summaryrefslogtreecommitdiffstats
path: root/roles/nuage_master/tasks
diff options
context:
space:
mode:
authorsareti <siva_teja.areti@nokia.com>2017-10-03 22:30:50 -0400
committersareti <siva_teja.areti@nokia.com>2018-01-30 11:35:07 -0500
commitb637c993a2ace002c88004dbab663d7cfcf36327 (patch)
tree4d6783ea2e4ad8010e214d78e9cf614f7c9aad80 /roles/nuage_master/tasks
parentb1828482c9ed63a387dbbfa59930192424a15fa4 (diff)
downloadopenshift-b637c993a2ace002c88004dbab663d7cfcf36327.tar.gz
openshift-b637c993a2ace002c88004dbab663d7cfcf36327.tar.bz2
openshift-b637c993a2ace002c88004dbab663d7cfcf36327.tar.xz
openshift-b637c993a2ace002c88004dbab663d7cfcf36327.zip
copy etcd client certificates for nuage openshift monitor
* Fix SCC permissions for Nuage daemon sets * Changes to support Node Port for Nuage with OSE * Fix for creating Nuage infra pod ds file * Add new variable to handle Nuage infra image version * Update Service CIDR for openshift in daemon set file * Add rolling update strategy for CNI daemon sets * Fix for atomic installation for Nuage * changing include to include_tasks as per upstream openshift-ansible
Diffstat (limited to 'roles/nuage_master/tasks')
-rw-r--r--roles/nuage_master/tasks/etcd_certificates.yml21
-rw-r--r--roles/nuage_master/tasks/main.yaml17
2 files changed, 37 insertions, 1 deletions
diff --git a/roles/nuage_master/tasks/etcd_certificates.yml b/roles/nuage_master/tasks/etcd_certificates.yml
new file mode 100644
index 000000000..99ec27f91
--- /dev/null
+++ b/roles/nuage_master/tasks/etcd_certificates.yml
@@ -0,0 +1,21 @@
+---
+- name: Generate openshift etcd certs
+ become: yes
+ include_role:
+ name: etcd
+ tasks_from: client_certificates
+ vars:
+ etcd_cert_prefix: nuageEtcd-
+ etcd_cert_config_dir: "{{ cert_output_dir }}"
+ embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}"
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
+ etcd_cert_subdir: "openshift-nuage-{{ openshift.common.hostname }}"
+
+
+- name: Error if etcd certs are not copied
+ stat:
+ path: "{{ item }}"
+ with_items:
+ - "{{ cert_output_dir }}/nuageEtcd-ca.crt"
+ - "{{ cert_output_dir }}/nuageEtcd-client.crt"
+ - "{{ cert_output_dir }}/nuageEtcd-client.key"
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index 29e16b6f8..a1781dc56 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -81,6 +81,7 @@
- nuage.key
- nuage.kubeconfig
+- include_tasks: etcd_certificates.yml
- include_tasks: certificates.yml
- name: Install Nuage VSD user certificate
@@ -99,7 +100,16 @@
become: yes
template: src=nuage-node-config-daemonset.j2 dest=/etc/nuage-node-config-daemonset.yaml owner=root mode=0644
-- name: Add the service account to the privileged scc to have root permissions
+- name: Create Nuage Infra Pod daemon set yaml file
+ become: yes
+ template: src=nuage-infra-pod-config-daemonset.j2 dest=/etc/nuage-infra-pod-config-daemonset.yaml owner=root mode=0644
+
+- name: Add the service account to the privileged scc to have root permissions for kube-system
+ shell: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:daemon-set-controller
+ ignore_errors: true
+ when: inventory_hostname == groups.oo_first_master.0
+
+- name: Add the service account to the privileged scc to have root permissions for openshift-infra
shell: oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-infra:daemonset-controller
ignore_errors: true
when: inventory_hostname == groups.oo_first_master.0
@@ -114,6 +124,11 @@
ignore_errors: true
when: inventory_hostname == groups.oo_first_master.0
+- name: Spawn Nuage Infra daemon sets pod
+ shell: oc create -f /etc/nuage-infra-pod-config-daemonset.yaml
+ ignore_errors: true
+ when: inventory_hostname == groups.oo_first_master.0
+
- name: Restart daemons
command: /bin/true
notify: