diff options
author | Brenton Leanhardt <bleanhar@redhat.com> | 2015-12-04 11:06:57 -0500 |
---|---|---|
committer | Brenton Leanhardt <bleanhar@redhat.com> | 2015-12-04 11:06:57 -0500 |
commit | ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9 (patch) | |
tree | 306cea4856c7c986e3ddffe60f87d6332c94755e | |
parent | 1c01ea16e7acc002fd0c0c78301190155adcea3c (diff) | |
parent | 04ce758d35666c9f887a9bb1b44ccae1d20ee908 (diff) | |
download | openshift-ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9.tar.gz openshift-ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9.tar.bz2 openshift-ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9.tar.xz openshift-ffb663f5f688ecaff0bfd2d928c8fba83c1d24f9.zip |
Merge pull request #983 from enoodle/manageiq_service
Adding ManageIQ service account
-rw-r--r-- | playbooks/common/openshift-master/config.yml | 2 | ||||
-rw-r--r-- | roles/openshift_common/tasks/main.yml | 1 | ||||
-rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 2 | ||||
-rw-r--r-- | roles/openshift_manageiq/tasks/main.yaml | 50 | ||||
-rw-r--r-- | roles/openshift_manageiq/vars/main.yml | 24 |
5 files changed, 78 insertions, 1 deletions
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 785a78497..becd68dbe 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -352,6 +352,8 @@ - openshift_examples - role: openshift_cluster_metrics when: openshift.common.use_cluster_metrics | bool + - role: openshift_manageiq + when: openshift.common.use_manageiq | bool - name: Enable cockpit hosts: oo_first_master diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index 55065b3de..c0982290d 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -22,6 +22,7 @@ deployment_type: "{{ openshift_deployment_type }}" use_fluentd: "{{ openshift_use_fluentd | default(None) }}" use_flannel: "{{ openshift_use_flannel | default(None) }}" + use_manageiq: "{{ openshift_use_manageiq | default(None) }}" # For enterprise versions < 3.1 and origin versions < 1.1 we want to set the # hostname by default. diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index e937b742e..085d59b71 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1053,7 +1053,7 @@ class OpenShiftFacts(object): common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type='origin', hostname=hostname, - public_hostname=hostname) + public_hostname=hostname, use_manageiq=False) common['client_binary'] = 'oc' if os.path.isfile('/usr/bin/oc') else 'osc' common['admin_binary'] = 'oadm' if os.path.isfile('/usr/bin/oadm') else 'osadm' common['dns_domain'] = 'cluster.local' diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml new file mode 100644 index 000000000..2d3187e21 --- /dev/null +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -0,0 +1,50 @@ +--- +- name: Copy Configuration to temporary conf + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{manage_iq_tmp_conf}} + changed_when: false + +- name: Add Managment Infrastructure project + command: > + {{ openshift.common.admin_binary }} new-project + management-infra + --description="Management Infrastructure" + --config={{manage_iq_tmp_conf}} + register: osmiq_create_mi_project + failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0" + changed_when: osmiq_create_mi_project.rc == 0 + +- name: Create Service Account + shell: > + echo {{ manageiq_service_account | to_json | quote }} | + {{ openshift.common.client_binary }} create + -n management-infra + --config={{manage_iq_tmp_conf}} + -f - + register: osmiq_create_service_account + failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0" + changed_when: osmiq_create_service_account.rc == 0 + +- name: Create Cluster Role + shell: > + echo {{ manageiq_cluster_role | to_json | quote }} | + {{ openshift.common.client_binary }} create + --config={{manage_iq_tmp_conf}} + -f - + register: osmiq_create_cluster_role + failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0" + changed_when: osmiq_create_cluster_role.rc == 0 + +- name: Configure role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{manage_iq_tmp_conf}} + with_items: "{{manage_iq_tasks}}" + register: osmiq_perm_task + failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0" + changed_when: osmiq_perm_task.rc == 0 + +- name: Clean temporary configuration file + command: > + rm -f {{manage_iq_tmp_conf}} + changed_when: false diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml new file mode 100644 index 000000000..77e1c304b --- /dev/null +++ b/roles/openshift_manageiq/vars/main.yml @@ -0,0 +1,24 @@ +manageiq_cluster_role: + apiVersion: v1 + kind: ClusterRole + metadata: + name: management-infra-admin + rules: + - resources: + - pods/proxy + verbs: + - '*' + +manageiq_service_account: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: management-admin + +manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig + +manage_iq_tasks: + - policy add-role-to-user -n management-infra admin -z management-admin + - policy add-role-to-user -n management-infra management-infra-admin -z management-admin + - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin + - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin |