Public | Automated Build

Last pushed: 11 days ago
Short Description
A selfservice portal for a cloud plattform
Full Description

General idea

Build Status:

We at @SchweizerischeBundesbahnen have a lot of projects who need changes on their projects all the time. As those settings are (and that is fine) limited to the administrator roles, we had to do a lot of manual changes like:

  • Creating new projects with certain attributes
  • Updating projects metadata like billing information
  • Updating project quotas
  • Creating service-accounts

Persistent storage:

  • Create gluster volumes
  • Increase the size of a gluster volume
  • Create PV, PVC, Gluster Service & Endpoints in OpenShift


  • Create a billing report for diffrent platforms

So we built this tool which allows users to do certain things in self service. The tool checks permissions & certain conditions.


  • The Self-Service-Portal (as container)
  • The GlusterFS-API server (as a sytemd service)

Installation & Documentation

Self-Service Portal

# Create a project & a service-account
oc new-project ose-selfservice
oc create serviceaccount ose-selfservice

# Add a cluster policy for the portal:
oc create -f clusterPolicy-selfservice.yml

# Add policy to service account
oc adm policy add-cluster-role-to-user ose:selfservice system:serviceaccount:ose-selfservice:ose-selfservice

Just create a 'oc new-app' from the dockerfile.


Param Description Example
GIN_MODE Mode of the Webframework debug/release
LDAP_BIND_DN LDAP Bind cn=root
LDAP_BIND_CRED LDAP Credentials secret
LDAP_SEARCH_BASE LDAP Search Base ou=passport-ldapauth
LDAP_FILTER LDAP Filter (uid=%s)
SESSION_KEY A secret password to encrypt session information secret
OPENSHIFT_TOKEN The token from the service-account
MAX_QUOTA_CPU How many CPU can a user assign to his project 30
MAX_QUOTA_MEMORY How many GB memory can a user assign to his project 50
GLUSTER_API_URL The URL of your Gluster-API http://glusterserver01:80
GLUSTER_SECRET The basic auth password you configured on the gluster api secret
GLUSTER_IPS IP addresses of the gluster endpoints,
MAX_VOLUME_GB How many GB storage can a user order 100
DDC_API URL of the DDC Billing API

The GlusterFS api

Use/see the service unit file in ./glusterapi/install/


glusterapi -poolName=your-pool -vgName=your-vg -basePath=/your/mount -secret=yoursecret -port=yourport

# poolName = The name of the existing LV-pool that should be used to create new logical volumes
# vgName = The name of the vg where the pool lies on
# basePath = The path where the new volumes should be mounted. E.g. /gluster/mypool
# secret = The basic auth secret you specified above in the SSP
# port = The port where the server should run
# maxGB = Optinally specify max GB a volume can be. Default is 100

Monitoring endpoints

The gluster api has two public endpoints for monitoring purposes. Call them this way:

The first endpoint returns usage statistics:

curl <yourserver>:<port>/volume/<volume-name>

The check endpoint returns if the current %-usage is below the defined threshold:

# Successful response
curl -i <yourserver>:<port>/volume/<volume-name>/check\?threshold=20
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Date: Mon, 12 Jun 2017 14:23:53 GMT
Content-Length: 38

{"message":"Usage is below threshold"}

# Error response
curl -i <yourserver>:<port>/volume/<volume-name>/check\?threshold=3

HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=utf-8
Date: Mon, 12 Jun 2017 14:23:37 GMT
Content-Length: 70
{"message":"Error used 4.430051813471502 is bigger than threshold: 3"}

For the other (internal) endpoints see the code (glusterapi/main.go)

Docker Pull Command
Source Repository

Comments (0)