[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to do a flexvolume with ocp 4?



Hi Marc,

This would be more complicated on OpenShift 4/RHEL CoreOS but I think doable. First thing is to check whether cifs and IdM packages are available on CoreOS (you can use oc debug to get a shell on a node and rpm/yum). CoreOS nodes become tainted when you ssh into it, so I guess using ansible to manage their configs is ruled out.

If they are, you can inject configuration files (such as a keytab) into CoreOs hosts using MachineConfigs or some other resource from the Machine API.

If they are not, you'll need a privileged container to work as the cifs client. It would be managed my a DaemonSet and probably require a custom SCC to grant it the necessary rights, but it is doable to have a container that loads kernel modules into the host and etc.

Ideally, all of this would be packaged as an operator.

I am good at throwing ideas, but implementing this stuff is far beyond my current knowledge level. Maybe it is is not that hard.

[]s, Fernando Lozano


On Fri, Jun 14, 2019 at 10:48 AM Marc Boorshtein <mboorshtein gmail com> wrote:

On Thu, Jun 13, 2019 at 7:00 PM Hemant Kumar <hekumar redhat com> wrote:
Yes they are. The only catch is - getting them to work in control-plane is more difficult, but since your flexvolume plugin worked in 3.11 where controller-manager is already conainerized, it may not be so for your particular use case.

[DC]: if you don't mind, curious to understand why you think in v4 is harder to get it working with the control-plane? 


The flexvolume is for cifs and in order to work needs to:

1.  Have the cifs packages installed
2.  Have the user's kerberos keytab available (we're not allowed to use usernames and passwords)

on 3.11 we're managing this with a combination of FreeIPA (every node is a member of the ipa domain), Ansible and OpenUnison.  Given 4.x's reliance on a container os (RHCOS or FCOS) my assumption was this wouldn't work anymore.  Is that assumption wrong?

Thanks 
 
_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]