diff options
| author | Michael Gugino <mgugino@redhat.com> | 2017-08-31 18:01:56 -0400 |
|---|---|---|
| committer | Michael Gugino <mgugino@redhat.com> | 2017-09-25 09:40:01 -0400 |
| commit | 82d61ae9e23c2ae1f722ed3b458a6e39721e71fd (patch) | |
| tree | 54b79f1033aa3d210597e285e1346239ce7fad86 /roles/openshift_hosted/tasks/storage | |
| parent | c390d382a2c1783964179490eec810ee2206fa32 (diff) | |
| download | openshift-82d61ae9e23c2ae1f722ed3b458a6e39721e71fd.tar.gz openshift-82d61ae9e23c2ae1f722ed3b458a6e39721e71fd.tar.bz2 openshift-82d61ae9e23c2ae1f722ed3b458a6e39721e71fd.tar.xz openshift-82d61ae9e23c2ae1f722ed3b458a6e39721e71fd.zip | |
Refactor openshift_hosted plays and role
Currently, openshift_hosted role duplicates some logic
across separate task chains. This commit cleans up
the openshift_hosted role and converts it to be
primarily used with include_role to give better
logic to the playbooks that utilize this role.
This commit also refactors the playbook that calls
various openshift_hosted roles into individual playbooks.
This allows more granularity for advanced users.
Diffstat (limited to 'roles/openshift_hosted/tasks/storage')
4 files changed, 187 insertions, 0 deletions
diff --git a/roles/openshift_hosted/tasks/storage/glusterfs.yml b/roles/openshift_hosted/tasks/storage/glusterfs.yml new file mode 100644 index 000000000..c2954fde1 --- /dev/null +++ b/roles/openshift_hosted/tasks/storage/glusterfs.yml @@ -0,0 +1,92 @@ +--- +- name: Get registry DeploymentConfig + oc_obj: + namespace: "{{ openshift_hosted_registry_namespace }}" + state: list + kind: dc + name: "{{ openshift_hosted_registry_name }}" + register: registry_dc + +- name: Wait for registry pods + oc_obj: + namespace: "{{ openshift_hosted_registry_namespace }}" + state: list + kind: pod + selector: "{% for label, value in registry_dc.results.results[0].spec.selector.iteritems() %}{{ label }}={{ value }}{% if not loop.last %},{% endif %}{% endfor %}" + register: registry_pods + until: + - "registry_pods.results.results[0]['items'] | count > 0" + # There must be as many matching pods with 'Ready' status True as there are expected replicas + - "registry_pods.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == openshift_hosted_registry_replicas | int" + delay: 10 + retries: "{{ (600 / 10) | int }}" + +- name: Determine registry fsGroup + set_fact: + openshift_hosted_registry_fsgroup: "{{ registry_pods.results.results[0]['items'][0].spec.securityContext.fsGroup }}" + +- name: Create temp mount directory + command: mktemp -d /tmp/openshift-glusterfs-registry-XXXXXX + register: mktemp + changed_when: False + check_mode: no + +- name: Mount registry volume + mount: + state: mounted + fstype: glusterfs + src: "{% if 'glusterfs_registry' in groups %}{% set node = groups.glusterfs_registry[0] %}{% else %}{% set node = groups.glusterfs[0] %}{% endif %}{% if 'glusterfs_hostname' in hostvars[node] %}{{ hostvars[node].glusterfs_hostname }}{% elif 'openshift' in hostvars[node] %}{{ hostvars[node].openshift.node.nodename }}{% else %}{{ node }}{% endif %}:/{{ openshift.hosted.registry.storage.glusterfs.path }}" + name: "{{ mktemp.stdout }}" + +- name: Set registry volume permissions + file: + dest: "{{ mktemp.stdout }}" + state: directory + group: "{{ openshift_hosted_registry_fsgroup }}" + mode: "2775" + recurse: True + +- block: + - name: Activate registry maintenance mode + oc_env: + namespace: "{{ openshift_hosted_registry_namespace }}" + name: "{{ openshift_hosted_registry_name }}" + env_vars: + - REGISTRY_STORAGE_MAINTENANCE_READONLY_ENABLED: 'true' + + - name: Get first registry pod name + set_fact: + registry_pod_name: "{{ registry_pods.results.results[0]['items'][0].metadata.name }}" + + - name: Copy current registry contents to new GlusterFS volume + command: "oc rsync {{ registry_pod_name }}:/registry/ {{ mktemp.stdout }}/" + when: openshift.hosted.registry.storage.glusterfs.swapcopy + + - name: Swap new GlusterFS registry volume + oc_volume: + namespace: "{{ openshift_hosted_registry_namespace }}" + name: "{{ openshift_hosted_registry_name }}" + vol_name: registry-storage + mount_type: pvc + claim_name: "{{ openshift.hosted.registry.storage.volume.name }}-glusterfs-claim" + + - name: Deactivate registry maintenance mode + oc_env: + namespace: "{{ openshift_hosted_registry_namespace }}" + name: "{{ openshift_hosted_registry_name }}" + state: absent + env_vars: + - REGISTRY_STORAGE_MAINTENANCE_READONLY_ENABLED: 'true' + when: openshift.hosted.registry.storage.glusterfs.swap + +- name: Unmount registry volume + mount: + state: unmounted + name: "{{ mktemp.stdout }}" + +- name: Delete temp mount directory + file: + dest: "{{ mktemp.stdout }}" + state: absent + changed_when: False + check_mode: no diff --git a/roles/openshift_hosted/tasks/storage/object_storage.yml b/roles/openshift_hosted/tasks/storage/object_storage.yml new file mode 100644 index 000000000..8553a8098 --- /dev/null +++ b/roles/openshift_hosted/tasks/storage/object_storage.yml @@ -0,0 +1,49 @@ +--- +- include: s3.yml + when: openshift.hosted.registry.storage.provider == 's3' + +- name: Ensure the registry secret exists + oc_secret: + name: "{{ registry_config_secret_name }}" + state: present + contents: + - path: /tmp/config.yml + data: "{{ lookup('template', 'registry_config.j2') }}" + register: registry_config_out + when: openshift_hosted_registry_storage_gcs_keyfile is not defined + +- name: Ensure the registry secret exists for GCS + oc_secret: + name: "{{ registry_config_secret_name }}" + state: present + contents: + - path: /tmp/config.yml + data: "{{ lookup('template', 'registry_config.j2') }}" + - path: /tmp/gcs.json + data: "{{ lookup('file', openshift_hosted_registry_storage_gcs_keyfile) | string }}" + register: registry_config_out + when: openshift_hosted_registry_storage_gcs_keyfile is defined + +- name: Add secrets to registry service account + oc_serviceaccount_secret: + service_account: registry + secret: "{{ registry_config_secret_name }}" + namespace: "{{ openshift_hosted_registry_namespace }}" + state: present + register: svcac + +- name: Set facts for registry object storage + set_fact: + registry_obj_storage_volume_mounts: + - name: docker-config + path: /etc/registry + type: secret + secret_name: "{{ registry_config_secret_name }}" + registry_obj_storage_env_vars: + REGISTRY_CONFIGURATION_PATH: /etc/registry/config.yml + +- name: Update openshift_hosted registry facts for storage + set_fact: + openshift_hosted_registry_volumes: "{{ openshift_hosted_registry_volumes | union(registry_obj_storage_volume_mounts) }}" + openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine(registry_obj_storage_env_vars) }}" + openshift_hosted_registry_force: "{{ openshift_hosted_registry_force | union([registry_config_out.changed]) | union([svcac.changed]) }}" diff --git a/roles/openshift_hosted/tasks/storage/registry_config.j2 b/roles/openshift_hosted/tasks/storage/registry_config.j2 new file mode 120000 index 000000000..f3e82ad4f --- /dev/null +++ b/roles/openshift_hosted/tasks/storage/registry_config.j2 @@ -0,0 +1 @@ +../../../templates/registry_config.j2
\ No newline at end of file diff --git a/roles/openshift_hosted/tasks/storage/s3.yml b/roles/openshift_hosted/tasks/storage/s3.yml new file mode 100644 index 000000000..8e905d905 --- /dev/null +++ b/roles/openshift_hosted/tasks/storage/s3.yml @@ -0,0 +1,45 @@ +--- +- name: Assert that S3 variables are provided for registry_config template + assert: + that: + - openshift.hosted.registry.storage.s3.bucket | default(none) is not none + - openshift.hosted.registry.storage.s3.bucket | default(none) is not none + msg: | + When using S3 storage, the following variables are required: + openshift_hosted_registry_storage_s3_bucket + openshift_hosted_registry_storage_s3_region + +- name: If cloudfront is being used, assert that we have all the required variables + assert: + that: + - "openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile | default(none) is not none" + - "openshift_hosted_registry_storage_s3_cloudfront_keypairid | default(none) is not none" + msg: | + When openshift_hosted_registry_storage_s3_cloudfront_baseurl is provided + openshift_hosted_registry_storage_s3_cloudfront_keypairid and + openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile are required + when: openshift_hosted_registry_storage_s3_cloudfront_baseurl is defined + +# Inject the cloudfront private key as a secret when required +- block: + + - name: Create registry secret for cloudfront + oc_secret: + state: present + namespace: "{{ openshift_hosted_registry_namespace }}" + name: docker-registry-s3-cloudfront + contents: + - path: cloudfront.pem + data: "{{ lookup('file', openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile) }}" + + - name: Append cloudfront secret registry volume to openshift_hosted_registry_volumes + set_fact: + openshift_hosted_registry_volumes: "{{ openshift_hosted_registry_volumes | union(s3_volume_mount) }}" + vars: + s3_volume_mount: + - name: cloudfront-vol + path: /etc/origin + type: secret + secret_name: docker-registry-s3-cloudfront + + when: openshift_hosted_registry_storage_s3_cloudfront_baseurl | default(none) is not none |