123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 |
- ---
- - name: Create Namespace for Persistent Local Storage
- oc_project:
- name: "{{ persistentlocalstorage_project }}"
- node_selector: ""
- - name: Create temp directory for template
- command: mktemp -d /tmp/openshift-ansible-XXXXXXX
- register: g_persistentstorage_mktemp
- changed_when: false
- - template:
- src: local-persistent-volume-config.j2
- dest: "{{g_persistentstorage_mktemp.stdout}}/local-persistent-volume-config"
- changed_when: no
- - slurp:
- src: "{{g_persistentstorage_mktemp.stdout}}/local-persistent-volume-config"
- register: local_persistent_volume_config
- - name: Create ConfigMap for Persistent Local Storage Provisioner
- oc_obj:
- name: "local-volume-provisioner-config"
- namespace: "{{ persistentlocalstorage_project }}"
- kind: ConfigMap
- content:
- path: /tmp/cmplspout
- data: "{{ local_persistent_volume_config.content | b64decode | from_yaml }}"
- - name: Create ServiceAccount for Persistent Local Storage Provisioner
- oc_serviceaccount:
- name: "local-volume-provisioner"
- namespace: "{{ persistentlocalstorage_project }}"
- - name: Add SecurityContextContraint for Local Storage Provisioner
- oc_adm_policy_user:
- user: "system:serviceaccount:{{ persistentlocalstorage_project }}:local-volume-provisioner"
- namespace: "{{ persistentlocalstorage_project }}"
- resource_kind: scc
- resource_name: hostmount-anyuid
- state: present
- - name: Give rights to local-volume-provisioner to manage volumes
- oc_obj:
- state: present
- kind: ClusterRoleBinding
- name: local-storage:provisioner-pv-binding
- content:
- path: /tmp/crblvpout
- data:
- apiVersion: v1
- kind: ClusterRoleBinding
- metadata:
- name: local-storage:provisioner-pv-binding
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:persistent-volume-provisioner
- subjects:
- - kind: ServiceAccount
- name: local-volume-provisioner
- namespace: "{{ persistentlocalstorage_project }}"
- - name: Give rights to local-volume-provisioner to list nodes
- oc_obj:
- state: present
- kind: ClusterRoleBinding
- name: local-storage:provisioner-node-binding
- content:
- path: /tmp/ls-provnode
- data:
- apiVersion: v1
- kind: ClusterRoleBinding
- metadata:
- name: local-storage:provisioner-node-binding
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:node
- subjects:
- - kind: ServiceAccount
- name: local-volume-provisioner
- namespace: "{{ persistentlocalstorage_project }}"
- - name: Create Application Persistent Local Storage Provisioner
- oc_obj:
- kind: DaemonSet
- namespace: "{{ persistentlocalstorage_project }}"
- state: present
- name: local-volume-provisioner
- content:
- path: /tmp/plsprovout
- data:
- apiVersion: extensions/v1beta1
- kind: DaemonSet
- metadata:
- name: local-volume-provisioner
- spec:
- template:
- metadata:
- labels:
- app: local-volume-provisioner
- spec:
- containers:
- - env:
- - name: MY_NODE_NAME
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: spec.nodeName
- - name: MY_NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: VOLUME_CONFIG_NAME
- value: local-volume-provisioner-config
- image: quay.io/external_storage/local-volume-provisioner:v1.0.1
- name: provisioner
- securityContext:
- runAsUser: 0
- volumeMounts:
- - mountPath: /mnt/local-storage
- name: local-storage
- serviceAccountName: local-volume-provisioner
- volumes:
- - hostPath:
- path: /mnt/local-storage
- name: local-storage
|