From 81b6c8aea3b4b7341a3132ac3574f8950049ac2d Mon Sep 17 00:00:00 2001 From: Sebastian Sch Date: Thu, 10 Jan 2019 17:10:58 +0200 Subject: [PATCH] Fix cdi to provision and deprovision --- roles/cdi/tasks/deprovision.yml | 46 +++++--- roles/cdi/tasks/provision.yml | 51 +++++---- .../templates/cdi-controller-deployment.yml | 105 ------------------ roles/kubevirt/tasks/provision.yml | 5 +- 4 files changed, 59 insertions(+), 148 deletions(-) delete mode 100644 roles/cdi/templates/cdi-controller-deployment.yml diff --git a/roles/cdi/tasks/deprovision.yml b/roles/cdi/tasks/deprovision.yml index 5b8a8b408..3ee21ff92 100644 --- a/roles/cdi/tasks/deprovision.yml +++ b/roles/cdi/tasks/deprovision.yml @@ -7,28 +7,40 @@ - name: Delete {{ cdi_namespace }} ResourceQuota command: kubectl delete -f /tmp/cdi-deprovision-resourcequota.yml -n {{ cdi_namespace }} --ignore-not-found -- name: Check that cdi-provision.yml still exists in /tmp +- name: Check that cdi-controller.yaml still exists in /tmp stat: - path: "/tmp/cdi-provision.yml" + path: "/tmp/cdi-controller.yaml" register: cdi_template -- name: Check for cdi-controller.yml.j2 template in {{ cdi_template_dir }} - stat: - path: "{{ cdi_template_dir }}/cdi-controller.yaml.j2" - register: byo_template - when: cdi_template.stat.exists == False +- name: Get cdi-controller.yaml + block: + - name: Check for cdi-controller.yaml.j2 template in {{ cdi_template_dir }} + stat: + path: "{{ cdi_template_dir }}/cdi-controller.yaml.j2" + register: byo_template -- name: Download CDI Template - get_url: - url: "{{ cdi_release_manifest_url }}/{{ release_tag }}/cdi-controller.yaml.j2" - dest: "{{ cdi_template_dir }}/cdi-controller.yaml.j2" - when: (cdi_template.stat.exists == False) and (byo_template.stat.exists == False) + - name: Render CDI deprovision yaml + template: + src: "cdi-controller.yaml.j2" + dest: "/tmp/cdi-controller.yaml" + when: byo_template.stat.exists == true -- name: Render CDI deprovision yaml - template: - src: "cdi-controller.yaml.j2" - dest: "/tmp/cdi-deprovision.yml" + - name: Download and render cdi-controller.yaml from {{ cdi_release_manifest_url }} + block: + - name: Download CDI Template + get_url: + url: "{{ cdi_release_manifest_url }}/{{ release_tag }}/cdi-controller.yaml.j2" + dest: "/tmp/cdi-controller.yaml.j2" + + - name: Render CDI deprovision yaml + template: + src: "/tmp/cdi-controller.yaml.j2" + dest: "/tmp/cdi-controller.yaml" + + when: byo_template.stat.exists == false + + when: cdi_template.stat.exists == false - name: Delete CDI Resources - command: kubectl delete -f /tmp/cdi-deprovision.yml -n {{ cdi_namespace }} --ignore-not-found + command: kubectl delete -f /tmp/cdi-controller.yaml -n {{ cdi_namespace }} --ignore-not-found diff --git a/roles/cdi/tasks/provision.yml b/roles/cdi/tasks/provision.yml index 176ed6b50..1e6f386e5 100644 --- a/roles/cdi/tasks/provision.yml +++ b/roles/cdi/tasks/provision.yml @@ -1,17 +1,18 @@ --- # CDI Deployment - name: Check if namespace {{ cdi_namespace }} exists - shell: "{{ cluster_command }} get ns | grep -w {{ cdi_namespace }} | awk '{ print $1 }'" + shell: "{{ cluster_command }} get ns {{ cdi_namespace }}" + ignore_errors: yes register: ns - name: Create {{ cdi_namespace }} namespace using kubectl shell: kubectl create namespace {{ cdi_namespace }} - when: ns.stdout != cdi_namespace + when: ns.rc != 0 and platform == "kubernetes" - name: Create {{ cdi_namespace }} namespace using oc shell: oc new-project {{ cdi_namespace }} - when: ns.stdout != cdi_namespace + when: ns.rc != 0 and platform == "openshift" - name: Render {{ cdi_namespace }} ResourceQuota deployment yaml @@ -27,32 +28,34 @@ path: "{{ cdi_template_dir }}/cdi-controller.yaml.j2" register: byo_template -- name: Check for cdi-controller.yaml.j2 version v{{ version }} in {{ cdi_offline_template_dir }} - stat: - path: "{{ cdi_offline_template_dir }}/v{{ version }}/cdi-controller.yaml.j2" - register: offline_templates - when: byo_template.stat.exists == False +- name: Render CDI deployment yaml from template in {{ cdi_template_dir }} + template: + src: "cdi-controller.yaml.j2" + dest: "/tmp/cdi-controller.yml" + when: byo_template.stat.exists == true -- name: Download CDI Template - get_url: - url: "{{ cdi_release_manifest_url }}/{{ release_tag }}/cdi-controller.yaml.j2" - dest: "{{ cdi_template_dir }}/cdi-controller.yaml.j2" - when: byo_template.stat.exists == False and offline_templates.stat.exists == False +- name: Get CDI from {{ cdi_release_manifest_url }} + block: + - name: Check for cdi-controller.yaml.j2 template in /tmp + stat: + path: "/tmp/cdi-controller.yaml.j2" + register: downloaded_template -- name: Render offline template - template: - src: "{{ cdi_offline_template_dir }}/v{{ version }}/cdi-controller.yaml.j2" - dest: "/tmp/cdi-provision.yaml" - when: (offline_templates is not skipped) and (offline_templates.stat.exists == True) + - name: Download CDI Template + get_url: + url: "{{ cdi_release_manifest_url }}/{{ release_tag }}/cdi-controller.yaml.j2" + dest: "/tmp/cdi-controller.yaml.j2" + when: downloaded_template.stat.exists == false -- name: Render CDI deployment yaml - template: - src: "cdi-controller.yaml.j2" - dest: "/tmp/cdi-provision.yml" - when: (offline_templates is skipped) or (offline_templates.stat.exists == False) + - name: Render CDI deployment yaml + template: + src: "/tmp/cdi-controller.yaml.j2" + dest: "/tmp/cdi-controller.yaml" + + when: byo_template.stat.exists == false - name: Create CDI deployment - command: "{{ cluster_command }} apply -f /tmp/cdi-provision.yml" + command: "{{ cluster_command }} apply -f /tmp/cdi-controller.yaml" - name: Enable privileged containers in the security context command: "oc adm policy add-scc-to-user privileged -z cdi-sa -n {{ cdi_namespace }}" diff --git a/roles/cdi/templates/cdi-controller-deployment.yml b/roles/cdi/templates/cdi-controller-deployment.yml deleted file mode 100644 index 6c8c07a59..000000000 --- a/roles/cdi/templates/cdi-controller-deployment.yml +++ /dev/null @@ -1,105 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - name: cdi-sa - namespace: {{ cdi_namespace }} - labels: - cdi.kubevirt.io: "" ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: cdi - namespace: {{ cdi_namespace }} - labels: - cdi.kubevirt.io: "" -rules: -- apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] -- apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "create", "update", "patch"] -- apiGroups: [""] - resources: ["persistentvolumeclaims/finalizers"] - verbs: ["update"] -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "create", "delete"] -- apiGroups: [""] - resources: ["pods/finalizers"] - verbs: ["update"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create"] -- apiGroups: ["cdi.kubevirt.io"] - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: cdi-sa - namespace: {{ cdi_namespace }} - labels: - cdi.kubevirt.io: "" -roleRef: - kind: ClusterRole - name: cdi - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: cdi-sa - namespace: {{ cdi_namespace }} ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: cdi-deployment - namespace: {{ cdi_namespace }} - labels: - cdi.kubevirt.io: "" - app: containerized-data-importer -spec: - selector: - matchLabels: - app: containerized-data-importer - replicas: 1 - template: - metadata: - labels: - app: containerized-data-importer - spec: - serviceAccountName: cdi-sa - containers: - - name: cdi-controller - image: {{ repo_tag }}/{{ controller_image }}:{{ release_tag }} - imagePullPolicy: IfNotPresent - args: ["-v=1"] # default verbosity; change to 2 or 3 for more detailed logging - env: - - name: IMPORTER_IMAGE - value: {{ repo_tag }}/{{ importer_image }}:{{ release_tag }} - - name: CLONER_IMAGE - value: {{ repo_tag }}/{{ cloner_image }}:{{ release_tag }} - - name: PULL_POLICY - value: IfNotPresent ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - cdi.kubevirt.io: "" - name: datavolumes.cdi.kubevirt.io -spec: - group: cdi.kubevirt.io - names: - kind: DataVolume - plural: datavolumes - shortNames: - - dv - - dvs - singular: datavolume - scope: Namespaced - version: v1alpha1 diff --git a/roles/kubevirt/tasks/provision.yml b/roles/kubevirt/tasks/provision.yml index 283fa5f70..b7a0e9ca6 100644 --- a/roles/kubevirt/tasks/provision.yml +++ b/roles/kubevirt/tasks/provision.yml @@ -1,11 +1,12 @@ --- - name: Check if {{ namespace }} exists - shell: "{{ cluster_command }} get ns | grep -w {{ namespace }} | awk '{ print $1 }'" + shell: "{{ cluster_command }} get ns {{ namespace }}" + ignore_errors: yes register: ns - name: Create {{ namespace }} namespace shell: "{{ cluster_command }} create namespace {{ namespace }}" - when: ns.stdout != namespace + when: ns.rc != 0 - name: Add Privileged Policy command: "oc adm policy add-scc-to-user privileged -z {{ item }} -n {{ namespace }}"