From e4751f88e52aa8e89e4c94bc6fe4c3346eccf6fe Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Tue, 20 Feb 2018 15:10:45 +0100 Subject: Handling GlusterFS storage security in OpenShift containers --- setup/configs/openshift.yml | 3 ++- setup/configs/security.yml | 21 +++++++++++++++++++++ setup/configs/volumes.yml | 13 +++++++++---- 3 files changed, 32 insertions(+), 5 deletions(-) create mode 100644 setup/configs/security.yml (limited to 'setup/configs') diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml index 6b9995c..e2a2d6d 100644 --- a/setup/configs/openshift.yml +++ b/setup/configs/openshift.yml @@ -2,7 +2,8 @@ ands_openshift_projects: katrin: KArlsruhe TRItium Neutrino adei: ADEI - + +# test: Tesing ands_openshift_users: pdv: IPE Administation Account diff --git a/setup/configs/security.yml b/setup/configs/security.yml new file mode 100644 index 0000000..413f57e --- /dev/null +++ b/setup/configs/security.yml @@ -0,0 +1,21 @@ +ands_openshift_gid_mode: +# adei: "RunAsAny" + ands_default: "MustRunAs" + +#ands_openshift_uid_mode: +# ands_default: "MustRunAsRange" + +#ands_openshift_uid_ranges: + +ands_openshift_gid_ranges: + katrin: "5000/10" + adei: "5010/10" + +ands_openshift_uids: + kaas: { id: 6000 } + +ands_openshift_gids: + kaas: { id: 6000 } + +ands_default_file_group: root +ands_default_file_owner: root diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml index d0ba063..d93f177 100644 --- a/setup/configs/volumes.yml +++ b/setup/configs/volumes.yml @@ -3,6 +3,8 @@ ands_paths: provision: /mnt/provision openshift: /mnt/openshift temporary: /mnt/temporary + databases: /mnt/databases + katrin_data: /mnt/katrin ands_heketi_domain: servers: "storage_nodes" @@ -14,11 +16,15 @@ ands_storage_domains: clients: "masters" volumes: provision: { type: "cfg", mount: "{{ ands_paths.provision }}" } - - servers: "storage_nodes" - clients: "nodes" - volumes: openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } + databases: { type: "db", mount: "{{ ands_paths.databases }}" } temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } + katrin_data: { type: "data", mount: "{{ ands_paths.katrin_data }}" } +# - servers: "storage_nodes" +# clients: "nodes" +# openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } +# temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } +# volumes: # - ovirt: # - pdv: @@ -31,7 +37,6 @@ ands_openshift_volumes: log: { volume: "temporary", path: "/log", write: true} tmp: { volume: "temporary", path: "/tmp", write: true} - # Global list, we only take things from the volume of project ands_openshift_files: - { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" } -- cgit v1.2.3