From 098581f354f936b80a1422210b910610cef2bae1 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Mon, 10 Apr 2017 16:23:53 -0400
Subject: Updated to use modules instead of command for user permissions.
---
roles/nuage_master/tasks/serviceaccount.yml | 40 +++++------------------------
roles/nuage_master/vars/main.yaml | 4 ++-
2 files changed, 9 insertions(+), 35 deletions(-)
(limited to 'roles/nuage_master')
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
index eee448e2c..124dad6e9 100644
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -1,26 +1,6 @@
---
-- name: Create temporary directory for admin kubeconfig
- command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig
- register: nuage_tmp_conf_mktemp
- changed_when: False
- run_once: True
- delegate_to: "{{ nuage_ca_master }}"
-
-- set_fact:
- nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}"
- run_once: True
- delegate_to: "{{ nuage_ca_master }}"
-
-- name: Copy Configuration to temporary conf
- command: >
- cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}
- changed_when: false
- run_once: True
- delegate_to: "{{ nuage_ca_master }}"
-
- name: Create Admin Service Account
oc_serviceaccount:
- kubeconfig: "{{ openshift_master_config_dir }}/admin.kubeconfig"
name: nuage
namespace: default
state: present
@@ -28,15 +8,14 @@
delegate_to: "{{ nuage_ca_master }}"
- name: Configure role/user permissions
- command: >
- {{ openshift.common.client_binary }} adm {{item}}
- --config={{ nuage_tmp_conf }}
+ delegate_to: "{{ nuage_ca_master }}"
+ oc_adm_policy_user:
+ namespace: default
+ resource_name: "{{ item.resource_name }}"
+ resource_kind: "{{ item.resource_kind }}"
+ user: "{{ item.user }}"
with_items: "{{nuage_tasks}}"
- register: osnuage_perm_task
- failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
- changed_when: osnuage_perm_task.rc == 0
run_once: True
- delegate_to: "{{ nuage_ca_master }}"
- name: Generate the node client config
command: >
@@ -52,10 +31,3 @@
--user={{ nuage_service_account }}
delegate_to: "{{ nuage_ca_master }}"
run_once: True
-
-- name: Clean temporary configuration file
- command: >
- rm -f {{nuage_tmp_conf}}
- changed_when: false
- delegate_to: "{{ nuage_ca_master }}"
- run_once: True
diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml
index 651d5775c..57d5d2595 100644
--- a/roles/nuage_master/vars/main.yaml
+++ b/roles/nuage_master/vars/main.yaml
@@ -23,4 +23,6 @@ nuage_master_crt_dir: /usr/share/nuage-openshift-monitor
nuage_service_account: system:serviceaccount:default:nuage
nuage_tasks:
- - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
+- resource_kind: cluster-role
+ resource_name: cluster-reader
+ user: "{{ nuage_service_account }}"
--
cgit v1.2.3
From 6a42094535d9f06ef120f7c4999ea51d51437fc3 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Tue, 18 Apr 2017 10:06:22 -0400
Subject: Spacing and moving deleget_to to bottom.
---
roles/nuage_master/tasks/serviceaccount.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
(limited to 'roles/nuage_master')
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
index 124dad6e9..fbf2c4f8d 100644
--- a/roles/nuage_master/tasks/serviceaccount.yml
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -8,14 +8,14 @@
delegate_to: "{{ nuage_ca_master }}"
- name: Configure role/user permissions
- delegate_to: "{{ nuage_ca_master }}"
oc_adm_policy_user:
namespace: default
resource_name: "{{ item.resource_name }}"
resource_kind: "{{ item.resource_kind }}"
user: "{{ item.user }}"
- with_items: "{{nuage_tasks}}"
+ with_items: "{{ nuage_tasks }}"
run_once: True
+ delegate_to: "{{ nuage_ca_master }}"
- name: Generate the node client config
command: >
--
cgit v1.2.3