From ca5b5b005d2ca454015f8b0faa54372c60a0e40a Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Fri, 23 Feb 2018 02:16:43 +0100 Subject: GlusterFS subpaths, ADEI frontend pods, fixes --- roles/ands_kaas/tasks/do_project.yml | 1 - roles/ands_kaas/tasks/file.yml | 2 +- roles/ands_kaas/templates/0-gfs-volumes.yml.j2 | 39 ----- roles/ands_kaas/templates/00-gfs-volumes.yml.j2 | 39 +++++ roles/ands_kaas/templates/50-kaas-pods.yml.j2 | 200 ++++++++++++++++++++++++ roles/ands_kaas/templates/6-kaas-pods.yml.j2 | 199 ----------------------- roles/openshift_resource/tasks/main.yml | 4 +- roles/openshift_resource/tasks/resource.yml | 8 +- 8 files changed, 247 insertions(+), 245 deletions(-) delete mode 100644 roles/ands_kaas/templates/0-gfs-volumes.yml.j2 create mode 100644 roles/ands_kaas/templates/00-gfs-volumes.yml.j2 create mode 100644 roles/ands_kaas/templates/50-kaas-pods.yml.j2 delete mode 100644 roles/ands_kaas/templates/6-kaas-pods.yml.j2 (limited to 'roles') diff --git a/roles/ands_kaas/tasks/do_project.yml b/roles/ands_kaas/tasks/do_project.yml index 61b91d2..a876d94 100644 --- a/roles/ands_kaas/tasks/do_project.yml +++ b/roles/ands_kaas/tasks/do_project.yml @@ -59,4 +59,3 @@ - kaas_project_config.oc is undefined - kaas_project_config.pods != {} - diff --git a/roles/ands_kaas/tasks/file.yml b/roles/ands_kaas/tasks/file.yml index 479ec68..e6b2e8d 100644 --- a/roles/ands_kaas/tasks/file.yml +++ b/roles/ands_kaas/tasks/file.yml @@ -16,7 +16,7 @@ - name: "Setting up files in {{ path }}" file: path: "{{ path }}" - recurse: "{{ file.recurse | default(true) }}" + recurse: "{{ file.recurse | default(false) }}" mode: "{{ file.mode | default( ((file.state | default('directory')) == 'directory') | ternary('0755', '0644') ) }}" owner: "{{ owner }}" group: "{{ group }}" diff --git a/roles/ands_kaas/templates/0-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/0-gfs-volumes.yml.j2 deleted file mode 100644 index 8e5842a..0000000 --- a/roles/ands_kaas/templates/0-gfs-volumes.yml.j2 +++ /dev/null @@ -1,39 +0,0 @@ ---- -apiVersion: v1 -kind: Template -metadata: - name: - annotations: - descriptions: "KATRIN Volumes" -objects: -{% for name, vol in (kaas_project_config.volumes | default(kaas_openshift_volumes)).iteritems() %} -{% set oc_name = vol.name | default(name) | regex_replace('_','-') %} - - apiVersion: v1 - kind: PersistentVolume - metadata: - name: {{ oc_name }} - spec: - persistentVolumeReclaimPolicy: Retain - glusterfs: - endpoints: {{ kaas_glusterfs_endpoints }} - path: {{ vol.volume }} - readOnly: {{ not (vol.write | default(false)) }} - accessModes: - - {{ vol.access | default('ReadWriteMany') }} - capacity: - storage: {{ vol.capacity | default(kaas_default_volume_capacity) }} - claimRef: - name: {{ oc_name }} - namespace: {{ kaas_project }} - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: {{ oc_name }} - spec: - volumeName: {{ oc_name }} - accessModes: - - {{ vol.access | default('ReadWriteMany') }} - resources: - requests: - storage: {{ vol.capacity | default(kaas_default_volume_capacity) }} -{% endfor %} diff --git a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 new file mode 100644 index 0000000..c90c610 --- /dev/null +++ b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 @@ -0,0 +1,39 @@ +--- +apiVersion: v1 +kind: Template +metadata: + name: + annotations: + descriptions: "KATRIN Volumes" +objects: +{% for name, vol in (kaas_project_config.volumes | default(kaas_openshift_volumes)).iteritems() %} +{% set oc_name = vol.name | default(name) | regex_replace('_','-') %} + - apiVersion: v1 + kind: