Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e3d95a3e9e
Branches Tags
okd
/
roles
/
openshift_provisioners
/
tasks
/
install_efs.yaml

install_efs.yaml 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. ---
    2. 

  2. - name: Check efs current replica count
    3. 

  3.   command: >
    4. 

  4.     {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc provisioners-efs
    5. 

  5.     -o jsonpath='{.spec.replicas}' -n {{openshift_provisioners_project}}
    6. 

  6.   register: efs_replica_count
    7. 

  7.   when: not ansible_check_mode
    8. 

  8.   ignore_errors: yes
    9. 

  9.   changed_when: no
    10. 

  10. 

  11. - name: Generate efs PersistentVolumeClaim
    12. 

  12.   template:
    13. 

  13.     src: pvc.j2
    14. 

  14.     dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-pvc.yaml"
    15. 

  15.   vars:
    16. 

  16.     obj_name: "provisioners-efs"
    17. 

  17.     size: "1Mi"
    18. 

  18.     access_modes:
    19. 

  19.       - "ReadWriteMany"
    20. 

  20.     pv_selector:
    21. 

  21.       provisioners-efs: efs
    22. 

  22.   check_mode: no
    23. 

  23.   changed_when: no
    24. 

  24. 

  25. - name: Generate efs PersistentVolume
    26. 

  26.   template:
    27. 

  27.     src: pv.j2
    28. 

  28.     dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-pv.yaml"
    29. 

  29.   vars:
    30. 

  30.     obj_name: "provisioners-efs"
    31. 

  31.     size: "1Mi"
    32. 

  32.     access_modes:
    33. 

  33.       - "ReadWriteMany"
    34. 

  34.     labels:
    35. 

  35.       provisioners-efs: efs
    36. 

  36.     volume_plugin: "nfs"
    37. 

  37.     volume_source:
    38. 

  38.       - {key: "server", value: "{{openshift_provisioners_efs_fsid}}.efs.{{openshift_provisioners_efs_region}}.amazonaws.com"}
    39. 

  39.       - {key: "path", value: "{{openshift_provisioners_efs_path}}"}
    40. 

  40.     claim_name: "provisioners-efs"
    41. 

  41.   check_mode: no
    42. 

  42.   changed_when: no
    43. 

  43. 

  44. - name: Generate efs DeploymentConfig
    45. 

  45.   template:
    46. 

  46.     src: efs.j2
    47. 

  47.     dest: "{{ mktemp.stdout }}/templates/{{deploy_name}}-dc.yaml"
    48. 

  48.   vars:
    49. 

  49.     name: efs
    50. 

  50.     deploy_name: "provisioners-efs"
    51. 

  51.     deploy_serviceAccount: "provisioners-efs"
    52. 

  52.     replica_count: "{{efs_replica_count.stdout | default(0)}}"
    53. 

  53.     node_selector: "{{openshift_provisioners_efs_nodeselector | default('') }}"
    54. 

  54.     claim_name: "provisioners-efs"
    55. 

  55.   check_mode: no
    56. 

  56.   changed_when: false
    57. 

  57. 

  58. # anyuid in order to run as root & chgrp shares with allocated gids
    59. 

  59. - name: "Check efs anyuid permissions"
    60. 

  60.   command: >
    61. 

  61.     {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
    62. 

  62.     get scc/anyuid -o jsonpath='{.users}'
    63. 

  63.   register: efs_anyuid
    64. 

  64.   check_mode: no
    65. 

  65.   changed_when: no
    66. 

  66. 

  67. - name: "Set anyuid permissions for efs"
    68. 

  68.   command: >
    69. 

  69.     {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
    70. 

  70.     add-scc-to-user anyuid system:serviceaccount:{{openshift_provisioners_project}}:provisioners-efs
    71. 

  71.   register: efs_output
    72. 

  72.   failed_when: efs_output.rc == 1 and 'exists' not in efs_output.stderr
    73. 

  73.   check_mode: no
    74. 

  74.   when: efs_anyuid.stdout.find("system:serviceaccount:" + openshift_provisioners_project + ":provisioners-efs") == -1
    75.