diff options
author | Jan Chaloupka <jchaloup@redhat.com> | 2017-02-11 10:06:42 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-11 10:06:42 +0100 |
commit | 9d25cb0280664f8bdef6247c8dc13520c90756da (patch) | |
tree | dd4d1022288e0d2f8ef805459230a724a3b49ca5 | |
parent | 7c948bc637480e6d292b8af18b7a4c90b71d747c (diff) | |
parent | b0f065dde8ddf14a8712a769152e63faea6688a3 (diff) | |
download | openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.gz openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.bz2 openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.xz openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.zip |
Merge pull request #3307 from ingvagabund/oc_serviceaccount_secret
Replace service account secrets handling with oc_serviceaccount_secret module
-rw-r--r-- | playbooks/adhoc/s3_registry/s3_registry.yml | 13 | ||||
-rw-r--r-- | roles/openshift_hosted/meta/main.yml | 1 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/registry/secure.yml | 10 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/registry/storage/object_storage.yml | 22 |
4 files changed, 21 insertions, 25 deletions
diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml index 2c79a1b4d..d6758dae5 100644 --- a/playbooks/adhoc/s3_registry/s3_registry.yml +++ b/playbooks/adhoc/s3_registry/s3_registry.yml @@ -51,13 +51,16 @@ command: oc secrets new dockerregistry /root/config.yml when: "'dockerregistry' not in secrets.stdout" - - name: Determine if service account contains secrets - command: oc describe serviceaccount/registry - register: serviceaccount + - name: Load lib_openshift modules + include_role: + name: lib_openshift - name: Add secrets to registry service account - command: oc secrets add serviceaccount/registry secrets/dockerregistry - when: "'dockerregistry' not in serviceaccount.stdout" + oc_serviceaccount_secret: + service_account: registry + secret: dockerregistry + namespace: default + state: present - name: Determine if deployment config contains secrets command: oc volume dc/docker-registry --list diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index ca5e88b15..ced71bb41 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -14,6 +14,7 @@ galaxy_info: dependencies: - role: openshift_cli - role: openshift_hosted_facts +- role: lib_openshift - role: openshift_projects openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" - role: openshift_serviceaccounts diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index d87a3847c..84b69d94c 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -54,10 +54,12 @@ failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0" - name: "Add the secret to the registry's pod service accounts" - command: > - {{ openshift.common.client_binary }} secrets add {{ item }} registry-certificates - --config={{ openshift_hosted_kubeconfig }} - -n default + oc_serviceaccount_secret: + service_account: "{{ item }}" + secret: registry-certificates + namespace: default + kubeconfig: "{{ openshift_hosted_kubeconfig }}" + state: present with_items: - registry - default diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml index e56a68e27..15128784e 100644 --- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml +++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml @@ -53,23 +53,13 @@ create -f - when: secrets.rc == 1 -- name: Determine if service account contains secrets - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_kubeconfig }} - --namespace={{ openshift.hosted.registry.namespace | default('default') }} - get serviceaccounts registry - -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}' - register: serviceaccount - changed_when: false - - name: Add secrets to registry service account - command: > - {{ openshift.common.client_binary }} - --config={{ openshift_hosted_kubeconfig }} - --namespace={{ openshift.hosted.registry.namespace | default('default') }} - secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }} - when: serviceaccount.stdout == '' + oc_serviceaccount_secret: + service_account: registry + secret: "{{ registry_config_secret_name }}" + namespace: "{{ openshift.hosted.registry.namespace | default('default') }}" + kubeconfig: "{{ openshift_hosted_kubeconfig }}" + state: present - name: Determine if deployment config contains secrets command: > |