summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Milner <smilner@redhat.com>2017-02-09 11:57:57 -0500
committerSteve Milner <smilner@redhat.com>2017-02-10 12:52:36 -0500
commitbadaa6dc09abfcbfb2770a2d2070c803a2aaaf03 (patch)
treee78d40748a2e1237e6fc9cfc2bede800d7f7c6b0
parent07ca54fe406a533e70350aa9273d5a3df297f156 (diff)
downloadopenshift-badaa6dc09abfcbfb2770a2d2070c803a2aaaf03.tar.gz
openshift-badaa6dc09abfcbfb2770a2d2070c803a2aaaf03.tar.bz2
openshift-badaa6dc09abfcbfb2770a2d2070c803a2aaaf03.tar.xz
openshift-badaa6dc09abfcbfb2770a2d2070c803a2aaaf03.zip
oc serviceaccount now done via oc_serviceaccount module
-rw-r--r--roles/nuage_master/meta/main.yml1
-rw-r--r--roles/nuage_master/tasks/serviceaccount.yml16
-rw-r--r--roles/nuage_master/vars/main.yaml6
-rw-r--r--roles/openshift_logging/tasks/delete_logging.yaml10
-rw-r--r--roles/openshift_manageiq/meta/main.yml15
-rw-r--r--roles/openshift_manageiq/tasks/main.yaml30
-rw-r--r--roles/openshift_manageiq/vars/main.yml13
-rw-r--r--roles/openshift_serviceaccounts/meta/main.yml1
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml20
9 files changed, 43 insertions, 69 deletions
diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml
index a8a9bd3b4..e3ed9ac71 100644
--- a/roles/nuage_master/meta/main.yml
+++ b/roles/nuage_master/meta/main.yml
@@ -17,6 +17,7 @@ dependencies:
- role: nuage_common
- role: openshift_etcd_client_certificates
- role: os_firewall
+- role: lib_openshift
os_firewall_allow:
- service: openshift-monitor
port: "{{ nuage_mon_rest_server_port }}/tcp"
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
index 41143772e..16ea08244 100644
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -13,20 +13,16 @@
changed_when: false
- name: Create Admin Service Account
- shell: >
- echo {{ nuage_service_account_config | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n default
- --config={{nuage_tmp_conf}}
- -f -
- register: osnuage_create_service_account
- failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0"
- changed_when: osnuage_create_service_account.rc == 0
+ oc_serviceaccount:
+ kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+ name: nuage
+ namespace: default
+ state: present
- name: Configure role/user permissions
command: >
{{ openshift.common.client_binary }} adm {{item}}
- --config={{nuage_tmp_conf}}
+ --config={{ nuage_tmp_conf }}
with_items: "{{nuage_tasks}}"
register: osnuage_perm_task
failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
index dba399a03..651d5775c 100644
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -22,11 +22,5 @@ nuage_mon_rest_server_host: "{{ openshift.master.cluster_hostname | default(open
nuage_master_crt_dir: /usr/share/nuage-openshift-monitor
nuage_service_account: system:serviceaccount:default:nuage
-nuage_service_account_config:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: nuage
-
nuage_tasks:
- policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml
index 908f3ee88..9621d0d1a 100644
--- a/roles/openshift_logging/tasks/delete_logging.yaml
+++ b/roles/openshift_logging/tasks/delete_logging.yaml
@@ -80,16 +80,16 @@
# delete our service accounts
- name: delete service accounts
- command: >
- {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig
- delete serviceaccount {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true
+ oc_serviceaccount:
+ kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+ name: "{{ item }}"
+ namespace: "{{ openshift_logging_namespace }}"
+ state: absent
with_items:
- aggregated-logging-elasticsearch
- aggregated-logging-kibana
- aggregated-logging-curator
- aggregated-logging-fluentd
- register: delete_result
- changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0
# delete our roles
- name: delete roles
diff --git a/roles/openshift_manageiq/meta/main.yml b/roles/openshift_manageiq/meta/main.yml
new file mode 100644
index 000000000..6c96a91bf
--- /dev/null
+++ b/roles/openshift_manageiq/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Erez Freiberger
+ description: ManageIQ
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.1
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- role: lib_openshift
diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml
index a7214482f..e58947fd2 100644
--- a/roles/openshift_manageiq/tasks/main.yaml
+++ b/roles/openshift_manageiq/tasks/main.yaml
@@ -18,27 +18,15 @@
failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0"
changed_when: osmiq_create_mi_project.rc == 0
-- name: Create Admin Service Account
- shell: >
- echo {{ manageiq_service_account | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n management-infra
- --config={{manage_iq_tmp_conf}}
- -f -
- register: osmiq_create_service_account
- failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
- changed_when: osmiq_create_service_account.rc == 0
-
-- name: Create Image Inspector Service Account
- shell: >
- echo {{ manageiq_image_inspector_service_account | to_json | quote }} |
- {{ openshift.common.client_binary }} create
- -n management-infra
- --config={{manage_iq_tmp_conf}}
- -f -
- register: osmiq_create_service_account
- failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
- changed_when: osmiq_create_service_account.rc == 0
+- name: Create Admin and Image Inspector Service Account
+ oc_serviceaccount:
+ kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
+ name: "{{ item }}"
+ namespace: management-infra
+ state: present
+ with_items:
+ - management-admin
+ - inspector-admin
- name: Create Cluster Role
shell: >
diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml
index 3f24fd6be..9936bb126 100644
--- a/roles/openshift_manageiq/vars/main.yml
+++ b/roles/openshift_manageiq/vars/main.yml
@@ -1,4 +1,5 @@
---
+openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
manageiq_cluster_role:
apiVersion: v1
kind: ClusterRole
@@ -24,18 +25,6 @@ manageiq_metrics_admin_clusterrole:
verbs:
- '*'
-manageiq_service_account:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: management-admin
-
-manageiq_image_inspector_service_account:
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: inspector-admin
-
manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig
manage_iq_tasks:
diff --git a/roles/openshift_serviceaccounts/meta/main.yml b/roles/openshift_serviceaccounts/meta/main.yml
index a2c9fee70..7a30c220f 100644
--- a/roles/openshift_serviceaccounts/meta/main.yml
+++ b/roles/openshift_serviceaccounts/meta/main.yml
@@ -13,3 +13,4 @@ galaxy_info:
- cloud
dependencies:
- { role: openshift_facts }
+- { role: lib_openshift }
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index d83ccf7de..1d570fa5b 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -1,21 +1,11 @@
---
-- name: test if service accounts exists
- command: >
- {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
- with_items: "{{ openshift_serviceaccounts_names }}"
- failed_when: false
- changed_when: false
- register: account_test
-
- name: create the service account
- shell: >
- echo {{ lookup('template', '../templates/serviceaccount.j2')
- | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }}
- -n {{ openshift_serviceaccounts_namespace }} create -f -
- when: item.1.rc != 0
- with_together:
+ oc_serviceaccount:
+ name: "{{ item }}"
+ namespace: "{{ openshift_serviceaccounts_namespace }}"
+ state: present
+ with_items:
- "{{ openshift_serviceaccounts_names }}"
- - "{{ account_test.results }}"
- name: test if scc needs to be updated
command: >