blob: 3358abe23018243a9b16525b53424a28791d242e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
---
- name: Assure the calico certs have been generated
stat:
path: "{{ item }}"
with_items:
- "{{ calico_etcd_ca_cert_file }}"
- "{{ calico_etcd_cert_file}}"
- "{{ calico_etcd_key_file }}"
- name: Create temp directory for policy controller definition
command: mktemp -d /tmp/openshift-ansible-XXXXXXX
register: mktemp
changed_when: False
- name: Write Calico Policy Controller definition
template:
dest: "{{ mktemp.stdout }}/calico-policy-controller.yml"
src: calico-policy-controller.yml.j2
- name: Launch Calico Policy Controller
command: >
{{ openshift.common.client_binary }} create
-f {{ mktemp.stdout }}/calico-policy-controller.yml
--config={{ openshift.common.config_base }}/master/admin.kubeconfig
register: calico_create_output
failed_when: ('already exists' not in calico_create_output.stderr) and ('created' not in calico_create_output.stdout)
changed_when: ('created' in calico_create_output.stdout)
- name: Delete temp directory
file:
name: "{{ mktemp.stdout }}"
state: absent
changed_when: False
- name: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico
oc_adm_policy_user:
user: system:serviceaccount:kube-system:calico
resource_kind: scc
resource_name: privileged
state: present
|