PersistentVolume + metadata: + name: {{ oc_name }} + spec: + persistentVolumeReclaimPolicy: Retain + glusterfs: + endpoints: {{ kaas_glusterfs_endpoints }} + path: "{{ vol.volume }}{{vol.path}}" + readOnly: {{ not (vol.write | default(false)) }} + accessModes: + - {{ vol.access | default(vol.write | default(false) | ternary('ReadWriteMany', 'ReadOnlyMany')) }} + capacity: + storage: {{ vol.capacity | default(kaas_default_volume_capacity) }} + claimRef: + name: {{ oc_name }} + namespace: {{ kaas_project }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: {{ oc_name }} + spec: + volumeName: {{ oc_name }} + accessModes: + - {{ vol.access | default('ReadWriteMany') }} + resources: + requests: + storage: {{ vol.capacity | default(kaas_default_volume_capacity) }} +{% endfor %} diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 new file mode 100644 index 0000000..49dab3f --- /dev/null +++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 @@ -0,0 +1,200 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "false" +--- +apiVersion: v1 +kind: Template +metadata: + name: {{ kaas_project }}-pods + annotations: + descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }} +objects: +{% for name, pod in (kaas_project_config.pods | default(kaas_openshift_volumes)).iteritems() %} + {% set pubkey = "kaas_" ~ name ~ "_pubkey" %} + {% set privkey = "kaas_" ~ name ~ "_privkey" %} + {% set cakey = "kaas_" ~ name ~ "_ca" %} + {% if pod.variant is defined %} + {% set pod = pod[pod.variant] %} + {% endif %} + {% if pod.service is defined %} + - apiVersion: v1 + kind: Service + metadata: + name: {{ pod.name | default(name) }} + spec: + selector: + name: {{ pod.name | default(name) }} + {% if pod.service.ports is defined %} + ports: + {% for port in pod.service.ports %} + {% set portmap = (port | string).split('/') %} + - name: "{{ portmap[0] }}" + port: {{ portmap[0] }} + targetPort: {{ (portmap[1] is defined) | ternary(portmap[1], portmap[0]) }} + {% endfor %} + {% endif %} + {% if (pod.service.ports is defined) and (pod.service.host is defined) %} + {% set first_port = (pod.service.ports[0] | string).split('/') %} + - apiVersion: v1 + kind: Route + metadata: + name: {{ pod.name | default(name) }} + spec: + host: {{ pod.service.host }} + to: + kind: Service + name: {{ pod.name | default(name) }} + port: + targetPort: {{ (first_port[1] is defined) | ternary(first_port[1], first_port[0]) }} + {% if (first_port[0] == "80") %} + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + {% if hostvars[inventory_hostname][pubkey] is defined %} + certificate: |- + {{ hostvars[inventory_hostname][pubkey] | indent(10) }} + {% endif %} + {% if hostvars[inventory_hostname][privkey] is defined %} + key: |- + {{ hostvars[inventory_hostname][privkey] | indent(10) }} + {% endif %} + {% if hostvars[inventory_hostname][cakey] is defined %} + caCertificate: |- + {{ hostvars[inventory_hostname][cakey] | indent(10) }} + {% endif %} + {% endif %} + {% endif %} + {% endif %} + - apiVersion: v1 + kind: DeploymentConfig + metadata: + name: {{ pod.name | default(name) }} + spec: + replicas: {{ pod.sched.replicas | default(1) }} + revisionHistoryLimit: 2 + strategy: + type: {{ pod.sched.strategy | default('Rolling') }} + triggers: + - type: ConfigChange + selector: + name: {{ pod.name | default(name) }} + template: + metadata: + name: {{ pod.name | default(name) }} + labels: + name: {{ pod.name | default(name) }} + spec: + {% if pod.selector is defined %} + nodeSelector: + {% for skey, sval in pod.selector.iteritems() %} + {{ skey }}: "{{ sval }}" + {% endfor %} + {% endif %} + {% set mappings = (pod.images | json_query('[*].mappings') | length) %} + {% if mappings > 0 %} + volumes: + {% for img in pod.images %} + {% set imgidx = loop.index %} + {% for vol in img.mappings %} + {% set oc_name = vol.name | default(name) | regex_replace('_','-') %} + - name: vol-{{imgidx}}-{{loop.index}} + persistentVolumeClaim: + claimName: {{ oc_name }} + {% endfor %} + {% endfor %} + {% endif %} + {% if (pod.groups is defined) or (pod.run_as is defined) %} + securityContext: + {% if (pod.run_as is defined) %} + {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %} + - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} + {% else %} + - {{ pod.run_as }} + {% endif %} + {% endif %} + {% if (pod.groups is defined) %} + supplementalGroups: + {% for group in pod.groups %} + {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %} + - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} + {% else %} + - {{ group }} + {% endif %} + {% endfor %} + {% endif %} + {% endif %} + containers: + {% for img in pod.images %} + {% set imgidx = loop.index %} + - name: {{ img.name | default(pod.name) | default(name) }} + image: {{ img.image }} + imagePullPolicy: Always + ports: + {% if img.ports is defined %} + {% for port in img.ports %} + - containerPort: {{ port }} + {% endfor %} + {% else %} + {% for port in pod.service.ports %} + {% set portmap = (port | string).split('/') %} + - containerPort: {{ (portmap[1] is defined) | ternary(portmap[1], portmap[0]) }} + {% endfor %} + {% endif %} + {% if img.env is defined %} + env: + {% for env_item in img.env %} + {% set env_name = env_item.name %} + {% set env_val = env_item.value %} + {% set env_parts = (env_val | string).split('@') %} + - name: "{{ env_name }}" + {% if env_parts[0] == "secret" %} + {% set env_sec = (env_parts[1] | string).split('/') %} + valueFrom: + secretKeyRef: + name: {{ env_sec[0] }} + key: {{ env_sec[1] }} + {% elif env_parts[0] == "cm" %} + {% set env_cm = (env_parts[1] | string).split('/') %} + valueFrom: + configMapKeyRef: + name: {{ env_cm[0] }} + key: {{ env_cm[1] }} + {% else %} + value: "{{ env_val }}" + {% endif %} + {% endfor %} + {% endif %} + {% if img.mappings is defined %} + volumeMounts: + {% for vol in img.mappings %} + - name: vol-{{imgidx}}-{{loop.index}} + subPath: {{ vol.path | default("") }} + mountPath: {{ vol.mount }} + {% endfor %} + {% endif %} + {% if img.probes is defined %} + {% for probe in img.probes %} + {% if (probe.type is undefined) %} + {% set seq = ['livenessProbe', 'readinessProbe'] %} + {% elif (probe.type == "liveness") %} + {% set seq = ['livenessProbe'] %} + {% else %} + {% set seq = ['readinessProbe'] %} + {% endif %} + {% for type in seq %} + {{ type }}: + timeoutSeconds: {{ probe.timeout | default(1) }} + initialDelaySeconds: {{ probe.delay | default(10) }} + {% if (probe.cmd is defined) %} + command: "{{ probe.cmd }}" + {% elif (probe.path is defined) %} + httpGet: + path: {{ probe.path }} + port: {{ probe.port | default(80) }} + {% else %} + tcpSocket: + port: {{ probe.port | default(80) }} + {% endif %} + {% endfor %} + {% endfor %} + {% endif %} + {% endfor %} +{% endfor %} diff --git a/roles/ands_kaas/templates/6-kaas-pods.yml.j2 b/roles/ands_kaas/templates/6-kaas-pods.yml.j2 deleted file mode 100644 index d5418d3..0000000 --- a/roles/ands_kaas/templates/6-kaas-pods.yml.j2 +++ /dev/null @@ -1,199 +0,0 @@ -#jinja2: trim_blocks: "true", lstrip_blocks: "false" ---- -apiVersion: v1 -kind: Template -metadata: - name: {{ kaas_project }}-pods - annotations: - descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }} -objects: -{% for name, pod in (kaas_project_config.pods | default(kaas_openshift_volumes)).iteritems() %} - {% set pubkey = "kaas_" ~ name ~ "_pubkey" %} - {% set privkey = "kaas_" ~ name ~ "_privkey" %} - {% set cakey = "kaas_" ~ name ~ "_ca" %} - {% if pod.variant is defined %} - {% set pod = pod[pod.variant] %} - {% endif %} - {% if pod.service is defined %} - - apiVersion: v1 - kind: Service - metadata: - name: {{ pod.name | default(name) }} - spec: - selector: - name: {{ pod.name | default(name) }} - {% if pod.service.ports is defined %} - ports: - {% for port in pod.service.ports %} - {% set portmap = (port | string).split('/') %} - - name: "{{ portmap[0] }}" - port: {{ portmap[0] }} - targetPort: {{ (portmap[1] is defined) | ternary(portmap[1], portmap[0]) }} - {% endfor %} - {% endif %} - {% if (pod.service.ports is defined) and (pod.service.host is defined) %} - {% set first_port = (pod.service.ports[0] | string).split('/')[0] %} - - apiVersion: v1 - kind: Route - metadata: - name: {{ pod.name | default(name) }} - spec: - host: {{ pod.service.host }} - to: - kind: Service - name: {{ pod.name | default(name) }} - port: - targetPort: {{ first_port }} - {% if (first_port == "80") %} - tls: - termination: edge - insecureEdgeTerminationPolicy: Allow - {% if hostvars[inventory_hostname][pubkey] is defined %} - certificate: |- - {{ hostvars[inventory_hostname][pubkey] | indent(10) }} - {% endif %} - {% if hostvars[inventory_hostname][privkey] is defined %} - key: |- - {{ hostvars[inventory_hostname][privkey] | indent(10) }} - {% endif %} - {% if hostvars[inventory_hostname][cakey] is defined %} - caCertificate: |- - {{ hostvars[inventory_hostname][cakey] | indent(10) }} - {% endif %} - {% endif %} - {% endif %} - {% endif %} - - apiVersion: v1 - kind: DeploymentConfig - metadata: - name: {{ pod.name | default(name) }} - spec: - replicas: {{ pod.sched.replicas | default(1) }} - selector: - name: {{ pod.name | default(name) }} - template: - metadata: - name: {{ pod.name | default(name) }} - labels: - name: {{ pod.name | default(name) }} - strategy: - type: {{ pod.sched.strategy | default('Rolling') }} - triggers: - - type: ConfigChange - spec: - {% if pod.selector is defined %} - nodeSelector: - {% for skey, sval in pod.selector.iteritems() %} - {{ skey }}: "{{ sval }}" - {% endfor %} - {% endif %} - {% set mappings = (pod.images | json_query('[*].mappings') | length) %} - {% if mappings > 0 %} - volumes: - {% for img in pod.images %} - {% set imgidx = loop.index %} - {% for vol in img.mappings %} - {% set oc_name = vol.name | default(name) | regex_replace('_','-') %} - - name: vol-{{imgidx}}-{{loop.index}} - persistentVolumeClaim: - claimName: {{ oc_name }} - {% endfor %} - {% endfor %} - {% endif %} - {% if (pod.groups is defined) or (pod.run_as is defined) %} - securityContext: - {% if (pod.run_as is defined) %} - {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %} - - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} - {% else %} - - pod.run_as - {% endif %} - {% endif %} - {% if (pod.groups is defined) %} - supplementalGroups: - {% for group in pod.groups %} - {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %} - - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} - {% else %} - - group - {% endif %} - {% endfor %} - {% endif %} - {% endif %} - containers: - {% for img in pod.images %} - {% set imgidx = loop.index %} - - name: {{ img.name | default(pod.name) | default(name) }} - image: {{ img.image }} - imagePullPolicy: Always - ports: - {% if