summaryrefslogtreecommitdiffstats
path: root/roles/openshift_provisioners/tasks/install_efs.yaml
blob: 6e8792446a2c73968438bf5290be50cbd58e6561 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
---
- name: Check efs current replica count
  command: >
    {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get dc provisioners-efs
    -o jsonpath='{.spec.replicas}' -n {{openshift_provisioners_project}}
  register: efs_replica_count
  when: not ansible_check_mode
  ignore_errors: yes
  changed_when: no

- name: Generate efs PersistentVolumeClaim
  template:
    src: pvc.j2
    dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-pvc.yaml"
  vars:
    obj_name: "provisioners-efs"
    size: "1Mi"
    access_modes:
      - "ReadWriteMany"
    pv_selector:
      provisioners-efs: efs
  check_mode: no
  changed_when: no

- name: Generate efs PersistentVolume
  template:
    src: pv.j2
    dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-pv.yaml"
  vars:
    obj_name: "provisioners-efs"
    size: "1Mi"
    access_modes:
      - "ReadWriteMany"
    labels:
      provisioners-efs: efs
    volume_plugin: "nfs"
    volume_source:
      - {key: "server", value: "{{openshift_provisioners_efs_fsid}}.efs.{{openshift_provisioners_efs_region}}.amazonaws.com"}
      - {key: "path", value: "{{openshift_provisioners_efs_path}}"}
    claim_name: "provisioners-efs"
  check_mode: no
  changed_when: no

- name: Generate efs DeploymentConfig
  template:
    src: efs.j2
    dest: "{{ mktemp.stdout }}/templates/{{deploy_name}}-dc.yaml"
  vars:
    name: efs
    deploy_name: "provisioners-efs"
    deploy_serviceAccount: "provisioners-efs"
    replica_count: "{{efs_replica_count.stdout | default(0)}}"
    node_selector: "{{openshift_provisioners_efs_nodeselector | default('') }}"
    claim_name: "provisioners-efs"
  check_mode: no
  changed_when: false

# anyuid in order to run as root & chgrp shares with allocated gids
- name: "Check efs anyuid permissions"
  command: >
    {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
    get scc/anyuid -o jsonpath='{.users}'
  register: efs_anyuid
  check_mode: no
  changed_when: no

- name: "Set anyuid permissions for efs"
  command: >
    {{ openshift.common.admin_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig policy
    add-scc-to-user anyuid system:serviceaccount:{{openshift_provisioners_project}}:provisioners-efs
  register: efs_output
  failed_when: efs_output.rc == 1 and 'exists' not in efs_output.stderr
  check_mode: no
  when: efs_anyuid.stdout.find("system:serviceaccount:" + openshift_provisioners_project + ":provisioners-efs") == -1