summaryrefslogtreecommitdiffstats
path: root/roles/openshift_serviceaccounts/tasks
diff options
context:
space:
mode:
authorTobias Florek <tob@butter.sh>2015-09-23 13:51:41 +0200
committerScott Dodson <sdodson@redhat.com>2015-12-15 15:43:27 -0500
commita0b6fc7db1be2cf6190d982f90e96f4c39a4c699 (patch)
treeabab0b910d891a8b419b2231b3a52075ea1f0e49 /roles/openshift_serviceaccounts/tasks
parente26eab4bdc817ef02a16e8b5c6c49e311a721e7b (diff)
downloadopenshift-a0b6fc7db1be2cf6190d982f90e96f4c39a4c699.tar.gz
openshift-a0b6fc7db1be2cf6190d982f90e96f4c39a4c699.tar.bz2
openshift-a0b6fc7db1be2cf6190d982f90e96f4c39a4c699.tar.xz
openshift-a0b6fc7db1be2cf6190d982f90e96f4c39a4c699.zip
Initial containerization work from @ibotty
copied from https://github.com/eparis/kubernetes-ansible/blob/17f98edd7ff53e649b43e26822b8fbc0be42b233/roles/common/tasks/main.yml
Diffstat (limited to 'roles/openshift_serviceaccounts/tasks')
-rw-r--r--roles/openshift_serviceaccounts/tasks/main.yml17
1 files changed, 12 insertions, 5 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml
index e558a83a2..eb9c9b2c9 100644
--- a/roles/openshift_serviceaccounts/tasks/main.yml
+++ b/roles/openshift_serviceaccounts/tasks/main.yml
@@ -1,12 +1,19 @@
+- name: tmp dir for openshift
+ file:
+ path: /tmp/openshift
+ state: directory
+ owner: root
+ mode: 700
+
- name: Create service account configs
template:
src: serviceaccount.j2
- dest: "/tmp/{{ item }}-serviceaccount.yaml"
+ dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml"
with_items: accounts
- name: Create {{ item }} service account
command: >
- {{ openshift.common.client_binary }} create -f "/tmp/{{ item }}-serviceaccount.yaml"
+ {{ openshift.common.client_binary }} create -f "/tmp/openshift/{{ item }}-serviceaccount.yaml"
with_items: accounts
register: _sa_result
failed_when: "'serviceaccounts \"{{ item }}\" already exists' not in _sa_result.stderr and _sa_result.rc != 0"
@@ -15,14 +22,14 @@
- name: Get current security context constraints
shell: >
{{ openshift.common.client_binary }} get scc privileged -o yaml
- --output-version=v1 > /tmp/scc.yaml
+ --output-version=v1 > /tmp/openshift/scc.yaml
- name: Add security context constraint for {{ item }}
lineinfile:
- dest: /tmp/scc.yaml
+ dest: /tmp/openshift/scc.yaml
line: "- system:serviceaccount:default:{{ item }}"
insertafter: "^users:$"
with_items: accounts
- name: Apply new scc rules for service accounts
- command: "{{ openshift.common.client_binary }} update -f /tmp/scc.yaml --api-version=v1"
+ command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1"