diff options
| -rw-r--r-- | inventory/byo/hosts.aep.example | 6 | ||||
| -rw-r--r-- | inventory/byo/hosts.origin.example | 6 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 6 | ||||
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_docker/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_manageiq/tasks/main.yaml | 10 | ||||
| -rw-r--r-- | roles/openshift_manageiq/vars/main.yml | 3 |
7 files changed, 30 insertions, 4 deletions
diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 185508608..6d03b5da8 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -187,6 +187,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] @@ -382,7 +386,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. #openshift_generate_no_proxy_hosts=True # diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 1891d4c58..826f5656f 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -192,6 +192,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] @@ -387,7 +391,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. #openshift_generate_no_proxy_hosts=True # diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 623e0811d..f2f436082 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -188,6 +188,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Override the default pod eviction timeout #openshift_master_pod_eviction_timeout=5m +# Override the default oauth tokenConfig settings: +# openshift_master_access_token_max_seconds=86400 +# openshift_master_auth_token_max_seconds=500 + # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. #osn_storage_plugin_deps=['ceph','glusterfs'] @@ -383,7 +387,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and +# If all of your hosts share a common domain you may wish to disable this and # specify that domain above. #openshift_generate_no_proxy_hosts=True # diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml index 3fd97ac14..12e2edfb9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml @@ -10,6 +10,7 @@ router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}" oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" roles: + - openshift_manageiq # Create the new templates shipped in 3.2, existing templates are left # unmodified. This prevents the subsequent role definition for # openshift_examples from failing when trying to replace templates that do diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 10f47f9b2..4e5cec82f 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -25,5 +25,5 @@ - role: docker local_facts: openshift_image_tag: "{{ l_image_tag | default(None) }}" - openshift_version: "{{ l_image_tag.split('-')[0] if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}" + openshift_version: "{{ l_image_tag.split('-')[0] | oo_image_tag_to_rpm_version if l_image_tag is defined else '' }}" when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index 2a651df65..de0a7000e 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -59,6 +59,16 @@ failed_when: "'already exists' not in osmiq_perm_task.stderr and osmiq_perm_task.rc != 0" changed_when: osmiq_perm_task.rc == 0 +- name: Configure 3_2 role/user permissions + command: > + {{ openshift.common.admin_binary }} {{item}} + --config={{manage_iq_tmp_conf}} + with_items: "{{manage_iq_openshift_3_2_tasks}}" + register: osmiq_perm_3_2_task + failed_when: osmiq_perm_3_2_task.rc != 0 + changed_when: osmiq_perm_3_2_task.rc == 0 + when: openshift.common.version_gte_3_2_or_1_2 | bool + - name: Clean temporary configuration file command: > rm -f {{manage_iq_tmp_conf}} diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 69ee2cb4c..b2aed79c7 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -30,3 +30,6 @@ manage_iq_tasks: - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin + +manage_iq_openshift_3_2_tasks: + - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin |