From 69adb23c59e991ddcabf5cfce415fd8b638dbc1a Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Thu, 1 Mar 2018 21:15:50 +0100
Subject: Improve handling of filesystem permissions and other fixes

---
 roles/ands_kaas/templates/00-gfs-volumes.yml.j2 | 13 +++++++++----
 roles/ands_kaas/templates/50-kaas-pods.yml.j2   | 17 ++++++-----------
 2 files changed, 15 insertions(+), 15 deletions(-)

(limited to 'roles/ands_kaas/templates')

diff --git a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
index c9341ed..a69942d 100644
--- a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
+++ b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2
@@ -2,18 +2,23 @@
 apiVersion: v1
 kind: Template
 metadata:
-  name: 
+  name: {{ kaas_project }}-gfs-volumes
   annotations:
-    descriptions: "KATRIN Volumes"
+    descriptions: "{{ kaas_project }} glusterfs volumes"
 objects:
 {% for name, vol in kaas_project_volumes.iteritems() %}
 {% set oc_name = vol.name | default(name) | regex_replace('_','-') %}
 {% set cfgpath = vol.path | default("") %}
 {% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %}
+{% if oc_name | regex_search("^" + kaas_project) %}
+{%   set pvname = oc_name %}
+{% else %}
+{%   set pvname = (kaas_project + "-" + oc_name) | regex_replace('_','-') %}
+{% endif %}
   - apiVersion: v1
     kind: PersistentVolume
     metadata:
-      name: {{ oc_name }}
+      name: {{ pvname }}
     spec:
       persistentVolumeReclaimPolicy: Retain 
       glusterfs: 
@@ -32,7 +37,7 @@ objects:
     metadata:
       name: {{ oc_name }}
     spec:
-      volumeName: {{ oc_name }}
+      volumeName: {{ pvname }}
       accessModes:
         - {{ vol.access | default('ReadWriteMany') }}
       resources:
diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
index 2ed7462..216dc01 100644
--- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2
+++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2
@@ -7,7 +7,7 @@ metadata:
   annotations:
     descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }}
 objects:
-{% for name, pod in (kaas_project_config.pods | default({})).iteritems() %}
+{% for name, pod in kaas_project_pods.iteritems() %}
   {% set pubkey = "kaas_" ~ name ~ "_pubkey" %}
   {% set privkey = "kaas_" ~ name ~ "_privkey" %}
   {% set cakey = "kaas_" ~ name ~ "_ca" %}
@@ -104,20 +104,15 @@ objects:
     {% if (pod.groups is defined) or (pod.run_as is defined) %}
           securityContext:
         {% if (pod.run_as is defined) %}
-                {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %}
-            runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }}
-                {% else %}
-            runAsUser: {{ pod.run_as }}
-                {% endif %}
+            runAsUser: {{ (kaas_project_uids[pod.run_as] is defined) | ternary(kaas_project_uids[pod.run_as].id, pod.run_as) }}
         {% endif %}
         {% if (pod.groups is defined) %}
+          {% if (ands_openshift_gid_mode | default('')) == "RunAsAny" %}
+            fsGroup: {{ (kaas_project_gids[pod.groups[0]] is defined) | ternary(kaas_project_gids[pod.groups[0]].id, pod.groups[0]) }}
+          {% endif %}
             supplementalGroups:
             {% for group in pod.groups %}
-                {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %}
-              - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}
-                {% else %}
-              - {{ group }}
-                {% endif %}
+              - {{ (kaas_project_gids[group] is defined) | ternary(kaas_project_gids[group].id, group) }}
             {% endfor %}
         {% endif %}
     {% endif %}
-- 
cgit v1.2.3