summaryrefslogtreecommitdiffstats
path: root/roles/ands_openshift
diff options
context:
space:
mode:
authorSuren A. Chilingaryan <csa@suren.me>2018-04-14 02:09:54 +0200
committerSuren A. Chilingaryan <csa@suren.me>2018-04-14 02:09:54 +0200
commit110ae6da8d80b63a068f4537383e775d958cf9a9 (patch)
tree1e3e84f1245d48518e0147400c6a3c624db10ee5 /roles/ands_openshift
parent5b9f90a1b410a0464eaad713c00b287174da80d2 (diff)
downloadands-110ae6da8d80b63a068f4537383e775d958cf9a9.tar.gz
ands-110ae6da8d80b63a068f4537383e775d958cf9a9.tar.bz2
ands-110ae6da8d80b63a068f4537383e775d958cf9a9.tar.xz
ands-110ae6da8d80b63a068f4537383e775d958cf9a9.zip
Provide support for global OpenShift resources (ClusterRoles, etc.)
Diffstat (limited to 'roles/ands_openshift')
-rw-r--r--roles/ands_openshift/defaults/main.yml2
-rw-r--r--roles/ands_openshift/tasks/projects.yml4
-rw-r--r--roles/ands_openshift/tasks/projects_resources.yml20
-rw-r--r--roles/ands_openshift/tasks/resources.yml9
-rw-r--r--roles/ands_openshift/tasks/users_resources.yml21
5 files changed, 34 insertions, 22 deletions
diff --git a/roles/ands_openshift/defaults/main.yml b/roles/ands_openshift/defaults/main.yml
index d279345..feec093 100644
--- a/roles/ands_openshift/defaults/main.yml
+++ b/roles/ands_openshift/defaults/main.yml
@@ -1,4 +1,4 @@
-openshift_common_subroles: "{{ [ 'users', 'security', 'storage' ] }}"
+openshift_common_subroles: "{{ [ 'projects', 'resources', 'users', 'security', 'storage' ] }}"
openshift_heketi_subroles: "{{ [ 'ssh', 'heketi' ] }}"
openshift_all_subroles: "{{ ands_configure_heketi | default(False) | ternary(openshift_common_subroles + openshift_heketi_subroles, openshift_common_subroles) }}"
diff --git a/roles/ands_openshift/tasks/projects.yml b/roles/ands_openshift/tasks/projects.yml
new file mode 100644
index 0000000..4f13136
--- /dev/null
+++ b/roles/ands_openshift/tasks/projects.yml
@@ -0,0 +1,4 @@
+---
+- include_tasks: projects_resources.yml
+ run_once: true
+ delegate_to: "{{ groups.masters[0] }}"
diff --git a/roles/ands_openshift/tasks/projects_resources.yml b/roles/ands_openshift/tasks/projects_resources.yml
new file mode 100644
index 0000000..2afe9e1
--- /dev/null
+++ b/roles/ands_openshift/tasks/projects_resources.yml
@@ -0,0 +1,20 @@
+- name: Get project list
+ command: "oc get projects -o json"
+ changed_when: false
+ register: results
+
+- name: Find missing projects
+ set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}"
+ when: (results | succeeded)
+
+- name: Create missing projects
+ command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}"
+ with_items: "{{ new_projects | default([]) }}"
+
+- name: Allow projects to pull images from KaaS imagestreams
+ command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas"
+ with_items: "{{ ands_openshift_projects.keys() }}"
+ when:
+ prj_item != "kaas"
+ loop_control:
+ loop_var: prj_item
diff --git a/roles/ands_openshift/tasks/resources.yml b/roles/ands_openshift/tasks/resources.yml
new file mode 100644
index 0000000..b691372
--- /dev/null
+++ b/roles/ands_openshift/tasks/resources.yml
@@ -0,0 +1,9 @@
+- name: Run configuration script and populate resources
+ include_role: name="ands_kaas"
+ vars:
+ kaas_openshift_volumes: "{{ ands_openshift_volumes }}"
+ kaas_projects: "{{ ands_openshift_projects.keys() }}"
+ kaas_single_project: "openshift"
+ kaas_namespace: "kaas"
+ kaas_subrole: "script"
+ delete: false
diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml
index 722e1eb..2a73cd0 100644
--- a/roles/ands_openshift/tasks/users_resources.yml
+++ b/roles/ands_openshift/tasks/users_resources.yml
@@ -6,27 +6,6 @@
vars:
key_len: "{{ item.key.split('/') | length }}"
-- name: Get project list
- command: "oc get projects -o json"
- changed_when: false
- register: results
-
-- name: Find missing projects
- set_fact: new_projects="{{ ands_openshift_projects.keys() | difference (results.stdout | from_json | json_query('items[*].metadata.name')) }}"
- when: (results | succeeded)
-
-- name: Create missing projects
- command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}"
- with_items: "{{ new_projects | default([]) }}"
-
-- name: Allow projects to pull images from KaaS imagestreams
- command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas"
- with_items: "{{ ands_openshift_projects.keys() }}"
- when:
- prj_item != "kaas"
- loop_control:
- loop_var: prj_item
-
- name: Configure per project roles
command: "oc adm policy add-role-to-user -n {{ item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}"
with_dict: "{{ ands_openshift_roles }}"