summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Chaloupka <jchaloup@redhat.com>2017-02-11 10:06:42 +0100
committerGitHub <noreply@github.com>2017-02-11 10:06:42 +0100
commit9d25cb0280664f8bdef6247c8dc13520c90756da (patch)
treedd4d1022288e0d2f8ef805459230a724a3b49ca5
parent7c948bc637480e6d292b8af18b7a4c90b71d747c (diff)
parentb0f065dde8ddf14a8712a769152e63faea6688a3 (diff)
downloadopenshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.gz
openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.bz2
openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.tar.xz
openshift-9d25cb0280664f8bdef6247c8dc13520c90756da.zip
Merge pull request #3307 from ingvagabund/oc_serviceaccount_secret
Replace service account secrets handling with oc_serviceaccount_secret module
-rw-r--r--playbooks/adhoc/s3_registry/s3_registry.yml13
-rw-r--r--roles/openshift_hosted/meta/main.yml1
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml10
-rw-r--r--roles/openshift_hosted/tasks/registry/storage/object_storage.yml22
4 files changed, 21 insertions, 25 deletions
diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml
index 2c79a1b4d..d6758dae5 100644
--- a/playbooks/adhoc/s3_registry/s3_registry.yml
+++ b/playbooks/adhoc/s3_registry/s3_registry.yml
@@ -51,13 +51,16 @@
command: oc secrets new dockerregistry /root/config.yml
when: "'dockerregistry' not in secrets.stdout"
- - name: Determine if service account contains secrets
- command: oc describe serviceaccount/registry
- register: serviceaccount
+ - name: Load lib_openshift modules
+ include_role:
+ name: lib_openshift
- name: Add secrets to registry service account
- command: oc secrets add serviceaccount/registry secrets/dockerregistry
- when: "'dockerregistry' not in serviceaccount.stdout"
+ oc_serviceaccount_secret:
+ service_account: registry
+ secret: dockerregistry
+ namespace: default
+ state: present
- name: Determine if deployment config contains secrets
command: oc volume dc/docker-registry --list
diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml
index ca5e88b15..ced71bb41 100644
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -14,6 +14,7 @@ galaxy_info:
dependencies:
- role: openshift_cli
- role: openshift_hosted_facts
+- role: lib_openshift
- role: openshift_projects
openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}"
- role: openshift_serviceaccounts
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index d87a3847c..84b69d94c 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -54,10 +54,12 @@
failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0"
- name: "Add the secret to the registry's pod service accounts"
- command: >
- {{ openshift.common.client_binary }} secrets add {{ item }} registry-certificates
- --config={{ openshift_hosted_kubeconfig }}
- -n default
+ oc_serviceaccount_secret:
+ service_account: "{{ item }}"
+ secret: registry-certificates
+ namespace: default
+ kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+ state: present
with_items:
- registry
- default
diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
index e56a68e27..15128784e 100644
--- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
+++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
@@ -53,23 +53,13 @@
create -f -
when: secrets.rc == 1
-- name: Determine if service account contains secrets
- command: >
- {{ openshift.common.client_binary }}
- --config={{ openshift_hosted_kubeconfig }}
- --namespace={{ openshift.hosted.registry.namespace | default('default') }}
- get serviceaccounts registry
- -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
- register: serviceaccount
- changed_when: false
-
- name: Add secrets to registry service account
- command: >
- {{ openshift.common.client_binary }}
- --config={{ openshift_hosted_kubeconfig }}
- --namespace={{ openshift.hosted.registry.namespace | default('default') }}
- secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
- when: serviceaccount.stdout == ''
+ oc_serviceaccount_secret:
+ service_account: registry
+ secret: "{{ registry_config_secret_name }}"
+ namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
+ kubeconfig: "{{ openshift_hosted_kubeconfig }}"
+ state: present
- name: Determine if deployment config contains secrets
command: >