.find("system:serviceaccount:{{openshift_provisioners_project}}:provisioners-efs") == -1
    71.