Merge "Add options auth.allow and auth.reject to all glusterfs volumes"
diff --git a/defaults/glusterfs.yml b/defaults/glusterfs.yml
new file mode 100644
index 0000000..72a68da
--- /dev/null
+++ b/defaults/glusterfs.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ glusterfs_allow_ips: '*'
+ glusterfs_reject_ips: none
diff --git a/defaults/init.yml b/defaults/init.yml
index 72ca17c..2683f28 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -10,6 +10,7 @@
- system.defaults.linux_system_file
- system.defaults.backupninja
- system.defaults.git
+- system.defaults.glusterfs
- system.defaults.jenkins
- system.defaults.postgresql
- system.defaults.maas
diff --git a/glusterfs/server/volume/aptly.yml b/glusterfs/server/volume/aptly.yml
index 9c9e518..095ed8e 100644
--- a/glusterfs/server/volume/aptly.yml
+++ b/glusterfs/server/volume/aptly.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/aptly
- ${_param:cluster_node03_address}:/srv/glusterfs/aptly
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/artifactory.yml b/glusterfs/server/volume/artifactory.yml
index f70d2f0..c903d5f 100644
--- a/glusterfs/server/volume/artifactory.yml
+++ b/glusterfs/server/volume/artifactory.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/artifactory
- ${_param:cluster_node03_address}:/srv/glusterfs/artifactory
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/backup.yml b/glusterfs/server/volume/backup.yml
index 22e59e2..3c86bb0 100644
--- a/glusterfs/server/volume/backup.yml
+++ b/glusterfs/server/volume/backup.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/backup
- ${_param:cluster_node03_address}:/srv/glusterfs/backup
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/decapod.yml b/glusterfs/server/volume/decapod.yml
index e8f4c99..9a39eaa 100644
--- a/glusterfs/server/volume/decapod.yml
+++ b/glusterfs/server/volume/decapod.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/decapod
- ${_param:cluster_node03_address}:/srv/glusterfs/decapod
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/devops_portal.yml b/glusterfs/server/volume/devops_portal.yml
index a2f00ba..e2116cb 100644
--- a/glusterfs/server/volume/devops_portal.yml
+++ b/glusterfs/server/volume/devops_portal.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/devops_portal
- ${_param:cluster_node03_address}:/srv/glusterfs/devops_portal
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/elasticsearch.yml b/glusterfs/server/volume/elasticsearch.yml
index 65cf76e..e66a388 100644
--- a/glusterfs/server/volume/elasticsearch.yml
+++ b/glusterfs/server/volume/elasticsearch.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/elasticsearch
- ${_param:cluster_node03_address}:/srv/glusterfs/elasticsearch
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/etcd.yml b/glusterfs/server/volume/etcd.yml
index 874119e..6300593 100644
--- a/glusterfs/server/volume/etcd.yml
+++ b/glusterfs/server/volume/etcd.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/etcd
- ${_param:cluster_node03_address}:/srv/glusterfs/etcd
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/gerrit.yml b/glusterfs/server/volume/gerrit.yml
index 3348306..b3b036a 100644
--- a/glusterfs/server/volume/gerrit.yml
+++ b/glusterfs/server/volume/gerrit.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/gerrit
- ${_param:cluster_node03_address}:/srv/glusterfs/gerrit
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 1000
storage.owner-uid: 1000
cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/glance.yml b/glusterfs/server/volume/glance.yml
index d0dfdf1..38a571e 100644
--- a/glusterfs/server/volume/glance.yml
+++ b/glusterfs/server/volume/glance.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/glance
- ${_param:cluster_node03_address}:/srv/glusterfs/glance
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/gnocchi.yml b/glusterfs/server/volume/gnocchi.yml
index f8f5b6a..1d4ce62 100644
--- a/glusterfs/server/volume/gnocchi.yml
+++ b/glusterfs/server/volume/gnocchi.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/gnocchi
- ${_param:cluster_node03_address}:/srv/glusterfs/gnocchi
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/influxdb.yml b/glusterfs/server/volume/influxdb.yml
index 9a75a2f..5f56d0b 100644
--- a/glusterfs/server/volume/influxdb.yml
+++ b/glusterfs/server/volume/influxdb.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/influxdb
- ${_param:cluster_node03_address}:/srv/glusterfs/influxdb
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/jenkins.yml b/glusterfs/server/volume/jenkins.yml
index 38a341b..e17cdb5 100644
--- a/glusterfs/server/volume/jenkins.yml
+++ b/glusterfs/server/volume/jenkins.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/jenkins
- ${_param:cluster_node03_address}:/srv/glusterfs/jenkins
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 1000
storage.owner-uid: 1000
cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/jenkins_slave_multi.yml b/glusterfs/server/volume/jenkins_slave_multi.yml
index d926dfc..5d2e70a 100644
--- a/glusterfs/server/volume/jenkins_slave_multi.yml
+++ b/glusterfs/server/volume/jenkins_slave_multi.yml
@@ -12,6 +12,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave02
- ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave02
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 10000
storage.owner-uid: 10000
cluster.readdir-optimize: On
@@ -28,6 +30,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave03
- ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave03
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 10000
storage.owner-uid: 10000
cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/jenkins_slave_single.yml b/glusterfs/server/volume/jenkins_slave_single.yml
index 7056240..e9420b3 100644
--- a/glusterfs/server/volume/jenkins_slave_single.yml
+++ b/glusterfs/server/volume/jenkins_slave_single.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/jenkins_slaves/slave01
- ${_param:cluster_node03_address}:/srv/glusterfs/jenkins_slaves/slave01
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 10000
storage.owner-uid: 10000
cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/keycloak.yml b/glusterfs/server/volume/keycloak.yml
index c8c71f0..b22d2c3 100644
--- a/glusterfs/server/volume/keycloak.yml
+++ b/glusterfs/server/volume/keycloak.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/keycloak
- ${_param:cluster_node03_address}:/srv/glusterfs/keycloak
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/keystone.yml b/glusterfs/server/volume/keystone.yml
index 81e14be..e549180 100644
--- a/glusterfs/server/volume/keystone.yml
+++ b/glusterfs/server/volume/keystone.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/keystone-keys
- ${_param:cluster_node03_address}:/srv/glusterfs/keystone-keys
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
@@ -24,6 +26,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/keystone-credential-keys
- ${_param:cluster_node03_address}:/srv/glusterfs/keystone-credential-keys
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/kqueen.yml b/glusterfs/server/volume/kqueen.yml
index 0d09c51..091a93c 100644
--- a/glusterfs/server/volume/kqueen.yml
+++ b/glusterfs/server/volume/kqueen.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/kqueen
- ${_param:cluster_node03_address}:/srv/glusterfs/kqueen
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/mongodb.yml b/glusterfs/server/volume/mongodb.yml
index f694ad7..0cb3a8e 100644
--- a/glusterfs/server/volume/mongodb.yml
+++ b/glusterfs/server/volume/mongodb.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/mongodb
- ${_param:cluster_node03_address}:/srv/glusterfs/mongodb
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/mysql.yml b/glusterfs/server/volume/mysql.yml
index 551ae40..b67975e 100644
--- a/glusterfs/server/volume/mysql.yml
+++ b/glusterfs/server/volume/mysql.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/mysql
- ${_param:cluster_node03_address}:/srv/glusterfs/mysql
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 999
storage.owner-uid: 999
cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/openldap.yml b/glusterfs/server/volume/openldap.yml
index 84619c0..cc1ba5f 100644
--- a/glusterfs/server/volume/openldap.yml
+++ b/glusterfs/server/volume/openldap.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/openldap
- ${_param:cluster_node03_address}:/srv/glusterfs/openldap
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/openldap_k8s.yml b/glusterfs/server/volume/openldap_k8s.yml
index 554801d..24b2a26 100644
--- a/glusterfs/server/volume/openldap_k8s.yml
+++ b/glusterfs/server/volume/openldap_k8s.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/openldap/config
- ${_param:cluster_node03_address}:/srv/glusterfs/openldap/config
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 999
storage.owner-uid: 999
cluster.readdir-optimize: On
@@ -26,6 +28,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/openldap/data
- ${_param:cluster_node03_address}:/srv/glusterfs/openldap/data
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 999
storage.owner-uid: 999
cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/postgresql.yml b/glusterfs/server/volume/postgresql.yml
index c48d833..5376934 100644
--- a/glusterfs/server/volume/postgresql.yml
+++ b/glusterfs/server/volume/postgresql.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/postgresql
- ${_param:cluster_node03_address}:/srv/glusterfs/postgresql
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/postgresql_k8s.yml b/glusterfs/server/volume/postgresql_k8s.yml
index f276d60..523ef59 100644
--- a/glusterfs/server/volume/postgresql_k8s.yml
+++ b/glusterfs/server/volume/postgresql_k8s.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/postgresql
- ${_param:cluster_node03_address}:/srv/glusterfs/postgresql
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
storage.owner-gid: 999
storage.owner-uid: 999
cluster.readdir-optimize: On
diff --git a/glusterfs/server/volume/privatebin.yml b/glusterfs/server/volume/privatebin.yml
index e2eba2d..e78df75 100644
--- a/glusterfs/server/volume/privatebin.yml
+++ b/glusterfs/server/volume/privatebin.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/privatebin
- ${_param:cluster_node03_address}:/srv/glusterfs/privatebin
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/pushkin.yml b/glusterfs/server/volume/pushkin.yml
index 2d6a249..14d8b16 100644
--- a/glusterfs/server/volume/pushkin.yml
+++ b/glusterfs/server/volume/pushkin.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/pushkin
- ${_param:cluster_node03_address}:/srv/glusterfs/pushkin
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/registry.yml b/glusterfs/server/volume/registry.yml
index 474ce7b..19d0106 100644
--- a/glusterfs/server/volume/registry.yml
+++ b/glusterfs/server/volume/registry.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/registry
- ${_param:cluster_node03_address}:/srv/glusterfs/registry
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/rundeck.yml b/glusterfs/server/volume/rundeck.yml
index c0ced5b..727496a 100644
--- a/glusterfs/server/volume/rundeck.yml
+++ b/glusterfs/server/volume/rundeck.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/rundeck
- ${_param:cluster_node03_address}:/srv/glusterfs/rundeck
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/salt.yml b/glusterfs/server/volume/salt.yml
index e14701d..f832bce 100644
--- a/glusterfs/server/volume/salt.yml
+++ b/glusterfs/server/volume/salt.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/saltmaster
- ${_param:cluster_node03_address}:/srv/glusterfs/saltmaster
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/salt_pki.yml b/glusterfs/server/volume/salt_pki.yml
index 9a26bdb..8135e47 100644
--- a/glusterfs/server/volume/salt_pki.yml
+++ b/glusterfs/server/volume/salt_pki.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/salt_pki
- ${_param:cluster_node03_address}:/srv/glusterfs/salt_pki
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On
diff --git a/glusterfs/server/volume/security_monkey.yml b/glusterfs/server/volume/security_monkey.yml
index e730c90..3fa9f57 100644
--- a/glusterfs/server/volume/security_monkey.yml
+++ b/glusterfs/server/volume/security_monkey.yml
@@ -10,6 +10,8 @@
- ${_param:cluster_node02_address}:/srv/glusterfs/security_monkey
- ${_param:cluster_node03_address}:/srv/glusterfs/security_monkey
options:
+ auth.allow: ${_param:glusterfs_allow_ips}
+ auth.reject: ${_param:glusterfs_reject_ips}
cluster.readdir-optimize: On
nfs.disable: On
network.remote-dio: On