cherry-pick to 3.6 gluster block

roles/openshift_node/tasks/storage_plugins/iscsi.yml

@@ -1,4 +1,33 @@
 ---
 - name: Install iSCSI storage plugin dependencies
-  package: name=iscsi-initiator-utils state=present
+  package:
+    name: "{{ item }}"
+    state: present
+  when: not openshift.common.is_atomic | bool
+  register: result
+  until: result is succeeded
+  with_items:
+    - iscsi-initiator-utils
+    - device-mapper-multipath
+
+- name: restart services
+  systemd:
+    name: "{{ item }}"
+    state: started
+    enabled: True
+  when: not openshift.common.is_atomic | bool
+  with_items:
+    - multipathd
+    - rpcbind
+
+- name: Template multipath configuration
+  template:
+    dest: "/etc/multipath.conf"
+    src: multipath.conf.j2
+    backup: true
+  when: not openshift.common.is_atomic | bool
+
+#enable multipath
+- name: Enable multipath
+  command: "mpathconf --enable"
   when: not openshift.common.is_atomic | bool

roles/openshift_node/templates/multipath.conf.j2

@@ -0,0 +1,15 @@
+# LIO iSCSI
+# TODO: Add env variables for tweaking
+devices {
+        device {
+                vendor "LIO-ORG"
+                user_friendly_names "yes" 
+                path_grouping_policy "failover"
+                path_selector "round-robin 0"
+                failback immediate
+                path_checker "tur"
+                prio "const"
+                no_path_retry 120
+                rr_weight "uniform"
+        }
+}

roles/openshift_storage_glusterfs/defaults/main.yml

@@ -13,6 +13,8 @@ openshift_storage_glusterfs_block_version: 'latest'
 openshift_storage_glusterfs_block_host_vol_create: True
 openshift_storage_glusterfs_block_host_vol_size: 100
 openshift_storage_glusterfs_block_host_vol_max: 15
+openshift_storage_glusterfs_block_storageclass: False
+openshift_storage_glusterfs_block_storageclass_default: False
 openshift_storage_glusterfs_s3_deploy: True
 openshift_storage_glusterfs_s3_image: "{{ 'rhgs3/rhgs-gluster-s3-server-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'gluster/gluster-object' | quote }}"
 openshift_storage_glusterfs_s3_version: 'latest'
@@ -59,6 +61,8 @@ openshift_storage_glusterfs_registry_block_version: "{{ openshift_storage_gluste
 openshift_storage_glusterfs_registry_block_host_vol_create: "{{ openshift_storage_glusterfs_block_host_vol_create }}"
 openshift_storage_glusterfs_registry_block_host_vol_size: "{{ openshift_storage_glusterfs_block_host_vol_size }}"
 openshift_storage_glusterfs_registry_block_host_vol_max: "{{ openshift_storage_glusterfs_block_host_vol_max }}"
+openshift_storage_glusterfs_registry_block_storageclass: False
+openshift_storage_glusterfs_registry_block_storageclass_default: False
 openshift_storage_glusterfs_registry_s3_deploy: "{{ openshift_storage_glusterfs_s3_deploy }}"
 openshift_storage_glusterfs_registry_s3_image: "{{ openshift_storage_glusterfs_s3_image }}"
 openshift_storage_glusterfs_registry_s3_version: "{{ openshift_storage_glusterfs_s3_version }}"
@@ -88,3 +92,22 @@ openshift_storage_glusterfs_registry_heketi_ssh_user: "{{ openshift_storage_glus
 openshift_storage_glusterfs_registry_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo }}"
 openshift_storage_glusterfs_registry_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile | default(omit) }}"
 openshift_storage_glusterfs_registry_heketi_fstab: "{{ '/var/lib/heketi/fstab' | quote if openshift_storage_glusterfs_registry_heketi_executor == 'kubernetes' else '/etc/fstab' | quote }}"
+
+r_openshift_storage_glusterfs_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
+r_openshift_storage_glusterfs_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
+r_openshift_storage_glusterfs_os_firewall_deny: []
+r_openshift_storage_glusterfs_os_firewall_allow:
+- service: glusterfs_sshd
+  port: "2222/tcp"
+- service: glusterfs_management
+  port: "24007/tcp"
+- service: glusterfs_rdma
+  port: "24008/tcp"
+- service: glusterfs_bricks
+  port: "49152-49251/tcp"
+- service: glusterblockd
+  port: "24010/tcp"
+- service: iscsi-targets
+  port: "3260/tcp"
+- service: rpcbind
+  port: "111/tcp"

roles/openshift_storage_glusterfs/tasks/firewall.yml

@@ -0,0 +1,40 @@
+---
+- when: r_openshift_storage_glusterfs_firewall_enabled | bool and not r_openshift_storage_glusterfs_use_firewalld | bool
+  block:
+  - name: Add iptables allow rules
+    os_firewall_manage_iptables:
+      name: "{{ item.service }}"
+      action: add
+      protocol: "{{ item.port.split('/')[1] }}"
+      port: "{{ item.port.split('/')[0] }}"
+    when: item.cond | default(True)
+    with_items: "{{ r_openshift_storage_glusterfs_os_firewall_allow }}"
+
+  - name: Remove iptables rules
+    os_firewall_manage_iptables:
+      name: "{{ item.service }}"
+      action: remove
+      protocol: "{{ item.port.split('/')[1] }}"
+      port: "{{ item.port.split('/')[0] }}"
+    when: item.cond | default(True)
+    with_items: "{{ r_openshift_storage_glusterfs_os_firewall_deny }}"
+
+- when: r_openshift_storage_glusterfs_firewall_enabled | bool and r_openshift_storage_glusterfs_use_firewalld | bool
+  block:
+  - name: Add firewalld allow rules
+    firewalld:
+      port: "{{ item.port }}"
+      permanent: true
+      immediate: true
+      state: enabled
+    when: item.cond | default(True)
+    with_items: "{{ r_openshift_storage_glusterfs_os_firewall_allow }}"
+
+  - name: Remove firewalld allow rules
+    firewalld:
+      port: "{{ item.port }}"
+      permanent: true
+      immediate: true
+      state: disabled
+    when: item.cond | default(True)
+    with_items: "{{ r_openshift_storage_glusterfs_os_firewall_deny }}"

roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml

@@ -315,5 +315,31 @@
 - include: glusterblock_deploy.yml
   when: glusterfs_block_deploy
 
