Page MenuHomePhabricator
Paste P11086

rewrite-psp-preset.sh
ActivePublic
Actions

Authored by Bstorm on Apr 29 2020, 6:56 PM.
Tags
None
Referenced Files
F31787317: raw.txt
Apr 29 2020, 10:15 PM
F31787185: raw.txt
Apr 29 2020, 7:34 PM
F31787182: raw.txt
Apr 29 2020, 7:29 PM
F31787165: raw.txt
Apr 29 2020, 7:25 PM
F31787157: raw.txt
Apr 29 2020, 7:13 PM
F31787126: raw.txt
Apr 29 2020, 6:56 PM
Subscribers
None
#!/bin/bash
# Run this script with your root/cluster admin account as appropriate.
# This will fix the dumps mounts for all existing tools.
set -Eeuo pipefail
function check-ns(){
ns=$1
preset=$(kubectl -n "$ns" get podpresets mount-toolforge-vols -o yaml)
if [[ $preset =~ ^.*/mnt/nfs/.*$ ]]
then
return 1
else
return 0
fi
}
declare -a namespaces
readarray -t namespaces < <(kubectl get ns -l tenancy=tool --no-headers=true -o custom-columns=:metadata.name)
for ns in "${namespaces[@]}"
do
echo "Starting for $ns"
if check-ns "$ns"; then
echo "Deleting preset for $ns"
kubectl -n "$ns" delete podpresets mount-toolforge-vols
cat <<EOF | kubectl apply -f -
apiVersion: settings.k8s.io/v1alpha1
kind: PodPreset
metadata:
name: mount-toolforge-vols
namespace: $ns
spec:
env:
- name: HOME
value: /data/project/${ns:5}
selector:
matchLabels:
toolforge: tool
volumeMounts:
- mountPath: /public/dumps
name: dumps
readOnly: true
- mountPath: /mnt/nfs/dumps-labstore1007.wikimedia.org
name: dumpsrc1
readOnly: true
- mountPath: /mnt/nfs/dumps-labstore1006.wikimedia.org
name: dumpsrc2
readOnly: true
- mountPath: /data/project
name: home
- mountPath: /etc/wmcs-project
name: wmcs-project
readOnly: true
- mountPath: /data/scratch
name: scratch
- mountPath: /etc/ldap.conf
name: etcldap-conf
readOnly: true
- mountPath: /etc/ldap.yaml
name: etcldap-yaml
readOnly: true
- mountPath: /etc/novaobserver.yaml
name: etcnovaobserver-yaml
readOnly: true
- mountPath: /var/lib/sss/pipes
name: sssd-pipes
volumes:
- hostPath:
path: /public/dumps
type: Directory
name: dumps
- hostPath:
path: /mnt/nfs/dumps-labstore1007.wikimedia.org
type: Directory
name: dumpsrc1
- hostPath:
path: /mnt/nfs/dumps-labstore1006.wikimedia.org
type: Directory
name: dumpsrc2
- hostPath:
path: /data/project
type: Directory
name: home
- hostPath:
path: /etc/wmcs-project
type: File
name: wmcs-project
- hostPath:
path: /data/scratch
type: Directory
name: scratch
- hostPath:
path: /etc/ldap.conf
type: File
name: etcldap-conf
- hostPath:
path: /etc/ldap.yaml
type: File
name: etcldap-yaml
- hostPath:
path: /etc/novaobserver.yaml
type: File
name: etcnovaobserver-yaml
- hostPath:
path: /var/lib/sss/pipes
type: Directory
name: sssd-pipes
EOF
echo "created new preset for $ns"
else
echo "skipping $ns preset -- already updated"
fi
kubectl patch psp "${ns}-psp" --patch '{"spec":{"allowedHostPaths":[{"pathPrefix":"/var/lib/sss/pipes"},{"pathPrefix":"/data/project"},{"pathPrefix":"/data/scratch"},{"pathPrefix":"/public/dumps","readOnly":true},{"pathPrefix":"/mnt/nfs","readOnly":true},{"pathPrefix":"/etc/wmcs-project","readOnly":true},{"pathPrefix":"/etc/ldap.yaml","readOnly":true},{"pathPrefix":"/etc/novaobserver.yaml","readOnly":true},{"pathPrefix":"/etc/ldap.conf","readOnly":true}]}}'
echo "Finished $ns"
done
echo "*********************"
echo "Done!"
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits