diff options
| author | sareti <siva_teja.areti@nokia.com> | 2017-10-03 22:30:50 -0400 |
|---|---|---|
| committer | sareti <siva_teja.areti@nokia.com> | 2018-01-30 11:35:07 -0500 |
| commit | b637c993a2ace002c88004dbab663d7cfcf36327 (patch) | |
| tree | 4d6783ea2e4ad8010e214d78e9cf614f7c9aad80 /roles/nuage_master/tasks | |
| parent | b1828482c9ed63a387dbbfa59930192424a15fa4 (diff) | |
| download | openshift-b637c993a2ace002c88004dbab663d7cfcf36327.tar.gz openshift-b637c993a2ace002c88004dbab663d7cfcf36327.tar.bz2 openshift-b637c993a2ace002c88004dbab663d7cfcf36327.tar.xz openshift-b637c993a2ace002c88004dbab663d7cfcf36327.zip | |
copy etcd client certificates for nuage openshift monitor
* Fix SCC permissions for Nuage daemon sets
* Changes to support Node Port for Nuage with OSE
* Fix for creating Nuage infra pod ds file
* Add new variable to handle Nuage infra image version
* Update Service CIDR for openshift in daemon set file
* Add rolling update strategy for CNI daemon sets
* Fix for atomic installation for Nuage
* changing include to include_tasks as per upstream openshift-ansible
Diffstat (limited to 'roles/nuage_master/tasks')
| -rw-r--r-- | roles/nuage_master/tasks/etcd_certificates.yml | 21 | ||||
| -rw-r--r-- | roles/nuage_master/tasks/main.yaml | 17 |
2 files changed, 37 insertions, 1 deletions
diff --git a/roles/nuage_master/tasks/etcd_certificates.yml b/roles/nuage_master/tasks/etcd_certificates.yml new file mode 100644 index 000000000..99ec27f91 --- /dev/null +++ b/roles/nuage_master/tasks/etcd_certificates.yml @@ -0,0 +1,21 @@ +--- +- name: Generate openshift etcd certs + become: yes + include_role: + name: etcd + tasks_from: client_certificates + vars: + etcd_cert_prefix: nuageEtcd- + etcd_cert_config_dir: "{{ cert_output_dir }}" + embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_cert_subdir: "openshift-nuage-{{ openshift.common.hostname }}" + + +- name: Error if etcd certs are not copied + stat: + path: "{{ item }}" + with_items: + - "{{ cert_output_dir }}/nuageEtcd-ca.crt" + - "{{ cert_output_dir }}/nuageEtcd-client.crt" + - "{{ cert_output_dir }}/nuageEtcd-client.key" diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index 29e16b6f8..a1781dc56 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -81,6 +81,7 @@ - nuage.key - nuage.kubeconfig +- include_tasks: etcd_certificates.yml - include_tasks: certificates.yml - name: Install Nuage VSD user certificate @@ -99,7 +100,16 @@ become: yes template: src=nuage-node-config-daemonset.j2 dest=/etc/nuage-node-config-daemonset.yaml owner=root mode=0644 -- name: Add the service account to the privileged scc to have root permissions +- name: Create Nuage Infra Pod daemon set yaml file + become: yes + template: src=nuage-infra-pod-config-daemonset.j2 dest=/etc/nuage-infra-pod-config-daemonset.yaml owner=root mode=0644 + +- name: Add the service account to the privileged scc to have root permissions for kube-system + shell: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:daemon-set-controller + ignore_errors: true + when: inventory_hostname == groups.oo_first_master.0 + +- name: Add the service account to the privileged scc to have root permissions for openshift-infra shell: oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-infra:daemonset-controller ignore_errors: true when: inventory_hostname == groups.oo_first_master.0 @@ -114,6 +124,11 @@ ignore_errors: true when: inventory_hostname == groups.oo_first_master.0 +- name: Spawn Nuage Infra daemon sets pod + shell: oc create -f /etc/nuage-infra-pod-config-daemonset.yaml + ignore_errors: true + when: inventory_hostname == groups.oo_first_master.0 + - name: Restart daemons command: /bin/true notify: |