+- block:
+  - name: Create heketi block secret
+    oc_secret:
+      namespace: "{{ glusterfs_namespace }}"
+      state: present
+      name: "heketi-{{ glusterfs_name }}-admin-secret-block"
+      type: "gluster.org/glusterblock"
+      force: True
+      contents:
+      - path: key
+        data: "{{ glusterfs_heketi_admin_key }}"
+    when: glusterfs_heketi_admin_key is defined
+  - name: Generate Gluster Block StorageClass file
+    template:
+      src: "{{ openshift.common.examples_content_version }}/gluster-block-storageclass.yml.j2"
+      dest: "{{ mktemp.stdout }}/gluster-block-storageclass.yml"
+
+  - name: Create Gluster Block StorageClass
+    oc_obj:
+      state: present
+      kind: storageclass
+      name: "glusterfs-{{ glusterfs_name }}-block"
+      files:
+      - "{{ mktemp.stdout }}/gluster-block-storageclass.yml"
+  when: glusterfs_block_storageclass
+
 - include: gluster_s3_deploy.yml
   when: glusterfs_s3_deploy

roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml

@@ -15,6 +15,8 @@
     glusterfs_block_host_vol_create: "{{ openshift_storage_glusterfs_block_host_vol_create }}"
     glusterfs_block_host_vol_size: "{{ openshift_storage_glusterfs_block_host_vol_size }}"
     glusterfs_block_host_vol_max: "{{ openshift_storage_glusterfs_block_host_vol_max }}"
+    glusterfs_block_storageclass: "{{ openshift_storage_glusterfs_block_storageclass | bool }}"
+    glusterfs_block_storageclass_default: "{{ openshift_storage_glusterfs_block_storageclass_default | bool }}"
     glusterfs_s3_deploy: "{{ openshift_storage_glusterfs_s3_deploy | bool }}"
     glusterfs_s3_image: "{{ openshift_storage_glusterfs_s3_image }}"
     glusterfs_s3_version: "{{ openshift_storage_glusterfs_s3_version }}"

roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml

@@ -55,6 +55,8 @@
   - glusterfs_wipe
   - item.stdout_lines | count > 0
 
+- include: firewall.yml
+
 - name: Label GlusterFS nodes
   oc_label:
     name: "{{ hostvars[item].openshift.node.nodename }}"

roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml

@@ -15,6 +15,8 @@
     glusterfs_block_host_vol_create: "{{ openshift_storage_glusterfs_registry_block_host_vol_create }}"
     glusterfs_block_host_vol_size: "{{ openshift_storage_glusterfs_registry_block_host_vol_size }}"
     glusterfs_block_host_vol_max: "{{ openshift_storage_glusterfs_registry_block_host_vol_max }}"
+    glusterfs_block_storageclass: "{{ openshift_storage_glusterfs_registry_block_storageclass | bool }}"
+    glusterfs_block_storageclass_default: "{{ openshift_storage_glusterfs_registry_block_storageclass_default | bool }}"
     glusterfs_s3_deploy: "{{ openshift_storage_glusterfs_registry_s3_deploy | bool }}"
     glusterfs_s3_image: "{{ openshift_storage_glusterfs_registry_s3_image }}"
     glusterfs_s3_version: "{{ openshift_storage_glusterfs_registry_s3_version }}"
@@ -44,7 +46,7 @@
     glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_registry_heketi_ssh_sudo | bool }}"
     glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_registry_heketi_ssh_keyfile }}"
     glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_registry_heketi_fstab }}"
-    glusterfs_nodes: "{{ groups.glusterfs_registry | default(groups.glusterfs) }}"
+    glusterfs_nodes: "{{ groups.glusterfs_registry if groups.glusterfs_registry | length > 0 else groups.glusterfs }}"
 
 - include: glusterfs_common.yml
   when:

roles/openshift_storage_glusterfs/templates/glusterfs.conf

@@ -1,4 +1,7 @@
 #{{ ansible_managed }}
 dm_thin_pool
 dm_snapshot
-dm_mirror
+dm_mirror
+#glusterblock
+dm_multipath
+target_core_user

roles/openshift_storage_glusterfs/templates/v3.6/gluster-block-storageclass.yml.j2

@@ -0,0 +1,19 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: glusterfs-{{ glusterfs_name }}-block
+{% if glusterfs_block_storageclass_default is defined and glusterfs_block_storageclass_default %}
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+{% endif %}
+provisioner: gluster.org/glusterblock
+parameters:
+  resturl: "http://{% if glusterfs_heketi_is_native %}{{ glusterfs_heketi_route }}{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %}"
+  restuser: "admin"
+  chapauthenabled: "true"
+  hacount: "3"
+{% if glusterfs_heketi_admin_key is defined %}
+  restsecretnamespace: "{{ glusterfs_namespace }}"
+  restsecretname: "heketi-{{ glusterfs_name }}-admin-secret-block"
+{%- endif -%}