Handling GlusterFS storage security in OpenShift containers

3 files changed, 25 insertions, 5 deletions

diff --git a/playbooks/ands-setup-vm.yml b/playbooks/ands-setup-vm.yml
deleted file mode 100644
index d97916d..0000000
--- a/playbooks/ands-setup-vm.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Common setup procedures
-  hosts: vagrant
-  roles:
-    - role: ands_vagrant_vm
-
diff --git a/playbooks/openshift-setup-projects.yml b/playbooks/openshift-setup-projects.yml
index a8af9c1..cc36498 100644
--- a/playbooks/openshift-setup-projects.yml
+++ b/playbooks/openshift-setup-projects.yml
@@ -15,6 +15,7 @@
   hosts: masters
   roles:
     - { role: ands_openshift, subrole: users }
+    - { role: ands_openshift, subrole: security }
     - { role: ands_openshift, subrole: storage }
     - { role: ands_kaas }
   vars:
diff --git a/playbooks/openshift-setup-security.yml b/playbooks/openshift-setup-security.yml
new file mode 100644
index 0000000..6c85602
--- /dev/null
+++ b/playbooks/openshift-setup-security.yml
@@ -0,0 +1,24 @@
+- name: Configure users
+  hosts: masters
+  roles:
+    - { role: ands_facts }
+
+
+- name: Temporary provision /etc/hosts with Masters IP.
+  hosts: nodes:!masters
+  tasks:
+    - lineinfile: dest="/etc/hosts" line="{{ ands_openshift_network | ipaddr(node_id) | ipaddr('address') }} {{ ands_openshift_lb }}" regexp=".*{{ ands_openshift_lb }}$" state="present"
+      when: (ands_provision_without_dns | default(false))
+  vars:
+    node_id: "{{ hostvars[groups['masters'][0]]['ands_host_id'] }}"
+
+- name: Configure security
+  hosts: masters
+  roles:
+    - { role: ands_openshift, subrole: security }
+
+- name: Remove temporary entries in /etc/hosts
+  hosts: nodes:!masters
+  tasks:
+    - lineinfile: dest="/etc/hosts" regexp=".*{{ ands_openshift_lb }}$" state="absent"
+      when: (ands_provision_without_dns | default(false))