diff options
author | Jason DeTiberus <detiber@gmail.com> | 2016-04-25 10:41:46 -0400 |
---|---|---|
committer | Jason DeTiberus <detiber@gmail.com> | 2016-04-25 10:41:46 -0400 |
commit | b776be49d824ab231c4d84a050b4a02098d1f23c (patch) | |
tree | daa067b1e383aa61cc0f1e7c4e47a9c1711ea3f4 /roles/nuage_master/tasks | |
parent | 04b52454275572f9d09e76c6ce46bdd60aa46c72 (diff) | |
parent | be399ff8c108f234604a1334eed3de5a6f0e3239 (diff) | |
download | openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.gz openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.bz2 openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.tar.xz openshift-b776be49d824ab231c4d84a050b4a02098d1f23c.zip |
Merge pull request #1782 from vishpat/serviceaccount_review
Changed service account creation to ansible
Diffstat (limited to 'roles/nuage_master/tasks')
-rw-r--r-- | roles/nuage_master/tasks/main.yaml | 4 | ||||
-rw-r--r-- | roles/nuage_master/tasks/serviceaccount.yml | 51 |
2 files changed, 52 insertions, 3 deletions
diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index abeee3d71..c71f3072c 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -11,9 +11,7 @@ sudo: true yum: name={{ nuage_openshift_rpm }} state=present -- name: Run the service account creation script - sudo: true - script: serviceaccount.sh --server={{ openshift.master.api_url }} --output-cert-dir={{ cert_output_dir }} --master-cert-dir={{ openshift_master_config_dir }} +- include: serviceaccount.yml - name: Download the certs and keys sudo: true diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml new file mode 100644 index 000000000..5b4af5824 --- /dev/null +++ b/roles/nuage_master/tasks/serviceaccount.yml @@ -0,0 +1,51 @@ +--- +- name: Create temporary directory for admin kubeconfig + command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig + register: nuage_tmp_conf_mktemp + changed_when: False + +- set_fact: + nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}" + +- name: Copy Configuration to temporary conf + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}} + changed_when: false + +- name: Create Admin Service Account + shell: > + echo {{ nuage_service_account_config | to_json | quote }} | + {{ openshift.common.client_binary }} create + -n default + --config={{nuage_tmp_conf}} + -f - + register: osnuage_create_service_account + failed_when: "'already exists' not in osnuage_create_service_account.stderr and osnuage_create_service_account.rc != 0" + changed_when: osnuage_create_service_account.rc == 0 + +- name: Configure role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{nuage_tmp_conf}} + with_items: "{{nuage_tasks}}" + register: osnuage_perm_task + failed_when: "'already exists' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0" + changed_when: osnuage_perm_task.rc == 0 + +- name: Generate the node client config + command: > + {{ openshift.common.admin_binary }} create-api-client-config + --certificate-authority={{ openshift_master_ca_cert }} + --client-dir={{ cert_output_dir }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.api_url }} + --signer-cert={{ openshift_master_ca_cert }} + --signer-key={{ openshift_master_ca_key }} + --signer-serial={{ openshift_master_ca_serial }} + --basename='nuage' + --user={{ nuage_service_account }} + +- name: Clean temporary configuration file + command: > + rm -f {{nuage_tmp_conf}} + changed_when: false |