diff options
Diffstat (limited to 'roles/openshift_manageiq')
-rw-r--r-- | roles/openshift_manageiq/README.md | 4 | ||||
-rw-r--r-- | roles/openshift_manageiq/tasks/main.yaml | 11 | ||||
-rw-r--r-- | roles/openshift_manageiq/vars/main.yml | 5 |
3 files changed, 14 insertions, 6 deletions
diff --git a/roles/openshift_manageiq/README.md b/roles/openshift_manageiq/README.md new file mode 100644 index 000000000..838ecf132 --- /dev/null +++ b/roles/openshift_manageiq/README.md @@ -0,0 +1,4 @@ +# ManageIQ + +Allows ManageIQ to manage the Openshift cluster. +This role sets up the `"management-infra"` namespace with the management-admin and inspector-admin service accounts. diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index cfc4e2722..088d0b171 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -1,8 +1,4 @@ --- -- fail: - msg: "The openshift_manageiq role requires OpenShift Enterprise 3.1 or Origin 1.1." - when: not openshift.common.version_gte_3_1_or_1_1 | bool - - name: Add Management Infrastructure project oc_project: name: management-infra @@ -24,6 +20,12 @@ - apiGroups: - "" resources: + - pods/log + verbs: + - "get" + - apiGroups: + - "" + resources: - pods/proxy verbs: - "*" @@ -55,4 +57,3 @@ resource_kind: "{{ item.resource_kind }}" user: "{{ item.user }}" with_items: "{{manage_iq_openshift_3_2_tasks}}" - when: openshift.common.version_gte_3_2_or_1_2 | bool diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 15d667628..f142f89f0 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -4,8 +4,11 @@ manage_iq_tasks: resource_name: admin user: management-admin - resource_kind: role + resource_name: admin + user: system:serviceaccount:management-infra:management-admin +- resource_kind: cluster-role resource_name: management-infra-admin - user: management-admin + user: system:serviceaccount:management-infra:management-admin - resource_kind: cluster-role resource_name: cluster-reader user: system:serviceaccount:management-infra:management-admin |