summaryrefslogtreecommitdiffstats
path: root/roles/nuage_master/tasks
diff options
context:
space:
mode:
authorJason DeTiberus <detiber@gmail.com>2016-04-25 10:41:46 -0400
committerJason DeTiberus <detiber@gmail.com>2016-04-25 10:41:46 -0400
commitb776be49d824ab231c4d84a050b4a02098d1f23c (patch)
treedaa067b1e383aa61cc0f1e7c4e47a9c1711ea3f4 /roles/nuage_master/tasks
parent04b52454275572f9d09e76c6ce46bdd60aa46c72 (diff)
parentbe399ff8c108f234604a1334eed3de5a6f0e3239 (diff)
downloadopenshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.gz
openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.bz2
openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.xz
openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.zip
Merge pull request #1782 from vishpat/serviceaccount_review
Changed service account creation to ansible
Diffstat (limited to 'roles/nuage_master/tasks')
-rw-r--r--roles/nuage_master/tasks/main.yaml4
-rw-r--r--roles/nuage_master/tasks/serviceaccount.yml51
2 files changed, 52 insertions, 3 deletions
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml
index abeee3d71..c71f3072c 100644
--- a/roles/nuage_master/tasks/main.yaml
+++ b/roles/nuage_master/tasks/main.yaml
@@ -11,9 +11,7 @@
sudo: true
yum: name={{ nuage_openshift_rpm }} state=present
-- name: Run the service account creation script
- sudo: true
- script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }}
+- include: serviceaccount.yml
- name: Download the certs and keys
sudo: true
diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml
new file mode 100644
index 000000000..5b4af5824
--- /dev/null
+++ b/roles/nuage_master/tasks/serviceaccount.yml
@@ -0,0 +1,51 @@
+---
+- name: Create temporary directory for admin kubeconfig
+ command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig
+ register: nuage_tmp_conf_mktemp
+ changed_when: False
+
+- set_fact:
+ nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}"
+
+- name: Copy Configuration to temporary conf
+ command: >
+ cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}
+ changed_when: false
+
+- name: Create Admin Service Account
+ shell: >
+ echo {{ nuage_service_account_config | to_json | quote }} |
+ {{ openshift.common.client_binary }} create
+ -n default
+ --config={{nuage_tmp_conf}}
+ -f -
+ register: osnuage_create_service_account
+ failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0"
+ changed_when: osnuage_create_service_account.rc == 0
+
+- name: Configure role/user permissions
+ command: >
+ {{ openshift.common.admin_binary }} {{item}}
+ --config={{nuage_tmp_conf}}
+ with_items: "{{nuage_tasks}}"
+ register: osnuage_perm_task
+ failed_when: "'already exists' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"
+ changed_when: osnuage_perm_task.rc == 0
+
+- name: Generate the node client config
+ command: >
+ {{ openshift.common.admin_binary }} create-api-client-config
+ --certificate-authority={{ openshift_master_ca_cert }}
+ --client-dir={{ cert_output_dir }}
+ --master={{ openshift.master.api_url }}
+ --public-master={{ openshift.master.api_url }}
+ --signer-cert={{ openshift_master_ca_cert }}
+ --signer-key={{ openshift_master_ca_key }}
+ --signer-serial={{ openshift_master_ca_serial }}
+ --basename='nuage'
+ --user={{ nuage_service_account }}
+
+- name: Clean temporary configuration file
+ command: >
+ rm -f {{nuage_tmp_conf}}
+ changed_when: false