diff options
author | Steve Milner <smilner@redhat.com> | 2017-02-09 11:57:57 -0500 |
---|---|---|
committer | Steve Milner <smilner@redhat.com> | 2017-02-10 12:52:36 -0500 |
commit | badaa6dc09abfcbfb2770a2d2070c803a2aaaf03 (patch) | |
tree | e78d40748a2e1237e6fc9cfc2bede800d7f7c6b0 | |
parent | 07ca54fe406a533e70350aa9273d5a3df297f156 (diff) | |
download | openshift-badaa6dc09abfcbfb2770a2d2070c803a2aaaf03.tar.gz openshift-badaa6dc09abfcbfb2770a2d2070c803a2aaaf03.tar.bz2 openshift-badaa6dc09abfcbfb2770a2d2070c803a2aaaf03.tar.xz openshift-badaa6dc09abfcbfb2770a2d2070c803a2aaaf03.zip |
oc serviceaccount now done via oc_serviceaccount module
-rw-r--r-- | roles/nuage_master/meta/main.yml | 1 | ||||
-rw-r--r-- | roles/nuage_master/tasks/serviceaccount.yml | 16 | ||||
-rw-r--r-- | roles/nuage_master/vars/main.yaml | 6 | ||||
-rw-r--r-- | roles/openshift_logging/tasks/delete_logging.yaml | 10 | ||||
-rw-r--r-- | roles/openshift_manageiq/meta/main.yml | 15 | ||||
-rw-r--r-- | roles/openshift_manageiq/tasks/main.yaml | 30 | ||||
-rw-r--r-- | roles/openshift_manageiq/vars/main.yml | 13 | ||||
-rw-r--r-- | roles/openshift_serviceaccounts/meta/main.yml | 1 | ||||
-rw-r--r-- | roles/openshift_serviceaccounts/tasks/main.yml | 20 |
9 files changed, 43 insertions, 69 deletions
diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml index a8a9bd3b4..e3ed9ac71 100644 --- a/roles/nuage_master/meta/main.yml +++ b/roles/nuage_master/meta/main.yml @@ -17,6 +17,7 @@ dependencies: - role: nuage_common - role: openshift_etcd_client_certificates - role: os_firewall +- role: lib_openshift os_firewall_allow: - service: openshift-monitor port: "{{ nuage_mon_rest_server_port }}/tcp" diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml index 41143772e..16ea08244 100644 --- a/roles/nuage_master/tasks/serviceaccount.yml +++ b/roles/nuage_master/tasks/serviceaccount.yml @@ -13,20 +13,16 @@ changed_when: false - name: Create Admin Service Account - shell: > - echo {{ nuage_service_account_config | to_json | quote }} | - {{ openshift.common.client_binary }} create - -n default - --config={{nuage_tmp_conf}} - -f - - register: osnuage_create_service_account - failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0" - changed_when: osnuage_create_service_account.rc == 0 + oc_serviceaccount: + kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig" + name: nuage + namespace: default + state: present - name: Configure role/user permissions command: > {{ openshift.common.client_binary }} adm {{item}} - --config={{nuage_tmp_conf}} + --config={{ nuage_tmp_conf }} with_items: "{{nuage_tasks}}" register: osnuage_perm_task failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0" diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index dba399a03..651d5775c 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -22,11 +22,5 @@ nuage_mon_rest_server_host: "{{ openshift.master.cluster_hostname | default(open nuage_master_crt_dir: /usr/share/nuage-openshift-monitor nuage_service_account: system:serviceaccount:default:nuage -nuage_service_account_config: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: nuage - nuage_tasks: - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }} diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml index 908f3ee88..9621d0d1a 100644 --- a/roles/openshift_logging/tasks/delete_logging.yaml +++ b/roles/openshift_logging/tasks/delete_logging.yaml @@ -80,16 +80,16 @@ # delete our service accounts - name: delete service accounts - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig - delete serviceaccount {{ item }} -n {{ openshift_logging_namespace }} --ignore-not-found=true + oc_serviceaccount: + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + name: "{{ item }}" + namespace: "{{ openshift_logging_namespace }}" + state: absent with_items: - aggregated-logging-elasticsearch - aggregated-logging-kibana - aggregated-logging-curator - aggregated-logging-fluentd - register: delete_result - changed_when: delete_result.stdout.find("deleted") != -1 and delete_result.rc == 0 # delete our roles - name: delete roles diff --git a/roles/openshift_manageiq/meta/main.yml b/roles/openshift_manageiq/meta/main.yml new file mode 100644 index 000000000..6c96a91bf --- /dev/null +++ b/roles/openshift_manageiq/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Erez Freiberger + description: ManageIQ + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: lib_openshift diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index a7214482f..e58947fd2 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -18,27 +18,15 @@ failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0" changed_when: osmiq_create_mi_project.rc == 0 -- name: Create Admin Service Account - shell: > - echo {{ manageiq_service_account | to_json | quote }} | - {{ openshift.common.client_binary }} create - -n management-infra - --config={{manage_iq_tmp_conf}} - -f - - register: osmiq_create_service_account - failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" - changed_when: osmiq_create_service_account.rc == 0 - -- name: Create Image Inspector Service Account - shell: > - echo {{ manageiq_image_inspector_service_account | to_json | quote }} | - {{ openshift.common.client_binary }} create - -n management-infra - --config={{manage_iq_tmp_conf}} - -f - - register: osmiq_create_service_account - failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" - changed_when: osmiq_create_service_account.rc == 0 +- name: Create Admin and Image Inspector Service Account + oc_serviceaccount: + kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig" + name: "{{ item }}" + namespace: management-infra + state: present + with_items: + - management-admin + - inspector-admin - name: Create Cluster Role shell: > diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 3f24fd6be..9936bb126 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -1,4 +1,5 @@ --- +openshift_master_config_dir: "{{ openshift.common.config_base }}/master" manageiq_cluster_role: apiVersion: v1 kind: ClusterRole @@ -24,18 +25,6 @@ manageiq_metrics_admin_clusterrole: verbs: - '*' -manageiq_service_account: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: management-admin - -manageiq_image_inspector_service_account: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: inspector-admin - manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig manage_iq_tasks: diff --git a/roles/openshift_serviceaccounts/meta/main.yml b/roles/openshift_serviceaccounts/meta/main.yml index a2c9fee70..7a30c220f 100644 --- a/roles/openshift_serviceaccounts/meta/main.yml +++ b/roles/openshift_serviceaccounts/meta/main.yml @@ -13,3 +13,4 @@ galaxy_info: - cloud dependencies: - { role: openshift_facts } +- { role: lib_openshift } diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index d83ccf7de..1d570fa5b 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -1,21 +1,11 @@ --- -- name: test if service accounts exists - command: > - {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }} - with_items: "{{ openshift_serviceaccounts_names }}" - failed_when: false - changed_when: false - register: account_test - - name: create the service account - shell: > - echo {{ lookup('template', '../templates/serviceaccount.j2') - | from_yaml | to_json | quote }} | {{ openshift.common.client_binary }} - -n {{ openshift_serviceaccounts_namespace }} create -f - - when: item.1.rc != 0 - with_together: + oc_serviceaccount: + name: "{{ item }}" + namespace: "{{ openshift_serviceaccounts_namespace }}" + state: present + with_items: - "{{ openshift_serviceaccounts_names }}" - - "{{ account_test.results }}" - name: test if scc needs to be updated command: > |