summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorFabian von Feilitzsch <fabian@fabianism.us>2017-10-13 14:08:56 -0400
committerFabian von Feilitzsch <fabian@fabianism.us>2017-10-19 13:56:58 -0400
commit2097c725cd57d45125295685b669f4cc8a76efcd (patch)
treefbdbd913a3847a3da99365b92caa4677e0194306 /roles
parentebb111da65ecfbdc322b66eebe63bdd612614365 (diff)
downloadopenshift-2097c725cd57d45125295685b669f4cc8a76efcd.tar.gz
openshift-2097c725cd57d45125295685b669f4cc8a76efcd.tar.bz2
openshift-2097c725cd57d45125295685b669f4cc8a76efcd.tar.xz
openshift-2097c725cd57d45125295685b669f4cc8a76efcd.zip
Use service-ca.crt instead of master ca.crt
Diffstat (limited to 'roles')
-rw-r--r--roles/ansible_service_broker/tasks/install.yml27
1 files changed, 11 insertions, 16 deletions
diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml
index c0be9896c..de62d11e8 100644
--- a/roles/ansible_service_broker/tasks/install.yml
+++ b/roles/ansible_service_broker/tasks/install.yml
@@ -23,22 +23,11 @@
ansible_service_broker_registry_password: "{{ ansible_service_broker_registry_password | default(__ansible_service_broker_registry_password) }}"
ansible_service_broker_registry_organization: "{{ ansible_service_broker_registry_organization | default(__ansible_service_broker_registry_organization) }}"
- openshift_master_config_dir: "{{ openshift_master_config_dir | default(openshift.common.config_base + '/master') }}"
-
- name: set ansible-service-broker image facts using set prefix and tag
set_fact:
ansible_service_broker_image: "{{ ansible_service_broker_image_prefix }}ansible-service-broker:{{ ansible_service_broker_image_tag }}"
ansible_service_broker_etcd_image: "{{ ansible_service_broker_etcd_image_prefix }}etcd:{{ ansible_service_broker_etcd_image_tag }}"
-- set_fact:
- openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
- when: openshift_master_config_dir is undefined
-
-- slurp:
- src: "{{ openshift_master_config_dir }}/ca.crt"
- register: catalog_ca
-
-
- include: validate_facts.yml
@@ -83,13 +72,12 @@
state: present
name: asb-access
rules:
- - nonResourceURLs: ["/ansible-service-broker", "ansible-service-broker/*"]
+ - nonResourceURLs: ["/ansible-service-broker", "/ansible-service-broker/*"]
verbs: ["get", "post", "put", "patch", "delete"]
- name: Bind admin cluster-role to asb serviceaccount
oc_adm_policy_user:
state: present
- namespace: openshift-ansible-service-broker
resource_kind: cluster-role
resource_name: admin
user: "system:serviceaccount:openshift-ansible-service-broker:asb"
@@ -97,7 +85,6 @@
- name: Bind auth cluster role to asb service account
oc_adm_policy_user:
state: present
- namespace: openshift-ansible-service-broker
resource_kind: cluster-role
resource_name: asb-auth
user: "system:serviceaccount:openshift-ansible-service-broker:asb"
@@ -105,7 +92,6 @@
- name: Bind asb-access role to asb-client service account
oc_adm_policy_user:
state: present
- namespace: openshift-ansible-service-broker
resource_kind: cluster-role
resource_name: asb-access
user: "system:serviceaccount:openshift-ansible-service-broker:asb-client"
@@ -128,6 +114,15 @@
kubernetes.io/service-account.name: asb-client
type: kubernetes.io/service-account-token
+- oc_secret:
+ state: list
+ namespace: openshift-ansible-service-broker
+ name: asb-client
+ register: asb_client_secret
+
+- set_fact:
+ service_ca_crt: asb_client_secret.results.results.0.data['service-ca.crt']
+
# Using oc_obj because oc_service doesn't seem to allow annotations
# TODO: Extend oc_service to allow annotations
- name: create ansible-service-broker service
@@ -350,4 +345,4 @@
name: asb-client
namespace: openshift-ansible-service-broker
kind: Secret
- caBundle: "{{ catalog_ca.content }}"
+ caBundle: "{{ service_ca_crt }}"