summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2017-07-28 17:31:21 -0400
committerKenny Woodson <kwoodson@redhat.com>2017-08-21 21:25:22 -0400
commit435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164 (patch)
tree5041faeb9b23781c3befaac18dd64e104963a586 /roles/openshift_master
parent23da41c1fb3736b10e07774000e3a2bca028806e (diff)
downloadopenshift-435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164.tar.gz
openshift-435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164.tar.bz2
openshift-435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164.tar.xz
openshift-435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164.zip
First attempt at provisioning.
Diffstat (limited to 'roles/openshift_master')
-rw-r--r--roles/openshift_master/tasks/bootstrap.yml28
-rw-r--r--roles/openshift_master/tasks/main.yml18
2 files changed, 46 insertions, 0 deletions
diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml
new file mode 100644
index 000000000..0013f5289
--- /dev/null
+++ b/roles/openshift_master/tasks/bootstrap.yml
@@ -0,0 +1,28 @@
+---
+
+- name: ensure the node-bootstrap service account exists
+ oc_serviceaccount:
+ name: node-bootstrapper
+ namespace: openshift-infra
+ state: present
+ run_once: true
+
+- name: grant node-bootstrapper the correct permissions to bootstrap
+ oc_adm_policy_user:
+ namespace: openshift-infra
+ user: system:serviceaccount:openshift-infra:node-bootstrapper
+ resource_kind: cluster-role
+ resource_name: system:node-bootstrapper
+ state: present
+ run_once: true
+
+# TODO: create a module for this command.
+# oc_serviceaccounts_kubeconfig
+- name: create service account kubeconfig with csr rights
+ command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
+ register: kubeconfig_out
+
+- name: put service account kubeconfig into a file on disk for bootstrap
+ copy:
+ content: "{{ kubeconfig_out.stdout }}"
+ dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index a11471891..b80941b48 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -218,6 +218,20 @@
- restart master api
- restart master controllers
+- name: modify controller args
+ yedit:
+ src: /etc/origin/master/master-config.yaml
+ edits:
+ - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
+ value:
+ - /etc/origin/master/ca.crt
+ - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
+ value:
+ - /etc/origin/master/ca.key
+ notify:
+ - restart master controllers
+ when: openshift_master_bootstrap_enabled | default(False)
+
- include: set_loopback_context.yml
when:
- openshift.common.version_gte_3_2_or_1_2
@@ -366,3 +380,7 @@
shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster
when:
- l_install_result | changed
+
+- name: node bootstrap settings
+ include: bootstrap.yml
+ when: openshift_master_bootstrap_enabled | default(False)