diff options
| author | Brenton Leanhardt <bleanhar@redhat.com> | 2016-02-15 16:36:25 -0500 |
|---|---|---|
| committer | Brenton Leanhardt <bleanhar@redhat.com> | 2016-02-15 16:47:12 -0500 |
| commit | e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47 (patch) | |
| tree | f4d4cb95ee2df93c7576e4bc30350841028e6b50 /roles/openshift_serviceaccounts/tasks | |
| parent | 0825b8327a1c509337e5c91c3b8cf6a63816782c (diff) | |
| download | openshift-e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47.tar.gz openshift-e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47.tar.bz2 openshift-e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47.tar.xz openshift-e9dd4ea3ca269bbfcb9fa52d04cc86f690b22b47.zip | |
Bug 1308411 - Fail to install OSE 3.0 for no add-scc-to-user command
Diffstat (limited to 'roles/openshift_serviceaccounts/tasks')
| -rw-r--r-- | roles/openshift_serviceaccounts/tasks/main.yml | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index 5fe7d28f3..89d9e3aa7 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -27,7 +27,47 @@ command: > {{ openshift.common.admin_binary }} policy add-scc-to-user privileged system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }} - when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" + when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" with_nested: - openshift_serviceaccounts_names - scc_test.results + +#### +# +# Support for 3.0.z +# +#### + +- name: tmp dir for openshift + file: + path: /tmp/openshift + state: directory + owner: root + mode: 700 + when: not openshift.common.version_gte_3_1_or_1_1 + +- name: Create service account configs + template: + src: serviceaccount.j2 + dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" + with_items: openshift_serviceaccounts_names + when: not openshift.common.version_gte_3_1_or_1_1 + +- name: Get current security context constraints + shell: > + {{ openshift.common.client_binary }} get scc privileged -o yaml + --output-version=v1 > /tmp/openshift/scc.yaml + changed_when: false + when: not openshift.common.version_gte_3_1_or_1_1 + +- name: Add security context constraint for {{ item }} + lineinfile: + dest: /tmp/openshift/scc.yaml + line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item }}" + insertafter: "^users:$" + with_items: openshift_serviceaccounts_names + when: not openshift.common.version_gte_3_1_or_1_1 + +- name: Apply new scc rules for service accounts + command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" + when: not openshift.common.version_gte_3_1_or_1_1 |