img.ports is defined %} - {% for port in img.ports %} - - containerPort: {{ port }} - {% endfor %} - {% else %} - {% for port in pod.service.ports %} - {% set portmap = (port | string).split('/') %} - - containerPort: {{ (portmap[1] is defined) | ternary(portmap[1], portmap[0]) }} - {% endfor %} - {% endif %} - {% if img.env is defined %} - env: - {% for env_item in img.env %} - {% set env_name = env_item.name %} - {% set env_val = env_item.value %} - {% set env_parts = (env_val | string).split('@') %} - - name: "{{ env_name }}" - {% if env_parts[0] == "secret" %} - {% set env_sec = (env_parts[1] | string).split('/') %} - valueFrom: - secretKeyRef: - name: {{ env_sec[0] }} - key: {{ env_sec[1] }} - {% elif env_parts[0] == "cm" %} - {% set env_cm = (env_parts[1] | string).split('/') %} - valueFrom: - configMapKeyRef: - name: {{ env_cm[0] }} - key: {{ env_cm[1] }} - {% else %} - value: "{{ env_val }}" - {% endif %} - {% endfor %} - {% endif %} - {% if img.mappings is defined %} - volumeMounts: - {% for vol in img.mappings %} - - name: vol-{{imgidx}}-{{loop.index}} - subPath: {{ (((kaas_project_config.volumes | default(kaas_openshift_volumes))[vol.name].path | default("")) ~ "/") | regex_replace('^/','') }}{{ vol.path | default("") }} - mountPath: {{ vol.mount }} - {% endfor %} - {% endif %} - {% if img.probes is defined %} - {% for probe in img.probes %} - {% if (probe.type is undefined) %} - {% set seq = ['livenessProbe', 'readynessProbe'] %} - {% elif (probe.type == "liveness") %} - {% set seq = ['livenessProbe'] %} - {% else %} - {% set seq = ['readynessProbe'] %} - {% endif %} - {% for type in seq %} - {{ type }}: - timeoutSeconds: {{ probe.timeout | default(1) }} - initialDelaySeconds: {{ probe.delay | default(10) }} - {% if (probe.cmd is defined) %} - command: "{{ probe.cmd }}" - {% elif (probe.path is defined) %} - httpGet: - path: {{ probe.path }} - port: {{ probe.port | default(80) }} - {% else %} - tcpSocket: - port: {{ probe.port | default(80) }} - {% endif %} - {% endfor %} - {% endfor %} - {% endif %} - {% endfor %} -{% endfor %} diff --git a/roles/openshift_resource/tasks/main.yml b/roles/openshift_resource/tasks/main.yml index d44d2e0..af071f9 100644 --- a/roles/openshift_resource/tasks/main.yml +++ b/roles/openshift_resource/tasks/main.yml @@ -14,9 +14,9 @@ when: template.find(".json") == -1 - include_tasks: template.yml - when: tmpl.kind == "Template" + when: (tmpl.kind == "Template") and (tmpl.parameters is not defined) - include_tasks: resource.yml - when: tmpl.kind != "Template" + when: (tmpl.parameters is defined) or (tmpl.kind != "Template") run_once: true diff --git a/roles/openshift_resource/tasks/resource.yml b/roles/openshift_resource/tasks/resource.yml index 326abbb..769a89c 100644 --- a/roles/openshift_resource/tasks/resource.yml +++ b/roles/openshift_resource/tasks/resource.yml @@ -5,16 +5,18 @@ - name: Lookup the specified resource command: "oc get -n {{project}} {{rkind}}/{{rname}}" - register: result + register: find_result + changed_when: false failed_when: false - changed_when: (result | failed) - name: Detroy existing resources command: "oc delete -n {{project}} {{rkind}}/{{rname}}" + register: rm_result failed_when: false + changed_when: (rm_result | succeeded) when: (recreate|default(false)) - name: Create resources defined in template command: "oc create -n {{project}} -f '{{ template_path }}/{{ template }}' {{ create_args | default('') }}" - when: (recreate|default(false)) or (result | changed) + when: (recreate|default(false)) or (find_result.rc != 0) run_once: true -- cgit v1.2.3